1. General Information
Who are we?
We are the separately registered sister companies Calendarclub.co.uk Ltd. (website) and Calendar Club Ltd. (stores).
CalendarClub.co.uk Ltd (Company Number: 04875419) is an ecommerce retailer. We are part of a group of companies based in the city of Exeter in the South West of England, that includes Otter House Ltd, Vista Stationery Print Ltd and our sister company, Calendar Club Ltd. Calendarclub.co.uk Ltd is the company responsible for your privacy when you shop online and is the Data Controller for this website. Calendarclub.co.uk Ltd are registered with the Data Protection register under Registration Number Z1131551.
Calendar Club Ltd Limited (Company Number: 03540821), open around 280 temporary stores across the UK and Ireland every year. Calendar Club Ltd. is the company responsible for your privacy when you shop in our stores and are the Data Controllers of any data collected. Calendar Club Ltd. are registered with the Data Protection register under Registration Number Z1128277.
Under the General Data Protection Regulations (GDPR) you have several new rights in relation to the data we store about you:
- The right to access what information we have stored about you. You can issue a subject access request by emailing GDPR@calendarclub.co.uk if you wish to see what information we hold about you or contact our Customer Services Team on 0808 178 1344.
- The right to be forgotten and have your information removed from our systems.
- The right to have your personal information corrected if it is inaccurate.
- The right to portability so that you can reuse your personal information for your own purposes including porting to another service provider.
- The right to withdraw consent to receiving direct marketing messages and other consent-based processing at any time. Online customers can do this themselves by changing their Contact Preferences in their Account Summary page on this website and by withdrawing consent using our Cookie Management Tool (coming soon).
- The right to complain to your data protection regulator. In the United Kingdom this is the Information Commissioners Office or ICO for short. You can read more about your rights and GDPR here: https://ico.org.uk
Lawful Bases for Processing Personal Data
Under the GDPR there are 6 lawful basis for processing. Within Calendar Club both online and instore we rely on the following basis for processing your personal data depending on what it is:
- Legitimate Interests
- Contractual Obligation
- Legal Obligation
Whenever we collect or process your personal data, whether on our website or in stores, we will only keep this data for the length of time necessary to complete the purpose for which it was collected. For example, if we have taken your name and address for the purpose of delivering a product to you, we will keep this data on your account in the event there is an issue with processing your order and in to facilitate re-ordering in the future.
Under the GDPR, consent is no longer forever or difficult to withdraw. We use the legitimate interest lawful basis for processing to process your personal data to send you direct marketing via email, post and sms. We abide by the current PECR rules so that we do not send you unsolicited marketing that you have not opted in for. If you do not consent to receiving marketing from us in the form of emails, SMS or other channels you will not be able to hear about our fantastic online offers, new products, bestsellers and store events. We run many and various types of promotions throughout the year, sometimes with big discounts on various styles of products so we hope you want us to keep in contact.
We keep your ‘order or transaction information’ for our own records and legal reasons. However, we will not keep this information longer than is necessary. If you do ask for your personal information to be erased, we may not be able to remove all of it due to ensuring we uphold our responsibilities to legal or regulatory requirements, fraud and abuse or to enforce our terms and conditions, but we will of course, remove what we can in line with the new GDPR law.
Changes to how we protect your privacy
How to contact us
We always want to hear from our customers (especially if you feel we have let you down or could do better).
- Have any questions or feedback about this policy
- Would like us to stop using your information
- Want to exercise any of your rights as set out above, or have a complaint
Please don’t hesitate to contact our Customer Services Team, who will be happy to answer any questions you may have. You can contact our Privacy Team by emailing us at GDPR@calendarclub.co.uk or by calling our Customer Services Team on 0808 178 1344 (Mon-Fri 9am to 5pm).
You can also write to us at:
Customer Services Team
Exe Box, Matford Park Road
2. Website Policies
What information do we collect from you ONLINE & how do we store and use it?
We only hold the information that is necessary to fulfil our contractual obligations with you and make sure our service is the best it can be. To process any orders, we need to hold your name, address, email address and telephone number on our systems. We store this information so that we can not only complete our contract with you to deliver your order but also for fraud protection reasons and to be able to provide refunds etc.
When you visit our website, we track each browsing session and the various products you have visited. We do this for several reasons including gaining feedback on our products and services, as well as being able to provide a better service to you by recommending products and services we think you will like. We use the GDPR legitimate interests lawful basis for processing in order to do this.
When you browse our website and enter your email address at any point during your journey, we may also use your email address to check whether you have an account with us in order to offer you a more personalised service. This may include reminding you of products you have shown interest in. If you leave an item in your basket and forget about it we may email you to let you know later on and use the contractual lawful basis under GDPR for this purpose.
We store your device type and IP address in our system logs for fraud protection reasons and to help identify any intrusions or Denial of Service attacks on our website. We do not use your IP address for any other reason and all logs are stored securely on our servers. These logs are deleted periodically.
Finally, if you decide to visit our website on a device that can share your location, you will be given the choice whether to do so or not. We only use the location information to help you to find your nearest store – it is not stored anywhere.
We use the browsing information and your email address, if you supply it, to send you updates and to tailor our emails to you to make them as relevant as possible. For example, we may send you reminder emails if you had to abandon your order half way through – perhaps your front doorbell rang and then you forgot all about your wonderful calendar find, right? REMOVE We only send marketing emails with your permission / consent e.g. if you have selected the “Email” option in the Contact Preferences area when placing an order or creating an account. However, as noted earlier we may send you emails if you have an abandoned basked using the contractual lawful basis for processing under GDPR.
We may also use your email address, following a transaction, to send a request to review your purchase and our service, using our 3rd Party supplier PowerReviews. We would send you this email under the legitimate interests lawful basis for processing under GDPR.
We use third party advertising on other websites across the web by using cookies (see the Cookies section later for more information and how you can control) which are stored on your computer. If you see a Calendar Club UK advert on another website or social media platform, it will be because a cookie from our website was placed onto your desktop computer, tablet, laptop, mobile phone or other device. We do this so that we can show you our latest products and promotions, especially those which we think are most relevant to you.We use the lawful basis of legitimate interests for processing under GDPR for this.
We need to take payment for your order by asking for credit card or debit card details (other payment methods are discussed later) to perform our contract with you. We may also use the details to issue refunds to you. We do not store any credit or debit card information. All payments go through our payment providers (SagePay, Amazon and PayPal) securely using encryption so your information is as safe as possible. We use the legal obligation and contractual obligation lawful basis for processing under the GDPR to do this.
Talking With Us
You may decide to engage with us via email, a phone call or social media. If you do, we will keep a contact history in order to provide customer service support. We may use this information to train staff members so that we can give you the best experience possible when talking with us.
We currently have no instant chat feature on our website or use phone recording software when you call our Customer Services Team (or any other team at our Head Office in Exeter). However, if this does change in the future we will let you know by way of your preferred contact method and this policy will also be updated. If you have no contact method, we will be unable to update you and so we strongly recommend reviewing your Contact Preferences in your Account Summary area, if you have an account, and selecting at least one of the options: Email, SMS, or Post.
When you enquire over email, online chat or other electronic communication we use the legitimate interest basis for processing under GDPR to do this.
We will make use of the details of your previous purchases with us, if you are an existing customer, in order to help to sell you the products you really want and for us to perform our contract with you. We will also make use of this information to provide effective Customer Service support: to handle returns and to advise on any aspect of your purchase. We may also use your purchasing history to find out what you like, to show you complimentary products, and to stay ahead of our competition.
Social Media Logging & Connecting
From time to time we may obtain freely available public information about you from Facebook and other social media sites, usually when you give us your email address e.g. when you email email@example.com, and we may use this information to help us provide you with better recommendations of our products via our marketing channels.
We may aggregate and anonymise your personal information (so that you cannot possibly be personally identified) and use it to do research and analyse the data. We may share this anonymised information with third parties in order to provide us with insights to better improve our service to you. We use our legitimate interest for processing under the GDPR in order to do this.
You don’t have to give us any of this personal information but if you don’t you may not get the best experience from using our website and engaging with us, but the choice is always yours.
With whom do we share your data
For us to function as a business and provide you with the best possible customer service and experience, we work with a few third parties and we share some of your data with our Customer Services Team and other staff members as required so they can support you in case of a problem with a purchase or product or to help fulfil our contract with you (for instance a warehouse picker/packer). Crucially, we only share your data with third party companies to fulfil our services to you.
We do not, and will not, sell any of your information – including your name, address, email address and payment card details – to any third party. We have always worked hard to protect your information and wish to continue earning your trust. This level of protection is important to you, we know that, and equally essential for our business.
We use a variety of third party tools and services to be able to offer you the best customer experience possible. The following list details who we currently use. We use our legitimate interests lawful basis for processing under GDPR to be able to do this.
We use a variety of other third party companies who provide professional services to us and help us run our business. These companies help us with things like merchandising our site and internal search results on our website, marketing agencies, email service providers, advertising partners and other software partners (for example postcode lookup and store locator software). We may transfer your information internationally and use companies whose services are either based in the EEA (European Economic Area) or are located outside of the EEA but are under an equivalent and approved privacy scheme by the EU (for example, for the EU-US Privacy Shield Scheme you can read about it here: https://www.privacyshield.gov/welcome). This all helps to protect your information in line with the new GDPR regulations.
Our current partnerships, which help us to deliver our service to you, are listed below:
- Attraqt: Our website uses Attraqt to provide site search and navigation. When you enter a search term, we send it to Attraqt’s servers and they send back the results to your browser. We deem this a Necessary service.
- Google (Google Analytics): Our website, like many others, uses Google Analytics to track basic usage information about our website visitors including (but not limited to): number of users, pages visited, length of browse time. We use this information to improve our sites and services for you. We use the legitimate interests lawful basis for processing under GDPR in order to do this.
- Google (AdWords): We place advertisements on Google’s search pages that we think you will like based on your search term as well as potentially on other websites that support retargeting ads, and which are accessible via Google’s AdWords platform. We use the legitimate interests lawful basis for processing under GDPR in order to do this.
- Facebook (Ads): We also place advertisements on Facebook and within your feed (if you have a Facebook account) that we think you will like based on your interest levels on our website. We use the legitimate interests lawful basis for processing under GDPR in order to do this.
- Microsoft (Bing Ads): We also advertise on Microsoft’s Bing platform in a similar way to AdWords and use the legitimate interests lawful basis for processing under GDPR in order to do this.
- AdRoll: Outside of Google and Facebook, AdRoll is our main partner for advertising on other websites. When you visit our website, we drop a cookie onto your device and if you then go to any AdRoll partner website, our adverts may appear to you on their site. We use the legitimate interests lawful basis for processing under GDPR in order to do this.
- Storepoint: Our store location software can use your current location - if you have turned on location services on your phone or device - to help you to find a Calendar Club store near to your current position.
- Mailgun: We use Mailgun’s email checker to ensure that when you checkout you have given us a valid email address. After all, you wouldn’t want your order to complete but then not receive an email receipt, right?
- Postcode Anywhere: We use Postcode Anywhere to save you time on entering your address by sending the postcode you enter on one of our address forms on our website to Postcode Anywhere’s servers which then return a full address or a list of addresses from which you may choose yours. This is a vital service to our company as it ensures the integrity of the information we receive to deliver your order. We use the legitimate interests lawful basis for processing under GDPR in order to do this.
- PCI Pal: if you place an order with our Customer Services Team, they will guide you through paying for your order over the phone, using your payment card, by interacting with an automated, secure service called PCI Pal. By doing so, you do not read out your card details and we do not know or store your card details. All we know is whether your payment has been successful or not giving you maximum protection of your sensitive payment details. We use the legitimate interests and legal obligations lawful basis for processing under GDPR in order to do this.
- PowerReviews: Our Ratings & Reviews service is fully integrated into our website and helps you to appreciate what other people think of our products so that you can make an informed purchasing decision as well as giving you the freedom to write your own review whether you are a paying customer or a website visitor. You may receive an email from PowerReviews on our behalf asking whether you would like would like to leave feedback on your purchased product(s) – this is purely optional, of course. We use the legitimate interests lawful basis for processing under GDPR in order to do this.
If you do not wish to receive our email marketing messages any more, you can ask to stop receiving them via:
- Your Account Summary page
- By contacting our Customer Services Team
We also engage in online advertising to keep you aware of what we are up to and to help you to easily see and find our products.
Like many companies, we show Calendar Club UK banners and other adverts to you when you are on other websites and apps. We do this using a variety of digital marketing networks and ad exchanges and we use a range of advertising technologies like web beacons, pixels, ad tags, cookies, and mobile identifiers as well as specific services offered by some websites and social networks such as Facebook’s Custom Audience service. We use the legitimate interests lawful basis for processing under GDPR in order to do this. You can find out more about how to control his in the cookies section at the end of this policy.
The banners and other adverts you see will be based on information we hold about you, or your previous use of Calendarclub.co.uk (for example, your Calendarclub.co.uk search history, and the content you read on the Calendarclub.co.uk website) or on our ads you have previously clicked on located around the web.
3. Store Policies
What information do we collect from you ONLINE & how do we store and use it?
Purchasing / Special Orders
With regards purchasing or ordering in our stores, we will only collect and hold information that is necessary to fulfil our contractual obligations with you and make sure our service is the best it can be. To process special orders placed in store for delivery to your home, we need to hold your name, address, email address and telephone number on our systems. We store this information so that we can not only complete our contractual obligations with you to deliver your order, but also for fraud protection reasons and to be able to provide refunds etc. We do not store your credit card details in-store, however we do pass securely encrypted credit card details to our payment provider World Pay, in order for your transaction to be processed.
We are legally obliged to take down your name and postcode for our records when processing refunds. Returns slip storage? Length of time in till? Disposal of slips?
Surveys & Prize Draws
For the purpose of legitimate business interest, we may occasionally partner with survey companies in an ongoing bid to monitor and improve our performance and service. In the majority of situations, this data will remain anonymous and might include your age, gender, postcode and shopping habits. Our 3rd party partnerships will always be with GDPR compliant companies who are contractually obliged to maintain your data privacy to current legal standards. We may ask for your email address at the end of a survey in order to enter you into a prize draw, which you are not obliged to give. We will always seek your consent to use this email address for future promotional emails, at the point of email address collection.
We will always seek consent from you at the point of email address collection, before sending promotional emails from Calendar Club Ltd. or CalendarClub.co.uk Ltd. Promotional emails contain information about store openings near you, store events and store promotions. You may be asked if you would like to receive our promotional emails at the point of purchase in our stores. We may take your email address for the purpose of keeping you up to date with the status of your special orders, but we will never send promotional emails without your consent to do so. You can opt out of receiving these emails at any point using the unsubscribe link at the bottom of the emails. We use the legitimate interests lawful basis for processing your personal data.
We will also never share your details with 3rd parties without your consent.
3rd Party Partnerships
Below is a list of current partners who may process your personal data for the purpose of completing our contractual obligation to fulfil your Special Order for store or home delivery. Returns slips/accident form transportation?
- Royal Mail
- Gregorys (previously known as Kays Transport)
For the purpose of legitimate business interest, some of our stores employ CCTV in order to monitor store activity. This allows us to keep staff and customers safe and secure by preventing crime, preventing staff misconduct, ensuring compliance with health and safety procedures as well as the monitoring and improving of productivity. Please note your image may be recorded whilst you are shopping in these stores. We do not keep this information longer than is reasonably necessary.
“Cookies” are small text files that live on your device – via our website so that the website can operate well and to help to serve you better. They may also help your browser to navigate through the website by allowing you to sign in automatically and by remembering settings you selected during earlier visits (among other functions). Cookies don’t harm your computer or device.
You can find more information about cookies and how to manage them in different browsers here:
If you disable cookies in your browser, it will affect your browsing experience and you may not be able to purchase products on our website or use certain functionality.
We use the following cookies on our website:
ASP.Net_SessionId (calendarlcub.co.uk): Preserves the visitor’s session state across page requests
Basketid (calendarclub.co.uk) used for visitors to retain basket between sessions
Sess# (amazon.com): required for Amazon payments
LMData (attraqt): used for tracking previous search results history from the calendarclub.co.uk website
LMSID: (attraqt): used for tracking previous search results history from the calendarclub.co.uk website
LMUID: (attraqt): used for tracking previous search results history from the calendarclub.co.uk website
Ubid-main (Amazon.com): used for amazon payments
_qb_ccsr (qubit): used for tag management
_qsst_s (qubit): used for tag management
_qst_s (qubit): used for tag management
x_qtag_171426 (calendarclub.co.uk) used for tag management
_ga (calendarclub.co.uk) used for google analytics and conversion tracking
_gat (calendarclub.co.uk) used for google analytics and conversion tracking
_gid (calendarclub.co.uk) used for google analytics and conversion tracking
Collect (gooles-analytics.com) used for google analytics and conversion tracking
Personalization_id (twitter.com) used so that visitors can share content from the website on his or her twitter account.
SC_Analytics_Global_Cookie (calendarclub.co.uk) used by main website to identify visitor on repeat visits for analytics.
Fr (facebook.com) used by facebook to deliver third party advertisemanets based on activity from the website
Muid (Bing.com) used by Microsoft to enable user tracking across Microsoft domains
Muidb (Bing.com) used by Microsoft for marketing pruposes
r/collect (doubleclick.net) used to send analytics data to google analytics about vistors device and behaviour
tr (facebook.com) used by facebook for tracking purposes for analytics and marketing.
i/adsct (t.co twitter): used for twitter tracking and analytics
Ometria (calendarclub.co.uk) used to enable personalised marketing emails by tracking what visitors have looked at.
Qubitconsent (calendarclub.co.uk): tag management
track/v3/718dd3649cfee039/event.gif (trk.ometria.com): used to enable personalised marketing emails by tracking what visitors have looked at.