We may collect, use, store and transfer different kinds of personal data about you when you visit our Website or one or our showrooms, when you register for an online account with us, when you contact us, when you subscribe to our newsletter, or when you purchase any of our products.
We want you to know that we don’t sell any of the personal data you share with us or that we collect.
Our Website is not intended for children and we do not knowingly collect data relating to children.
2. How to contact us
Halls Furnishings Ltd trading as LOFT Interiors is the “data controller” in respect of your personal data for the purposes of data protection legislation. Halls Furnishings Ltd is a limited company registered in England and Wales under company number 05070872. Our registered office is at 227 Ayres Road, Old Trafford, Manchester, Greater Manchester, M16 0NL.
Our Data Protection Officer is Elizabeth Jackson and she can be contacted at Privacy@loft.co.uk or by telephone on 0330 311 6454.
3. What data do we collect?
Personal data is any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data).
Whenever we collect, store, use, disclose or delete your personal data, this is referred to as processing your personal data. As a Website User, Visitor or Customer, we will process different kinds of personal data about you. We have grouped these together in different categories below:
Identity data – data which identifies you including your name, title and username.
Contact data – your contact details such as your delivery address, billing address, telephone numbers and email address.
Purchase data – information concerning the products you have purchased from us, including how frequently you purchase from us, whether you have used any discount codes or other offers, which products you have purchased and how much you have spent with us.
Security data - for your security, we keep an encrypted record of your login password.
Customer Service data – information relating to your interactions with our customer service team via our online chat function, or by telephone, email or post, or at one of our showrooms. For example, information you provide when you make a general enquiry, ask us for product advice or in the unfortunate case that you need to complain to us.
Financial data – data we collect if you purchase a product from us, such as your bank account and payment card details.
Review data – information you provide to us when you review our products on our Website or provide feedback to our customer services team.
Marketing data – data which we capture when you sign up to receive our newsletter and other marketing communications, including your preferences regarding us contacting you in this way.
Usage data – information about how you use our Website, including how you navigate our Website, which pages you view, the advertisements you click on, any search terms you enter and if you encounter any problems. We also collect details of how you arrive at our Website (eg through Google).
Technical data – electronic information which is automatically logged/stored by processing equipment including details of the device(s) you use to access our services, internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access our Website.
Social Media data – data we have access to through a social media platform when you connect with us or like or follow our social media accounts, including your social media handle, photograph, date of birth, location, occupation, interests and other information and content you make available via your social media accounts.
Covid-19 data – data we are required to collect to comply with public health guidance relating to the Covid-19 pandemic, for example contact details for NHS Test and Trace.
We do not collect any special category or criminal data about you (such as information about your health, criminal record, race, political opinions, religious beliefs or your sexuality).
4. When do we collect your data?
Direct interactions: Most of the personal data we hold about you is collected directly from you when you interact with us or correspond with us directly via our Website, by email, telephone, by post, on social media or at one of our showrooms. This includes personal data you provide when you:
visit our Website;
create an account on our Website;
visit one of our showrooms;
place an order for any of our products;
subscribe to receive our marketing communications;
engage with us on social media, such as by following us, liking our posts, commenting on our posts or sending direct messages;
enter a prize draw or competition with us;
contact us by any means including filling out an enquiry form on our Website or by sending us an email or telephoning customer services;
giving us feedback;
comment on or review our products on our Website.
Automated technology: When you visit our Website, our systems will automatically collect information about your equipment, browsing actions and patterns. We collect this personal data (namely Technical and Usage data) by using cookies, tracking pixels, server logs and other similar technologies. Please see the section headed “Cookies” below.
Other third parties: We may also receive personal data about you from various third parties as set out below:
our ecommerce platform provider (currently Shopify) who provides payment and other services to us to allow us to sell our products online and process electronic payments for products;
IT service providers including OrderWise who provide our stock management system;
analytics providers, such as Google Analytics and ResponseTap who provide us with Technical and Usage data;
advertising networks, such as Google Adwords and Facebook who provide us with Technical and Usage data
operators of social media platforms, including [Facebook, Instagram, LinkedIn, Twitter, YouTube and Pinterest], which may be based outside of the UK and EEA;
Online postcode look-up services to autofill your delivery address, for example.
5. How and why we use your personal data
We only process your personal data where we have a legal basis to do so. The legal basis will vary depending on the reason we are collecting your personal data. Sometimes we might rely on more than one legal basis when we process your personal data depending on why are using your data. Please contact us at any time if you need more information about how we are using your personal data and which legal basis we are relying on. We have summarised below the legal basis we rely on to use your personal data and examples of how this works in practice:
Where it is necessary for the performance of a contract to which you are a party or to take steps at your request before entering into such a contract We will need to process your data when you purchase products from us in order to process and deliver your order including taking payment from you. We are likely to process your Identity, Contact, Purchase, Customer Service and Financial data on this basis.
Where we have your consent to do so, subject to your right to withdraw consent (further details provided in the section headed “What are your rights over your data" below) We may send you marketing communications by email if you have subscribed to receiving these communications from us. We use HubSpot to monitor and improve the effectiveness of our marketing communications, which includes monitoring or tracking responses and engagement. HubSpot uses a pixel contained in our emails to track whether they are opened and which features people click on. This information enables us to make our marketing campaigns more effective and suitable to our customers. Further information on HubSpot can be found at http://www.hubspot.com. Please see the section headed “Marketing preferences” for information on how to stop direct marketing communications from us or to change your marketing preferences. We will also obtain your consent to collect certain Usage and Technical data when we ask you to consent to cookies. Please see the section headed “Cookies” below for more information. Where we process information on the basis of consent, if at any time you want us to stop processing this information, you can withdraw your consent.
Where it is necessary to comply with a legal or regulatory obligation that we are subject to We are subject to legal and regulatory obligations that require us to process your personal data, for example, anti-money laundering obligations and consumer contracts legislation. We also have a legal obligation to comply with public health guidance relating to the Covid-19 pandemic. We are likely to process your Identity, Contact, Purchase, Security, Financial, Technical and Covid-19 data in connection with this purpose.
Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests Our legitimate interests in processing your personal data for our own business purposes include the following:
To promote our products and our business, including online, via email and via social media (which may include processing Identity, Contact, Purchase, Customer Service, Review, Marketing, Usage, Technical and Social Media data);
To personalise our marketing to you to provide you with a better and more engaging experience (which may include processing Identity, Contact, Purchase, Customer Service, Review, Marketing, Usage, Technical and Social Media data);
To correspond with you concerning your online account and purchases and to respond to your queries, refund requests and complaints (which may include processing Identity, Contact, Purchase, Customer Service, Marketing, Usage and Social Media data);
To conduct our business and operate as retailer of furniture products, to further our business interests and operate profitably (which may include processing Identity, Contact, Purchase, Customer Service, Review, Marketing, Usage, Technical and Social Media data);
To develop and grow our business, improve our products and offerings, our Web Site and our customer service (which may include processing Identity, Contact, Purchase, Customer Service, Review, Marketing, Usage, Technical and Social Media data);
To process orders for products including managing payments and collecting and recovering money owed to us (which may include processing Identity, Contact, Purchase, Financial, Customer Service, Review, Marketing, Usage and Social Media data);
To send you survey and feedback requests to help us improve our products and services (which may include processing Identity, Contact, Purchase, Customer Service, Review, Marketing, Usage and Social Media data). You may opt out of receiving these requests from us at any time by updating your marketing preferences. Please see the section headed “Marketing preferences” for more information;
To administer and protect our business, our site and online store (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data) ((which may include processing Identity, Contact, Purchase, Customer Service, Review, Usage and Technical data);
To create and maintain accurate business records (which may include processing Identity, Contact, Purchase, Customer Service, Review, Marketing, Usage, Technical and Social Media data);
To protect our business and financial interests and for the purpose of establishing, exercising or defending legal claims (which may include processing Identity, Contact, Purchase, Security, Customer Service, Financial, Review, Marketing, Usage, Technical and Social Media data);
To ensure our site and online store are being used in compliance with relevant terms and conditions (which may include processing Identity, Contact, Purchase, [Security,] Customer Service, Financial, Review, Marketing, Usage, Technical and Social Media data); and
For fraud prevention, anti-money laundering, and for the prevention or detection of crime (which may include processing Identity, Contact, Security, Financial, Usage and Technical data).
6. Change of purpose
We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If we wish to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.
We may process your personal data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.
7. If you fail to provide personal data
Where we need to collect personal data from you in order to comply with our legal obligations or to perform a contract we have with you and you fail to provide that data when requested, we may not be able to perform the relevant contract (for example, to deliver your products or process your payment). In this case, we may have to cancel the relevant contract.
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. Your personal data is only available to authorised personnel of LOFT who need access to the information in order to fulfil their duties. All LOFT personnel who have access to your personal data will only process your personal data on our instructions and they shall be subject to a duty of confidentiality.
We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected breach where we are legally required to do so.
Unfortunately, however, the transmission of information via the internet is not completely secure. Although we do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our Website; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.
Once we no longer require your personal data, we will take reasonable steps to destroy it in a secure manner.
9. How long will we keep your data?
We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting or reporting requirements.
To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
In relation to marketing consents, we may ask for your updated consent from time to time if we have not heard from you in a while to check that you still want to receive our emails. If you decide to opt-out we will keep a record of this alongside your email address or other contact details to ensure that we do not send you marketing communications going forward.
In some circumstances we may anonymise your personal data (so that it can no longer be associated with you) in order to develop our business methods and strategy or for research or statistical purposes, in which case we may use this information indefinitely without further notice to you.
We shall not have any liability whatsoever to you for the deletion of personal data in accordance with our data retention policy.
10. Who do we share your data with?
We may share your personal data with the following third parties in order to perform a contract with you, comply with a legal or regulatory obligation, in our legitimate interests of conducting our business or where you have consented:
IT companies who support our Website and provide other business systems, such as our ecommerce provider Shopify, RABB-IT and Carpe Diem
Payment providers, such as Stripe, who provide payment services to us to allow us to process electronic payments for products;
Stock control services such as OrderWise;
Operational companies such as delivery couriers;
Third party ‘shop now, pay later’ finance providers, such as PayL8r
Data analytics companies such as Google Analytics and ResponseTap.
Direct marketing companies such as HubSpot.
Social media platforms and online search engines, such as Facebook, Instagram, LinkedIn, Twitter and Pinterest, to show you products that might interest you while you’re browsing the internet and using social media platforms.
Third parties to whom we may choose to sell, transfer or merge parts of our business or assets. Alternatively, we may seek to acquire other businesses or merge with them.
Other companies and organisations for the purposes of fraud protection and credit risk reduction, HM Revenue & Customs, the police, regulators and other authorities and public bodies.
Professional advisers, including lawyers, bankers, auditors and insurers who provide consultancy, banking, legal, insurance and accountancy services.
We require all our data processors to respect the security of your personal data and to treat it in accordance with the law. We do not allow our data processors to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.
From time to time, we may enter into agreements with third party brands to cross-advertise our products to our respective customers. This means you may receive third party advertising material with your delivery of products. However, we do not share your personal data with these third parties.
11. International transfers
If we need to transfer your data outside of the UK, we ensure your data receives the same protection as if it were being processed inside the UK by ensuring at least one of the following safeguards is implemented:
We will transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data by UK adequacy regulations. For further details, see https://ico.org.uk/for-organisations/guide-to-data-protection/guide-to-the-general-data-protection-regulation-gdpr/international-transfers-after-uk-exit/#adequacy-decision.
In some instances, we may use specific contracts approved by the European Commission which give personal data the same protection it has in the EEA. For further details, see European Commission: Model contracts for the transfer of personal data to third countries and https://ico.org.uk/for-organisations/guide-to-data-protection/guide-to-the-general-data-protection-regulation-gdpr/international-transfers-after-uk-exit/#adequacy-decision.
Please contact us if you want further information on the specific mechanism used by us when transferring your personal data outside of the UK or EEA.
In the case of data processed by our ecommerce platform Shopify, please see https://help.shopify.com/pdf/cross-border-whitepaper.pdf for details of the data transfers made by them outside the UK.
12. What are your rights over your data?
You have certain rights in respect of the personal data that we process about you (where we are the data controller because we determine the purpose and means for which that personal data shall be processed):
the right to request access to your personal data that we hold and to receive certain information relating to that data;
the right to ask us to rectify inaccurate data or to complete incomplete data;
the right to receive or ask for your personal data to be transferred to a third party in a structured, commonly used and machine-readable format (note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you);
the right to request the erasure of personal data if it is no longer necessary in relation to the purposes for which it was collected or processed or if you have successfully objected to processing (note, however, that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request);
the right to object to to how we process your personal data in certain circumstances, including the right to ask us not to process your personal data for marketing purposes;
the right to restrict processing of your personal data, for example if you want us to establish the accuracy of the data or you have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it; and
where we are processing personal data relating to you on the basis that we have your consent to do so, you may withdraw your consent at any time (this will not affect the lawfulness of any processing carried out before you withdraw your consent). If you withdraw your consent, we may not be able to provide certain products or services to you.
If you wish to exercise any of the other rights set out above, please contact us by email at Privacy@loft.co.uk or by telephone on 0330 311 6454.
We may ask you to verify your identity if you make a request to us to exercise any of the rights set out above. This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response. You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.
We will try to respond to all legitimate requests within one month. Occasionally, it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.
13. Marketing preferences
There are several ways you can stop direct marketing communications from us:
You can click the ‘unsubscribe’ link in any email communication that we send you.
If you have an account, you can log in and change your preferences.
You can contact us by email at Privacy@loft.co.uk or by telephone on 0330 311 6454.
Please note that you may continue to receive communications for a short period after changing your preferences while our systems are fully updated.
For more information about the cookies we use and the reasons why we use them, please see our Cookies Policy.
15. Links to other websites
16. How to complain
Please let us know if you are unhappy with how we have used your personal data. You can contact us by email at Privacy@loft.co.uk or by telephone on 0330 311 6454.
You have the right to make a complaint at any time to the Information Commissioner's Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk). We would, however, appreciate the chance to deal with your concerns before you approach the ICO, so please do contact us in the first instance and we shall endeavour to resolve your complaint.
17. Changes to your data
It is important that the personal data we hold about you is accurate and current. Please let us know if change your contact details change during your relationship with us. You have the right to question any information we hold about you that you think is wrong or incomplete. Please contact us if you want to do this.