No7 Privacy & Security Notice
1. Our promise to you
We are committed to maintaining our customers' privacy. We take great care to safeguard the personal information that we collect to ensure that our customers' privacy is maintained. We have provided this notice to you to describe our information collection and use practices at No7. This notice also describes the choices you can make about the way your information is collected, used, and shared. This notice applies to any information collected by us through the use of our websites, mobile applications, and any other interactions with us as described below.
Your personal information is any information that can be used to directly or indirectly identify you. This includes information such as your name, date of birth, email address, mailing address and phone number. We may also collect personal information that does not directly identify you by name or contact information, but which may be used to identify that a specific computer or device has accessed our website or online services.
2. Who’s in control of your information?
3. Collecting information about you
• Information we collect from you
We collect personal information about you whenever you visit our website or subscribe to our notifications. We also may capture information about your computer or device such as your IP address, or a cookie ID that may be used to identify you.
• Information we collect from your use of our services
Log information refers to information that is automatically sent by your web browser or device (or otherwise automatically collected by us) each time you view or interact with our online services and ads. Log information may include the online service(s) requested; date and time of your request; referring URL (i.e., the website you came from); browser type; browser language; device operating system; device hardware and other characteristics; information regarding your use of our online services (e.g., pages viewed, features used, number of clicks, time spent on a particular page); and related device and usage data. Log information is automatically recorded by our servers each time you view or interact with our online services and ads.
Device information refers to device-specific information that we automatically collect when you view or interact with our online services and ads. Device information may include your device type and model; device operating system and version; unique device and advertising identifiers; mobile network information; and related device information. To learn more about the information your device may make available to us, please check the policies of your device manufacturer or software provider.
• Information we collect online: Cookies and Similar Technologies
Making our website work:
Certain Cookies are essential so that you can move around the site and log in to your Account. Without them you would be unable to take certain actions on our website or access your account.
Monitoring and improving the performance of the website:
Enabling the features of the website:
Marketing and advertising:
What are ‘Flash Cookies’ (or ‘Local Shared Objects’)?
If your browser does not support HTML5 player, we may deliver video content using Adobe Flash Player instead (although you may experience display problems if your browser is unsupported). Flash Cookies are stored on your device in a similar way to other types of Cookie, but they're managed differently by your browser, and if you wish to disable or delete them you can do this through Adobe Flash Player security settings.
Restricting or blocking Cookies
If you'd still prefer to restrict, block or delete Cookies from this or any other website, you may do so in your internet browser. Each browser is different, so you’ll need to go to the 'help' menu on your browser and look for how to change your ‘Cookie preferences’. The website www.aboutcookies.org contains comprehensive information on how to do this on a wide variety of browsers.
Disabling advertising Cookies
We may engage third party advertisers to provide interest-based advertising on our website, as well as other third party sites in order to display advertising that is relevant to you. These third parties may collect information about your use of our services over time and that information may be combined with information collected on different websites and online services.
If you are concerned about behaviourally targeted advertising Cookies (which serve you advertisements based on your use of this website and other websites), users based in the EU can visit the following websites to find out more and opt out of advertising Cookies:
Users based in the US can visit http://www.aboutads.info/choices/ to opt out of these third party Cookies.
Please Note: When you "opt-out" of receiving interest-based advertisements, this does not mean you will no longer see advertisements from us. It means that the online ads that you do see will not be tailored for you based on your particular interests. We may still collect information about you for any purpose permitted under the Policy, including for analytics.
Some of our online services may use Google Analytics, a web analytics service provided by Google. Google Analytics utilizes cookies and similar technologies to collect and analyze non-identified information (i.e., data that does not identify a specific individual) about the performance and use of our online services and ads. More information on Google Analytics can be found here. If you would like to opt-out of having your information collected and used by us and our online partners as described herein, please use the Google Analytics opt-out available here.
Your privacy and shared computers
If you log in to the website from a shared computer, such as in an internet cafe or from a colleague’s computer at work, Cookies may cause your email address to display in the login field to anyone who uses the site on that computer after you. You can avoid this by clearing the Cookies stored by the web browser. The option to do this can normally be found within your browser ‘tools’ preferences.
• Information we obtain from external companies
We collect data that is publicly available. For example, information you submit in a public forum (e.g., a blog, chat room, or social network) can be read, collected or used by us and others, and could be used to personalize your experience. You are responsible for the information you choose to submit in these instances.
From time to time we may supplement the information we hold about you with data from other commercially-available sources like the electoral roll and companies that collate and update data. This helps us keep our records up to date and learn more about our customers so we can continue to improve our products and services.
Occasionally, for marketing purposes, we may obtain lists of potential customers from external companies. We will only deal with reputable companies that take privacy and data protection as seriously as we do, and we will always let you choose not to receive further marketing material from us.
• Information from within our parent company
As you’ll have seen in ‘Who’s in control of your information’, The Boots Company PLC is part of the Walgreens Boots Alliance group of companies. If you are also a customer of Boots or other companies in our group, we may consolidate the information we hold about you across our group. This helps us build a better picture of our customers, develop our products and services and, with your consent, provide you with offers and information we think may interest you.
4. How we use your personal information
We use your personal information for a number of different purposes. Some are essential for us to provide the services you use or to fulfil our legal obligations; some help us run our business efficiently and effectively; and some enable us to provide you with more relevant and personalised offers and information. In all cases we must have a reason and a legal ground for processing your personal information. Some of the most common legal grounds we rely are briefly explained below;
Reason for processing
You will be asked to confirm that you are happy to provide your personal data and that you give your permission to No7 to process your personal data. All of the details such as why No7 wants your data, how it will be used and if your data will be shared will be provided at the time of asking you for your consent.
Where No7 is relying on consent you will usually see a tick box.
No7 may use consent where we are asking you to confirm you marketing preferences to ensure we only contact you via the medium you have chosen i.e. text or email.
You may also be asked to give your consent when you are entering any sort of competition or sweepstakes.
If some of your details have changed since the time you provided your consent you can update and amend your details at any time.
You have the right to withdraw your consent at any time if you no longer want to be part of the processing activity.
If you no longer want No7 to hold your data you can request for your data to be erased.
No7 will on occasion be under a legal obligation to obtain and disclose your personal data.
Where possible No7 will notify you when processing your data due to a legal obligation however this may not always be possible.
In order to prevent criminal activity or help to detect criminal activity we may share information with forces such as the Police. This is done in a safe and secure manner. You may not be notified of this.
It is essential that No7 complies with its legal, regulatory and contractual requirements. If you object to this processing No7 will not be able to offer you the service.
No7 may also hold personal data for our own legitimate business interest. This relates to us managing our business to enable us to give you the best service/products and most secure experience. When we rely on this, we will carry out a legitimate interest assessment to ensure we consider and balance any potential impact on you (both positive and negative), and your rights under data protection laws.
It can also apply to processing that is in your interests as well.
Our legitimate business interests do not automatically override your interests - we will not use your Personal Data for activities where our interests are overridden by the impact on you unless we have your consent or are otherwise required or permitted to by law.
We may process your information to protect you against fraud when transacting on our website, and to ensure our websites and systems are secure.
We have an interest in making sure our marketing is relevant for you, so we may process your information to send you marketing that is tailored to your interests.
If you have any concerns about the processing, you have the right to object to processing that is based on our legitimate interests.
• Providing our products and services
We use your personal information to provide our products and services, respond to queries and comments and provide you with the best possible level of customer service.
• Our own internal purposes
We use your personal information to improve the effectiveness of our services, conduct analysis, and to perform other business activities as needed.
• Learning more about you
If you are a customer of Boots, Walgreens (or other companies within the Walgreens Boots Alliance Group) as well as No7, we may in future link or consolidate the information we hold about you across the companies in our group and the different channels you use to interact with us (such as website, stores, the Boots or Walgreen app, correspondence etc.). This helps us to build a clearer picture of our customers both as a group and as individuals. By understanding you better we can offer you a better, more personal experience. You can find out more about how Boots or Walgreens uses personal information in the privacy policies located on the Boots.com and Walgreens.com websites.
• Marketing and advertising
We may analyse your personal information, including the products you view and buy, your browsing habits and other ways you interact with us, to evaluate the effectiveness of our advertising and help us provide more relevant offers and content. Rest assured, however, that we will only send you marketing material if you’ve agreed that we can.
Where you have agreed that we may send you marketing material, we may in future send you material from other companies within our group as well as from us. We will always make it easy for you to opt out of receiving further material. You can find out more about the companies in the Walgreens Boots Alliance group on our website.
You can change your mind about receiving marketing material from us at any time by contacting us by telephone at contacting us by telephone on +44 (0)330 678 0358, +44 (0)115 949 4997, or 1 800 528 2148 for US residents. Alternatively, you can opt out of email marketing by clicking the link at the bottom of any email we have sent you. Please be aware that, as our marketing campaigns are prepared well in advance, you may still receive material from us for up to 10 business days.
From time to time we may invite you to take part in market research activities such as customer surveys, questionnaires or focus groups.
5. Sharing your information
• Companies that provide services on our behalf
We may share your personal information with companies who provide services on our behalf that are related to our business. These tasks may include analysing site data, customer service, electronic and postal mail service, and social and other media services. Third party service providers only receive your personal information as required to perform their role and we instruct them not to use it for any other purpose.
Examples of the functions that may be carried out by external companies:
• Customer service centre
• Mailing houses
• Delivery services
• Manufacturers or suppliers
• Companies that cleanse data
• Payment providers
• Companies that do fraud and money laundering checks
• Companies that provide web hosting, content providers, competitions, and sweepstakes
• Data storage facilities
• IT services and support
We may work with other companies who place cookies, tags, and web beacons on our websites. These companies help operate our websites and provide you with additional products and services. We may also use third party advertising networks to serve advertisements on our behalf. The cookies received with the banner advertisements served by these networks may be used to collect and build behavioral profiles by these companies to deliver targeted advertisements on our website and unaffiliated websites.
• Sharing data outside of the European Economic Area (EEA)
The EEA comprise of Austria, Belgium, Bulgaria, Croatia, Republic of Cyprus, Czech Republic, Denmark, Estonia, Finland, France, Germany, Greece, Hungary, Ireland, Italy, Latvia, Lithuania, Luxembourg, Malta, Netherlands, Poland, Portugal, Romania, Slovakia, Slovenia, Spain, Swedenand the UK. Personal data can be transferred, processed and stored within these countries safely and securely as they offer an adequate level of protection to personal data in comparison to the UK.
There are number of additional countries that can also offer an adequate level of protection these are Andorra, Argentina, Canada, Faroe Islands, Guernsey, Israel, Isle of Man, Jersey, New Zealand, Switzerland and Uruguay.
Currently No7 shares information with the US. If your information is to be sent outside Europe, we make sure it will be subject to standards of protection and security that are as high as those used here in the UK.
We take your data very seriously therefore we will always conduct a full review of all of our supplies processes and procedures including storage solutions for our data. In order to ensure adequacy when sending your data outside of the EEA we put in place contracts based on the Standard EU Model Contract Clauses which are designed by the European Commission to guarantee adequacy for any data transfer and processing of this nature.
Can I opt out of having my data shared?
As your data is stored safely and securely both inside and outside of the EEA we cannot offer alternative storage solution if you wish to opt out of having your data stored outside of the EEA you will need to close your account.
• Legal obligations
We may share your Personal Information with third parties where required or permitted by law, if we believe we need to do so to protect our rights and interests, or to comply with legal proceedings. In such cases, we will always do so legally and with due regard to your privacy.
• Changes to our business
If ownership of all or part of our business changes or we undergo a reorganisation (including a merger or transfer between Walgreens Boots Alliance companies), we will transfer your personal information to the new owner or successor company so we can continue to provide our services.
6. How long do we keep your personal information?
We hold your personal information for as long as you remain a customer, or as required to meet our legal obligations or those of our parent group, resolve disputes or enforce our agreements. This may mean we need to keep some of your information for a period of time after you cease to be a customer but we will always store it securely and will not use it for any other purposes.
7. Links to other websites
8. Social Media and Ads
We may display targeted ads to you through social media platforms and other websites. These ads are sent to groups of people who share traits such as likely commercial interests and demographics. For example, we may target guests who have expressed an interest in shopping for cosmetics, skincare, etc.
If you have provided us with your email address and you consented to receive e-marketing, you may see ads that are tailored to your interests, based on the information we hold about you. For example, your age or the products you have browsed on our website. See the policies of each social media platform for additional information about these types of ads.
9. Social Media Plug-Ins
Our online services may use social media plug-ins (e.g., the Facebook "Like" button, "Share to Twitter" button) to enable you to easily interact with certain social media websites (e.g., Facebook, Twitter, Instagram) and share information with others. When you visit our online services, the operators of the available social media plugins can place a cookie on your device enabling such operators to recognize individuals who have previously visited our online services. If you are logged into these social media websites while visiting our online services, the social media plugins allow the relevant social media websites to receive information that you have visited our online services or other information. The social media plugins also allow the applicable social media websites to share information about your activities on our online services with other users of the social media website. For example, Facebook Social Plugins allow Facebook to show your "Likes" and comments on our online services to your Facebook friends. Facebook Social Plugins also allow you to see your friends' Facebook activity on our online services. We do not control any of the content from the social media plugins. For more information about social media plugins from other social media websites, please refer to those websites' privacy and data sharing statements.
10. Our "Do Not Track" Policy
We respect enhanced user privacy controls. We support the development and implementation of a standard "do not track" browser feature, which signals to websites that you visit that you do not want to have your online activity tracked. Please note that at this our website does not interpret or respond to "do not track" signals. However, you may set your Web browser to not accept new cookies or web beacons, be notified when you receive a new cookie, or disable cookies altogether. Please note that by disabling these features, your experience will not be as smooth and you will not be able to take full advantage of our website's features. Please see the Help section of your browser for instructions on managing security preferences.
We recognise the importance of protecting children’s privacy online. Our website and services are intended for a general audience and are not directed at children. We do not knowingly collect personal information from children under the age of 13.
If you are under the age of 18 and are a registered user of the site, you may request that we remove content or information that you have posted on our site or in our community. Please note that responding to your request may not ensure a complete or comprehensive removal (e.g., if the content or information has been reposted by another user.) To request removal, please contact us at email@example.com
12. Staying in control of your information and your rights
We respect the fact that your personal information is your information, and we will always make it easy for you to update or change your personal details or marketing permissions. Please help us to help you by letting us know if your contact details change or if you spot any errors in the information we hold about you.
• Your right of access:
If you would like a copy of the information No7 holds about you or have any queries about the way we handle your personal information, please contact our Customer Service Centre at firstname.lastname@example.org
• Your right to request deletion:
While you remain a customer we will process and retain your data as described in this Policy. Once you cease to be a customer we will hold your data as described in the data retention section. You do have a right to request that we delete your personal data we hold. This is not an automatic right, depending on the type of data that we hold about you will depend on what we are able to delete. Please email email@example.com to request you data to be deleted.
• Your right to processing;
You have to right to request that we stop certain data processing activates that involve processing your personal data, this can be processes such as collecting your name and address on your account to deliver services to you, among other examples given above. This is not an automatic right, depending on the type of data that we hold about you and why will depend on what we are able to do. Please contact our Customer Service Centre at firstname.lastname@example.org to exercise your right to object to our processing your data.
• Your right to portability:
You have the right to request that we transfer your personal data in a machine readable format. This is not an automatic right and will depend on the legal basis used to process your personal data. Please email email@example.com to make this request.
We may update this policy from time to time so we recommend that you check back here occasionally. If we make changes we think may affect you significantly, we’ll provide you with a prominent notice by the most appropriate medium so you know about the changes before they happen. We will always note the effective date of the latest version at the bottom of this notice.
14. How To Contact Us:
If you have questions or concerns about your privacy, you may contact our Data Protection Officer by telephone on +44 (0)330 678 0358, +44 (0)115 949 4997, or 1 800 528 2148 for US residents. Alternatively, you may write to us by post at The Boots Company PLC, 1 Thane Road West, Nottingham, Nottinghamshire, NG2 3AA. If you believe your privacy rights have been violated, you can file a complaint with the Data Protection Officer. You also have the right to complain to your local Data Protection Authority. If you are located in the UK, you may contact the UK ICO at firstname.lastname@example.org