Who we are
Calendar Club Ltd (Company Number: 03540821) opens around 280 temporary stores across the UK and Ireland every year. Calendar Club Ltd is the Data Controller for all data collected when you shop in our stores or online at www.calendarclub.co.uk
Calendar Club Ltd are registered on the Data Protection register under Registration Number Z1128277.
How to contact us
We always want to hear from our customers (especially if you feel we have let you down or could do better).
Have any questions or feedback about this policy
Would like us to stop using your information
Want to exercise any of your rights as set out below, or have a complaint
Please don’t hesitate to contact our Customer Services Team at email@example.com, who will be happy to answer any questions you may have. You can contact our Privacy Team by emailing us at GDPR@calendarclub.co.uk or by calling our Customer Services Team on 0808 178 1344 (Mon-Fri 9am to 5pm).
You can also write to us at:
Customer Services Team
Exe Box, Matford Park Road
Under the General Data Protection Regulations (GDPR) you have several new rights in relation to the data we store about you:
The right to access what information we have stored about you. You can issue a subject access request by emailing GDPR@calendarclub.co.uk if you wish to see what information we hold about you or contact our Customer Services Team on 0808 178 1344.
The right to be forgotten and have your information removed from our systems.
The right to have your personal information corrected if it is inaccurate.
The right to portability so that you can reuse your personal information for your own purposes including porting to another service provider.
The right to withdraw consent to receiving direct marketing messages and other consent-based processing at any time. Online customers can do this themselves by changing their Contact Preferences in their Account Summary page on this website and by withdrawing consent using our Cookie Management Tool (coming soon).
The right to complain to your data protection regulator. In the United Kingdom this is the Information Commissioners Office or ICO for short. You can read more about your rights and GDPR here: https://ico.org.uk
How we use your personal data
We will only use your personal data when the law allows us to. Most commonly, we will use your personal data in the following circumstances:
Where we need to perform the contract we are about to enter into or have entered into with you.
Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests.
Where we need to comply with a legal or regulatory obligation.
Order history: 7 years
Account details: 7 years from the last time you ordered with us
Marketing details: 5 years from the last time you ordered with us
Survey information: 5 years
Accident forms 7 years
Transactional information from stores: 7 years
Conversation history: 7 years
Call recording: 7 years
After the data retention period is reached, we will either remove or anonymise your data.
Changes to how we protect your privacy
How we use your personal data (online)
We only hold the information that is necessary to fulfil our contractual obligations with you and make sure our service is the best it can be. To process any orders we need your name, address, email address and telephone number on our systems. We store this information so that we can deliver your order, provide refunds where applicable, for fraud protection and for legal requirements. The legal basis for recording this information under the UK GDPR is Legal/Contractual obligation.
When you visit our website, we track each browsing session and the various products you have visited. We do this for several reasons including gaining feedback on our products and services, as well as being able to provide a better service to you by recommending products and services we think you will like through our marketing channels.
When you visit our website site, we record this information with our service providers, so we can market suitable products to you if you have agreed to having marketing sent to you by us. The legal basis for recording this information is consent under the UK GDPR. You can control your consent by using the cookie management tool on our website. The cookie management tool allows you to control what tracking is enabled or disabled. We also record what pages you have visited through google analytics however, all data that is recorded through google analytics is set to be recorded anonymously by anonymizing the last octet of the ip address. We record this information so that we can improve our products and services.
When you browse our website and enter your email address at any point during your journey, we may also use your email address to check whether you have an account with us to offer you a more personalised service. This may include reminding you of products you have shown previous interest in. If you leave an item in your basket and forget about it we may email you to let you know later on. We will only send you reminder emails if you have subscribed to receive our marketing emails.
Finally, if you decide to visit our website on a device that can share your location, you will be given the choice whether to do so or not. We only use the location information to help you to find your nearest store – it is not stored anywhere.
We use the browsing information and your email address, if you supply it, to send you updates and to tailor our emails to you to make them as relevant as possible. For example, we may send you reminder emails if you had to abandon your order half-way through. We will only send you marketing emails with your consent.
We may also use your email address, following a transaction, to send a request to review your purchase and our service, using our 3rd Party supplier “Feefo”. We use the legitimate interests lawful basis for processing under the UK GDPR in order to process and share your data with Feefo. If you do not wish your information to be shared with Feefo, we can remove your details from their database. Please contact our customer service team or email firstname.lastname@example.org and we will happily do this. Feefo is one of our partners who we have a GDPR Data Processing agreement in place with to safeguard your data in line with the UK GDPR. Feefo data may be held outside the EEA but in compliance with UK GDPR Privacy laws using Standard Contractual Clauses (SCC’s).
We use third party advertising through our partners to advertise our products. If you click through on one of our adverts on another website, our partner will track the click through so that we can then pay them the correct commission if you order something from our website. To do this, our partners will drop a cookie onto your PC when you visit their website which had the advertising on. You can control this by using the cookie management tool on the website that had the advertising on or disable cookies and tracking from within your browser. For more information please see here: https://www.cookiepro.com/knowledge/how-to-manage-cookies-by-browser/
You can also opt out of Internet-Based advertising using the below links and find out more information:
We need to take payment for your order by asking for credit card or debit card details (other payment methods are discussed later) to perform our contract with you. We may also use the details to issue refunds to you. We do not store any credit or debit card information. All payments go through our payment providers (Trustpay, Amazon and PayPal) securely using encryption so your information is as safe as possible. We use the legal obligation and contractual obligation lawful basis for processing under the UK GDPR to do this.
When making a payment over the telephone for website purchases, we use a service by one of our partners (PCI-PAL) to enable our customer service representative to take payment card information over the phone by having the customer enter their debit/credit card information using the telephone number pad. Each number entered provides the PCI-PAL servers with a unique dial tone frequency that is masked to our customer service representatives but appears on our customer service back-end systems masked. In this way, we can take payments without ever having to hear or see your credit/debit card number. The payment is then taken through the PCI-PAL secure service through TrustPay.
Talking with us
You may decide to engage with us via email, a phone call or social media. If you do, we will keep a contact history to provide customer service support. We may use this information to train staff members so that we can give you the best experience possible when talking with us. We may use phone recording software when you call our Customer Services Team (or any other team at our Head Office in Exeter). When you enquire over email, online chat or other electronic communication we use the legitimate interest basis for processing under GDPR to do this.
We will make use of the details of your previous purchases with us, if you are an existing customer, to help us offer you other products we think you would like and to perform our contract with you. We will also make use of this information to provide effective Customer Service support: to handle returns and to advise on any aspect of your purchase. We use the legitimate interest basis under UK GDPR for this.
Social Media Logging & Connecting
From time to time we may obtain freely available public information about you from Facebook and other social media sites, usually when you give us your email address e.g. when you email email@example.com, and we may use this information to help us provide you with better recommendations of our products via our marketing channels.
We may aggregate and anonymise your personal information (so that you cannot possibly be personally identified) and use it to do research and analyse the data. We may share this anonymised information with third parties to provide us with insights to better improve our service to our customers.
If you have consented to allowing us to contact you on social media, we will upload your email address to social media platforms to enable us to send marketing to you on those platforms. You can control any adverts from us on social media by opting out of the marketing from within the social media platform itself as well as unsubscribing from our email list (which can be done in the preferences area of your account OR clicking the unsubscribe link in one of our marketing emails OR calling our customer service team). We use consent as the legal basis under UK GDPR for this.
Who do we share your data with
For us to function as a business and provide you with the best possible customer service and experience, we work with a few third parties for example, we share your email address and first name and last letter of your surname with Feefo (our review partner) to enable us to get feedback on our services and products. This helps promote our business and use your feedback to improve our products and services. We also share some of your data with our customer services team and other staff members when required so they can support you in case of a problem with a purchase or product or to help fulfil our contract with you (for instance a warehouse picker/packer).
We may also share your data with Loqate (our address verification partner) very occasionally (once per year or less) who provide us with a data cleansing service to ensure all of the address, name, DOB, Email and phone data we hold is as up to date as it can be. Loqate are under contractual obligation to delete the information once they have cleansed the data and passed it back to us. During the process, all data is transferred encrypted and stored encrypted following GDPR requirements. We also have a contract in place between Loqate and Calendar Club Ltd to ensure the processing is done legally in line with the GDPR in a compliant fashion. We use the legitimate interest basis for processing under GDPR for this as we believe that this service is valuable to our customers and to ourselves as it ensures we do not send orders to the wrong address mistakenly and limits the chance of contacting deceased individuals.
We do not, and will not, sell any of your information – including your name, address, email address and payment card details – to any third party. We have always worked hard to protect your information and wish to continue earning your trust. This level of protection is important to you, we know that, and equally essential for our business.
We use a variety of third party tools and services to be able to offer you the best customer experience possible. The following list details who we currently use.
Our website uses Google Analytics to track user interaction and so we rely on the services supplied by Google to stay effective and to give you a relevant service. We use data collected by Google Analytics to determine how many people are using our site, what they are viewing, when they are viewing it and how they are navigating through the site. We use this data as feedback to be able to improve our service and offerings to you and it helps us with making decisions on how our promotions are doing, server requirements in the future (capacity planning) etc. Google records data like your approximate location (town or city), internet browser, device and operating system. Google Analytics does not record your full IP address and the data we pass to them from the website is anonymised.
We use a variety of other third-party companies who provide professional services to us and help us run our business. These companies help us with things like marketing , email services, advertising partners and other software partners (for example postcode lookup and store locator software). We may transfer your information internationally and use companies whose services are either based in the EEA (European Economic Area) or are located outside of the EEA but are under an equivalent and approved privacy scheme by the EU or have Standard Contract Clauses (SCC’s) which adhere to the UK GDPR.
Our current partnerships, which help us to deliver our service to you, are listed below:
Google (Google Analytics): Our website, like many others, uses Google Analytics to track basic usage information about our website visitors including (but not limited to): number of users, pages visited, length of browse time. We use this information to improve our sites and services for you. All data passed to google is anonymised.
Google (AdWords): We place advertisements on Google’s search pages that we think you will like based on your search term as well as potentially on other websites that support retargeting ads, and which are accessible via Google’s AdWords platform. We use your consent as the lawful basis for processing under UK GDPR.
Facebook (Ads): We also place advertisements on Facebook and within your feed (if you have a Facebook account) that we think you will like based on your interest levels on our website. We use your consent as the lawful basis for processing under GDPR in order to do this. You can control these cookies using our cookie management tool. If you have agreed to marketing via social media, you may have opted out of cookie marketing on social media platforms but may still receive marketing. We know this is confusing! If you still receive marketing on social media from us after opting out of the cookie marketing, it will be because you agreed at some point in the past to receive marketing via social media under your account or when checking out. You can opt out of this more targeted social media marketing from within the social media platform itself OR unsubscribe from our mailing list by clicking the unsubscribe link on one of our emails OR call our customer services team.
Microsoft (Bing Ads): We also advertise on Microsoft’s Bing platform in a similar way to AdWords. We use consent as the lawful basis for processing under GDPR. You can opt out of Microsoft personalised advertising here
Storepoint: Our store location software can use your current location - if you have turned on location services on your phone or device - to help you to find a Calendar Club store near to your current position. You must turn on the tracking on your device to do this and as such we therefore use the consent lawful basis for processing under the UK GDPR.
Postcode Anywhere: We use Postcode Anywhere to save you time on entering your address by sending the postcode you enter on one of our address forms on our website to Postcode Anywhere’s servers which then return a full address or a list of addresses from which you may choose yours. This is a vital service to our company as it ensures the integrity of the information we receive to deliver your order. We use the legitimate interests lawful basis for processing under GDPR in order to do this.
PCI Pal: if you place an order with our Customer Services Team, they will guide you through paying for your order over the phone, using your payment card, by interacting with an automated, secure service called PCI Pal. By doing so, you do not read out your card details and we do not know or store your card details. All we know is whether your payment has been successful or not giving you maximum protection of your sensitive payment details. We use the consent lawful basis for processing under GDPR in order to do this.
Feefo: Our Ratings & Reviews service is fully integrated into our website and helps you to appreciate what other people think of our products so that you can make an informed purchasing decision as well as giving you the freedom to write your own review whether you are a paying customer or a website visitor. You may receive an email from Feefo on our behalf asking whether you would like would like to leave feedback on your purchased product(s) – this is purely optional, of course. We use the legitimate interests lawful basis for processing under GDPR in order to do this.
Please contact firstname.lastname@example.org
If you would like to be opted out of Feefo and have your information removed from their systems. Please note, any information stored within Feefo is only used for our review purposes.
Ometria: Ometria are our email service provider who enable us to send tracking information on what products you have viewed on the website. If you have agreed to the tracking in the cookies management tool and agreed to receive marketing, we will send you more relevant marketing. We use your consent to do this under the UK GDPR.
Loqate: Our Address verification partner. We use Loqate when you enter in your address to ensure it is not entered incorrectly. On occasion we send our customer database to Loqate to clean the data and remove any old or incorrect data from our records. Once this has been done Loqate delete the date from their systems. All data is transmitted and stored ecrypted and Loqate are under contract with Calendar Club Ltd to ensure all data processing and handling is in line with GDPR requirements. We use legitimate interest as the lawful basis for processing your data for this.
Red Technology: Red technology are a GDPR compliant hosting provider and provide our Ecommerce platform.
If you do not wish to receive any Calendar Club marketing messages (email, online advertising etc) please ensure you :
Remove all cookies from your device
Login to your account and clear all of the marketing options
Click on an unsubscribe link in one of our recent marketing emails.
You can also call our customer services team who will take your details and we can do this for you.
How we use your personal data (Retail Stores)
Purchasing / Special Orders
With regards purchasing or ordering in our stores, we will only collect and hold information that is necessary to fulfil our contractual obligations with you and make sure our service is the best it can be. To process special orders placed in store for delivery to your home, we need to hold your name, address, email address and telephone number on our systems. We store this information so that we can not only complete our contractual obligations with you to deliver your order, but also for fraud protection reasons and to be able to provide refunds etc. We do not store your credit card details in store, however we do pass securely encrypted credit card details to our payment provider Optomany, in order for your transaction to be processed. We will hold your data on our systems for 7 years whereupon it will be anonymised. We process your data under the contract lawful basis/Legal obligation for processing under GDPR.
When a customer asks for a refund, we will ask for your name and postcode for our records. We do this for fraud prevention reasons. We will ask to see a proof of purchase before issuing a refund. This can be in the form of a receipt or a credit card/bank card statement. When a refund is issued, we keep your details for 7 years. All information kept is stored securely. We use the legitimate interests basis for processing under GDPR in order to process this information.
Surveys & Prize Draws
For the purpose of legitimate business interest, we may occasionally partner with survey companies to monitor and improve our performance and service. In the majority of situations, this data will remain anonymous and might include your age, gender, postcode and shopping habits. Our 3rd party partnerships will always be with GDPR compliant companies who are contractually obliged to maintain your data privacy to current legal standards. We may ask for your email address at the end of a survey to enter you into a prize draw, which you are not obliged to give. We will always seek your consent to use this email address for future promotional emails, at the point of email address collection.
If you are involved in an accident in one of our stores, we will record your name and address and the nature of the accident for our records. This information will be held for 7 years.We use the legal obligation lawful basis for processing in order to process this information under GDPR.
E-receipts and Marketing at Point of Sale.
We will always ask for consent from you at the point of email address collection, before sending promotional emails from Calendar Club Ltd. or CalendarClub.co.uk Ltd. Promotional emails contain information about store openings near you, store events and store promotions. You may be asked if you would like to receive our promotional emails at the point of purchase in our stores. We may take your email address for the purpose of keeping you up to date with the status of your special orders, but we will never send promotional emails without your consent to do so. You can opt out of receiving these emails at any point using the unsubscribe link at the bottom of the emails or contacting our customer services team.
3rd Party Partnerships
Below is a list of current partners who may process your personal data for the purpose of completing our contractual obligation to fulfil your Special Order for store or home delivery. Returns slips/accident form transportation?
Gregorys (previously known as Kays Transport)
For the purpose of legitimate business interest, some of our stores employ CCTV in order to monitor store activity. This allows us to keep staff and customers safe and secure by preventing crime, preventing staff misconduct, ensuring compliance with health and safety procedures as well as the monitoring and improving of productivity. Please note your image may be recorded whilst you are shopping in these stores. We do not keep this information longer than is reasonably necessary (Less than one year).