Privacy Policy

Muc-off Privacy Policy

  • Introduction

Welcome to Muc-Off’s privacy policy.

Muc-Off is committed to protecting the privacy of the data we hold about you.

This policy is intended to demonstrate to our customers and website users our firm commitment to the privacy of personal data and compliance with the current data protection laws.

This privacy policy explains your statutory rights and how we collect and use your personal data. It describes the processing activities that are carried out by Muc-Off, the purposes of which these activities are performed and the legal bases that Muc-Off relies upon for these processing activities.

This website is not intended for children and we do not knowingly collect data relating to children.

It is important that you read this privacy policy together with any other privacy policy or fair processing policy we may provide on specific occasions when we are collecting or processing personal data about you so that you are fully aware of how and why we are using your data. This privacy policy supplements other notices and privacy policies and is not intended to override them.

You should also read our separate Terms of Sale which apply to all sales of our goods or services.

Changes to the privacy policy and your duty to inform us of changes

 

We keep our privacy policy under regular review. This version was last updated on 25 November 2019. Historic versions can be obtained by contacting us.

It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us.

Third-party links

 

Our website may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our website, we encourage you to read the privacy policy of every website you visit.

In the case of our employees and applicants for work, we operate a separate policy which can be accessed here: (CHIP – please insert link to employment and recruitment privacy notice).

  • Who Are We

Muc-Off is the trading name for Muc-Off Limited and we are the data controller for your personal data held by us. We are a company registered in England and Wales under number 05412872.

Muc-Off is committed to protecting any personal information that you may provide to us and we believe it is important that you know how we treat the information about you that we may receive from this website.

Should you have any questions relating to your data or the privacy policy below you can get in contact by email by using the contact link on our website or by writing to our data protection officer:

Muc-Off Limited

Web Team

unit 23

Branksome business park

Bourne Valley Road

Poole, Dorset

BH12 1DW, UK

You can also contact our data protection officer at hr@muc-off.com.

  • Personal data we collect

Here we set out the details of the types of personal data we collect. We subsequently set out what we use the data for:

  • Your contact details: information that allows us to contact you directly such as your name, email address, telephone number and addresses associated with your account or order.
  • Account information: information about your account with Muc-Off including your login details for our websites and mobile applications, marketing preferences, complaints details, and purchases made.
  • Loyalty Information: When registering for any loyalty scheme or loyalty card we may operate we may also request details of your age, date of birth, gender and occupation.
  • Transaction and payment information: credit/debit card details and bank account details you provide to make payment for the goods and services you purchase from us.
  • Purchase and account history: records relating to the goods and services which you have purchased or used from us.
  • Lifestyle and demographic insight information: how you use our goods and services.
  • Responses to surveys and competitions: including records of any surveys you respond to or your entry into any competitions or prize draws we run.
  • Records of your discussions with our customer support teams, including call recordings, webchat and emails: when you share comments and opinions with us, ask us questions or make a complaint we will keep a record of this. This includes when you send us emails, phone our support team or contact us via webchat or through social media such as through Twitter or on Facebook.
  • How you use mobile applications and websites: we use technology such as cookies (subject to your cookie preferences) when you use our applications or websites, as well as our pages and profiles on social media sites, and we collect information about the pages you look at and how you use them.
  • Location information: your smartphone or computer's IP address may tell us an approximate location when you connect to our websites but this will be no more precise than the city, state or country you are using your device in.
  • Device and machine information: information about the computer hardware and software on your computers and smartphones that is used to connect or communicate with us.
  • Advertising and Direct Marketing preferences and responses: information about how you respond, or interact with, any Direct Marketing or advertising communications directed to you and your business, including any requests for these communications to stop.
  • Exercising your rights: if you exercise any of your statutory rights under data protection law, we will keep a record of this and how we respond.

You are not required to provide to us any of the personal data described above, however, if you do not do so, you may not be able to purchase our goods and services or the functionality of our goods may be reduced.

  • What we use your personal data for and why

Where we process your personal data because of our contract

We process these items of your personal data to enter or fulfil the contract between us, including:

Reason or Purpose

Personal data used

To deliver our goods and services to you, process orders and maintain your account (including for pricing, quality assurance purposes, and handling any complaints you might make)

· All personal information we collect as listed in Section 3

Take payment for our goods and services and debt collection

· Your contact details

· Account information

· Credit information

· Transaction and payment information

· Purchase and account history

Perform credit and anti-fraud checks

· Your contact details

· Account information

· Transaction and payment information

To deliver service communications (such as invoices and providing order status updates), and tailoring those communications to your circumstances

· Your contact details

· Transaction and payment information

Answer your complaints or respond to your customer service queries

· The personal data which is necessary for us to deal with your complaint, which will depend on the nature of your complaint

· Your contact details

· Account information

· Transaction and payment information

· Purchase and account history

Manage claims you make

· All personal information we collect as listed in Section 3

Where we process your personal data because we're legally obliged to

We process these items of your personal data because we have a legal obligation to, including:

Reason or purpose

Personal data used

Investigating misuse of your account, crime and fraud

· The personal data which is necessary for us to investigate the issue, which will depend on the nature of the problem.

· At a minimum, this will include your name and contact information and information about your account and transaction history.

Assist law enforcement agencies, and other public authorities

· The personal data processed for this purpose would depend on the scope of the enquiry, and will be limited to what is necessary to achieve the purpose of the request.

Where we process your personal data because we have a legitimate interest to

We process these items of your personal data because we have a legitimate interest to do so. We process the following categories of personal data, including:

Reason or purpose

Personal data used

Maintain and improve our goods and services, help with general running of our website, make improvements, fix technical issues, speed up future visits and management and auditing of our business operations including accounting

· Your contact details

· Account information

· Transaction and payment information

· Purchase and account history

· Records of your discussions with our customer support teams, including call recordings, webchat and emails

· Lifestyle and demographic insight information

· How you use mobile applications and websites

· Location information

· Device and machine information

· Advertising and Direct Marketing

Assess which of our goods and services that may be of interest to you

· Your contact details

· Account information

· Transaction and payment information

· Purchase and account history

· Lifestyle and demographic insight information

· Advertising and Direct Marketing

Personalise our delivery of goods and services to you

· Your contact details

· Account information

· Financial information

· Lifestyle and demographic insight

information

· Purchase and account history

· Records of your discussions with our customer support teams

· Transaction and payment information

Recording on your credit file if you do not pay us what you owe, or if you do not pay us on time

· Your contact details

· Purchase and account history

Direct marketing. If you have not specifically consented to receive direct marketing materials where we are allowed to because of law. However, we will never send you direct marketing where you have opted out of receiving direct marketing communications

· Your contact details

· Account information

· Purchase and account history

· Transaction and payment information

· How you use mobile applications and websites

· Advertising and Direct Marketing

For market research purposes, e.g. to understand how you use our goods and services or how we might improve them

· Your contact details

· Account information

· Purchase and account history

· Transaction and payment information

· Lifestyle and demographic insight

Information

· Responses to surveys, competitions and promotions

· How you use mobile applications and websites

· Advertising and Direct Marketing

Staff Training

· All personal information we collect as listed in Section 3

For the establishment, exercise or defence of legal claims

· All personal information we collect as listed in Section 3

Maintain accuracy and relevance of your data

· All personal information we collect as listed in Section 3

Assist law enforcement agencies, and other public authorities

· The personal data processed for this purpose would depend on the scope of the enquiry, and will be limited to what is necessary to achieve the purpose of the request.

Where we process your personal data because you have allowed us to

We process these items of your personal data when you have provided your consent to the processing, you may revoke your consent at any point:

Reason or purpose

Personal data used

Direct marketing

· Your contact details

· Account information

· Credit information

· Purchase and account history

· Transaction and payment information

· How you use mobile applications and websites

· Advertising and direct marketing

· Goods and services that we have determined may be of interest to you

Loyalty and rewards schemes

· Your contact details

· Account information

· Purchase and account history

· Advertising and direct marketing

 

Where we process your personal data so you can’t be identified any more

 

We may anonymise and aggregate any of the personal data we hold (so that it does not identify you). We may use anonymised and aggregated information for purposes that include testing our IT systems, research, data analysis, improving our site, apps and developing new goods and services.

  • Sources we collect your personal data from

We will collect personal data from a number of sources. These include:

 

  • Directly from you: when you set up an account with us, purchase goods or services from us, submit information via our websites or apps, complete forms we provide to you, enter our competitions and promotions, register for our newsletter, make a claim, make a complaint, exercise your statutory rights, contact us by phone, email or communicate with us directly in some other way.

 

  • Our website and mobile applications: we collect information about how you use them and any smart devices you connect to them.

 

  • Other companies we work with: provide us with information to help us deliver our goods and services to you. These include:

 

  • Companies in the same group of companies as us: who may provide relevant information about the goods and services bought from them.

 

  • Other companies’ websites mobile applications and goods: provide us with information if you connect them to our goods and services

 

  • Companies we partner or work with: Fedex, Howard Tenens Logistics limited

 

  • Credit and anti-fraud reference agencies: provide us with information about your transaction and claims history and credit history.

 

  • Third party data and insight providers: companies which provide us with relevant information about you which we append to our existing records, to help us operate our business and deliver our goods and services to you.
  • Who we share your personal data with

We share personal data with the following categories of third parties:

Who

Examples

Companies in the same group of companies as us

Muc-Off USA

Any party approved by you

· Such as social media sites

Advertising partners

· Google (Adwords/Customer Match)

· Facebook

· Twitter

Credit and Anti-fraud reference agencies

· Equifax

· Experian

· Callcredit/TransUnion

· Banking institutions

· Payment service providers

Companies that help us run our business, including:

· Those that support our IT infrastructure, maintain, administer or develop our website.

· Those that assist us with our marketing

· Third parties who help us to provide the goods on our website and to further understand our customers

·

-WeDoPPC

· Marketing companies such as Klaviyo, chat providers and customer service

· Consultants

· Delivery companies

Law enforcement agencies and other public authorities

· Police forces

· HMRC

  • Direct Marketing

Email, SMS, post and telephone marketing: from time to time, we may contact you by email, SMS, telephone or post with information about our goods and services we believe you may be interested in. When you call us we may also provide you with information about goods and services we believe you may be interested in.

If you have not consented to receiving Direct Marketing communications, we will only send these communications to you when permitted to do so by law, but in all circumstances we will respect your marketing preferences which you set when you first create your account with us (or you first deal with us), or which you update from time to time.

You can let us know at any time that you do not wish to receive marketing messages by sending an email to us at [info@muc-off.com]. You can also unsubscribe from our marketing by clicking on the unsubscribe link in any email marketing messages or by replying STOP to the number indicated on any marketing text messages we may send to you.

  • Direct Marketing & Advertising on websites and mobile applications

You can find out more about cookies and how to manage their use by reading our cookie policy, which is available at: cookies

The details here provide a high level overview of how and where we capture and / or use personal data on our own and third party websites and mobile applications.

Muc-off Websites and Mobile Applications

 

When you visit our website or download any of our mobile applications you will always be provided with access to our privacy notice and cookie policy.

Our aim is to ensure that our website and mobile applications are always working optimally for those who use them. When you visit our website and are an anonymous visitor, we will use cookies and similar technologies - in accordance with your cookie preferences - to track anonymous details such as response times, the pages you view and the functionality you use. No individual is uniquely identifiable from this data and it is used purely to enable us to constantly review and improve these services.

Any adverts you may see whilst using the website anonymously will be generic in nature i.e. it will not use any personal data to 'personalise' the advert to you.

If you chose to complete an online application, make a purchase, make an enquiry or complete other form then the data you provide will be used in accordance with this privacy policy.

If you are logged in, or we can see that you were previously logged in, we will use cookies and similar technologies - in accordance with your cookie preferences - to track your use of the site or application. In this instance some data may be recorded to your record to enable us to provide the best ongoing service to you.

In this instance, any adverts you see may be tailored specially to you.

Third party websites, applications, and services

 

We work with advertising partners, including social media sites and providers, to show you advertising about our goods and services, including those offered by group companies. This takes place on third party websites, applications and services where we or our advertising partners have purchased advertising space.

To provide you with the most appropriate advertising content, this uses information gathered via cookies and similar technologies about the websites, mobile applications, social media content and ads you interact with or view when connected to the internet, as well as information which we provide (such as a hash of your email address, postcode or phone number), to make sure the advertising you see is more relevant to you.

Please note that if you use more than one name or email address when communicating with us or using our website, you may continue to receive communications from us to any name or email address not specified in your opt-out request.

We also engage in online behavioural advertising to enhance your experience and show you goods that might interest you. Like many companies we and our advertising partners display tailored interest-based advertising using information you make available to us when you interact with our sites, content, or services. Interest-based ads, also sometimes referred to as personalized or targeted ads, are displayed to you based on information from activities such as searching or purchasing on our website, visiting sites that contain our content or ads, interacting with our tools, or using out payment services. We do this using a variety of digital marketing networks and ad exchanges, and we use a range of advertising technologies like web beacons, pixels, ad tags, cookies, and mobile identifiers, as well as specific services offered by some sites and social networks, such as Facebook’s Custom Audience Service.

The main third parties we work with are Google (Adwords/Customer Match), Facebook and Twitter.

  • Social Media Plug-Ins

Our website and mobile applications use social plugins, which allow you to interact with us through your Facebook, Instagram, Twitter, and other social media accounts. If you visit a page of our website or mobile app that contains such a plugin, your browser establishes a direct connection to that social media’s webservers. The content of the plugin is transmitted by the social media site directly to your browser and incorporated by the social media site into the website or mobile app. By integrating the plugins, the social media site receives the information that your browser has accessed the corresponding page of our website or mobile app, even if you do not have an account or are currently not logged in to your account. We have no control over the extent and use of information that the social media site collects using this plugin.

If you interact with a social media plugin by, for example, clicking a “like” button or leaving a comment, the corresponding information is also transmitted directly to the social media server and stored there. Depending on your settings, the information will also be posted on the social media site and displayed to your contacts or friends on the social media site. The social media site may use this information for the purpose of advertising, market research and tailor-made pages.

To understand what information social media sites collect when you interact with their plug-ins, please review their privacy policies. You may also have the option to change your settings in the social media site to prevent the collection of your information.

  • Transferring your personal data internationally

We do not transfer your personal data outside of the European economic area.

  • How do we approach data security?

Muc-Off respects the privacy of its customers’ personal data and is committed to complying with all applicable laws relating to the protection of personal data. All of the personal information that we collect will be stored on secure servers and treated as completely confidential.

To prevent unauthorised access to your data, we follow the appropriate security procedures in the storage and disclosure of personal information which you have given to us.

You can help preserve your privacy by ensuring your privacy that your password that you use to access password protect areas contains a mixture of lower and upper case letters, along with numbers. You should never share your passwords with anyone else, and always log out of your account if you are using a public computer.

We only accept transactions through web browsers that allow communication through Secure Socket Layer (SSL) technology, so that your order is processed on a secure connection. Credit Card details are protected through our merchant service providers, where your credit card information is encrypted so that it remains protected and private as it is processed through the internet.

  • How long we keep personal data for

Unless we advise otherwise, we will hold your personal information based on the following criteria:

  • A reasonable business need exists such as managing our relationship with you, managing our operations and performing analysis and auditory tasks.
  • We continue to provide purchased goods or services to you such as our loyalty program unless we are instructed otherwise.

Our data retention periods are normally six years which we consider to be in line with legal and regulatory requirements/guidance.

  • Your rights in relation to your personal data

You may have the following rights in relation to your personal data:

  • the right to be informed about the personal data we collect, how your personal data is being used, and from whom we collect your personal data when we obtain it from other sources;
  • the right to access the personal data we hold about you;
  • the right to request the correction of inaccurate personal data we hold about you;
  • the right to request the blocking or deletion of your personal data in some circumstances;
  • the right to request that we port elements of your data either to you or another service provider;
  • the right to object to us processing your personal data ((1) where we have a legitimate interest to do so, as listed in Section 4, but your rights override ours based on your particular situation (which you will need to explain to us), (2) where we are processing it for the purpose of direct marketing, or (3) because we are using automated means to make decisions that have a legal or similarly significant effect); and
  • the right to withdraw your consent to those processing activities which we carry out on the basis of consent, listed in Section 4.

You only have the benefits of some of the above rights in limited circumstances, which depend on the legal reason why we collected your personal data.

To exercise any of the above rights, or if you have any questions relating to your rights, please contact us using the details below. We may require evidence of your identity before we are able to complete your request.

  • Getting in touch

If you have any privacy-related questions or comments, please contact Muc-Off's Data Protection Officer by writing to The Data Protection Officer, Muc-Off Limited, Web Team, unit 23, Branksome Business Park, Bourne Valley Poole, Dorset, BH12 1DW, UK.

You can also contact our data protection officer a hr@muc-off.com.

If you are unhappy with the way we are using your personal data you can also complain to the UK Information Commissioner's Office. We are here to help and encourage you to contact us to resolve your complaint first.

MUC-OFF Employment and Recruitment Privacy Notice

External Applicant/Employee

Introduction

Data controller: Muc-Off Ltd a company registered in England and Wales registered number 05412872, of Unit 23, Branksome Business Park, Poole, Dorset, BH23 1DW.

As part of any recruitment process, the Company collects and processes personal data relating to job applicants. As an employer the Company also collects data relating to its employees and workers for purposes related to their employment.

We are committed to being transparent about how we collect and use that data and to meeting our data protection obligations. This policy describes how and why we collect, process and keep personal data for applicants and employees.

 

What information does the Company collect about applicants and employees?

 

The Company collects a range of information about you. This typically includes:

  • Your name, address and contact details, including email address and telephone number;
  • Details of your qualifications, skills, experience and employment history;
  • Information about your current level of remuneration, including benefit entitlements;
  • Whether or not you have a disability for which we need to make reasonable adjustments during the recruitment process or during employment;
  • Information about your entitlement to work in the UK; and
  • Equal opportunities monitoring information, including information about your ethnic origin, sexual orientation, health, and religion or belief.

 

How do we collect the information?

 

We collect this information in a variety of ways. For example, data might be contained in application forms, CVs or resumes, obtained from your passport or other identity documents, or collected through interviews or other forms of assessment.

The Company will also collect personal data about you from third parties, such as references supplied by former employers. We will seek information from third parties only once a job offer to you has been made and will inform you that we are doing so. Where we need to seek or share your information with third parties prior to an offer being made, this will be done with your permission only and you will be able to withdraw your consent for this at any time.

How is the data stored?

 

Data will be stored in a range of different secure places, including on your application record, in HR management systems and on other IT systems (including email).It may be kept in paper form, but under secure conditions where access to the information is controlled.

 

Why does the Company process personal data?

 

The Company needs to process data to take the necessary steps at your request prior to entering into a contract with you. We also need to process your data to enter into and perform a contract with you.

In some cases, we need to process data to ensure that we are complying with our legal obligations. For example, we are required to check a successful applicant's eligibility to work in the UK before employment starts. We also have a legal obligation to supply certain information to HMRC.

The Company has a legitimate interest in processing personal data during the recruitment process and for keeping records of the process. Processing data from job applicants allows us to manage the recruitment process, assess and confirm a candidate's suitability for employment and decide to whom to offer a job. We may also need to process data from job applicants to respond to and defend against legal claims.

The Company processes health information if we need to make reasonable adjustments to the recruitment process for candidates who have a disability. This is to carry out our obligations and exercise specific rights in relation to employment.

Special personal data

 

Where we process other special categories of data, such as information about ethnic origin, sexual orientation, health, religion or belief, this is for equal opportunities monitoring purposes.

Information given in your passport or personal ID may be taken and kept for compliance with our legal obligations relating to you right to work in the UK.

Information from a criminal records check may be obtained for the purposes of checking the suitability of an employee for employment with us

If your application is unsuccessful, we will keep your personal data on file in case there are future employment opportunities for which you may be suited. We will ask for your consent before we keep your data for this purpose and you are free to withdraw your consent at any time.

Who has access to the data?

 

Your information will be shared internally for the purposes of the recruitment exercise. This includes members of the HR team, interviewers involved in the recruitment process, managers in the business area with a vacancy and IT staff if access to the data is necessary for the performance of their roles. It may be made available to senior members of the Company including directors if required for any purpose connected with your contract of employment, such as promotions or in grievance or disciplinary situations.

Your information may be shared with third parties with your express consent during the recruitment process for the purposes of further assessment for the role you may be applying for. For example, the Company may provide your contact details to a provider of psychometric testing as part of the interview process. We will ask for your consent before we process your data for this purpose and you are free to withdraw your

consent at any time.

In any other situation where a role does not require further assessment the Company will not share your data with third parties, unless your application for employment is successful and we make you an offer of employment. We will then share your data with former employers to obtain references for you, and employment background check providers to obtain necessary background checks.

During your employment we may share some of your information with third parties as follows:

  • Providers of benefits such as pension providers and insurance companies;
  • Consultants or advisers working for the Company
  • Regulatory bodies such as health and safety officials, the ICO, and
  • HMRC, as required.

Transfer of data

 

The Company will not transfer your data outside the European Economic Area unless it is sent to a processor or territory that is in compliance with current EU data protection rules and standards

.

How does the Company protect data?

 

We take the security of your data seriously. We have internal policies and controls in place to ensure that your data is not lost, accidentally destroyed, misused or disclosed, and is not accessed except by our employees who need to use it in the proper performance of their duties.

 

For how long does the Company keep data?

 

If your application for employment is unsuccessful, we will hold your data on file for a maximum of 36 months after the end of the relevant recruitment process for consideration for future employment opportunities. At the end of that period or once you withdraw your consent, your data is deleted or destroyed.

If your application for employment is successful, personal data gathered during the recruitment process will be transferred to your personnel file and retained during your employment and for six years thereafter.

We may delete data earlier or, if we have reason to, we may extend the period for its retention, eg to deal with legal or employment issues or for taxation purposes

Automated decision-making

 

Our recruitment and employment processes are not based solely on automated decision-making.

Your rights

 

As a data subject, you have a number of rights. You can:

  • Access and obtain a copy of your data on request;
  • Require the Company to change incorrect or incomplete data;
  • Require us to delete or stop processing your data, for example where the data is no longer necessary for the purposes of processing;
  • In some situations, require your data to be transferred to a third party;
  • Object to the processing of your data where we are relying on our legitimate interests as the legal ground for processing; and
  • Ask the Company to stop processing data for a period if your data is inaccurate or there is a dispute about whether or not your interests override our legitimate grounds for processing data.

If you would like to exercise any of these rights, please contact us by emailing our data protection team at hr@muc-off.com

If you believe that we have not complied with your data protection rights, you can complain to the Information Commissioner.

What if you do not provide personal data?

 

You are under no statutory or contractual obligation to provide data to the Company during the recruitment process. However, if you do not provide the information, we may not be able to process your application properly or at all.

You are under no obligation to provide information for equal opportunities monitoring purposes and there are no consequences for your application if you choose not to provide such information.

Law relating to this document

 

This Privacy Notice is created in line with the following pieces of legislation:

  • General Data Protection Regulation (2016/679 EU)
  • Data Protection Act 2018
  • Privacy of Electronic Communications Regulations

Changes to this Document

We may change this notice and policy from time to time by posting the changed version on our employee website. You are advised to look at the policy periodically to check for changes and updates.

Effective date

This policy will apply on and from 25th May 2018.