Privacy Notice

This Privacy Notice sets out how we, HomeShield Direct Limited, process your personal data. This notice sets out the obligations of HomeShield Direct Limited regarding data protection and the rights of customers and potential customers (‘data subjects’) in respect of their personal data under Data Protection Law. ‘Data Protection Law’ means all legislation and regulations in force from time to time regulating the use of personal data and the privacy of electronic communications including, but not limited to, the retained EU law version of the General Data Protection Regulation ((EU) 2016/679) (the ‘UK GDPR’), as it forms part of the law of England and Wales, Scotland, and Northern Ireland by virtue of section 3 of the European Union (Withdrawal) Act 2018, the Data Protection Act 2018, the Privacy and Electronic Communications Regulations 2003 as amended, and any successor legislation.

Who are we?

HomeShield Direct Limited offers extended service plans for a range of domestic appliances such as washing machines, dish washers, tumble driers etc. These plans do not replace the manufacturers’ warranties but offer protection from future faults that may arise after the manufacturers’ warranties have expired.

HomeShield Direct Limited (‘we’) is the ‘Data Controller’ of your information. If you have any requests concerning your personal data or any queries with regard to how we handle your data you can contact us by phone on 0800 0236178*, email at [email protected] or write to us at HomeShield Direct Ltd, Heversham House, 20-22 Boundary Road Hove BN3 4EF.

(*Calls will be recorded for training and monitoring purposes.)

Using Your Information

The personal data we process on you is:-

Personal Data Type: Name, address, contact details and payment details

Goods information: The details of the appliance/appliances to be included in any plan

Source: The personal data we use is obtained from a number of marketing and lifestyle research companies and our trusted partners.  We undertake due diligence on all our data suppliers to ensure that we use the appropriate lawful basis for your information to be used and to receive direct marketing calls from HomeShield Direct Ltd.

The personal data we have collected will be used as follows:-

1. As necessary to enable us to fulfil our contract(s) with you. For example, we use third party companies to process direct debits on our behalf.  These companies operate under the Direct Debit Guarantee Scheme and comply with UK GDPR.

2. To store your card details securely using Tokenisation. Tokenisation is the process of turning sensitive data into non-sensitive data called ‘tokens’ and is used as another layer of security to protect your card information from fraud. The Token system also allows us to process payments by using stored customer data to complete transactions as opposed to requesting card and Direct Debit information each time.

3. For our legitimate interests in undertaking marketing about our products and services by post, phone and email

4. Checking and verifying your identity and contact details.

5. Where we are required to do so by law.

6. We may use analytical techniques to improve our products, service or customer experience for direct marketing purposes.  This is so that we can contact you with information that is more relevant to you. Such data could include your browser viewing history, age, location or interests.

7. We may make use of additional information about you, when it is available from external sources, to help us do this more effectively.

8. We may use and share this information with trusted third parties who perform analytical services on our behalf.  All such service providers are bound by contract and the Data Protection Act 2018 and UK GDPR to maintain the security of this personal data.

Our lawful bases for processing the personal data:

Activity
The need to process
Lawful Basis
Completing service contract plan application by phone
Completing application process
Consent/Legitimate Interest†
Completing service contract plan application by phone
Internal accounting processes
Contract
Completing service contract plan application by phone
Provide you with information relating to the service plan
Contract
Registering for an event
Dealing with a claim under a service contract plan
Contract
Email Marketing*
To send information and marketing messages by email.
Consent
Telephone*
To contact you, from time to time, to discuss new plans, plan renewals and new products you may be interested in
Legitimate interest, Consent or Contract.
Post*
To send you your service contract certificate and supporting documentation
Contract
Add any necessary disclaimer text for the table here.


* You can opt out from receiving marketing communications from us, at any time,  by emailing us at [email protected], phoning us on our free phone number 0800 023 6178 or writing to us at HomeShield Direct Limited, Heversham House, 20-22 Boundary Road, Hove, BN3 4EF.

† For data received from market research companies and similar sources, we rely on ‘Legitimate Interest’ as the lawful basis for processing data. For data received directly from forms completed on our website or our marketing sources websites, we rely on ‘Consent’ or ‘Legitimate Interest’ for processing data.

Our legitimate interests for processing the personal data:

HomeShield Direct Limited processes data provided by its data suppliers with the intention of increasing its sales and its customer base. Processing the data enables a high- quality service delivery which produces tangible benefits for people: if an appliance breaks down and/or is beyond economic repair, the consumer may not be in a position to afford the necessary repairs or the cost of a brand-new appliance. An appliance protection plan can mitigate this and can provide the consumer with a new or working machine.

Retention Period

HomeShield Direct Limited will process personal data for three years and store the personal data for six years in support of any claims under the service plans.

Your rights as a data subject

At any point while we are in possession of or processing your personal data, you, the data subject, have the following rights:-

Right of access – you have the right to request a copy of the information that we hold about you.

Right of rectification – you have a right to correct data that we hold about you that is inaccurate or incomplete.

Right to be forgotten – in certain circumstances you can ask for the data we hold about you to be erased from our records.

Right to restriction of processing – where certain conditions apply to have a right to restrict the processing.

Right of portability – you have the right to have the data we hold about you transferred to another organisation.

Right to object – you have the right to object to certain types of processing such as direct marketing.

Right to object to automated processing, including profiling – you also have the right to be subject to the legal effects of automated processing or profiling.

Transferring Personal Data to a Country Outside the EEA

The Company may, from time to time, transfer (‘transfer’ includes making available remotely) personal data to countries outside of the UK. The UK GDPR restricts such transfers in order to ensure that the level of protection given to data subjects is not compromised.

Personal data may only be transferred to a country outside the UK if one of the following applies:

The UK has issued regulations confirming that the country in question ensures an adequate level of protection (referred to as ‘adequacy decisions’ or ‘adequacy regulations’). From 1 January 2021, transfers of personal data from the UK to EEA countries will continue to be permitted. Transitional provisions are also in place to recognise pre-existing EU adequacy decisions in the UK.

Appropriate safeguards are in place including binding corporate rules, standard contractual clauses approved for use in the UK (this includes those adopted by the European Commission prior to 1 January 2021), an approved code of conduct, or an approved certification mechanism.

The transfer is made with the informed and explicit consent of the relevant data subject(s).

The transfer is necessary for one of the other reasons set out in the UK GDPR including the performance of a contract between the data subject and the Company; public interest reasons; for the establishment, exercise, or defence of legal claims; to protect the vital interests of the data subject where the data subject is physically or legally incapable of giving consent; or, in limited circumstances, for the Company’s legitimate interests.

Complaints

In the event that you wish to make a complaint about how your personal data is being processed by HomeShield Direct Limited or how your complaint has been handled, you have the right to lodge a complaint with HomeShield Direct Limited’s data protection representatives at [email protected] or directly with the supervisory authority.

The supervisory body for the UK is: –

Information Commissioner’s Office

Wycliffe House

Water Lane

Wilmslow

Cheshire

SK9 5AF

Tel: 0303 123 1113 (local rate) or 01625 545 745 if you prefer to use a national rate number


Version 2023 19 01