By continuing to browse you are accepting this.
This Privacy Statement aims to give you information on how we collect and process the personal data we obtain about you when you interact with us. Maintaining the security of your data is a priority at Create & Craft, and we are committed to respecting your privacy rights. We pledge to handle your data fairly and legally at all times. We are also dedicated to being transparent about what data we collect about you and how we use it. This Privacy Statement, which applies whether you visit our website, use your mobile device or contact us over the telephone, provides you with information about:
We understand that there is a lot of information in this Statement, but we want you to be fully informed about your rights and how Create & Craft uses and looks after your data.
Create & Craft may collect the following information about you:
This list is not exhaustive and, in specific instances, we may need to collect additional data for the purposes set out in this Statement. Some of the above personal data is collected directly, for example when you set up an on-line account on our website, send an email to our customer services team or enter a competition. Other personal data is collected indirectly, for example, from your browsing or shopping activity. We may also collect personal data from third parties who have your consent to pass your details to us, or from publicly available sources.
Our website is not intended for children and we do not knowingly collect data relating to children.
Create & Craft may use the personal information that you provide or that is obtained by us for a number of purposes including the following:
We need to process your personal data so that we can manage your customer accounts, provide you with the goods and services you want to buy and help you with any orders and refunds you may ask for. We do this on the basis of our contractual obligations to you, our legal obligations and our legitimate interests in providing you with the best service.
We may supplement the information that you provide to us with information we receive from third parties.
We strive to provide you with choices regarding certain personal data uses, particularly around marketing. We have established a Preference centre where you can view and make certain decisions about your personal data use and marketing choices. If you choose to subscribe to our marketing programme, we may use your information to make decisions about you using computerised technology, for example, automatically selecting products or services which we think will interest you. We may keep you informed of such products and services (including special offers, discounts, offers, competitions and so on) by email, telephone, SMS text message or post. If you wish to amend your marketing preferences, you can do so either logging into your account and going to the Preference Centre, and then following the directions or by calling our Customer Services Team. We won't send you marketing messages if you tell us not to but we will still need to send you occasional service-related messages.
Please be aware that if you choose not to share your personal data with us, or refuse certain contact permissions, we may not be able to provide some services you’ve asked for. For example, if you withdraw your general consent to hear from us, we won’t be able to tell you about any of our great new product offerings, or whether a product you were interested in has come back into stock.
The law on data protection sets out a number of different reasons for which a company may collect and process your personal data. The basis for our processing of your personal information may vary depending on the different purposes set out in the section above. These include:
Contractual obligations: We will need your personal data to comply with our contractual obligations, which includes selling and supplying goods to our customers. For example, where you have placed an order from our website the basis of our processing your personal information will be to process your order and perform the sales order contract between us. We’ll need to collect your address details to deliver your purchase, and pass them to our supplier or courier.
Legal compliance: If the law requires us to, we may need to collect and process your data. For example, in the prevention or investigation of fraud, other criminal or anti-social activity affecting our business, we may pass on details to law enforcement agencies, or where we are complying with our legal and regulatory obligations.
Legitimate interests: In specific situations, we require your data to pursue our legitimate interests in a way which might reasonably be expected as part of running our business and which does not materially impact your rights, freedom or interests. For example, we may use your purchase history to send you or make available personalised offers, or to improve and develop our website and/or our services and products made available to you, or in promoting, marketing and advertising our products and services.
Consent: In specific situations, we can collect and process your data with your consent. For example, where you have registered to receive email or SMS text notifications and/or promotional information from us the basis of our processing will be subject to your consent, which we will ask for and can be withdrawn by customers at any time. Where consent is the only legal basis for processing, we will cease to process data after consent is withdrawn.
We will communicate with you according to the preferences you set within the Preference centre of our website. You may change your preferences at any time. This includes an automated soft opt-in setting based on your purchase history that is in accordance with the Privacy and Electronic Communications Regulations. Any elections you make in the Preference centre will override the soft opt-in settings.
When collecting your personal data, we will make clear to you which data is necessary in connection with a particular service.
We will share your personal information with third parties where required by law, where it is necessary to administer our agreement with you or where we have another legitimate interest in doing so.
We may share your personal information with other companies within our group from time to time. We share your personal information with other such entities to provide other services and products which might be of interest to you.
We work with carefully selected and trusted service providers who carry out certain functions on our behalf. These include companies that help us with technology services, storing and combining data, taking and processing payments and delivering your orders. For example, we share your name, address and contact details with courier companies to enable them to deliver the goods you have ordered to you. Some of our products are sent to our customers direct from our suppliers, and we will give those suppliers your name, address and contact details so that they can fulfil your order. When you are using our secure online payment gateway, your purchase is processed by a third-party payment processor, who specialises in the secure online capture and processing of credit/debit card transactions.
Please be assured that:
For some of our advertiser partners, where you purchase one of their products through our website, mobile app or over the telephone, we take your order and process payment on behalf of that advertiser, and then we transfer your data to that advertiser for fulfillment of your order. In those cases, you will become a customer of that advertiser and subject to their privacy policies and the terms and conditions. However, we do not pass your payment information to such advertiser partner.
We may share personal data with other organisations in the following circumstances:
To help personalise and monitor your journey through our website we currently use third parties who will process your personal data as part of their contracts with us. These currently include:
We may also interact with you through social media sites such as Facebook, Twitter or Pinterest.
We may transfer your personal information to our suppliers or service providers based outside of the UK and the European Economic Area (EEA) for processing for the purposes described in this Privacy Statement. These countries may not have similar data protection laws to the UK. If we do this, we have procedures in place to ensure that your personal information will continue to be subject to an adequate level of data protection, for example by means of a contract incorporating the model contractual clauses approved by the European Commission or the US Privacy Shield scheme. We will also ensure that other appropriate safeguards are in place to ensure your information continues to be treated in accordance with applicable law.
When you call our customer services: Your call may be recorded (so we can act on any instructions you may give, including taking your order, and so we can improve our services to you). This call recording is retained for a period of 12 months. Any data you provide on a customer services call is entered into our CRM application (Numero) and is retained in line with our retention policy. Our call centre is provided by a third party service provider (Intelenet Global Services Private Limited).
When you email us: We will monitor any emails sent to us, including file attachments, for viruses or malicious software.
When you place an order through the IVR: We use a third party provider, Eckoh UK Limited, to provide our IVR service. Your order information is not recorded by Eckoh. They will however keep a record of the telephone number that you used to place your order through the IVR for 3 months.
When you use our Web Chat service: We use a third party provider, Eckoh UK Limited, to provide our Web Chat service, which we use to handle customer enquiries in real time.
When you complain to us: When we receive a complaint from a person we put together a file containing the details of the complaint which is entered into our CRM application. This normally contains the identity of the complainant (and any other individuals who may be involved in the complaint). We will only use the personal information we collect to process and resolve the complaint and to check on the level of service we provide. We will keep personal information contained in complaint files in line with our retention policy.
We will keep your personal information for as long as necessary and consistent with the purpose for which you have given it to us, including for the purposes of satisfying any legal, accounting, or reporting requirements . We will always retain your personal information in accordance with law and regulation and never retain your information for longer than is necessary.
At the end of that retention period, your data will either be deleted or anonymised, for example by aggregation with other data so that it can be used in a non-identifiable way for business planning or statistical analysis. Where we anonymise data, we may use such information without further notice to you.
We will keep the personal data, including details of the product you purchase, which you provide to us when you place an order with us for six years so we can comply with our legal and contractual obligations, including the Consumer Rights Act 2015.
Our cookies do not contain confidential information such as your home address, telephone number or credit card details. We do not exchange cookies with any third party websites or external data suppliers.
Your web browser also generates other information, including which language the site is displayed in, and your Internet Protocol address (IP address). An IP address is a set of numbers which is assigned to your computer during a browsing session whenever you log on to the Internet via your internet service provider or your network (if you access the Internet from, for example, a computer at work). Your IP address is automatically logged by our servers and used to collect traffic data about visitors to our website. We do not use your IP address to identify you personally. Learn more about cookies and how we use them by visiting our Cookies Policy page.
You can rest assured that shopping online with Create & Craft will be as safe and secure as shopping in a store. We have safeguards in place to prevent your personal information from being lost, stolen or damaged and to prevent cyber-attacks, phishing or other malicious activity.
We do appreciate that remembering passwords can be tricky, but setting effective and secure passwords on all the sites you use is vital in combating possible fraudulent activity using your personal details.You can control the safety of your password. Here are some important things to keep in mind:
We realise how important it is to store securely any payment information that you provide. Our website uses high-level Secure Socket Layer (SSL) encryption technology. This technology prevents you from inadvertently revealing personal information when using an insecure connection. Encryption creates billions of code combinations to protect each transaction made on our website, so your card details cannot be viewed by anyone else using the internet. If you are using one of the more recent browser versions, our website supports 128 bit encryption.
We use Card Verification Value levels (CVV2) for “card not present” purchases. All online purchases therefore require this additional information to ensure that the person using the card has actual possession of it.
PCI-DSS Certification: Being compliant with PCI DSS means that we are doing our very best to keep our customers valuable information safe and secure and out of the hands of people who could use that data in a fraudulent way. PCI ensure technical and operational strengths to raise the bar on our security.
You can tell whether a web page is secure as ‘https’ will replace the ‘http’ at the front of the address in your browser address window. A small locked padlock will also appear at the bottom of your browser window.
Although we will do our best to protect your personal information, we cannot guarantee the security of your information transmitted to our website; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access. Using an unsecured network in a public place can be risky as unauthorised people may try to intercept anything you're doing online. We recommend you only connect to secure wireless networks that you trust, and to always be aware of the risks associated with using public WiFi. If you experience any strange activity on your account or suspect that your account has been compromised, please contact our Customer Services team who will arrange to secure your account and then investigate your concerns.
We may occasionally send you emails, but we would never send an email asking for your personal information, security information or log in details, or direct you to a web page that asks for this information. If you receive an email that appears to be from Create & Craft that you suspect is fraudulent, do not click on any links contained within the email or provide any credit card or log in details, but do let us know about it.
If you have any further concerns about security, please contact us.
You have the right to:
Please note that these rights may only apply in certain circumstances. You may only request details about yourself and no other person.
You also have the right to withdraw consent at any time where we are relying on consent to process your personal data.
If you wish to exercise any of the rights set out above, please contact us.
You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.
If you do contact us to exercise any of these rights we may ask you to verify your identity and to provide other details to help us to respond to your request. This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We will only use this information in order to verify your identity.
Where you believe Create & Craft have not taken their responsibilities seriously with regard to your personal data, you have the right to lodge a complaint with the Information Commissioner’s Office. Further information, including contact details, is available at https://ico.org.uk.
We may need to update this Privacy Statement and our Cookies Policy from time to time so you may wish to check occasionally to ensure you’re happy with any changes. We will mark each with the date of the most recent updates. If you do not agree to these changes, please do not continue to use this website or submit personal information to Create & Craft. If material changes are made to either this Privacy Statement or the Cookies Policy, for instance affecting how we would like to use your personal information, we will provide a more prominent notice (including, for certain services, email notification of Privacy Statement changes).
Create & Craft is a trading name of Ideal Shopping Direct Limited, a company registered in England and Wales under company number 01534758, whose registered office is at Ideal Home House, Newark Road, Peterborough, Cambridgeshire, PE1 5WG, United Kingdom.
We hope that you have found this Privacy Statement helpful in setting out the way we look after and handle your personal data. If you have any questions about how Create & Craft uses your personal data that are not answered here, or if you want to exercise your rights regarding your personal data, please contact us by any of the following means:
You can review, update, change or delete most information about yourself by going to the www.createandcraft.com/gb/ website, clicking on 'My Account' and enter your login name and password. Once logged in, change any of the details shown and click 'Change Details'. If you have any questions about how to change or update your information, you can contact our Customer Services team for help.
If you have registered to receive information from us, you can remove your contact details from our list by updating your account online as detailed above or by contacting our Customer Services team. We’ll action your request as soon as we reasonably can.
If you receive communications from us and wish to opt out:
This Privacy Statement was most recently updated in May 2018