This Privacy Notice explains in detail the types of personal data we may collect about you when you interact with us. It also explains how we’ll store and handle that personal data and keep it safe. Personal data means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (which known as anonymous or anonymised data).
We know that there’s a lot of information here, but we want you to be fully informed about your rights, and how we use your data. The Privacy Notice is provided in a layered format so you can click through to the specific areas set out below, but you can also download a pdf version of the Privacy Notice here: [insert link]. We have set out below the main topics that are covered in our Privacy Notice (the first layer), along with high-level explanations of these topics (the second layer). You can then click through to the detailed information (the third layer).
1. Important information and who we are
This sets out the purpose of the Privacy Notice, our contact details (including the details of our data protection officer), how we may change the Privacy Notice and details of any third party links that may be included on our website(s).
2. Purposes for which we use your personal data
This section includes a lot of detail regarding the purposes for which we use your personal data. In all likelihood, our lawful basis for processing your personal data will be one or more of the following: (i) where you have provided your consent; (ii) where we need to in order to perform a contract with you; (iii) where the processing is necessary for our legitimate interests; and/or (iv) where we need to in order to comply with a legal or regulatory obligation.
3. When might we collect your personal data?
We collect data about you in a number of ways. This includes by using data that we already have about you, information that you give to us, information we collect via automated technologies or interactions, location data we collect via certain kinds of technology and information we get from third parties or publicly available sources.
4. What sort of personal data do we collect?
This sets out the kinds of personal data that we may collect and process about you, which includes identity and contact, financial, transaction, technical, profile, usage and marketing and communication data. We do not collect or process any special categories of personal data, which includes things such as details about race or ethnicity, political opinions and/or health data. We do collect, use, and share aggregated data, but this data is not personal data from which you can be identified.
5. How and why do we use your personal data?
This section sets out more detail regarding how we use the categories of personal data that we collect about you. We have detailed the type of personal data we process, the purposes for our processing of this personal data and what our lawful basis for processing your personal data is.
6. How we protect your personal data
We have put appropriate security measures in place to prevent your personal data being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. Such measures can include using secure links, encryption and firewalls. We have procedures in place to deal with any actual or suspected personal data breach.
7. How long will we keep your personal data?
We only retain your personal data for as long as we need to. To determine the appropriate retention periods, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorised disclosure, the purposes for which we process your personal data (and whether we can achieve these purposes by other means) and applicable legal, regulatory, tax, accounting and other requirements. If we have anonymised your personal data, we can retain this indefinitely.
8. Who do we share your personal data with?
We do disclose your personal data to certain third parties including internal third parties (namely our group companies), external third parties that provide services to us, our professional advisers (like our lawyers and accountants) and certain regulators and other authorities (such as HM Revenue and Customs).
9. Where your personal data may be processed
We do in some limited circumstances transfer your personal data outside of the United Kingdom, but if we do this we do ensure that a similar degree of protection is afforded to your personal data.
10. What are your rights over your personal data?
You have a number of rights in relation to your personal data, and this section sets out in detail what these rights are and how you can exercise these rights.
11. Important information and who we are
When we mention we, us, or our in this Privacy Notice, we are referring to ERA Home Security Limited (a company registered in England and Wales, with company registration number is 02838541 and registered office at 29 Queen Anne's Gate, London, United Kingdom, SW1H 9BU). We are the controller, and we are responsible for this website.
We have appointed a data protection officer (DPO) who is responsible for overseeing questions in relation to this Privacy Notice. If you have any questions about this Privacy Notice, including any requests to exercise your legal rights, please contact the DPO using the details set out below.
Please note that this website is not intended for children and we do not knowingly collect data relating to children.
It is important that you read this Privacy Notice together with any other privacy notice or fair processing policy we may provide on specific occasions when we are collecting or processing personal data about you so that you are fully aware of how and why we are using your data. This Privacy Notice supplements other notices and privacy policies and is not intended to override them.
12. Contact details
Legal Entity Name: ERA Home Security Limited
Email Address: email@example.com
Postal Address: Valiant Way, Wolverhampton, WV9 5GB
You have the right to make a complaint at any time to the Information Commissioner's Office (ICO), the UK regulator for data protection issues (www.ico.org.uk). We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance.
13. Changes to this Privacy Notice and changes to your personal data
It’s likely that we’ll need to update this Privacy Notice from time to time. We’ll notify you of any significant changes, but you’re welcome to come back and check it whenever you wish. Historic versions of this Privacy Notice can be obtained by contacting us.
It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us.
14. Third party links
15. Purposes for which we use your personal data
In specific situations, we can collect and process your personal data with your consent. For example, when you tick a box to receive email newsletters. When collecting your personal data, we’ll always make clear to you what categories of products you are opting in to receive information about and how you want to be contacted.
In certain circumstances, we need your personal data to comply with our contractual obligations. What this means is that processing of your personal data is necessary for the performance of a contract to which you are a party or to take steps at your request before entering such a contract. For example, if you order an item from us, we’ll collect your address details to deliver your purchase, and pass these details to our courier. If you have a credit account with us and an established price list, we may also need to use your contact details to alert you of any changes to your agreed contractual pricing.
If the law requires us to, we may need to collect and process your personal data. This means that the processing of your personal data is necessary for compliance with a legal obligation that we are subject to. For example, we can pass on details of people involved in fraud or other criminal activity affecting us to law enforcement.
In specific situations, we require your personal data to pursue our legitimate interests in a way which might reasonably be expected as part of running our business and which does not materially impact your rights, freedom or interests. In particular, this means the interest of our business in conducting and managing our business and to enable us to give you the best service/product and the best and most secure experience. We make sure we consider and balance any potential impact on you (both positive and negative) and your rights before we process your personal data for our legitimate interests. We do not use your personal data for activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted to by law). You can obtain further information about how we assess our legitimate interests against any potential impact on you in respect of specific activities by contacting us. For example, we will use your purchase history to send you or make available personalised offers. We also combine the shopping history of many customers to identify trends and ensure we can keep up with demand or develop new products/services.
Please note that we may process your personal data for more than one lawful ground depending on the specific purpose for which we are using your personal data. Please contact us if you need more details about the specific legal ground we are relying on to process your personal data.
16. When might we collect your personal data?
We collect your personal data using various measures, including as set out below.
Direct Interactions: such as
- When you visit any of our websites and use your account to buy products and services.
- When you make an online purchase and check out by debit or credit card.
- When you register for an account with us.
- When you purchase a product or service in store or by phone but don’t have (or don’t use) an account.
- When you engage with us on social media.
- When you download or install one of our apps.
- When you contact us by any means with queries, complaints etc.
- When you enter prize draws or competitions.
- When you book any kind of appointment with us.
- When we see you at an exhibition or show and you have shown an interest in our products.
- When you choose to complete any surveys we send you.
- When you comment on or review our products and services.
Automated Technologies or Interactions: when you interact with our website, we will automatically collect Technical Data (as defined below) about your equipment, browsing actions and patterns. We collect this personal data by using cookies, server logs and other similar technologies.
Third Parties or Publicly Available Sources: we will receive personal data about you from various third parties and public sources as set out below:
- From analytics providers (such as Google), advertising networks and search information providers.
- From providers of technical, payment and delivery services (such as PayPal and Shopify).
- From third party data brokers or aggregators.
- When you’ve given a third-party permission to share with us the information they hold about you.
- We may collect data from publicly available sources (such as the Land Registry, Companies House and the Electoral Register).
17. What sort of personal data do we collect?
- Identity and Contact Data: including your name, invoicing and delivery address, orders and receipts, email and telephone number. For your security, we do not keep any record of your password but in the event you lose it, you can request for it to be reset. We also collect your address and contact details in relation to our Find an Installer Scheme
- Marketing and Communications Data: including your email address from any of our website and/or app sign ups with your opt in/out preferences.
- Financial Data: including bank account and payment card details.
- Transaction data: including details of payments to and from you and other details of products you have purchased from us. We also collect details of your shopping history more broadly, such as items that you may have viewed or placed in your basket (even if you didn’t actually purchase them).
- Usage Data: including the web pages viewed during your visit, the advertisements you clicked on, any search terms you entered and other details of your visits to our websites and which site you came from to ours
- Profile Data: including your username, purchases or orders made by you, your interests, preferences, feedback and survey responses. We may also collect your social media username, if you interact with us through those channels, to help us respond to your comments, questions or feedback.
We do collect, use and share aggregated data such as statistical or demographic data for any purpose. Aggregated data could be derived from your personal data but is not considered personal data in law as this data will not directly or indirectly reveal your identity. For example, we may aggregate your Usage Data to calculate the percentage of users accessing a specific website feature. However, if we combine or connect aggregated data with your personal data so that it can directly or indirectly identify you, we treat the combined data as personal data which will be used in accordance with this Privacy Notice.
We do not collect any Special Categories of Personal Data about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health, and genetic and biometric data). Nor do we collect any information about criminal convictions and offences.
Where we need to collect personal data by law, or under the terms of a contract we have with you, and you fail to provide that data when requested, we may not be able to perform the contract we have or are trying to enter into with you (for example, to provide you with our products). In this case, we may have to cancel a product or service you have with us but we will notify you if this is the case at the time.
18. How and why do we use your personal data?
Here’s how we’ll use your personal data and why:
- We process your Identity and Contact Data to register you as a new customer. We need to do this to be able to perform our contract with you.
- We process your Identity and Contact Data, Financial Data, Marketing and Communication Data and Transaction Data to process any orders that you make by using our websites (including by managing payments, fees and charges and collecting and recovering money owed to us) and to remind you if you have navigated away from your basket with items still in it. If we don’t collect your personal data during checkout, we won’t be able to process your order (namely, perform the contract we have with you), perform our legitimate interests (namely, to recover any debts due to us and/or to see if you are still interested in something in your basket) and/or comply with our legal obligations (such as in relation to fraud prevention).
- We process your Identity and Contact Data, Marketing and Communication Data, Financial Data, Transaction Data and Profile Data to respond to your queries, refund requests and complaints. Handling your information enables us to respond. We may also keep a record of these to inform any future communication with us and to demonstrate how we communicated with you throughout. We do this based on our contractual obligations to you, our legal obligations and our legitimate interests in providing you with the best service and understanding how we can improve our service based on your experience.
- We process your Identity and Contact Data, Marketing and Communication Data and Transaction Data to contact you if there is a query with your delivery. To enable us to do this we will also collect a telephone number at registration and checkout. We will need to communicate this number to our couriers, so they can contact you regarding your delivery if necessary. This is for us to perform our contract with you.
- We process your Identity and Contact Data and Technical Data to protect our business and your account from fraud and other illegal activities and to otherwise administer our business and this website (for example, by checking your password when you login and using automated monitoring of IP addresses to identify possible fraudulent logins from unexpected locations). This also includes using your personal data to maintain, update and safeguard your account. We’ll also monitor your browsing activity with us to quickly identify and resolve any problems and protect the integrity of our websites. We’ll do all of this as part of our legitimate interest in running our business, providing administration and IT services, network security, to prevent fraud and in the context of a business reorganisation or group restructuring exercise. We may also need to process this personal data in order to comply with a legal obligation.
- We process your Identity and Contact Data, Profile Data and Marketing and Communications Data to send you communications required by law or which are necessary to inform you about our changes to the products we provide you. For example, updates to this Privacy Notice, product recall notices, and legally required information relating to your orders. These service messages will not include any promotional content and do not require prior consent when sent. If we do not use your personal data for these purposes, we would be unable to comply with our legal obligations.
- We process your Identity and Contact Data, Profile Data, Usage Data and Marketing and Communications Data to administer any of our prize draws or competitions which you enter, based on your consent given at the time of entering.
- We process your Technical and Usage Data, via data analytics, to develop, test and improve the systems, services and products we provide to you. This will include us recording your browser’s Session ID to help us understand more when you leave us online feedback about any problems you’re having. We’ll do this on the basis of our legitimate business interests in defining types of customers for our products, keeping our website updated and relevant, developing our business and informing our marketing strategy.
- We process your Identity and Contact Data, Profile Data and Marketing the Communications Data to send you survey and feedback requests to help improve our services. These messages will not include any promotional content and do not require prior consent when sent. We have a legitimate interest in doing this as this helps make our products or services more relevant to you and it enables us to study how customers use our products. Of course, you are free to opt out of receiving these requests from us at any time by updating your preferences which are accessible at the bottom of every marketing email or contacting us at: firstname.lastname@example.org and requesting to be removed.
- We process your Identity and Contact Data and Transaction Data to process your booking/appointment requests (for example with an installer). Sometimes, we’ll need to share your details with a third party who is providing a service (such as delivery couriers or a fitter visiting your home). We do so to perform our contract with you in maintaining our appointment with you. Without sharing your personal data, we’d be unable to fulfil your request and would, therefore, be unable to perform our contract with you.
- Will process your Identity and Contact Data and Marketing and Communications Data if we need to pass your details to the relevant ERA Installer (if you have opted for us to pass your details to them for them to contact you) or to enable us to contact you to check that your installer visit was successful and satisfactory, or to discuss any negative feedback you may have left on the schemes ‘rate me’ page. We only pass this personal to the relevant ERA Installer with your consent and we will process this personal data for our legitimate interests in developing and improving our business.
- We process your Identity and Contact Data, Marketing and Communications Data, Transaction Data and Profile Data to collect feedback from customers who have had a buying or service experience with us. We do this for our legitimate interests in developing and improving our business. We use Trustpilot to assist with collecting specific information from our customers about the service received from us and to collect product review information. Trustpilot functions as our processor and we are the controller. Sometimes following a purchase, you will receive an email direct from Trustpilot to obtain such feedback. If you do not wish to write a review, please ignore such correspondence. If you do write a review this will appear direct on the Trustpilot website on our relevant company page.
Advertising and marketing
As with most businesses, we will use your Identity and Contact Data, Profile Data, Usage Data, Technical Data and Marketing and Communication Data in order to deliver relevant website and app content and advertisements to you and to measure or understand the effectiveness of the advertising we serve to you. This is necessary for our legitimate interests in studying how customer use our products, to develop those customers, to grow our business and to inform our marketing strategy.
In addition, we will use your Identity and Contact Data, Profile Data, Technical Data and Marketing and Communication Data to make suggestions and recommendations to you about products or services that may be of interest to you and to otherwise inform our marketing strategy. This is necessary for our legitimate interests to develop our products, to provide high levels of service, to understand our customers interests and to grow our business.
With your specific consent, we will keep you informed by email, web, text, post or telephone about relevant products and services including tailored special offers, discounts, promotions, events, competitions and so on. Of course, you are free to opt out of hearing from us by any of these channels at any time. Please note that we will only contact you about relevant products or services we feel you may be interested in.
We will get your express opt-in consent before we share your personal data with any third party for marketing purposes.
You can choose to change your preferences in how we contact you and what information we hold – see more in ‘What are my rights?’ section below. However, remember, it is important to consider whether you truly want to opt out completely as doing so may mean we cannot provide all of the services or information you have asked for. Changing preferences is often a better way to manage contact, rather than opting out altogether. For example, if you’ve asked us to let you know when an item comes back into stock, we can’t do that if you’ve withdrawn your general consent to hear from us.
If you do decide to opt out of receiving these marketing messages, this will not apply to personal data provided to us as a result of a product purchase, warranty registration, product experience or other transactions.
Change of purpose
We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If you wish to get an explanation as to how the processing for the new purpose is compatible with the original purpose, please contact us. If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so. Please note that we may process your personal data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.
19. How we protect your personal data
We know how much data security matters to all our customers. With this in mind we will treat your personal data with the utmost care and take all appropriate steps to protect it, including by putting in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an anonymised way, altered or disclosed.
We secure access to all transactional areas of our websites and apps. Access to your personal data is password-protected, and sensitive data (such as payment card information) is secured by encryption. We regularly monitor our system for possible vulnerabilities and attacks, and we carry out penetration testing to identify ways to further strengthen security.
Suppliers who receive your personal data from us for processing purposes, such as delivery companies, are also reviewed periodically for data protection compliance to ensure their data is maintained appropriately under the same, strict access and storage conditions.
We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
20. How long will we keep your personal data?
Whenever we collect or process your personal data, we’ll only keep it for as long as is reasonably necessary for the purpose for which it was collected, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements. We may retain your personal data for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect of our relationship with you. To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from anonymised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting or other requirements.
At the end of that retention period, your data will either be deleted completely or anonymised, for example by aggregation with other data so that it can be used in a non-identifiable way for statistical analysis and business planning.
Some examples of customer data retention periods are set out below:
When you place an order, we’ll keep the personal data you give us for six years so we can comply with our legal and contractual obligations. In the case of certain products, such as British Standard Nightlatches where they have a 10-year Guarantee, we’ll keep the data for 10 years.
If your order included a warranty, the associated personal data will be kept until the end of the warranty period.
For marketing purposes, your information will be maintained for 3 years following inactivity, or for as long as you are an active customer, or if you have opted in via preferences to continue receiving information. When we refer to “inactivity” here, what we mean is that you have not had any direct engagement with us, such as by interacting with via email or purchasing products from us.
21. Who do we share your personal data with?
We sometimes share your personal data with trusted third parties for the purposes set out in this Privacy Notice. For example:
- Other companies in our group who may provide IT and system administration services and undertake leadership reporting.
- Service providers such as delivery couriers, engineers visiting your home, entities collecting product/service reviews and third parties that provide us with IT and system administration services. This may include direct marketing companies who help us manage our electronic communications with you and companies such as Trustpilot who will help us collect feedback from you.
- Professional advisers including lawyer, bankers, auditors and insurers who provide consultancy, banking, legal, insurance and accounting services.
- HM Revenue & Customs, regulators and other authorities based in the UK and Ireland who require reporting of processing activities in certain circumstances.
- Fraud prevention agencies and agencies that handle complaints. This may include sharing data about individuals with law enforcement bodies including Trading Standards where feedback relevant to a specific ERA Installer has been shared
- Third parties to whom we may choose to sell, transfer or merge parts of our business or our assets. Alternatively, we may seek to acquire other businesses or merge with them. If a change happens to our business, then the new owners may use your personal data in the same way as set out in this Privacy Notice.
Here’s the policy we apply to those organisations to keep your data safe and protect your privacy:
- We provide only the information they need to perform their specific services.
- They may only use your data for the exact purposes we specify in our contract with them.
- We work closely with them to ensure that your privacy is respected and protected at all times.
- We have reviewed all data protection and privacy policies to ensure their practices in storage and access of data are acceptable.
Some of our external third parties are based outside the UK so their processing of your personal data will involve a transfer of data outside the UK. Whenever we transfer your personal data out of the UK, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:
- We will only transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data.
- Where we use certain service providers, we may use specific contracts approved for use in the UK which give personal data the same protection it has in the UK.
Please contact us if you want further information on the specific mechanism used by us when transferring your personal data out of the UK.
23. What are your rights over your personal data?
We set out below an overview of your different rights
You have the right to request:
- A copy of any information about you we hold at any time, and also to have that information corrected if it is inaccurate. To ask for your information, please contact Data Protection Officer, ERA, Valiant Way, Wolverhampton, WV9 5GB. To ask for your personal data to be amended such as your name, or telephone number, please contact our Customer Services team or email email@example.com
- Erasure of your personal data. This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data where you have successfully exercised your right to object to processing (see below), where we may have processed your information unlawfully or where we are required to erase your personal data to comply with local law. Note, however, that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request.
- Restriction of the processing of your personal data. This lets you ask us to suspect the processing of your personal data: (i) if you want us to establish the accuracy of the personal data; (ii) where our use of the personal data is unlawful but you do not want us to erase it; (iii) where you need us to hold the personal data even if we no longer require it as you need it to establish, exercise or defend legal claims; (iv) you have objected to our use of your personal data, but we need to verify whether we have overriding legitimate grounds for using it.
- Transfer of your personal data to a third party. We will provide to you, or a third party you have chosen, your personal data in a structured, commonly used, machine-readable format. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.
- That we stop using your personal data for direct marketing (either through specific channels, or all channels). We must always comply with your request and we set out below how you can elect to stop our use of your personal data for direct marketing purposes.
- That we stop any consent-based processing of your personal data after you withdraw that consent. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent.
- Review by of any decision made based solely on automatic processing of your data (i.e., where no human has yet reviewed the outcome and criteria for the decision).
If we choose not to action your request, we will explain to you the reasons for our refusal.
You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive, or excessive. Alternatively, we could refuse to comply with your request in these circumstances.
Time limit for responding
We try to respond to all legitimate requests within one month. Occasionally it could take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.
Checking your identity
To protect the confidentiality of your information, we will ask you to verify your identity before proceeding with any request you make under this Privacy Notice. If you have authorised a third party to submit a request on your behalf, we will ask them to prove they have your permission to act.
How can you stop the use of your personal data for direct marketing?
There are several ways you can stop direct marketing communications from us:
- Click the ‘change preferences or unsubscribe’ link in any email communication that we send you. We will then stop any further emails from that particular division.
- In our apps, you can manage your preferences and opt out from one or all of the different push notifications by selecting or deselecting the relevant options when you register. Should you wish to opt out from contact, please unsubscribe in any emails you receive from us.
- Write to our Marketing Department at ERA, Valiant Way, Wolverhampton, WV9 5GB, or contact firstname.lastname@example.org
Please note that you may continue to receive communications for a short period after changing your preferences while our systems are fully updated.
We hope this Privacy Notice has been helpful in setting out the way we handle your personal data and your rights to control it.
If you would like a report with the personally identifiable information we hold about you, please email email@example.com. We will require your name, and all email addresses associated with your account.
If you would like your details removed from our systems, please ensure all devices are removed from your account, and email firstname.lastname@example.org. You will need to email us from the primary email address associated with your account.
If you have any questions that haven’t been covered, please contact our Data Protection Officer who will be pleased to help you.
This notice was last updated on 13 May 2022.