Who we are
We are SHEL Holdings Europe Limited ("Selfridges Group"). Our contact and other details are set out at the end of this policy. We are the data controller in relation to the personal data processed in accordance with this policy (except where this policy explains otherwise).
The following luxury retail businesses are part of our group:
- Brown Thomas
- Holt Renfrew
- Selfridges & Co
- de Bijenkorf
Each of these businesses operates as a separate independent legal entity, registered in various parts of the world and each has its own brand identity and website (details of which are set out below) where you can find out more information about each of them. Each of these businesses are independently responsible for their own legal and regulatory compliance and any other issues arising from any transactions with you. This means that they are responsible for any processing by them of any of your personal data, and you should refer to their websites and privacy policies for information about this (and to find out how to contact them directly) – see personal data relating to our group companies, below.
What information do we collect?
In general, you can visit the website (www.selfridgesgroup.com) without providing any information and we won't know your identity.
Should you wish to contact us you can do so by leaving your personal details on our “Contact” page. We will then know your identity and the activities you carry out on the website. Information we collect about your computer may then be linked on our systems to you. We may also retain copies of any correspondence or contact details you send us.
In Person, By Post or Email
Should you contact us by means other than via the website (including in person, by post, fax or email) we may also collect and store information you provide to us. This would include any curriculum vitaes and personal contact data.
We confirm that any personal information which you provide to us, and any information from which we can identify you, is held in accordance with the registration we have with the Information Commissioner’s Officer.
The purposes for which we collect personal data
We collect and process personal data as follows:
|If you provide goods or services (or you work for someone who supplies goods or services) to us.||We may collect your individual contact information to enable us, our group companies or other suppliers of ours or our group companies to communicate with you in relation to the provision of goods or services by you or the person that you work for (for example, in relation to the management and administration of the provision of the relevant goods or services) and other personal information relating to you to in the course of provision of the goods or services concerned. This may include, for example, bank account or other financial details, personal description and photograph, and other information relating to you that is included in any communications between us and you or anyone you work with in the course of provision of the goods or services.|
|If we are assessing your suitability or ability to provide goods or services to us or to any of our group companies||We may collect relevant personal information relating to you to the extent necessary to enable that assessment to take place – for example, if we need to assess or confirm your age, your right to work in the UK, your skills and previous experience, your qualifications or whether there is anything (for example, relating to your past history, your health or your conduct or reputation) that would adversely affect your suitability or ability to provide the goods or services concerned. This will be explained to you in more detail at the time we collect the personal data and, where appropriate, will be subject to your prior consent.|
|If you are invited to, or attend, an event organised or managed by us||We may collect your individual contact and related information (as well as that of anyone who is attending the event with you) as necessary to enable you and any other relevant individuals to be invited to, and to attend, the event and to facilitate your attendance (for example, dietary or special access requirements).|
|If we have to provide or arrange any facilities, resources, travel, accommodation or anything else necessary to enable or assist you to provide goods or services to us||We may collect relevant personal information relating to you in order to enable us to do so (for example, your passport details if we have to arrange travel or accommodation for you).|
|If you apply for a position with us||We may collect personal information in relation to you in connection with any application by you for a position with us. In that case, we will explain in more detail at the time how and for what purposes we intend to process the relevant personal information.|
|If you are a customer or other contact of any of our group companies||We may collect your individual contact information or other information relevant to your dealings with, or of other relevance to, our group companies (for example, goods or services that you have obtained from our group companies or relevant communications with our group companies). This will only be on an exceptional basis where required in order to enable us to understand issues relevant to the group companies concerned and for us to assist with their management.|
Where we process your personal data
We normally process personal data only in the UK or elsewhere in the EU.
Where necessary in order to manage our business, we may share relevant personal data with our group companies outside the EU, but only to the extent necessary in order to provide the services concerned.
Security of your personal data
All personal data processed by us is stored securely (the level of security being appropriate to the nature of the data concerned and the other relevant circumstances).
Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our website and any transmission is at your own risk. Once we have received your information, we will use appropriate procedures and security features to try to prevent unauthorised access.
Who we share your personal data with
We may where appropriate share your personal data with:
- Any member of our group, which means our subsidiaries, our holding company and its subsidiaries.
- Appropriate third parties including:
- our business partners, suppliers and sub-contractors for the performance of any contract we enter into or other dealings we have in the normal course of business with you or the person that you work for;
- our auditors, legal advisors and other professional advisors or service providers;
- credit or other similar reference agencies for the purpose of assessing your suitability or ability where this is in the context of us entering (or proposing to enter) into a contract with you or the person that you work for.
- In relation to information obtained via our website:
- analytics and search engine providers that assist us in the improvement and optimisation of our site and subject to the cookie section of this policy.
Other disclosures we may make
We may disclose your personal data to third parties:
- If we or substantially all of our assets are acquired by a third party, in which case personal data held by it will be one of the transferred assets.
- If we are under a duty to disclose or share your personal data in order to comply with any legal obligation, or in order to enforce or apply our terms of supply terms and other agreements with you or the person that you work for; or to protect the rights, property, or safety of our business, our group companies, or others. This includes exchanging information with other companies and organisations for the purposes of fraud protection, or credit risk reduction.
The legal basis for our processing of personal data
The legal basis on which we process your personal data is as follows:
- Where it is necessary to obtain your prior consent to the processing concerned in order for us to be allowed to do it, we will obtain and rely on your consent in relation to the processing concerned (in relation to any processing we are carrying out with your consent, see below for how to withdraw your consent).
- Otherwise, we will process your personal data where the processing is necessary:
- for the performance of a contract to which you are a party or in order to take steps at your request prior to entering into such a contract;
- for compliance with a legal obligation to which we are a subject; or
- for the purposes of the legitimate interests pursued by us or another person, provided that this will only be in circumstances in which those legitimate interests are not overridden by your interests or fundamental rights and freedoms which require protection of personal data (most circumstances in which we process your personal data in relation to a relationship that we have with the person that you work for will fall into this category).
How long we keep your personal data
We process personal data only for so long as is necessary for the purpose(s) for which it was originally collected, after which it will be deleted or archived except to the extent that it is necessary for us to continue to process it for the purpose of compliance with legal obligations to which we are subject or for another legitimate and lawful purpose.
You have the following rights in relation to personal data relating to you that we process:
- You may request access to the personal data concerned.
- You may request that incorrect personal data that we are processing be rectified.
- In certain circumstances (normally where it is no longer necessary for us to continue to process it), you may be entitled to request that we erase the personal data concerned.
- Where we are processing your personal data for marketing purposes or otherwise based on our legitimate interests, you may in certain circumstances have a right to object to that processing.
- Where we are processing personal data relating to you on the basis of your prior consent to that processing, you may withdraw your consent, after which we shall stop the processing concerned.
To exercise any of your rights (including withdrawing relevant consents or obtaining access to your personal data), you should contact us as set out below.
If you have a complaint about any processing of your personal data being conducted by us, you can contact us or lodge a formal compliant with the Information Commissioner.
Personal data processed by our group companies
Please note that we cannot provide you with any information held about you by any of our other group companies (in particular Brown Thomas & Co. Ltd, Arnotts Limited, Holt Renfrew & Co. Ltd, Selfridges Retail Limited and Magazijn “De Bijenkorf” B.V.) as we are not the controller of this information and do not have access to it.
To obtain a copy of the information held about you, or exercise any other rights relevant to information processed, by any other group company, you should make a request of the relevant company directly. Should you require any further information in this regard please visit the relevant group company’s website:
Contacting the regulator
The Information Commissioner is the supervisory authority in the UK and can provide further information about your rights and our obligations in relation to your personal data, as well as deal with any complaints that you have about our processing of your personal data.
Our contact details are:
SHEL Holdings Europe Ltd
400 Oxford Street
Contact: Selfridges Group Data Protection Co-Ordinator
Phone: 0207 318 2466
Updates to this policy
Date of this policy
This policy was last updated on 22 May 2018.