Hotter Shoes: Privacy Policy

Privacy Policy

Introduction

Privacy policies can be a little intimidating and full of hard to follow legal terms. The following privacy policy is split into sections with an easy-to-follow introduction explaining what we do with your data and then followed by the legal terms.

Rest assured you can easily change how we process your data and there is a section later on called ‘How you can change things’.

First and foremost - who we are

There are five parts to the group and overall we are collectively known as Wourth Group. All five parts of the group have the same registered address and this privacy policy applies to all of the brands under the same umbrella, here is a list of the brands. Any new companies that may be added to the group in future will be included in this section.

What this means is that Wourth Group is your ‘data controller’ i.e. we are responsible for ensuring that your data is taken care of, kept secure and up to date and this privacy policy sets out what information we collect and how it is used. Most importantly it also sets out how you can make changes to how your data is processed.

The legal definitions

Our Registered Address is Wourth Group Limited, Woolovers House, Victoria Gardens, Burgess Hill, England, RH15 9NB.
(“we”, “our”, “us”) is a "controller" of your personal information. This is a legal term – it means that we make decisions about how and why we use your personal information, and because of this, we, Wourth Group, are responsible for making sure it is used in accordance with data protection laws.

What data we collect when you interact with us

We want all our customers to have the best possible experience when shopping with us. We try and improve customer experience by building up the richest picture of who you are and what you are interested in. We do this by combining data we have about you to offer you the most relevant products, promotions, and services. Data privacy law allows this as part of our legitimate interest in understanding our customers and providing the highest levels of service. This section is, admittedly a bit technical and the following sections detail the information we collect

When you order via the phone

  • When you contact us by phone, we collect Calling Line Identification (CLI) information to improve our efficiency and effectiveness and protect our legitimate business interests..
  • When you contact us, we will ask you for personal data to identify your existing account or to create a new account in our contact centre systems (K3 & Navision). When you create an account with us, we will capture (with your consent) your name and date of birth (optional) that we may use to send customised offers, usually on or around your birthday, and in an anonymised way to understand the demographics of our customers), address, email, and telephone number.
  • We will also explain how you can opt-out of receiving marketing from us, or occasional third party marketing. (please see the working with others section for full details).
  • The information held on our systems is used to process your orders, to record and store your details and marketing preferences, to arrange returns and store sales transaction data. This is to fulfil our contractual and legal obligations, as well as protect our legitimate business interests.
  • We will use your data to respond to your queries, refund requests and complaints. We may also keep a record of these to inform any future communication with us and to demonstrate how we communicated with you throughout. We may also use this data when training our staff to make sure we continually improve our customer service. We do this based on our contractual obligations to you, our legal obligations, and our legitimate interests in providing you with the best service and understanding how we can improve our service based on your experience.

When you post in your order
To fulfil your order, we may need to collect the following information directly from you

  • Your name
  • Your billing address
  • Your delivery address
  • Your date of birth (when buying items with legal age restrictions)
  • Your email address
  • Your contact telephone number(s)
  • Your payment card details (please note that these are not stored anywhere on our system and only used to process the payment for your order)

When you buy within one of our retail shops

  • To protect our customers, premises, assets, and employees from crime, we operate CCTV systems in our stores which record images for security. We do this based on our legitimate business interests. If we discover any criminal activity or alleged criminal activity through our use of CCTV, fraud monitoring and suspicious transaction monitoring, we will process this data for the purposes of preventing or detecting unlawful acts. Our aim is to protect the individuals we interact with from criminal activities.
  • When you shop in-store, we will ask you for personal data to identify your existing account or to create a new account in our database.
  • When you create an account with us, we will capture (with your consent) your name, date of birth (optional) that we may use to send customised offers, usually on or around your birthday, and in an anonymised way to understand the demographics of our customers), address, email, and telephone number.
  • o We will also explain how you can opt-out of receiving marketing from us, or occasional third party marketing. (please see the working with others section for full details)
  • Where the product you wish to buy is in-stock, you do not need to provide any personal information to buy from one of our stores. If the product you wish to buy is not in stock you have the option to have the product delivered to your home, in which case we will capture your personal data when you place the order. If we don’t collect your personal data as part of an order which needs to be delivered to your home, we won’t be able to process your order and comply with our contractual obligations.
  • When you fill in any forms. For example, if an accident happens in store, a colleague may collect your personal data (with your consent).

When you shop online

  • When you visit any of our websites, we will capture information gathered using cookies in your web browser. You can find out more about how we use cookies here
  • To display the most relevant content to you on our websites or apps, we’ll use your data to personalise your website or app experience. This is either based on your consent to receive app notifications and/or for our website to place cookies or similar technology on your device or based on our legitimate interest
  • When you place an order on one of our websites, we will ask you to log into your existing account, to create a new account in our database, or checkout as a guest. When you create an account with us, we will capture your name, date of birth (optional) that we may use to send customised offers, usually on or around your birthday, and in an anonymised way to understand the demographics of our customers), address, email, and telephone number.
  • We will also explain how you can opt-out of receiving marketing from us, or occasional third party marketing. (please see the working with others section for full details)
  • When you abandon your session or basket before completing your checkout, we will send you email notifications. We do this based on our legitimate interest.
  • We use third-party analytical services, such as Google Analytics, to collect standard internet log information and details of visitor behaviour patterns. We do this to find out things such as the number of visitors to the various parts of the site. This information does not contain personally identifiable information of any of our site visitors and is done based on our legitimate business interests.
  • We use third party services to help maintain the security and performance of our websites. To deliver this secure service they process, on our behalf, the IP addresses of visitors to our websites and apps and this is done based on our fulfilment of our contractual obligations.
  • When you comment on or review our products and services, we will, with your consent, capture any personal information you give as part of the review or feedback process.

Additional legal uses, definitions and explanations to do with shopping with us

• The information held on our database is used to process any orders to be delivered to your home, to record and store your details and marketing preferences, to arrange returns and store sales transaction data.
• Sometimes we need your personal data to comply with our contractual obligations (for example, if you order an item from us online, we’ll collect your address details and pass your details to our courier so they can deliver your order).
• If the law requires us to, we may need to collect and process your data (for example, we can pass on details of people involved in fraud or other criminal activity to law enforcement).
• In specific situations, we need to use your data to meet the legitimate interests of our business in a way which might reasonably be expected as part of running our business, and which does not materially impact your rights, freedom, or interests. For example, we will use your purchase history to send you personalised offers. We will also send you marketing emails and direct mail when you shop with us and we may introduce offers from other Wourth Group Brands unless you choose to opt-out
• When you contact our customer service team via email, we use Transport Layer Security (TLS) to encrypt and protect email traffic in line with best practice. If your email service does not support TLS, you should be aware that any emails we send or receive may not be protected in transit. We will also monitor any emails sent to us, including file attachments, for viruses or malicious software to protect our legitimate business interests. Please be aware that you have a responsibility to ensure that any email you send is within the bounds of the law. Any exchange of information over email is recorded within our Contact Centre systems (Zoho and Outlook) and used for future contact with you in relation to account management. We will not add you to any marketing database unless you ask us to.

How we market to you, using data, and what you can expect from us

• Your Telephone number – We may need to call you if there’s a question about your order but that’s it. No part of the group undertakes outbound telemarketing, which means you won’t receive sales calls from us and we never share your telephone number with a third party that may allow them to conduct telemarketing.
• Your Email address – whether you sign up to our email newsletter (known as opt in or giving consent) or place an order with us online and don’t opt out of receiving emails we may email you with new offers for the brand you interacted with

  • We never share your email address with any third party for their own marketing.
  • You may, however, see a special offer introduced by the brand you shopped or signed up with. E.g. If you are signed up to the Hotter Shoes emails and we are running a travel feature we may include in that email a luggage offer from the Scotts of Stow brand or even an exclusive holiday offer that we have secured from a travel company

• We will always include an unsubscribe link in all marketing emails so you can be removed from future broadcasts for that brand.
• Your Postal address – when you shop with us, either online, in store or via the post we may send you a catalogue in the post showcasing more of the available products from that brand. You can always opt out from future postal activity, please see the section below called ‘How you can change things’.
• Data modelling and cross brand postal marketing – this sounds scary but it is really just common sense retailing. As the overall group contains several brands there is bound to be a lot of customers who shop from more than one brand from us.

  • We combine activities from across the whole group to understand who is shopping with us, across which brands and whether there are any patterns in this information that may mean you might want to shop with us again. We use statistical methods in our analysis to send the right offer to our customers in a timely manner.
    • We also know, from your feedback, that receiving offers in the post is the least intrusive method of marketing and so you may receive a catalogue from one of the other brands in the group.
    • We think the products might be of interest and encourage you to have a browse of the catalogue. If it’s not of interest it is easy to opt out from receiving that brand in future, details of how to opt out are included in the section below called ‘How you can change things’

Working with others (third parties outside of the group)

  • There are times when we need to share your personal data with trusted third parties. For example, with delivery couriers to comply with our legal obligations, or to technology partners to help us personalise our offers to you for example.
    • We provide only the information they need to perform their specific services.
    • They may only use your data for the exact purposes we specify in our contract with them.
    • We work closely with them to ensure that your privacy is respected and always protected.
    • If we stop using their services, any of your data held by them will either be deleted or rendered anonymous.
    • When you purchase a product from us that is delivered by the manufacturer or supplier of said product, we will pass on your contact details so that they can deliver your purchased product. The same applies to any warranties or guarantees provided by the manufacturer or supplier of the product you bought. For example, if you buy a coat from us we will pass your details to the supplier of the coat to ensure the delivery of the goods and to fulfil any supplier product guarantees. We do that to ensure that we fulfil our contractual obligations to you.

SHARING YOUR DATA WITH THIRD PARTIES FOR THEIR OWN PURPOSE

We will only do this in very specific circumstances,

  • For example, if you enter a competition and tick a box agreeing that the prize provider company can send you promotional information directly.
  • For fraud management, we may share information about fraudulent or potentially fraudulent activity in our premises or systems. This may include sharing data about individuals with law enforcement bodies.
  • We may also be required to disclose your personal data to the police or other enforcement, regulatory or Government body, in your country of origin or elsewhere, upon a valid request to do so. These requests are assessed on a case-by-case basis and take the privacy of our customers into consideration.
  • We may, from time to time, expand, reduce, or sell the group and this may involve the transfer of divisions or the whole business to new owners. If this happens, your personal data will, where relevant, be transferred to the new owner or controlling party, under the terms of this Privacy Notice.
  • Data Cooperatives – We may share your name, address, and details about what you’ve ordered from us with our data cooperative partners. Our partners are Abacus ("Epsilon") and Experian. These partners manage prospect pools on behalf of UK retailers. Epsilon (registered as Epsilon International UK Ltd) is a company that manages the Abacus Alliance on behalf of UK retailers and charities. The participating retailers are active in the clothing, collectables, food & wine, gardening, gadgets & entertainment, health & beauty, household goods, home interiors and travel categories. Our partners analyse information about what our customers buy to help us understand your buying patterns. This helps us plan what we send you, based on what you like to buy. They also help us to ensure that you don’t hear from us if you don’t want to therefore if you’ve told us that you don’t want to receive another catalogue from us, we’ll share your information with them to ensure you’re added to a suppression list. In addition, the partners analyse what sort of products might interest you and pass your name and address to companies whose products are likely to appeal to you. You can opt out of your name and address being passed to other companies at any time by contacting us using any of the methods on our Contact Us page https://www.hotter.com/gb/en/info/contact-us, or by managing your third-party marketing preferences in ‘My Account’ when logged in to your online account.
  • Epsilon Visit https://abacus.epsilon.com/services-privacy-policy/
  • Experian Visit www.experian.co.uk/cip

WHERE YOUR PERSONAL DATA MAY BE PROCESSED

  • We are a UK based company and so we will transfer your data within the UK, which is outside of the EU. We may also need to share your personal data with third parties and suppliers outside the European Economic Area (EEA).
  • Protecting your data outside the UK
  • We may transfer personal data that we collect from you to third-party data processors in countries that are outside the UK.
  • For example, this might be required to fulfil your order, process your payment details or provide support services.
  • If we do this, we have procedures in place to ensure your data receives the same protection as if it were being processed in the UK. For example, our contracts with third parties stipulate the standards they must always follow. If you wish for more information about these contracts, please contact our Data Protection Officer using the details listed in our Contact Us section.
  • Any transfer of your personal data will follow applicable laws and we will treat the information under the guiding principles of this Privacy Notice.

Supporting Trustworthy Charities

  • The UK charity sector has been very reliant on postal appeals as the most cost-effective method of raising funds for good causes. TV, radio and press advertising are expensive, and the internet is often ineffective. As a business, Scotts recognises that Charities need a platform to put forward their appeals as there is a societal benefit to the work charities do.
  • The types of charities we work with include both large national and international charities as well as small local organisations that operate in the following areas; health & medical research, supporting elderly people, community charities, children’s charities, veterans & active forces personnel, heritage and conservation organisations, disability support, overseas aid and development, emergency air ambulances and animal charities.
  • We can assure you however that we won’t open the flood gates and carefully screen each charity and limit the number of appeals you receive.
  • We require any charity we work with to adhere to the following rules:
    • That they are UK based, or the beneficiaries of their work are UK citizens.
    • That at least 80% of their income is spent on their cause.
    • That they aren’t embroiled in any scandals or impropriety.
    • That the work they do has a genuine benefit to society, people or animal welfare.
  • We believe that we have a legitimate interest to support the charity sector and we ensure that your information is kept within strict control at all times and only used to create the address panel, or mailing labels, in the postal campaigns.
  • We have strict rules and controls on the information used. We process the information in the following way: We create a list of names and addresses from our list of customers and cross check this against the charity’s own list of donors. We also cross check the Mailing Preference Service and the Fundraising Preference Service to remove anyone that matches. This is done so that if you are an existing donor of the charity or are registered against the national suppression files you aren’t contacted. This processing may be carried out by Scotts Ltd or a trusted third party and we ensure all records are always kept secure, are only accessed by authorised personnel, and only processed to create the mailing labels on the postal packs. All data is erased once the mailing is handed over to the postal services. At no point is your data kept by the charity, the processing company or the mailing house.
  • You are in control of your information at all times and we will stop sharing your data if you ask us to

HOW WE PROTECT YOUR PERSONAL DATA

  • We know how much data security matters to all our customers. We will treat your data with the utmost care and take all appropriate steps to protect it. We secure access to all transactional areas of our websites and apps using ‘https’ technology. Access to your personal data is password-protected, and sensitive data (such as payment card information) is secured and encrypted to ensure it is protected. We regularly monitor our system for possible vulnerabilities and attacks, and we carry out testing to identify ways to further strengthen security.
  • We know how much data security matters to all our customers. We will treat your data with the utmost care and take all appropriate steps to protect it. We secure access to all transactional areas of our websites and apps using ‘https’ technology. Access to your personal data is password-protected, and sensitive data (such as payment card information) is secured and encrypted to ensure it is protected. We regularly monitor our system for possible vulnerabilities and attacks, and we carry out testing to identify ways to further strengthen security.

HOW LONG WE KEEP YOUR PERSONAL DATA

  • Whenever we collect or process your personal data, we’ll only keep it for as long as is necessary for the purpose for which it was collected.
  • At the end of that retention period, your data will either be deleted completely or anonymised, for example by aggregation with other data so that it can be used in a non-identifiable way for statistical analysis and business planning.
  • When you place an order, we’ll keep the personal data you give us for a minimum of six years so we can comply with our legal and contractual obligations.
  • We also send your details to our third-party manufacturers or suppliers, but that is only so they can process your order. This data is not stored permanently by our partners and is retained for up to 2 years. You are entitled to contact them directly for clarification.
  • We also send your details to our third-party logistics partners, but that is only so they can deliver or collect your goods. This data is not stored permanently by our partners and is retained for up to 2 years.

YOUR RIGHTS

  • You have the right to be informed about how your personal data is being used. This is done, for example, through this privacy notice. You have a right to access any personal data we hold about you. We strive to be as open as we can be in terms of giving you access to your personal information. You can find out if we hold any personal information by making a 'Subject Access Request' under GDPR Legislation. If we do hold information about you, we will:
    • give you a description of it
    • tell you why we are holding it
    • tell you who it could be disclosed to
    • let you have a copy of the information in an intelligible form.
  • To make a request for any personal information we may hold, you need to put the request in writing, addressing it to our Data Protection staff at the address provided below. If you agree, we will try to deal with your request informally, for example by providing you with the specific information you need over the telephone. If we do hold information about you, you can ask us to correct any mistakes or erase any of your personal data we hold by contacting the Data Protection Officer using the details listed in our Contact Us section.

MAKING A COMPLAINT

  • When we receive a complaint, we make up a file containing all the details of the complaint. This normally contains the identity of the complainant and any other individuals involved in the complaint. We will only use the personal information we collect to process the complaint and to check on the level of service we provide.
  • We do compile statistics showing information like the number of complaints we receive, but not in a form which identifies anyone. We usually must disclose the complainant's identity to whoever the complaint is about. This is inevitable where, for example, the accuracy of a person's record is in dispute. If a complainant does not want information identifying him or her to be disclosed, we will try to respect that. However, it may not be possible to handle a complaint on an anonymous basis.
  • We will keep personal information contained in complaint files in line with our retention policy. This means that information relating to a complaint will be retained for up to 6 years from closure. It will be retained in a secure environment and access to it will be restricted according to the 'need to know' principle. Similarly, where enquiries are submitted to us, we will only use the information supplied to us to deal with the enquiry and any subsequent issues and to check on the level of service we provide.
  • We strive to meet the highest standards when collecting and using personal information. For this reason, we take any complaints we receive very seriously. We encourage people to bring it to our attention if they think that our collection or use of information is unfair, misleading, or inappropriate. We would also welcome any suggestions for improving our procedures. This privacy notice was drafted with brevity and clarity in mind. It does not provide exhaustive detail of all aspects of our data collection and use of personal information. However, we are happy to provide any additional information or explanation needed. Any requests for this should be sent to the address at the start of this privacy policy or via the methods listed on the contact us page of the website.

In The Event of Sale

  • In the event that our business assets are sold to another company all of our data may be sold as part of our business.