DIY Supplies & Accessories

Huge January Sale now on across kitchens, bathrooms, bedrooms and much more. >>

Fair processing notice (“Privacy policy”)

This privacy policy explains how and why we use personal information about users of our Digital Services (as defined in Section 2 below) (“You”, “Your”) by explaining:

Who we are
Your privacy
What personal information we collect about you
How we obtain the personal information about you and why
How we use your personal information
How long we keep your personal information
Who we share your personal information with
Where your personal information will be processed
Your rights in relation to the personal information that we hold about you
How to contact us?
How we protect your personal information
Updates to this Privacy Policy

You should read this Privacy Policy, so that you know what we are doing with your personal information. Please also read any other privacy policies that we give you, that might apply to our use of your personal information in specific circumstances in the future.

1. Who we are

In this Privacy Policy, references to we, us or our mean the B&Q company that processes your personal information and interacts with you, and which is the controller of your personal information The relevant B&Q entities are:

B&Q Limited, a limited company registered in England (company number: 00973387), whose registered office is B&Q House, Chestnut Avenue, Chandler's Ford, Eastleigh, Hampshire SO53 3LE, United Kingdom (“B&Q Limited”);
B&Q Ireland Limited, a limited company registered in the Republic of Ireland (company number: 156844), whose registered office is 6th Floor, 2 Grand Canal Square, Dublin 2, Republic of Ireland;
B&Q (Retail) Jersey Limited, a limited company registered in Jersey (company number: 9769), whose registered office is 3rd Floor, 44 Esplanade, St Helier, Jersey, JE4 9WG; and
B&Q (Retail) Guernsey Limited, a limited company registered in Guernsey (company number: 2572), whose registered office is Redwood House, St Julian’s Avenue, St Peter Port, Guernsey, GY1 1WA.

You can find out how to contact us in Section 10 below.

2. Your Privacy

We take your data privacy seriously. We recognise and value the trust that individuals place in us when providing us with personal information and we are committed to safeguarding the privacy and security of personal information we may collect from visitors to our website.

In the course of our dealings with you, we will collect and process personal information about you. Personal information includes any information allowing us to identify you as an individual, for example, your name, your email address or your telephone number. The term “process” means any activity relating to personal information, including, by way of example, collection, storage, use, consultation and transmission.

We will only use your personal information in accordance with all applicable laws and regulations that relate to data protection and privacy, including the EU and UK General Data Protection Regulation (“GDPR”).

In this Privacy Policy, references to “Digital Services” mean our websites (we refer to these individually as a “Website” and collectively as the “Websites”), and our mobile application (“App”), software and web-based applications that we make available for your use.

When using our Website we will also place cookies on your device – please see our separate Cookies Preferences page for more information about the cookies we use and how you can change your cookie settings. This can be accessed via the ‘Cookie Preferences’ link at the bottom of our website page or through the cookie consent pop-up banner.

References to the “Online Marketplace” means the offering of an online marketplace where third party sellers offer and home improvement products for sale and purchase. References to “we”, “us” or “our” in relation to the Online Marketplace means B&Q Limited.

For the purposes of the UK GDPR (and equivalent data protection laws), we are the controller in respect of your personal information that we collect, and process as further described in this Privacy Policy, unless otherwise stated.

Where you transact through the Online Marketplace – particularly to enable us and any third party seller to handle (i) the online part of the ordering process and (ii) any potential disputes, on the most part we expect that the third party seller will act as independent controllers. In this case, please refer to the third party seller’s privacy policy for more information.

As described below, we may share your personal information with other organisations that may receive and process your personal information as a controller in their own right (see “who we share your personal information with” (Section 7) and “where your personal information will be processed” (Section 8) sections for further details).

3. What personal information we collect about you?

We may collect and process different types of personal information in the course of operating our business and providing our services.

(a) Personal Information we collect about you when you register with us as a customer, such as:

your name;
your postal/delivery address;
your email address;
your telephone number;
your profession;
your account password – please keep this safe;
whether you would like to receive information from us via email, SMS text, post or telephone;
(if you are placing an order), your payment card number, expiry date and CVV number.
information that you provide by email, over the phone or by filling in forms, including those on our Digital Services and in store. This includes information provided by you at the time of becoming a registered user of our Website, our App or a member of a scheme we operate (including the B&Q Club or the B&Q Energy Saving Scheme) (or any time thereafter) or if you enter any competition, prize draw or promotion sponsored by us. This information could include your name, date of birth, address, contact details, information about your home and information about your DIY and home improvement capabilities and intentions;
transaction and correspondence records; and
information concerning your contact and marketing preferences.

(b) Personal information we collect about you when you use our Digital Services and when you shop with us or make contact with us (whether instore or online), such as:

information about any devices you have used (including the manufacturer, model and operating system, IP address, browser type and mobile device identifiers);
product selection;
information about your online browsing behaviour and history on our Digital Services including products you have searched for, your location, and information about when you click on one of our adverts (including those shown on other organisations’ websites);
details of your orders and/or purchases with or through us completed and/or abandoned; details of your purchase history, which allows us to display relevant offers from our brand partners via the Digital Services;
information relating to your engagement with/responses to our marketing campaigns, which includes data on conversions (e.g where you engage with an advertisement and go on to make a purchase with us)
information about your use of our Digital Services;
information that you provide to us by using our Digital Services, including any photos you have uploaded to our web or mobile platforms and applications;
information contained in and records of communications between us, including recordings of telephone/video calls when you contact us and messages sent using instant messaging applications or third party platforms;
information about your preferences in connection with our Digital Services;
CCTV footage in which you feature when you visit any of our premises e.g. which includes the interior of our stores, and exterior areas such as car parks and loading bays and when you access our click and collect lockers on our premises; and in the event that you have an accident while on our premises that you bring to our attention, we may record details of that accident and any injury you suffer in the relevant store's accident log. Please note that fixed camera displays are present at our self-checkouts for the purposes of deterring theft from our stores and do not form a part of our CCTV surveillance system they also do not use facial recognition, nor do they collect any biometric data;
Our staff and other workers in our stores may wear body-worn devices to protect themselves and to deter against violence, threats of violence, and for the prevention, investigation and detection of crime. These devices record both video and audio and are only activated in high-risk situations, which include aggressive behaviour and/or where there is a threat of imminent violence;
user generated content that you consent to us sharing on our website and/or on our social media channels, which may include any photos and information you have posted on your social media account about your B&Q purchase and/or experience.

Please note that if you register an account and/or shop online with us, we will be able to link the information collected from you before registration and/or your online purchase (such as your online browsing behaviour) to your account and future information that we collect after registration and/or your online purchase.

names
address(es)
passport details (of individual directors)
transaction history
correspondence history
complaints history

We also collect company/business information about the third party seller (e.g. registered name, address, VAT numbers etc).

We may also collect third party seller information through our use of marketplace aggregators (“Aggregators”). This is when as a seller, you sign up to an Aggregator service who share information with us to enable you to contract with us and sell on our websites. Information that Aggregators share with us includes names, addresses and company information e.g., registered name, address, VAT numbers etc.

(d) Personal information we collect about you at other times, such as:

your product and colour preferences
information about your home or other area you are using/considering using products/services on;
your comments on any of our Websites or forums (including product reviews);
survey responses;
fraud screen screening checks
copies of agreements we have entered into with you or your business/employer; and
your marketing/communication preferences.

When you click on an affiliate or cashback link, we may collect and process the following information:

Click data – the fact that you clicked on an affiliate or cashback link including the date, time and referring page.
Transaction data – purchase details, such as your order number, transaction amount, and confirmation of a completed order/sale (we do not collect payment card details).
A unique identifier assigned to your session to track cashback eligibility.

If you provide us with personal information about another person or third party, you must ensure that before you provide us with their personal information, you have their agreement to do so and that they are aware of the ways in which we use personal information as set out in this Privacy Policy.

4. How we obtain the personal information about you and why

We may collect or receive your personal information in a number of different ways:

Where you provide it to us directly, for example by corresponding with us by email, or via other direct interactions with us such as completing a form on our Website or App or placing an order;
When you shop with us instore, online, browse our Websites , App or other organisations’ websites where our adverts are shown or use our Digital Services;
Where we monitor use of, or interactions with, our Websites, App or any marketing we may send you;
Where you contact us through a third party platform such as X, Facebook, Instagram and/or other social medial applications;
Where you transact through the Online Marketplace;
Publicly available sources – we may, for example, use such sources to help us keep the contact details we already hold for you accurate and up to date or for professional networking purposes e.g. LinkedIn.
Where information is shared within the Kingfisher Group (see section 7 below) for the purposes of manging our shared services, handling group wide queries and complaints, protecting our rights and property.
Where information is shared with us by a member of the public, an employee of B&Q or law enforcement as part of a complaint, investigation or for the purposes of the prevention, investigation and detection of crime.

When you want to place an order via the Website, we ask you to login or register so you can open a customer profile and upload and save images, save your browsing information and your preferences and retrieve them from any of your devices.

When you book an appointment via our Website, we will ask for your name and contact details to manage your booking. We ask for information (for example your tastes in colour and style, the size of your house) to better guide you in the viewing of our offering and use of our services. If the appointment relates to the B&Q Energy Saving Scheme, we will ask for your address, homeowner status, B&Q Club number (if applicable) and details about your property (such as the type (e.g. house, bungalow or flat) of property, number of occupants, energy usage and existing EPC rating) to allow us to provide personalised energy saving recommendations to you. We will also use your name and contact information for the purposes of arranging follow-up appointments, managing progress and referring you to our partners in connection with the scheme.

You may also provide us with personal information via our forums, product questions and reviews, customer support video chat, survey responses or competition and prize draw entries.

We will ask for or collect your personal information when you use or contact our customer support services, including telephone support, instant messaging and video chats, tweets and direct messages.

5. How we use your personal information

We process your personal information for particular purposes in connection with our relationship with you, your engagement with us and in connection with the management and administration of our business.

We are required by law to always have a permitted reason for processing your personal information (called a “lawful” basis). We have set out below the purposes for which we process your personal information and the relevant lawful basis in which we rely for that processing.

The principal lawful bases that justify our use of your personal information are set out below ad in the following table:

Contractual necessity: where your information is necessary to enter into or perform our contract with you.
Legal obligation: where we need to use your information to comply with our legal obligations.
Legitimate Interests: where we use your information to achieve a legitimate interest and our reasons for using it outweigh any prejudice to your rights.
Legal Claims: where your information is necessary for us to defend, prosecute or make a claim against you, us or a third party.
Consent: where you have consented to our use of your information (you will have been presented with a consent form or facility in relation to any such use and may withdraw your consent through an unsubscribe or similar facility at any time).

We may use your personal information in the following ways. In each case, we note the lawful basis that we rely on to use your personal information:


PURPOSE OF PROCESSING	OUR LAWFUL BASIS
+ carry out our obligations under any contracts entered into between you and us for example, we will use your payment details and delivery address to process and fulfil your order(s), and to communicate with you about your order for a service or product;	Contractual necessity – we use your personal information in order to meet our obligations under our contract with you (for example, to deliver a product you have ordered).
+ enable you to successfully transact through the Online Marketplace;	Contractual necessity – we use your personal information in order to perform our contract.
+ in order to communicate with third party sellers, including dealing with disputes;	Contractual necessity – we require the personal information from third party sellers to ensure we can communicate with them to fulfil our contractual obligations.
+ to store our customer information collected from our customers in a central customer management tool, allowing us to access this information where required to complete your transactions and carry out any support or marketing activities for our customers. Note that our customer management tool which stores our customer data is owned by Kingfisher, please see Section 7 below for more information;	Contractual necessity – we store your personal data to allow us to fulfil our obligations and manage our relationship with you, facilitate your requests and transactions. Legitimate interests – we need to store your personal data to allow us to provide you with the appropriate support, service and to send communications and marketing materials to you.
+ administer your membership to any membership scheme we provide (including membership of the B&Q Club); for example, we will keep a record of your membership and use your details to ensure you receive the benefits of that membership;	Legitimate interests – we use your personal information to manage our relationship and to administer your membership of our membership schemes so that you can make best use of them.
+ in the event that you do not complete your registration or order, we may use any contact information you have provided us to follow up on your partial registration or order;	Legitimate interests – we use your personal information in order to remind you of your partial registration or order and so that you can (if you wish) complete the registration or order.
+ communicate with you about your order for a product or service including in relation to deliveries, in store collections, and click and collect order collections;	Contractual necessity – we use your personal information in order to meet our obligations under our contract with you (for example, to deliver a product you have ordered).
+ communicate with you about a customer service query;	Legitimate interests – we use your personal information to answer your query.
+ contact you about an appointment you have booked through any of our Websites or over the phone;	Legitimate interests – we use your personal information to contact you with details of the appointment so that we can provide the services you requested.
+ making personalised energy saving recommendations and referring you to our partners in connection with the B&Q Energy Saving Scheme;	Legitimate Interests – we use your personal information to allow you to take part in and benefit from the B&Q Energy Saving Scheme and to manage your progress throughout the scheme.
+ contact you about leaving a review on a product or service or providing feedback once your order has been completed or the service has been provided;	Legitimate interests – we use your personal information to contact you so that we can ask you to provide feedback on the product or service you have ordered. We use feedback from customers as part of improving our products and services.
+ notify you about changes to our services and to otherwise communicate with you. For example, we will use your contact details in order to respond to any queries that you submit to us;	Legitimate interests – we use your personal information to keep you up to date with information about our services, and to respond to your queries.
+ provide you with information about products and services, including free gifts, special offers, prize draws, competitions, and discounts;	Legitimate interests – we use your personal information to provide you with this information. In some cases (such as where we’re required to do so by law) we will ask for your consent before sending you this information (in which case we rely on consent and not legitimate interests as our lawful basis).
+ select winners, notify you about the results and provide any goods, service that you may have won in respect of any prize draws or competitions that you have entered through our Digital Services (or in store);	Legitimate Interests – we use your personal information to select winners and provide you with this information.
+ review your past purchases, search activity and viewing history on our website to provide you with special offers to tailor your experience online or to provide you with personalised advertising by us and third parties who sell products through our Digital Services;	Legitimate interests – we use your personal information to provide you with these offers and to tailor your experience when using our online services.
+ using your purchase history and browsing history to inform our communications with you and using cookies ad similar technologies to display marketing messages within our Website or Apps;	Consent – we will request your consent before implementing optional cookies or similar technologies in line with our legal obligations.
+ help us review, develop and improve the products and services we offer, including our Digital Services. For example, calls to our contact centres may be monitored and/or recorded for quality control and training purposes. If you raise a query (for example about a product or about our service) while we still hold a recording of your call, and we can investigate or answer your query by referring back to this call, we may do so. This may mean that your call recording will be held until your query has been resolved;	Legitimate interests – we use your personal information to help us deliver the best quality of service to you and our other customers.
+ monitor details of your visits to our Digital Services, including page views and conversions, whether cookies are accepted or rejected for business and data analysis purposes and to ascertain the products, services, promotions, special offers and discounts that are likely to be of particular interest to you and to use this to send tailored marketing information to you (where we are permitted to do so). For instance, if you browse pages of our Digital Services in relation to a particular category of product, we may use this information to send you marketing communications about that category of product;	Legitimate interests – we use your personal information to (i) help us deliver the best quality of service to you and our other customers; and (ii) provide you with tailored advertising and to tailor your experience when using our Digital Services. Consent – where cookies or similar technologies are deployed we obtain consent in line with our legal requirements.
+ to retargeting purposes enable us to advertise our products and services on third party platforms. In connection with such processing, we may share your personal data with third party platforms such as Facebook, Instagram and Google. For more information see section 7 below;	Legitimate Interests – we use your personal information to promote our brands as well as ensure you only see ads from us that are relevant to you. Consent – we may request your consent prior to using your personal data to advertise our products and services. This includes where we advertise our products or services on third party platforms such as Google.
+ serve online advertising via our Digital Services. We may use your technical and behavioural data such as information about your device and/or browsing history, to serve our own adverts as well as adverts relating to third party products and services, we think may be of interest to you while you are visiting our Digital Services;	Legitimate Interests – we use your personal information to enable us and third parties to show you adverts relating to goods/services we think might be of interest to you. Where this is the case, you are able to opt out of that processing within the App or your account. Consent – where online advertising requires cookies (or similar technologies) or the use of content cards within our App, we will obtain your consent prior to implementing these on your device. Note that you have the ability to opt out of receiving online advertising. Please see the below section on ‘ Consent’ which explains the ability to opt out.
+ serve personalised online advertising on third party sites and platforms (including TV/Video on demand platforms) using advertising partners such as Quantcast. This will involve the relevant advertising partner collecting your technical and behavioural data while visiting our Digital Services, such as information about your device, IP address and/or browsing history, and combining it with personal data that they might hold about you in order to serve our adverts that we think may be of interest to you while you are visiting third party sites or using these third party platforms	Consent – we will request your consent before undertaking this processing.
+ improve measure and report on the effectiveness of our marketing communications and online advertising activities by us and third parties including those who sell products through our Digital Services. This may involve sharing and/or receiving information with our third party advertisers and advertising partners. For more information see section 7 below; Note we work with Google Consent mode to assist us in managing advertising and user consent preferences. We share limited data (such as an email address) which is hashed and securely shared with Google when you engage with our advertising and go onto make a purchase using our Digital Services where you are a Google account user and that account is logged into the service that you accessed and advertisement through. This is then reported within our conversion account;	Consent – where we use optional cookies and/or similar technologies to measure the impact of our marketing activities, we will request your consent prior to implementing these technologies and sharing / receiving this information with third party advertisers and partners. Legitimate Interests – we use your personal information to help us deliver the best quality service to you and our other customers.
+ provide, enhance and personalise your experience on our Digital Services;	Legitimate interests – we use your personal information to deliver you a tailored experience when using our Digital Services.
+ carry out security checks to protect against fraudulent transactions and to prevent and detect criminal activity;	Legitimate interests – we use your personal information to protect against unlawful activities. In some cases we may also be under a legal obligation to disclose your personal information (for example, to law enforcement agencies).
+ to work with third parties for the purposes of protecting our rights, property and for the prevention, investigation or detection of crime;	Legitimate interests – we use your personal information to protect against unlawful activities and we may, in order for us to do this effectively, share your personal data with third parties including law enforcement (see section 7 below).
+ address any claims made against us. For example, we may share details of our accident logs and CCTV footage (including body worn camera footage and audio) with our claims handlers and insurers in connection with any claim made or likely to be made against us;	Legitimate interests – we use your personal information to address any claims that are made against us. In some cases we may also be under a legal obligation to disclose your personal information (for example, in connection with legal proceedings). Legal claims – Where the personal information constitutes special categories of personal data (for instance, health information), we will process the information on the basis that it is necessary for the establishment, exercise or defence of legal claims (as the case may be).
+ to protect our staff, other workers in our stores, our customers and other visitors to our stores from violence, threat of violence or the threat of imminent violence (for example through the use of CCTV and body worn cameras);	Compliance with a legal obligation to the extent that we owe a statutory duty of care. Legitimate Interests – to deter violence and threat of violence.
+ in order to comply with any legal obligation (including in connection with a court order);	Compliance with legal obligation – we process your personal information in order for us to comply with our legal obligations.
+ in order to enforce or apply our Digital Services Ts&Cs, Terms and Conditions of Sale, Supply & Install Terms or other agreements we have with or otherwise concerning you (including agreements between you and us (or one or more of our affiliates)), or to protect our rights, property or safety or those of our customers, employees or other third parties;	Legitimate Interests – we process your personal information in order to conduct and manage our business.
+ share user generated content on our websites and/or social media channels;	Consent – where we use your user generated content (such as your social media posts) we will ask for your consent before processing your personal information for this purpose.
+ in order to provide a safe Online Marketplace;	Legitimate Interests – we process this personal information to ensure that we are only allowing legitimate third parties to sell through Online Marketplace.
+ review information provided in customer surveys for business and data analysis purposes;	Legitimate Interests – we ask you to provide feedback on your experience on our websites or on the product or service you have ordered. We use feedback from customers as part of improving our products and services.
+ anonymisation of information provided in customer surveys for business and data analysis purposes;	Legitimate Interests – we anonymise data to better protect your privacy, or so that you are not identified or identifiable from it.
+ affiliate and cashback information following a completed order;	Legitimate Interests – to track transactions and attribute commission or cashback rewards correctly.

Consent

We ask for your consent before using any user generated content on our Website and/or on our social media channels. If you give us your consent, you will be able to withdraw it at any time by messaging us on the platform we used to contact you requesting your consent, or by contacting us using the contact details provided below in Section 10.

We will also request your consent prior to implementing any optional cookies, push notifications, content cards and, where required, other online marketing technologies on our Website, App or Digital Services, where those technologies access, collect or store data on your device. You can reject the use of these technologies and/or withdraw your consent at any time in the ways listed below.

We ask for your consent to send you marketing and promotional material via post, telephone, email and SMS so that we can send you free gifts, discount vouchers, invitations to events, special offers and other marketing material that we believe may be of interest to you.

If you give consent, you will be able to withdraw it any time:

by using the unsubscribe link in each communication we sent out which will opt you out of receiving marketing emails, or SMS messages, as applicable;
where you are a registered user of our Website, by using the My Account section on our Website and logging in using your username and password;
by emailing us at dataprotection@b-and-q.co.uk; or
by writing to B&Q Customer Services, B&Q House, Chestnut Avenue, Chandlers Ford, Eastleigh, Hampshire, SO53 3LE, United Kingdom or by using the Contact Us enquiry form on our Website.

When you use your payment card to make a purchase with us (either instore or online) we will link details of that purchase with other purchases made with the same payment card. For security purposes, we don’t keep your payment card details for this purpose. We use this information to better understand how our customers purchase from us. If you join the B&Q Club, or if you opt in to receiving marketing communications from us, we will link details of your purchases with us (including, if you have joined the B&Q Club, details of the purchases made before joined the B&Q Club) with other details that we hold about you, and we may use this information to make our communications with you more relevant. You can opt-out of this use of your personal information by contacting us using the details set out in Section 10.

We may also provide you with offers and marketing information about our products and services printed with your till receipt. We may use your personal information we hold about you, including details of the items you’ve bought, in order to provide you with offers and information that we believe may be of interest to you in this way. You can opt-out of this use of your persona information by emailing us at: dataprotection@-b-and-q.co.uk. You do not have to give us permission in order to use our Website.

Please note that, even if you choose not to receive this marketing information from us, we may still use your personal information to provide you with important services communications, including communications in relation to any orders you submit or products you purchase. We may also offer you the opportunity to indicate specific types of marketing communications you are particularly interested in receiving from us; where possible, we will tailor the communications you receive to reflect your choices, but we may send you other communications that may be of interest to you. If you are a B&Q Club member, please note that by opting out of marketing communications from us, you will also opt-out of receiving B&Q Club communications.

Please note that where we have indicated in this section that our processing of your personal information is either:

necessary for us to comply with a legal obligation; or
necessary for us to take steps, at your request, to potentially enter into a contract with you, or to perform it

and you choose not to provide the relevant personal information to us, we may not be able to enter into or continue our contract of or engagement with you.

Please note our Digital Services are not intended for children and we do not knowingly collect data relating to children.

6. How long we keep your personal information

We are required by law to keep your personal information only for as long as is necessary for the purposes for which we are using it. The period for which we keep your personal information will be determined by a number of criteria, including the purposes for which we are using the information, the amount and sensitivity of the information, the potential risk from any unauthorised use or disclosure of the information, and our legal and regulatory obligations.

Please note that third party sellers on the Online Marketplace and our partners in connection with the B&Q Energy Saving Scheme may have different retention periods for the personal information they process. Please refer to the relevant third party’s privacy notice.

In respect of body worn camera footage (including audio), we retain footage for 28 days, unless the footage is required for our purposes, in which case the footage will be deleted once it is no longer needed for our purposes.

We retain your Digital Services tracking data for the period necessary to verify transactions and process cashback claims. This is typically for 13 months, unless a longer retention period is required for dispute resolution or legal obligations.

7. Who we share your personal information with

We are a member of the Kingfisher Group of companies including B&Q, Screwfix, Castorama and Brico Dépôt (for more information on the Kingfisher Group please visit: www.kingfisher.com).

We may share your personal information with other members of the Kingfisher Group in connection with the purposes above and those listed below. In particular, the data we collect from our customers is stored on a customer management system that is owned by the Kingfisher Group. Therefore, members of the Kingfisher Group may, where appropriate, have access to necessary customer data we collect and may also use the personal information we share with them to improve our and their websites and other digital services, for analysis purposes and to offer you products and services that they believe may be of interest to you. [Where other Kingfisher entities are using your personal data in a way that is separate from our use and is for their own purposes (such as their own marketing or analytical purposes), they will be acting as an independent controller. You can review the Kingfisher privacy notice accessible here (Privacy policy – Kingfisher plc), to see how Kingfisher process your personal data.]

We may use automated decision-making when we make decisions by technological means without significant human involvement, and non-automated processes, to help generate business insights based on the customer experience and evaluate or predict customer purchasing preferences. This will include sharing information with Kingfisher plc (our parent company), and other members of the Kingfisher Group who will then, having received this information, use their own similar processes and then share the results with us for the same purposes and to help improve overall customer experience. This means Kingfisher plc and other members of the Kingfisher Group will each be receiving and processing your information in their own right and subject to their own privacy notices which are available on their respective websites. For more information, please visit https://www.kingfisher.com.

We may share your personal information with the following categories of third parties:

Third party service providers, to whom we outsource certain functions: We use third parties to carry out certain activities on our behalf which involve the processing of personal information. For example, we may engage third party service providers to fulfil orders, deliver packages, send postal mail, SMS text messages and email, maintain and update our databases of customer details (including the removal of repetitive or incorrect information), analyse data to help us develop, provide and improve our products and services, provide marketing assistance, process card payments, process payments online, carry out surveys and installations, provide customer service, process the booking of appointments, handle claims and respond to data right requests (see below for further details). These third parties have access to personal information needed to perform their functions but may not use it for other purposes. We may use the information we receive from third parties to supplement, improve and add to our databases of customer details, for purposes such as credit checking and fraud prevention.

Where we allow customers to pay for products and services via our Digital Services using online payment methods and digital wallets, customer personal information may be shared with providers of those services for payment purposes in order to process the transaction, for example with PayPal when you choose to use PayPal for your payment. For more information on how PayPal uses personal information that it collects from you, please see PayPal’s Privacy Policy .
Third Parties who work with us to respond to Data Subject rights: We use third parties, and also the broader Kingfisher Group, to assist us with responding to certain data rights, including right of erasure requests and data subject access requests. We may therefore share your personal data in relation to these requests with these third parties and group companies to allow us to respond accordingly. Our third party suppliers are based in Europe and around the world, which may change from time to time.
Third Parties who market for us. We may share information that we hold about you (for example, your email address and information about your purchases) with third parties that also hold your information or have an existing online relationship with you in order to identify you and to enable us (or Kingfisher Group companies or other third parties on our behalf) to provide you with relevant marketing and advertising online. For instance, we may share your information with social networking sites such as Facebook, Google, Reddit, YouTube, Twitter, Instagram, LinkedIn and Pinterest so that they can identify you as a customer of ours and can tailor the marketing we send you via their sites and products.

We may also share, and receive from, third party advertising partners, such as Citrus and Quantcast, information about how you have interacted with an advert which we have displayed to you via our Digital Services or while you are visiting a third party site. Where third party advertisers advertise on our site, we may share information with them about your interaction with the ad for measurement and/or payment purposes. This information may be shared with them directly or via our third party advertising partners.

We partner with affiliate networks and cashback providers to track purchases made via our website and ensure cashback rewards are correctly attributed. This involves the use of tracking technologies, such as cookies and unique identifiers, which help verify transactions.

To facilitate cashback tracking, we may share transaction details with third party affiliate networks and cashback providers. These partners act as data processors or joint controllers, depending on the agreement. We ensure that they comply with the UK GDPR and provide appropriate safeguards.
Our business and brand partners. We may also share information that we hold about you with third parties with whom we have a commercial arrangement or shared business interest such as third parties who sell products through our Digital Services. We will only share this information where there are appropriate safeguards in place with the third party – please see following section.
Third-party sellers on the Online Marketplace. When you use the Online Marketplace, we share personal information with third party sellers to enable them to undertake their own activities. This may include sharing data via an Aggregator (e.g Octopia, Shoppingfeed, ChannelAdvisor or similar) to third party sellers. To the extent an Aggregator acts as a separate data controller for certain or all processing purposes, it will provide more detail about how they use your personal information in their own privacy policy.
Background checks. We share information such as name and registered address of third party sellers with background check service providers (such as Dow Jones) where we feel such checks are required in relation to third party sellers.
Law enforcement. We may pass personal information to external agencies and organisations (including the police and other law enforcement agencies) for the purposes of operational efficiency, analytics and preventing and detecting fraud (including fraudulent transactions) and criminal activity. This includes for the investigation of accidents, incidents, criminal activities and breaches of our policies. These external agencies may check the information we give them against public and private databases and may keep a record of such checks to use in future security checks. We may also disclose personal information to the police and other law enforcement authorities in connection with the prevention and detection of crime and with government departments, statutory and regulatory bodies and Her Majesties Revenue and Customs.
Prevention, detection, investigation and mitigation of crime: We may also share personal information with the Kingfisher Group and law enforcement agencies to allow us to identify and mitigate risk and prevent crime.
Cookie tracking / consent: We may share your personal information in relation to consent choices with Google (for the purposes of Google Consent Mode) and other third parties such as Meta.

Where you take part in the B&Q Energy Saving Scheme, we may share your information with the Energy Saving Trust and our partners for the purposes of arranging for quotations, surveys and works to be carried out at your property in connection with the scheme.

Our insurers, insurance brokers and corporate transactions. We may pass personal information to our insurers in the event that a claim is made or could be made against us. For example, we may send CCTV footage (including footage and audio from body worn cameras) and information contained in our accident logs to our insurers. In the event that we sell or buy any business or assets, we may disclose personal information held by us to the prospective seller or buyer of such business or assets. If we or substantially all of our assets are acquired by a third party (or subject to a reorganisation within our corporate group), personal information held by us will be one of the transferred assets.
Our professional advisors and legal obligations. We may pass your personal information to third parties if we are under a duty to disclose or share your personal information in order to comply with any legal obligation (including in connection with a court order), or in order to enforce or apply our Digital Services Ts&Cs, Terms and Conditions of Sale, Supply & Install Terms and other agreements we have with or otherwise concerning you (including agreements between you and us (or one or more of our affiliates)); or to protect our rights, property or safety or those of our customers, employees or other third parties. We may also share personal information with our consultants and professional advisors including legal advisors and accountants.

We may share anonymous or aggregate data (such as aggregated statistics or other anonymised data) with third parties.

Links to external sites

We may also provide links to the websites of other Kingfisher Group companies from our Digital Services. Your use of those websites is subject to the terms of use and policies available on those websites.

From time to time we may also establish relationships with third parties that will enable you to access the websites or applications (such as video players) of such third parties directly from our Digital Services. Each third party operates its own policy regarding the processing of personal information and the use of cookies on its website(s) or through its applications and you are advised to read the third party's privacy policy and cookies policy.

Please note that third party websites and applications are not under our control. When you click through to these websites or access these applications you leave the area controlled by us. Similarly, where you have contacted us or shared user generated content with us using a third party platform (for example a social media platform), the third party(ies) that provide these platforms will use your information in accordance with their own privacy notices. We do not accept responsibility or liability for any issues arising in connection with the third party's use of your data (including your personal information).

8. Where your personal information will be processed

Your personal information may be transferred to, and stored and processed in, one or more countries outside the country in which we are established (see Section 1: Who we are, above), including countries which do not provide equivalent protection for personal information, such as the US and Poland (see the above section and details of third party suppliers assisting with responding to data subject rights requests). In these circumstances, we will take reasonable steps and implement appropriate measures to ensure that your personal information is adequately protected in accordance with applicable data protection laws.

These measures generally include either:

Transferring personal information to countries that have been deemed to provide an adequate level of protection for personal information under applicable data protection law; or
Transferring personal information where the recipient has agreed to an approved data transfer agreement in the form of the EU standard contractual clauses, where applicable, the UK International data transfer addendum.
Occasionally, we may transfer your personal information in circumstances where there are no adequate safeguards where this is permitted by data protection law.

Please contact us using the details below if you want further information on the specific safeguards used by us when transferring your personal information out of the country in which we are established (including if you would like to request a copy of the standard contractual clauses mentioned above). Where we share data with third parties, we will ensure to place on that third party obligations around data deletion and data retention, in accordance with our retention practices, to ensure your personal data is not kept for longer than required.

9. Your rights in relation to the personal information that we hold about you

You have the right to ask us to:

Confirm what personal information we hold about you and provide you with a copy of that data (right of access);
Correct any personal information that is inaccurate (right to rectification);
Remove/erase your personal information where there is no good reason for us to continue to hold that data (right of erasure);
Temporarily stop using your personal information if you are questioning our right to use that data and in other circumstances where that right is applicable (right of restriction);
Stop using your personal information unless we can demonstrate a valid reason why we need to continue to hold that data e.g. to support a product warranty (right to object);
Stop using your personal information to send you marketing materials such as our catalogue, marketing emails, discounts or vouchers;
Provide you with the personal information that you have provided to us, in a structured and commonly-used electronic format, or transmit that information directly to another company if that is technically feasible. This applies where we are using your personal information on the basis of your consent or because it is necessary to perform a contract with you (see How do we use your personal information, above) (right to data portability);
Stop using your personal data in automated decision making (including profiling) in certain circumstances;
You can manage your cookie preferences via our Cookie Settings page or adjust your browser settings to disable tracking cookies;
You can opt out of receiving online marketing advertisements and content cards by managing your consent preferences in our Website or App; and
Lodge a complaint with us if you believe your rights under data protection laws, including the UK Data (Use and Access) Act 2025, have been infringed. We will investigate your complaint and respond in line with our legal obligations.

Our security procedures mean that we may request proof of identity before we are able to disclose your personal information to you or comply with other requests.

Where our processing of your personal information is based on your consent, you have the right to withdraw your consent at any time. If you do decide to withdraw your consent we will stop processing your personal information for that purpose, unless there is another lawful basis we can rely on – in which case, we will let you know. Your withdrawal of your consent wont impact any of our processing up to that point.

We want to make sure that the personal information we hold about you and your preferences as to how we contact you are accurate and up to date. If any of the details are incorrect, please let us know (by contacting us using the details below) and we will amend them.

You also have the right to make a complaint to the supervisory authority if you’re not happy with how we’ve handled your personal information. The websites for the supervisory authorities that regulate our processing of your personal information are set out below:

B&Q Entity	Supervisory authority	Supervisory authority contact information
B&Q Limited	The Information Commissioner's Office	https://ico.org.uk/ Telephone number: 0303 123 1113
B&Q Ireland Limited	The Data Protection Commissioner	https://www.dataprotection.ie Telephone number: (01) 765 01 00 (9:30-1pm Monday-Friday) 1800 437 737 (2-5pm Monday-Friday)
B&Q (Retail) Jersey Limited	The Office of the Information Commissioner	https://jerseyoic.org/ Telephone number: 01534 716530
B&Q (Retail) Guernsey Limited	The Office of the Data Protection Authority	https://odpa.gg/ Telephone number: 01481 742074

To the extent your personal information has been processed by a third party seller to fulfil the contract we have with you, we may work with the third party seller to ensure that we properly address your request.

10. How to contact us?

To update your details or ask for a copy of your personal information, where you are a registered user of our Website you can click on this link to access our Data Subject Request Form (by using the My Account section on our Website and logging in using your username and password).You can write to us at: B&Q Customer Services, B&Q House, Chestnut Avenue, Chandler's Ford, Eastleigh, Hampshire SO53 3LE, United Kingdom or by using the Contact Us enquiry form on our Website.

You can email us at dataprotection@b-and-q.co.uk.

If you would like to contact our Data Protection Officer please email: dataprotection@b-and-q.co.uk or write to Data Protection Officer, B&Q Limited, B&Q House, Chestnut Avenue, Chandlers Ford, Eastleigh, Hampshire SO53 3LE.

11. How we protect your personal information

The transmission of information via the internet is not completely secure; this risk is common across the internet and not specific to our services. We cannot guarantee the security of your data (including your personal information) transmitted to our services; any transmission is at your own risk.

It is important for you to protect against unauthorised access to your password and to your computing device. Be sure to sign off and close your browser when you have finished your session. This will help to ensure that others do not access your personal information if you share your computing device or use a computing device in a public place such as a library or internet café.

We would recommend that you do not use the same password and e-mail address combination for your B&Q account as you use on other websites. Using the same password and e-mail address combination for multiple accounts puts your personal data at risk. Should your details be subject to a cyber-attack on another website, this can lead to your personal data being compromised in credential stuffing attacks.

When we store your personal data on our systems and devices, we ensure its safety and security by implementing appropriate security measures to protect your personal data from unauthorised access and harm. When sharing your personal data with the third parties that we work with, as listed in this notice, we require those third parties to treat your personal information in a confidential manner and to comply with all applicable data protection laws.

12. Updates to this Privacy Policy

We may update this Privacy Policy from time to time. The latest version of this notice will be posted on our Website.