Privacy Policy

Introduction

This privacy notice explains in detail the types of personal data we may collect about you when you interact with us. It also explains how we’ll store and handle that data, and keep it safe.

Legal Basis of Processing Your Data

The law on data protection sets out several reasons for which a company may collect and process your personal data, including:

Consent

In specific situations, we can collect and process your data with your consent. For example, when you tick a box consenting to receive email newsletters.

Contractual Obligations

In certain circumstances, we need your personal data to comply with our contractual obligations. For example, if you order an item for home delivery, we’ll collect your address details to deliver your purchase and pass them to our courier.

Legal Compliance

If the law requires us to, we may need to collect and process your data.

Legitimate Interest

In specific situations, we require your data to pursue our legitimate interests in a way that might reasonably be expected as part of running our business and which does not materially impact your rights, freedom, or interests. For example, we use your purchase history to send or make available personalised offers.

When Do We Collect Your Data?

  • When you visit our website and use your account to buy products.
  • When you make an online purchase and check out as a guest.
  • When you create an account with us.
  • When you engage with us on social media.
  • When you contact us by any means with queries, complaints, etc.
  • When you enter prize draws or competitions.
  • From publicly-available sources (such as Land Registry).
  • When you enter our stores or offices; CCTV systems may record your image.

What Sort of Data Do We Collect?

  • Your name, billing/delivery address, orders, receipts, email, and telephone number.
  • Information gathered by cookies in your web browser.
  • Details of your visits to our websites or apps and referring sites.
  • Personal details that help us recommend items of interest.
  • Payment card information.
  • Your image via CCTV in shops.
  • Technical information about your internet connection and browser.
  • Your social media username if you interact with us via social media.

How and Why We Collect Your Data

We use your data to deliver the best customer experience, personalise content, offer promotions, and improve our services. The data privacy law allows this under legitimate interest principles.

Examples of Usage:

  • Processing orders and compliance with legal obligations.
  • Responding to queries, complaints, and refund requests.
  • Protecting our business and your details from fraud and illegal activities.
  • Operating CCTV for security purposes.
  • Using purchase data to improve services and recommend offers.
  • Sending marketing communications (with your consent).
  • Testing and improving our systems and services.
  • Sharing data with law enforcement when required.

Your Data and Direct Marketing

We use your data to tailor offers and promotions. We may combine personal data collected directly with third-party data, provided you have consented.

How Do We Protect Your Data?

We take your privacy seriously:

  • Secure access to transactional areas with HTTPS technology.
  • Password-protected access to personal data.
  • SSL encryption for sensitive data (like payment card information).
  • Regular system monitoring and penetration testing.

How Long Do We Keep Your Data?

We retain your personal data only as long as necessary for the purpose collected. After that, data is deleted or anonymised.

Orders

Personal data from orders is kept for six years to comply with legal obligations.

Who Do We Share Your Data With?

We sometimes share personal data with trusted third parties, ensuring they:

  • Only use data for specified services.
  • Respect and protect your privacy.
  • Delete or anonymise your data if they stop working with us.

Sharing Your Data with Third Parties

We only share your data externally in very specific circumstances, such as fraud prevention or legal obligations. We may also transfer data during business restructuring or sales.

Third Parties We Currently Use Include:

  • Mailchimp
  • Shopify
  • Google
  • Webgains

Where Is Your Data Processed?

We may transfer your data outside the EEA (e.g., to Australia or the USA) under strict contractual protections.

International Orders

If you are based outside the UK, we transfer your data to our UK teams.

Protecting Your Data Outside the EEA

Transfers comply with laws and contractual safeguards to ensure equivalent protection as inside the EEA.

What Are Your Rights Over Personal Data?

  • Access your personal data.
  • Request correction of inaccurate data.
  • Request deletion or stop processing under certain conditions.
  • Opt-out of direct marketing at any time.
  • Withdraw consent whenever granted.

To exercise your rights, please contact our Data Protection Officer at:

Email: DPO@the-four-group.com
Address: Data Protection Officer, 6-10 Market Road, London N7 9PW

Direct Marketing

You can opt-out at any time by:

  • Clicking the unsubscribe link in emails.
  • Updating preferences in your account.
  • Emailing or writing to us.

Use of Our Services by Children

Our website is not intended for children under 16. We will delete any personal information collected from children under 16.

Contacting the Regulator

If you feel your data has not been handled correctly, you can lodge a complaint with the ICO at www.ico.org.uk/concerns or call 0303 123 1113.

Further Help or Advice

If you have any unanswered questions, contact our Data Protection Officer by emailing DPO@the-four-group.com or writing to:

Data Protection Officer, 6-10 Market Road, London N7 9PW.