No7 Privacy & Security Notice

 

1. Our promise to you

We are committed to maintaining our customers' privacy. We take great care to safeguard the personal information that we collect to ensure that our customers' privacy is maintained. We have provided this notice to you to describe our information collection and use practices at No7. This notice also describes the choices you can make about the way your information is collected, used, and shared. This notice applies to any information collected by us through the use of our websites, mobile applications, and any other interactions with us as described below.

Your personal information is any information that can be used to directly or indirectly identify you. This includes information such as your name, date of birth, email address, mailing address and phone number. We may also collect personal information that does not directly identify you by name or contact information, but which may be used to identify that a specific computer or device has accessed our website or online services.

2. Who’s in control of your information?

Throughout this Privacy Policy, ‘we’ or “No7” means The Boots Company PLC. We are part of the Walgreens Boots Alliance group of companies, including subsidiaries, affiliates, joint ventures and franchises. You can find out more about the companies in our group at http://www.walgreensbootsalliance.com/.  

 3. Collecting information about you

• Information we collect from you

We collect personal information about you whenever you visit our website or subscribe to our notifications. We also may capture information about your computer or device such as your IP address, or a cookie ID that may be used to identify you.

• Information we collect from your use of our services

 Log information refers to information that is automatically sent by your web browser or device (or otherwise automatically collected by us) each time you view or interact with our online services and ads.  Log information may include the online service(s) requested; date and time of your request; referring URL (i.e., the website you came from); browser type; browser language; device operating system; device hardware and other characteristics; information regarding your use of our online services (e.g., pages viewed, features used, number of clicks, time spent on a particular page); and related device and usage data.  Log information is automatically recorded by our servers each time you view or interact with our online services and ads.

Device information refers to device-specific information that we automatically collect when you view or interact with our online services and ads.  Device information may include your device type and model; device operating system and version; unique device and advertising identifiers; mobile network information; and related device information.  To learn more about the information your device may make available to us, please check the policies of your device manufacturer or software provider.

• Information we collect online: Cookies and Similar Technologies

We use Cookies on this website.  A 'Cookie' is a file in your web browser that enables us to recognise your computer when you visit the site and make using our website quicker and easier (e.g. login fields may be pre-filled with your email address). Cookies are also essential to the functioning of certain parts of the site and we use them to collect information about how the site is used, such as how many people visit and return and what products are being viewed. We may also use Cookies for marketing and to give you a more personalised experience on our website. For a complete list of the cookies we use and how we use them, please go to our cookie policy.

• How we use Cookies, Beacons and Similar Technologies:

Making our website work:

Certain Cookies are essential so that you can move around the site and log in to your Account. Without them you would be unable to take certain actions on our website or access your account.

Monitoring and improving the performance of the website:

We may use Cookies to collect information about how visitors use the site, e.g. which pages they visit most often and whether they see error messages. The information is aggregated so it does not identify individuals, and we use it only to help us improve the way the website works.

Enabling the features of the website:

We may use Cookies that allow our website to remember choices you have made, such as your user name, and help us provide you with a better, more personal experience. For example, they may allow you to watch a video clip, comment on a blog or add a product review. 

Marketing and advertising:

We may use Cookies to deliver advertisements that are more relevant to you, as well as to limit the number of times you see a particular advertisement and to measure the effectiveness of advertising campaigns. The Cookies remember that you have visited a website and this information may then be shared with other organisations for advertising purposes.

What are ‘Flash Cookies’ (or ‘Local Shared Objects’)?

If your browser does not support HTML5 player, we may deliver video content using Adobe Flash Player instead (although you may experience display problems if your browser is unsupported).  Flash Cookies are stored on your device in a similar way to other types of Cookie, but they're managed differently by your browser, and if you wish to disable or delete them you can do this through Adobe Flash Player security settings.

Restricting or blocking Cookies

As you will have seen in ‘How We Use Cookies’ above, some parts of our website need Cookies in order to function correctly. By default, Cookies should be enabled on your computer or device, and although you can ‘disable’ them in your browser this will affect your experience on the website. You will be limited to browsing, viewing and searching for products but may not be able to take additional actions on our site or log in to your account.

If you'd still prefer to restrict, block or delete Cookies from this or any other website, you may do so in your internet browser. Each browser is different, so you’ll need to go to the 'help' menu on your browser and look for how to change your ‘Cookie preferences’. The website www.aboutcookies.org contains comprehensive information on how to do this on a wide variety of browsers.

Disabling advertising Cookies

We may engage third party advertisers to provide interest-based advertising on our website, as well as other third party sites in order to display advertising that is relevant to you. These third parties may collect information about your use of our services over time and that information may be combined with information collected on different websites and online services.

If you are concerned about behaviourally targeted advertising Cookies (which serve you advertisements based on your use of this website and other websites), users based in the EU can visit the following websites to find out more and opt out of advertising Cookies:

http://youronlinechoices.eu/
http://www.networkadvertising.org/choices/

Users based in the US can visit http://www.aboutads.info/choices/ to opt out of these third party Cookies.

Please Note: When you "opt-out" of receiving interest-based advertisements, this does not mean you will no longer see advertisements from us. It means that the online ads that you do see will not be tailored for you based on your particular interests. We may still collect information about you for any purpose permitted under the Policy, including for analytics.

Google Analytics

Some of our online services may use Google Analytics, a web analytics service provided by Google.  Google Analytics utilizes cookies and similar technologies to collect and analyze non-identified information (i.e., data that does not identify a specific individual) about the performance and use of our online services and ads.  More information on Google Analytics can be found here. If you would like to opt-out of having your information collected and used by us and our online partners as described herein, please use the Google Analytics opt-out available here.

Your privacy and shared computers

If you log in to the website from a shared computer, such as in an internet cafe or from a colleague’s computer at work, Cookies may cause your email address to display in the login field to anyone who uses the site on that computer after you.  You can avoid this by clearing the Cookies stored by the web browser. The option to do this can normally be found within your browser ‘tools’ preferences.

• Information we obtain from external companies

We collect data that is publicly available. For example, information you submit in a public forum (e.g., a blog, chat room, or social network) can be read, collected or used by us and others, and could be used to personalize your experience. You are responsible for the information you choose to submit in these instances.

From time to time we may supplement the information we hold about you with data from other commercially-available sources like the electoral roll and companies that collate and update data. This helps us keep our records up to date and learn more about our customers so we can continue to improve our products and services. 

Occasionally, for marketing purposes, we may obtain lists of potential customers from external companies. We will only deal with reputable companies that take privacy and data protection as seriously as we do, and we will always let you choose not to receive further marketing material from us.

• Information from within our parent company

As you’ll have seen in ‘Who’s in control of your information’, The Boots Company PLC is part of the Walgreens Boots Alliance group of companies. If you are also a customer of Boots or other companies in our group, we may consolidate the information we hold about you across our group. This helps us build a better picture of our customers, develop our products and services and, with your consent, provide you with offers and information we think may interest you. 

4. How we use your personal information

We use your personal information for a number of different purposes.  Some are essential for us to provide the services you use or to fulfil our legal obligations; some help us run our business efficiently and effectively; and some enable us to provide you with more relevant and personalised offers and information. In all cases we must have a reason and a legal ground for processing your personal information. Some of the most common legal grounds we rely are briefly explained below;

 

Reason for processing

Detail

Examples  

Your Rights

Consent

You will be asked to confirm that you are happy to provide your personal data and that you give your permission to No7 to process your personal data.  All of the details such as why No7 wants your data, how it will be used and if your data will be shared will be provided at the time of asking you for your consent.

 

Where No7 is relying on consent you will usually see a tick box.

No7 may use consent where we are asking you to confirm you marketing preferences to ensure we only contact you via the medium you have chosen i.e. text or email.

 

You may also be asked to give your consent when you are entering any sort of competition or sweepstakes. 

 

 

 

If some of your details have changed since the time you provided your consent you can update and amend your details at any time.

 

You have the right to withdraw your consent at any time if you no longer want to be part of the processing activity.

If you no longer want No7 to hold your data you can request for your data to be erased.

 

Legal obligation

No7 will on occasion be under a legal obligation to obtain and disclose your personal data.

 

Where possible No7 will notify you when processing your data due to a legal obligation however this may not always be possible.

In order to prevent criminal activity or help to detect criminal activity we may share information with forces such as the Police. This is done in a safe and secure manner. You may not be notified of this.

 

It is essential that No7 complies with its legal, regulatory and contractual requirements. If you object to this processing No7 will not be able to offer you the service.

 

 

Legitimate Interest

 

No7 may also hold personal data for our own legitimate business interest.  This relates to us managing our business to enable us to give you the best service/products and most secure experience.  When we rely on this, we will carry out a legitimate interest assessment to ensure we consider and balance any potential impact on you (both positive and negative), and your rights under data protection laws.

 

It can also apply to processing that is in your interests as well.

 

Our legitimate business interests do not automatically override your interests - we will not use your Personal Data for activities where our interests are overridden by the impact on you unless we have your consent or are otherwise required or permitted to by law.

 

We may process your information to protect you against fraud when transacting on our website, and to ensure our websites and systems are secure.

We have an interest in making sure our marketing is relevant for you, so we may process your information to send you marketing that is tailored to your interests. 

 

 

 

 

 

 

If you have any concerns about the processing, you have the right to object to processing that is based on our legitimate interests.

  

 

 

 

 

 

 

 

 

 

 

• Providing our products and services

We use your personal information to provide our products and services, respond to queries and comments and provide you with the best possible level of customer service.

• Our own internal purposes

We use your personal information to improve the effectiveness of our services, conduct analysis, and to perform other business activities as needed.

• Learning more about you

If you are a customer of Boots, Walgreens (or other companies within the Walgreens Boots Alliance Group) as well as No7, we may in future link or consolidate the information we hold about you across the companies in our group and the different channels you use to interact with us (such as website, stores, the Boots or Walgreen app, correspondence etc.). This helps us to build a clearer picture of our customers both as a group and as individuals. By understanding you better we can offer you a better, more personal experience. You can find out more about how Boots or Walgreens uses personal information in the privacy policies located on the Boots.com and Walgreens.com websites.

• Marketing and advertising

We may analyse your personal information, including the products you view and buy, your browsing habits and other ways you interact with us, to evaluate the effectiveness of our advertising and help us provide more relevant offers and content. Rest assured, however, that we will only send you marketing material if you’ve agreed that we can. 

Where you have agreed that we may send you marketing material, we may in future send you material from other companies within our group as well as from us. We will always make it easy for you to opt out of receiving further material. You can find out more about the companies in the Walgreens Boots Alliance group on our website.

You can change your mind about receiving marketing material from us at any time by contacting us by telephone at contacting us by telephone on +44 (0)330 678 0358, +44 (0)115 949 4997, or 1 800 528 2148 for US residents.  Alternatively, you can opt out of email marketing by clicking the link at the bottom of any email we have sent you. Please be aware that, as our marketing campaigns are prepared well in advance, you may still receive material from us for up to 10 business days.

• Research

From time to time we may invite you to take part in market research activities such as customer surveys, questionnaires or focus groups.

5Sharing your information

• Companies that provide services on our behalf

We may share your personal information with companies who provide services on our behalf that are related to our business. These tasks may include analysing site data, customer service, electronic and postal mail service, and social and other media services. Third party service providers only receive your personal information as required to perform their role and we instruct them not to use it for any other purpose.

Examples of the functions that may be carried out by external companies:
                              • Customer service centre
                              • Mailing houses
                              • Printers
                              • Couriers
                              • Delivery services
                              • Manufacturers or suppliers
                              • Companies that cleanse data
                              • Payment providers
                              • Companies that do fraud and money laundering checks
                              • Companies that provide web hosting, content providers, competitions, and sweepstakes
                              • Data storage facilities
                              • IT services and support

We may work with other companies who place cookies, tags, and web beacons on our websites. These companies help operate our websites and provide you with additional products and services. We may also use third party advertising networks to serve advertisements on our behalf. The cookies received with the banner advertisements served by these networks may be used to collect and build behavioral profiles by these companies to deliver targeted advertisements on our website and unaffiliated websites.

• Sharing data outside of the European Economic Area (EEA)

The EEA comprise of Austria, Belgium, Bulgaria, Croatia, Republic of Cyprus, Czech Republic, Denmark, Estonia, Finland, France, Germany, Greece, Hungary, Ireland, Italy, Latvia, Lithuania, Luxembourg, Malta, Netherlands, Poland, Portugal, Romania, Slovakia, Slovenia, Spain, Swedenand the UK. Personal data can be transferred, processed and stored within these countries safely and securely as they offer an adequate level of protection to personal data in comparison to the UK.

There are number of additional countries that can also offer an adequate level of protection these are Andorra, Argentina, Canada, Faroe Islands, Guernsey, Israel, Isle of Man, Jersey, New Zealand, Switzerland and Uruguay.

Currently No7 shares information with the US.  If your information is to be sent outside Europe, we make sure it will be subject to standards of protection and security that are as high as those used here in the UK.

We take your data very seriously therefore we will always conduct a full review of all of our supplies processes and procedures including storage solutions for our data. In order to ensure adequacy when sending your data outside of the EEA we put in place contracts based on the Standard EU Model Contract Clauses which are designed by the European Commission to guarantee adequacy for any data transfer and processing of this nature.

Can I opt out of having my data shared?

As your data is stored safely and securely both inside and outside of the EEA we cannot offer alternative storage solution if you wish to opt out of having your data stored outside of the EEA you will need to close your account.

 Legal obligations

We may share your Personal Information with third parties where required or permitted by law, if we believe we need to do so to protect our rights and interests, or to comply with legal proceedings. In such cases, we will always do so legally and with due regard to your privacy.

• Changes to our business

If ownership of all or part of our business changes or we undergo a reorganisation (including a merger or transfer between Walgreens Boots Alliance companies), we will transfer your personal information to the new owner or successor company so we can continue to provide our services.

6. How long do we keep your personal information?

We hold your personal information for as long as you remain a customer, or as required to meet our legal obligations or those of our parent group, resolve disputes or enforce our agreements. This may mean we need to keep some of your information for a period of time after you cease to be a customer but we will always store it securely and will not use it for any other purposes. 

7. Links to other websites

If we provide links to any external websites, please be aware that each website’s provider will have its own privacy and Cookies policies, which may differ from ours. You should review that company’s privacy policy and use of Cookies before using the site or giving any personal information.

8. Social Media and Ads

We engage with guests on multiple social media platforms (e.g., Facebook and Instagram). If you contact us on one of our social media platforms, request guest service via social media, or otherwise direct us to communicate with you via social media, we may contact you via direct message or use other social media tools to interact with you. In these instances, your interactions with us are governed by this privacy policy as well as the privacy policy of the social media platform you use.

We may display targeted ads to you through social media platforms and other websites. These ads are sent to groups of people who share traits such as likely commercial interests and demographics. For example, we may target guests who have expressed an interest in shopping for cosmetics, skincare, etc.
If you have provided us with your email address and you consented to receive e-marketing, you may see ads that are tailored to your interests, based on the information we hold about you. For example, your age or the products you have browsed on our website. See the policies of each social media platform for additional information about these types of ads.

9. Social Media Plug-Ins

Our online services may use social media plug-ins (e.g., the Facebook "Like" button, "Share to Twitter" button) to enable you to easily interact with certain social media websites (e.g., Facebook, Twitter, Instagram) and share information with others.  When you visit our online services, the operators of the available social media plugins can place a cookie on your device enabling such operators to recognize individuals who have previously visited our online services.  If you are logged into these social media websites while visiting our online services, the social media plugins allow the relevant social media websites to receive information that you have visited our online services or other information.  The social media plugins also allow the applicable social media websites to share information about your activities on our online services with other users of the social media website.  For example, Facebook Social Plugins allow Facebook to show your "Likes" and comments on our online services to your Facebook friends.  Facebook Social Plugins also allow you to see your friends' Facebook activity on our online services.  We do not control any of the content from the social media plugins. For more information about social media plugins from other social media websites, please refer to those websites' privacy and data sharing statements.

10. Our "Do Not Track" Policy

We respect enhanced user privacy controls. We support the development and implementation of a standard "do not track" browser feature, which signals to websites that you visit that you do not want to have your online activity tracked. Please note that at this our website does not interpret or respond to "do not track" signals. However, you may set your Web browser to not accept new cookies or web beacons, be notified when you receive a new cookie, or disable cookies altogether. Please note that by disabling these features, your experience will not be as smooth and you will not be able to take full advantage of our website's features. Please see the Help section of your browser for instructions on managing security preferences.

11. Minors

We recognise the importance of protecting children’s privacy online. Our website and services are intended for a general audience and are not directed at children. We do not knowingly collect personal information from children under the age of 13.

If you are under the age of 18 and are a registered user of the site, you may request that we remove content or information that you have posted on our site or in our community. Please note that responding to your request may not ensure a complete or comprehensive removal (e.g., if the content or information has been reposted by another user.) To request removal, please contact us at customerservice@care.boots.com

12.  Staying in control of your information and your rights

We respect the fact that your personal information is your information, and we will always make it easy for you to update or change your personal details or marketing permissions. Please help us to help you by letting us know if your contact details change or if you spot any errors in the information we hold about you.

• Your right of access:

If you would like a copy of the information No7 holds about you or have any queries about the way we handle your personal information, please contact our Customer Service Centre at customerservice@care.boots.com

• Your right to request deletion:

While you remain a customer we will process and retain your data as described in this Policy. Once you cease to be a customer we will hold your data as described in the data retention section. You do have a right to request that we delete your personal data we hold. This is not an automatic right, depending on the type of data that we hold about you will depend on what we are able to delete. Please email customerservice@care.boots.com to request you data to be deleted.

• Your right to processing;

You have to right to request that we stop certain data processing activates that involve processing your personal data, this can be processes such as collecting your name and address on your account to deliver services to you, among other examples given above. This is not an automatic right, depending on the type of data that we hold about you and why will depend on what we are able to do. Please contact our Customer Service Centre at customerservice@care.boots.com to exercise your right to object to our processing your data.

• Your right to portability:

You have the right to request that we transfer your personal data in a machine readable format. This is not an automatic right and will depend on the legal basis used to process your personal data. Please email customerservice@care.boots.com to make this request.

13. Changes to this privacy policy

We may update this policy from time to time so we recommend that you check back here occasionally. If we make changes we think may affect you significantly, we’ll provide you with a prominent notice by the most appropriate medium so you know about the changes before they happen. We will always note the effective date of the latest version at the bottom of this notice.

14. How To Contact Us:

If you have questions or concerns about your privacy, you may contact our Data Protection Officer by telephone on +44 (0)330 678 0358, +44 (0)115 949 4997, or 1 800 528 2148 for US residents. Alternatively, you may write to us by post at The Boots Company PLC, 1 Thane Road West, Nottingham, Nottinghamshire, NG2 3AA. If you believe your privacy rights have been violated, you can file a complaint with the Data Protection Officer. You also have the right to complain to your local Data Protection Authority. If you are located in the UK, you may contact the UK ICO at casework@ico.org.uk

 
EFFECTIVE DATE: 23rd May 2018