Overview

We understand that your privacy is important and we will treat any personal information you provide us as confidential. Your data will only be used in accordance with the UK General Data Protection Regulation (UK GDPR). We promise to look after your personal information and will never sell it to third parties. Roys is committed to being transparent about the data we collect and how we use it.

This policy applies whether you visit our stores, use your mobile device or go online, and outlines:

• How we use your data
• What personal data we collect
• How we ensure your privacy is maintained
• Your legal rights relating to your personal data

How we use your data

Roys uses your personal data:

• To provide goods and services to you
• To make a tailored website available to you
• To manage your account(s) with us
• To verify your identity
• to check your Right to Work (for job applications)
• For fraud and crime prevention
• With your consent, to contact you electronically about promotional offers, products, and services
• For market research and better understanding customer needs
• To manage customer service interactions
• Where we are legally obliged to disclose your information

We will only collect your personal data if you provide it voluntarily, for example when you:

• Place an order
• Sign up for marketing communications
• Enter competitions or prize draws
• Apply for a job at Roys
• Take part in a survey
• Contact us

Marketing

We may use your personal data (with your consent) to send electronic marketing about our latest offers, products, and services.

Roys aims to update you about products and services which are of interest and relevance to you as an individual.

You can opt out of marketing communications at any time by:

• Updating your preferences in your online account
• Clicking the “unsubscribe” link in emails
• Contacting us using the details provided in this policy

To help make our communications more relevant, we may analyse your browsing and purchasing behaviour and use other demographic information.

Sharing Data with Third Parties

Service Providers

To provide our services to you, we may share your data with trusted partners such as:

• IT providers
• Delivery companies
• Marketing platforms (e.g. DotDigital)

These providers are only permitted to use your data to deliver the contracted services and are required to maintain strong data protection standards.

Roys uses DotDigital for marketing email communications. DotDigital complies with data protection regulations and maintains safeguards for customer data. For more details, please see DotDigital’s privacy policy.

Other third parties

We may also share your data with:

• Credit reference agencies (for card payments)
• Legal or regulatory bodies (to comply with obligations or exercise legal rights)
• Law enforcement (for crime prevention or legal enforcement)

We do not sell or rent personal data to any third party for marketing.

Data Retention

We will only retain your data as long as necessary for the purposes outlined in this policy. In general, the maximum period we retain personal data is 10 years.

What personal data do we collect?

We may collect:

• Name and contact details
• Order history and purchase information
• Online activity on our site (e.g. IP address, location, browser type)
• Passwords
• Card payment details (via secure third parties)
• Marketing preferences
• Survey responses and feedback
• Communication records with Roys
• Right to Work documentation (for job applicants)

How we protect your data

We use a variety of physical, electronic, and managerial measures to protect your data:

• Encryption and secure data storage
• Firewalls and anti-malware systems
• Access control measures
• Regular audits and staff training
• Cybersecurity assessments of suppliers

We are registered as a Data Controller with the Information Commissioner’s Office (ICO).

What you can do to help protect your data

• Never share your Roys account password
• Log out of accounts on public computers
• Use strong, unique passwords for different accounts
• Be wary of phishing emails — Roys will never ask for your payment details via email

Your Rights

You have the right to:

• Request access to the personal data we hold about you
• Ask us to correct inaccurate or outdated data
• Opt out of marketing communications
• Withdraw consent where processing is based on consent

To exercise your rights, please contact us at:

dpo@roys.co.uk

You may also contact the Information Commissioner’s Office (ICO) at ico.org.uk to lodge a complaint.

Legal basis for Processing

We process your data based on:

• Our legitimate interests (e.g. improving services, marketing, fraud prevention)
• Fulfilling our contractual obligations to you
• Compliance with legal obligations
• Your consent (e.g. for email marketing)

You may withdraw consent at any time.

Cookies

We use cookies to enhance website functionality and analyse traffic. Cookies help us:

• Recognise returning visitors
• Store shopping cart preferences
• Analyse browsing habits to improve your experience

Cookies do not give us access to your personal computer or any personal data unless you choose to share it.

See our Cookies Policy for more details and a full list of cookies we use.

Contact Us

If you have any questions or concerns, or would like to exercise your rights:

Email dpo@roys.co.uk

Address: Roys (Wroxham) Ltd, Stalham Road, Hoveton, Norfolk NR12 8DB