Privacy policy

1. Who we are

In this Privacy Policy, references to we, us or our mean Kingfisher plc that processes your personal information and interacts with you.

You can find out how to contact us in Section 9 below.

2. Your Privacy

In the course of our dealings with you, we will collect and process personal information about you.  Personal information includes any information allowing us to identify you as an individual, for example, your name, your email address or your telephone number. 

We are committed to protecting your privacy. We will use your personal information in accordance with all applicable laws and regulations that relate to data protection and privacy, including the EU General Data Protection Regulation (GDPR).

This Privacy Policy tells you:

  • what personal information we collect;
  • why we collect this information;  
  • how we will use it;
  • how long we will keep it;
  • who else will see it;
  • how you can contact us;
  • your rights in relation to the personal information that we hold, including your rights to change, delete and see your information.

When using our website we will also place cookies on your device – please see our Cookies page for more information about the cookies we use and how you can change your cookie settings.

In this Privacy Policy, references to Digital Services mean our websites (we refer to these individually as a Website and collectively as the Websites), and any software and web-based applications that we make available for your use.

For the purposes of the GDPR (and equivalent data protection laws), we are the controller in respect of your personal information that we collect and process as further described in this Privacy Policy.

As described below, we may share your personal information with other organisations that may receive and process your personal information as a controller in their own right (see Section 9 for further details).

3. What information do we collect?

We collect the following types of personal information:

(a) Information we collect when you register with us 

When you register with us, we may ask you for a number of pieces of information including: 

  • your name;
  • your email address;
  • whether you would like to receive information from us via email

(b) Information we collect about how you use our Digital Services

When you browse our Websites or use our Digital Services, we may collect:

  • information about any devices you have used (including the manufacturer, model and operating system, IP address, browser type and mobile device identifiers);
  • cookies and information about your online browsing behaviour and history on our Digital Services, your location, and information about when you click on one of our adverts (including those shown on other organisations’ websites);
  • information about your preferences in connection with our Digital Services, for the purposes of enhancing and personalising your experience on our Digital Services;

If you provide us with personal information about another person, you must ensure that before you provide us with their personal information, you have their agreement to do so and that they are aware of the ways in which we use personal information as set out in this Privacy Policy.

We will be collecting customer data from other members of the Kingfisher Group, and what information you will be receiving and processing, e.g. product selection, online browsing behaviour, details of orders etc.

4. Why do we ask for this information?

We ask for information to deliver the information you have requested in respect of our financial results announcements and/or analyst estimates about our future performance.

Customer data: performing analytics and automated decision making

We may use automated decision-making when we make decisions by technological means without significant human involvement, and non-automated processes, to help generate business insights based on the customer experience and evaluate or predict customer purchasing preferences. This will include receiving information from members of the Kingfisher Group, using such processes and sharing the results with members of the Kingfisher Group for the same purposes and to help overall customer experience. We, and members of the Kingfisher Group, will each be receiving and processing your information in our own right and subject to our own privacy notices. The privacy notices for members of the Kingfisher group are available on their respective websites.

As we are serving a wide group of customers across the Kingfisher Group, the use of automated and non-automated decision-making and profiling is highly important for our business operations and our ability to shape customer experience.

Examples of areas in which we process customer information in these ways are:

  • Customer profiling and segmentation - online and in store
  • Customer purchasing behaviour - online and in store
  • Customer feedback analysis- product and service satisfaction
  • Customer lifecycle - acquisition and retention
  • Basket analysis - online and instore
  • Customer proposition analysis
  • Digital performance - web and mobile application

You do not have to give us permission in order to use our website.

5. How do we use your personal information

We have set out below the purposes for which we use your personal information.  We are also required by law to state a “legal basis for processing”, i.e. to tell you on what grounds we are allowed to use your information, and this is also set out below.  The legal basis for each purpose is that we have your consent for the use of your personal information, or that we need to use your personal information in order to perform a contract with you, or that the use of your personal information is necessary for our legitimate interests (in which case we will explain what those interests are).

Purpose of processing Our legal basis

Carry out our obligations under any contracts entered into between you and us for example, sending you our financial results announcements and/or analyst estimates about our future performance

Contractual necessity – we use your personal information in order to meet our obligations under our contract with you (for example, to deliver the information you have requested)

Monitor details of your visits to our Digital Services, including page views, for business and data analysis purposes.

Legitimate interests – we use your personal information to help us deliver the best quality of service to you and our other customers.

Provide, enhance and personalise your experience on our Digital Services;

Legitimate interests – we use your personal information to deliver you a tailored experience when using our digital services.

In order to comply with any legal obligation (including in connection with a court order);

Compliance with legal obligation – we process your personal information in order for us to comply with our legal obligations.

Our Digital Services are not intended for children and we do not knowingly collect data relating to children.

6. How long do we keep your personal information?

We are required by law to keep your personal information only for as long as is necessary for the purposes for which we are using it.  The period for which we keep your personal information will be determined by a number of criteria, including the purposes for which we are using the information, the amount and sensitivity of the information, the potential risk from any unauthorised use or disclosure of the information, and our legal and regulatory obligations.  

7. Who do we share your personal information with?

We are a member of the Kingfisher Group of companies including B&Q, Screwfix, Castorama and Brico Dépôt

We may share your personal information with other members of the Kingfisher Group in connection with the purposes above and those listed below. Members of the Kingfisher Group may also use the personal information we share with them to improve our and their websites and other digital services, for analysis purposes

We may disclose your personal information to third parties, including in the following circumstances: 

  • We may pass personal information to external agencies and organisations (including the police and other law enforcement agencies) for the purpose of preventing and detecting fraud (including fraudulent transactions) and criminal activity. These external agencies may check the information we give them against public and private databases and may keep a record of such checks to use in future security checks. We may also disclose personal information to the police and other law enforcement authorities in connection with the prevention and detection of crime.
  • In the event that we sell or buy any business or assets, we may disclose personal information held by us to the prospective seller or buyer of such business or assets. If we or substantially all of our assets are acquired by a third party (or subject to a reorganisation within our corporate group), personal information held by us will be one of the transferred assets.
  • We may pass your personal information to third parties if we are under a duty to disclose or share your personal information in order to comply with any legal obligation (including in connection with a court order).
  • We may share anonymous or aggregate data (such as aggregated statistics or other anonymised data) with third parties. 

Links to external sites

We may provide links to the websites of other Kingfisher Group companies from our Digital Services. Your use of those websites is subject to the terms of use and policies available on those websites.

From time to time we may also establish relationships with third parties that will enable you to access the websites or applications (such as video players) of such third parties directly from our Digital Services. Each third party operates its own policy regarding the processing of personal information and the use of cookies on its website(s) or through its applications and you are advised to read the third party's privacy policy and cookies policy. 

Please note that third party websites and applications are not under our control. When you click through to these websites or access these applications you leave the area controlled by us. We do not accept responsibility or liability for any issues arising in connection with the third party's use of your data (including your personal information).

Where will your personal information be processed?

Your personal information may be transferred to, and stored and processed in, one or more countries outside the European Economic Area (EEA), including countries which do not provide equivalent protection for personal information. In these circumstances, we will take reasonable steps and implement appropriate measures to ensure that your personal information is adequately protected in accordance with the law.

These measures generally include either:

  • Transferring personal information to countries that have been deemed to provide an adequate level of protection for personal information by the European Commission; or
  • Transferring personal information where the recipient has agreed to a European Commission approved data transfer agreement in the form of the standard contractual clauses.

Occasionally, we may transfer your personal information in circumstances where there are no adequate safeguards where this is permitted by data protection law.

Please contact us using the details below if you want further information on the specific safeguards used by us when transferring your personal information out of the EEA.

8. Your rights

You have the right to ask us to:   

  • Confirm what personal information we hold about you and provide you with a copy of that data;
  • Correct any personal information that is inaccurate;
  • Remove your personal information where there is no good reason for us to continue to hold that data;
  • Temporarily stop using your personal information if you are questioning our right to use that data and in other circumstances where that right is applicable;
  • Stop using your personal information unless we can demonstrate a valid reason why we need to continue to hold that data e.g. to support a product warranty;
  • Provide you with the personal information that you have provided to us, in a structured and commonly-used electronic format, or transmit that information directly to another company if that is technically feasible.  This applies where we are using your personal information on the basis of your consent or because it is necessary to perform a contract with you (see How do we use your personal information, above).
  • Right to object to automated decision-making (including profiling) in certain circumstances

Our security procedures mean that we may request proof of identity before we are able to disclose your personal information to you or comply with other requests.

We want to make sure that the personal information we hold about you and your preferences as to how we contact you are accurate and up to date. If any of the details are incorrect, please let us know (details below) and we will amend them.

You also have the right to make a complaint to the supervisory authority if you’re not happy with how we’ve handled your personal information.  The websites for the supervisory authorities that regulate our processing of your personal information are set out below:

Kingfisher Entity Supervisory authority Supervisory authority contact information
Kingfisher plc The Information Commissioner's Office

9. How to contact us?

To update your details or ask for a copy of your personal information:

  • You can use our: Data Subject Request Form;
  • You can write to us at: Data Protection Officer, Kingfisher Plc, One Paddington Square, London W2 1GG, United Kingdom;
  • You can email us at [email protected];
  • If you would like to contact our Data Protection Officer please email: [email protected] or write to 
    Data Protection Officer, 
    Kingfisher Plc, 
    One Paddington Square
    W2 1GG 
    United Kingdom

 10. Protecting your personal information

The transmission of information via the internet is not completely secure; this risk is common across the internet and not specific to our services. We cannot guarantee the security of your data (including your personal information) transmitted to our services; any transmission is at your own risk.

It is important for you to protect against unauthorised access to your password and to your computing device. Be sure to sign off and close your browser when you have finished your session. This will help to ensure that others do not access your personal information if you share your computing device or use a computing device in a public place such as a library or internet café.

11. Updates to this notice

We may update this notice from time to time.  The latest version of this notice will be posted on our Website.

Last updated: March 2023