You have no items in your shopping cart.

Subtotal: £0.00
Free Delivery On all OrdersOver 28000+ ProductsNext Day DeliveryAvailable Now Ship Within EuropeSale Now On

PRIVACY NOTICE

    1. Introduction

    This Privacy Notice explains in detail the types of personal data we may collect about you when you interact with us. It also explains how we’ll store and handle that data, and keep it safe.

    We know that there’s a lot of information here, but we want you to be fully informed about your rights, and how the John Lewis Partnership uses your data; for example we will explain things such as our credit checking procedure, and how we combine data across the John Lewis Partnership to build a picture of you. 

    We hope the following sections will answer any questions you have but if not, please do get in touch with us.

    It’s likely that we’ll need to update this Privacy Notice from time to time. We’ll notify you of any significant changes, but you’re welcome to come back and check it whenever you wish.

    When you are using the John Lewis websites, John Lewis plc is the data controller.

    2.Our Privacy Promise

    3.Who is responsible for your data

    4.Personal data we collect about you

    • When you visit any of our websites, and use your account to buy products and services, or redeem vouchers from the Partnership on the phone, in a shop or online.
    • When you make an online purchase and check out as a guest (in which case we just collect transaction-based data).
    • When you create an account with us.
    • When you purchase a product or service in store or by phone but don’t have (or don’t use) an account.
    • When you engage with us on social media.
    • When you download or install one of our apps. 
    • When you join a Partnership loyalty programme (such as my John Lewis or myWaitrose).
    • When you sign up to my John Lewis, you will be given access to an area on johnlewis.com called Kitchen Drawer. This will collect and store all of your receipts, guarantees and warranties for you when you make a purchase from John Lewis.
    • When you contact us by any means with queries, complaints etc.
    • When you ask one of our Partners to email you information about a product or service.
    • When you enter prize draws or competitions.
    • When you book any kind of appointment with us or book to attend an event, for example a class at Waitrose Cookery School.
    • When you choose to complete any surveys we send you. 
    • When you comment on or review our products and services.
    • Any individual may access personal data related to them, including opinions. So if your comment or review includes information about the Partner who provided that service, it may be passed on to them if requested.
    • When you fill in any forms. For example, if an accident happens in store, a Partner may collect your personal data.
    • When you’ve given a third party permission to share with us the information they hold about you.
    • When our John Lewis Finance suppliers and partners – such as HSBC or RSA – share information with us about the product you have purchased.  
    • We collect data from publicly-available sources (such as Land Registry) when you have given  your consent to share information or where the information is made public as a matter of law.
    • When you use our car parks and shops which usually have CCTV systems operated for the security of both customers and Partners. These systems may record your image during your visit.

    5.How and why we use your personal data

    We know how much data security matters to all our customers. With this in mind we will treat your data with the utmost care and take all appropriate steps to protect it.

    We secure access to all transactional areas of our websites and apps using ‘https’ technology.

    Access to your personal data is password-protected, and sensitive data such as payment card information) is secured and tokenised to ensure it is protected.

    We regularly monitor our system for possible vulnerabilities and attacks, and we carry out penetration testing to identify ways to further strengthen security.

    6.Your rights in respect of your personal data

    You have the right to request:

    • Access to the personal data we hold about you, free of charge in most cases.
    • The correction of your personal data when incorrect, out of date or incomplete.
    • The deletion of the data we hold about you, in specific circumstances; for example, when you withdraw consent or object, and we have no legitimate overriding interest, or once the purpose for which we hold the data has come to an end (such as the end of a warranty). 
    • A computer file in a common format (CSV or similar) containing the personal data that you have previously provided to us, and the right to have your information transferred to another entity where this is technically possible.
    • Restriction of the use of your personal data, in specific circumstances, generally while we are deciding on an objection you have made. 
    • That we stop processing your personal data, in specific circumstances; for example, when you have withdrawn consent, or object for reasons related to your individual circumstances.
    • That we stop using your personal data for direct marketing (either through specific channels, or all channels).
    • That we stop any consent-based processing of your personal data after you withdraw that consent.
    • Review by a Partner of any decision made based solely on automatic processing of your data (so where no human has yet reviewed the outcome and criteria for the decision).
    • You can contact us to request to exercise these rights at any time by completing an online form.
    • If we choose not to action your request, we will explain the reasons for our refusal. 

    Your right to withdraw consent

    Whenever you have given us your consent to use your personal data, you have the right to change your mind at any time and withdraw that consent.

    Where we rely on our legitimate interest

    In cases where we are processing your personal data on the basis of our legitimate interest, you can ask us to stop for reasons connected to your individual situation. We must then do so unless we believe we have a legitimate overriding reason to continue processing your personal data, such as administration  of an extended warranty.

    Direct marketing

    You have the right to stop the use of your personal data for direct marketing activity through all channels, or selected channels. We must always comply with your request.

    Checking your identity

    To protect the confidentiality of your information, we will ask you to verify your identity before proceeding with any request you make under this Privacy Notice. 

    If you have authorised a third party to submit a request on your behalf, we will ask them to prove they have your permission to act.

    7.How to opt out of receiving marketing communication.

    There are several ways you can stop direct marketing communications from us:

    • Click the ‘unsubscribe’ link in any email communication that we send you. We will then stop any further emails from that particular division.
    • If you have an account, log in into your John Lewis or Waitrose account, visit the ‘My Account’ area and change your preferences.
    • In our apps, you can manage your preferences and opt out from one or all of the different push notifications by selecting or deselecting the relevant options in the ‘Settings’ section.
    • Write to Group Customer Insight (Customer Data), Partnership House, 1st Floor, Carlisle Place, London SW1P 1BX.

    Please note that you may continue to receive communications for a short period after changing your preferences while our systems are fully updated.

    8.Cookies or other tracking technologies

    9.Managing Cookies

    10.Security of your personal data

    We know how much data security matters to all our customers. With this in mind we will treat your data with the utmost care and take all appropriate steps to protect it.

    We secure access to all transactional areas of our websites and apps using ‘https’ technology.

    Access to your personal data is password-protected, and sensitive data such as payment card information) is secured and tokenised to ensure it is protected.

    We regularly monitor our system for possible vulnerabilities and attacks, and we carry out penetration testing to identify ways to further strengthen security.

    11.Sharing your personal data

    We sometimes share your personal data with trusted third parties.

    For example, delivery couriers, technicians visiting your home, for fraud management, to handle complaints, to help us personalise our offers to you and so on.

    Here’s the policy we apply to those organisations to keep your data safe and protect your privacy:

    • We provide only the information they need to perform their specific services.
    • They may only use your data for the exact purposes we specify in our contract with them.
    • We work closely with them to ensure that your privacy is respected and protected at all times.
    • If we stop using their services, any of your data held by them will either be deleted or rendered anonymous.

    Examples of the kind of third parties we work with are:

    • IT companies who support our website and other business systems.
    • Operational companies such as delivery couriers.
    • Direct marketing companies who help us manage our electronic communications with you.
    • Google/Facebook to show you products that might interest you while you’re browsing the internet. This is based on either your marketing consent or your acceptance of cookies on our websites. See our Cookies Notice for details.
    • Data insight companies to ensure your details are up to date and accurate.  

    Sharing your data with third parties for their own purposes:


    We will only do this in very specific circumstances, for example:

    • With your consent, given at the time you supply your personal data, we may pass that data to a third party for their direct marketing purposes.

    For example, if you enter a holiday competition and tick a box agreeing that the travel company can send you promotional information directly. Or if we run a joint event with a restaurant, and you agree to receive direct communications from them.

    • For fraud management, we may share information about fraudulent or potentially fraudulent activity in our premises or systems. This may include sharing data about individuals with law enforcement bodies.
    • We may also be required to disclose your personal data to the police or other enforcement, regulatory or Government body, in your country of origin or elsewhere, upon a valid request to do so. These requests are assessed on a case-by-case basis and take the privacy of our customers into consideration.
    • We may, from time to time, expand, reduce or sell the Partnership and this may involve the transfer of divisions or the whole business to new owners. If this happens, your personal data will, where relevant, be transferred to the new owner or controlling party, under the terms of this Privacy Notice.
    • For further information please contact our Data Protection Officer.

    To help personalise your journey through Partnership websites we currently use the following companies, who will process your personal data as part of their contracts with us:

    • Monetate
    • CACI
    • BazaarVoice
    • BlueKai
    • Adobe Dynamic Tag Management
    • RichRelevance
    • Adobe Scene7
    • New Relic
    • Ensighten
    • Tapad
    • TagMan
    • Infectious Media
    • Session Cam
    • Visual IQ
    • AppNexus
    • BidSwitch
    • Rubicon
    • Doubleclick
    • Adobe Analytics 
    • Maru/edr
    • Google
    • Twitter
    • Instagram
    • YouTube
    • Cablato
    • AWIN (Affiliate Window)
    • Yahoo
    • Pinterest
    • Dressipi
    • Facebook

    12.How long we keep your data

    Whenever we collect or process your personal data, we’ll only keep it for as long as is necessary for the purpose for which it was collected.


    At the end of that retention period, your data will either be deleted completely or anonymised, for example by aggregation with other data so that it can be used in a non-identifiable way for statistical analysis and business planning.

    Some examples of customer data retention periods: 

    Orders

    When you place an order, we’ll keep the personal data you give us for five years so we can comply with our legal and contractual obligations. In the case of certain products, such as electrical and nursery items, we’ll keep the data for 10 years. 

    Warranties

    If your order included a warranty, the associated personal data will be kept until the end of the warranty period.

    13.Updates to our privancy policy

    14.Contact information