1. Who are we?
For the purpose of EU’s General Data Protection Regulation (“GDPR”) the UK GDPR and other applicable data protection laws, (together the "Data Protection Law"), the data controller (in other words, the organisation that determines how and for what purposes your personal data is used) will be one of the Keter group of companies (in each case "Keter", "we", "us", "our"), depending on the territory in which you are based.
For example, if you are a UK-based customer, then the controller of your personal data is Keter UK Ltd whose registered address is 16 Great Queen Street, Covent Garden, London, WC2B 5AH.
2. What personal data do we collect about you?
Summary: We collect various categories of personal information about you, typically to provide you with the products or services that you have requested from us, but sometimes for additional purposes in accordance with legitimate interests as a business.
The personal data that we collect from or about you includes the following:
- Email address
- Telephone number
- Postal address
- Date of birth
- Gender (and preferred salutation)
- Payment details (such as billing address and card details)
- Delivery details (where different to your postal address)
- A password and account details (if you create an account with us)
- Your purchase history (including where you bought your product if it wasn't from us) and your enquiries about our products
- Information regarding your warranty application and any warranty claims
- Social media handle and personal data on your social media account
- Your thoughts about our products (including complaints and reviews)
- Any content relevant to entering one of our competitions or promotions (which may include a photo).
- Your preferences to receive marketing communications from us
- Technical information, including the Internet protocol (IP) address used to connect your device to the Internet, your login information, browser type and version, time zone setting, browser plug-in types and versions, device types, operating system
- Information about your visit to our website, including the full Uniform Resource Locators (URL), clickstream to, through and from our site (including date and time), products you viewed, searched for or purchased, page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), methods used to browse the website as well as the measurement of the bounce rate of our emails
- Any other information that you provide us with
In some cases you may be able to access Keter services through login credentials of a designated third party website or service (each a “Third Party Account”), including but not limited to Google, LinkedIn, Facebook or Twitter. Doing so will enable you to link your Keter account and your Third-Party Account. If you choose this option, then you will be required to approve the connection as well as the provision of information (which may include your personal data, such as your profile picture, gender, date of birth, the tagline of your profile, summary that appears in the profile, friends’ lists, current and previous job roles and employers), that we obtain from your Third Party Account. Any data submitted to any Third-Party Account, even on and through Keter services, is managed directly by such third party and is not the responsibility of Keter.
If you choose not to provide us with certain information, we may not be able to provide you with some or all of the services that you have requested from us or fulfil our contract with you.
We do not knowingly collect sensitive personal data about you (such as information about your health, sexuality or religious beliefs) and will only process that information about you where you choose to give it to us. We ask you to please not provide us with that information unless it is relevant to why you are getting in touch with us.
In some circumstances we may anonymise your personal data so that it can no longer be associated with you. In this case, we will use this anonymised data for our business purposes.
We do not knowingly collect or solicit personal data from children age 16 or under or knowingly allow them to register to use our services. If you are age 16 or under, please do not use our website, attempt to register for any of our services or send any information about yourself to us. If we learn that we have collected or have been sent Personal Data or from a child age 16 or under, we will delete that Personal Data as soon as reasonably practicable and without any liability to Keter. If you believe that we might have collected or been sent information from somebody aged 16 or under, please contact us at firstname.lastname@example.org, as soon as possible.
3. How do we collect personal data about you?
Summary: We collect personal data about you when you give it to us, or when we collect it when you visit our website or from one of our vendors who has sold you one of our products.
Typically, we collect personal data about you when you give it to us, including when you:
- Create an account with us
- Place an order with us
- Sign up to our newsletter or to receive other marketing communications from us (such as a 'back in stock' notification)
- Register your purchases with us for warranty purposes
- Contact our customer services team or make a warranty claim
- Make an enquiry about one of our products or services
- Leave a review on our website
- Enter one of our competitions or promotions or fill in a survey
- Engage with us on social media (for example by mentioning/tagging us or by contacting us directly)
We may get personal data about you from one of our vendors in relation to a query that you have raised about your purchase.
We may also occasionally be processing your personal data where we have identified and/or are notified by one of our third-party partners that you may be infringing our intellectual property rights.
4. How do we use your personal data and what are our justifications for doing so?
Summary: We process personal data to meet our obligations to you (or our ethical and legal obligations), to protect and enforce our rights and to manage our business.
Where we rely on our legitimate interests as a business to process your personal data, we will always make sure that we balance these interests against your rights.
How and why we use your personal data
- To carry out our obligations arising from any contractual agreement with you and to provide you with the information and products or services you request. These may include fulfilling your order with us, registering and dealing with any claim in relation to your warranty, managing your account with us, and the provision of services related to these purposes to us by our agreed third-party providers.
- To measure how satisfied our website visitors and our customers are and provide customer service and support (including troubleshooting in connection with the products that you purchase from us or when you ask us questions by email, on the phone or on social media).
- To process payments and maintain accounts and records.
- To prevent or detect crime, fraud or abuses of our products and services or our website, to keep our customers and employees safe, and to enable third parties to carry out related technical, logistical, research or other functions on our behalf related to these purposes.
- To enforce our terms, policies and legal agreements (including collecting debts and taking steps to prevent fraud or infringement of our intellectual property).
- To send you newsletters, updates, information about new products or services that we think might interest you, to send you other promotional and marketing information (including 'back in stock' notifications), to conduct prize draws, competitions and other promotions via email, telephone or post.
- To measure or understand the effectiveness of advertising we serve to you.
- To carry out market research or similar surveys.
- To pass your personal data to selected third parties, who may contact you for their own marketing purposes.
- To contact you via email to invite you to review any services and/or products you received from us in order to collect your feedback and improve our services and products.
- To use the reviews, comments and feedback that you leave on our website or provide to us (via social media or otherwise) for our own advertising purposes.
- We may use a review, comment or piece of feedback that you submit to us in our advertising campaigns, such as in TV adverts, in press and digital advertising, on our social media pages, in our email marketing or on our website.
- To find out more about the visitors to our website and our customer base as a whole and how you use our website and our products and services to ensure that the products and services that we offer are most likely to interest our website visitors and customers.
- To carry out profiling on and segment our supporter base so that we are able to tailor our communications within our supporter base to ensure that they are more effective.
- Please see our section on 'Profiling and analysing information about our customers' below this section for more information.
- To carry out the effective administration and running of our business, including across multiple locations internationally
- To notify you about changes to our products and services and terms and conditions.
- For administrative or business purposes, where you contact us for a particular reason other than those set out above, such as to report problems with our website.
What is our legal justification for processing your personal data
- We rely on our contractual arrangements with you as the lawful basis on which we collect and process your personal data in relation to an order for products and services, to manage your account and your warranties.
- Alternatively, in some scenarios, we rely on our legitimate interests as a business (for example, it is in our interests to measure customer satisfaction and troubleshoot customer issues).
- In some circumstances we will use your personal data because it's necessary for us to comply with a legal obligation (for example, if we receive a legitimate request from a law enforcement agency).
- In other cases (such as the detection of theft, fraud, to collect debts, or ensuring security of our website) we will rely on our legitimate interests in keeping our employees and our website secure, to get paid for our products and services and to prevent theft and fraud.
- Unless we are contacting you in a business to business capacity, we will only use your personal data to send you electronic marketing messages if we have consent from you to do so (or if you are an existing customer and have not opted out of receiving marketing materials). We will only ever rely on your consent to pass your personal data to third parties for their own marketing purposes.
- In some cases, we will rely on our legitimate interests to send these types of communication (our legitimate interest in marketing and advertising our products).
- You can amend your preferences or opt out from marketing communications by using the unsubscribe links within our marketing messages or by sending a request to email@example.com.
- We have a legitimate interest to promote our own products and services and to request and use the reviews, comments and feedback that you provide to us to do so.
- We have a legitimate interest to make sure that we are providing you with the information that we think is most relevant to you.
- We have a legitimate interest to engage with our supporters differently as it allows us to be more focused and cost effective with our resources and reduces the risk of someone receiving information they may not want to receive.
- We may occasionally seek your consent for profiling activity if it is necessary in accordance with data protection laws.
- We have a legitimate interest to manage our business in an efficient and effective way.
- In some circumstances we may also your personal data because it's necessary for us to comply with a legal obligation.
- We rely on our contractual arrangements with you as the lawful basis for this processing. In some cases, we rely on our legitimate interests as a business to send you these updates.
- We have a legitimate interest to respond to your contact for the purposes of administering our business.
Profiling and analysing information about our customers
- In order to tailor how we engage with our customers and people who have told us they want to hear form us, we may analyse personal data that you give us and that we collect about you including your purchase history, your location and other demographic information.
- We may use the information that you provide us and match it with data that we have obtained from external sources to better understand our customer base and tailor our communications to you or others like you.
- We may segment our customer base into different groups based on what we know about them to ensure that our communications are sent to those that are most likely to respond and engage with us. For example, we may send customers who have bought a particular product specific communications as a result of their purchase. Once we have carried out this segmentation, we will either only contact you in the ways that you have asked us to, or where we are entitled to do so in accordance with data protection laws. We don't target specific individuals in this way, but we target groups of individuals that may share the same characteristics.
- You are in control of how we process your personal data so if you don't want us to do this, you can opt-out at any time by contacting us at firstname.lastname@example.org.
5. How do we share your personal data?
Summary: We share personal data with our service providers, partners, group companies and authorities where required.
Within our corporate group:
We are part of the Keter group which is made up of a number of different brands. You can find out more about the Keter group and the companies that form part of it by clicking About Keter
We may disclose your personal data with other entities and brands within our corporate group for the purposes of administering our relationship with you or for other reasons relating to the delivery of our products and services to you. We rely on our legitimate interests to do so.
Our brands and group entities are located all around the world (including Israel and the US) and this may result in the transfer of your personal data outside of the UK and the European Economic Area (as discussed in more detail in section 9 below).
Whenever we transfer your personal data between brands and entities within the Keter group, we always implement appropriate safeguards to protect your personal data, including by executing particular contract terms such as the European Commission's Standard Contractual Clauses.
Third party suppliers and service providers involved in our contractual relationship with you:
Like most businesses, we work with third party suppliers and service providers as part of the day to day operation of our business. Some of these trusted suppliers will process your personal data on our behalf and provide services to us such as website hosting, delivery fulfilment, taking payments and processing transactions (including Stripe and where you are using credit, via Klarna) on our behalf.
Other third parties also include analytics and search engine providers that assist us in the improvement and optimisation of our website and our marketing. They also include service providers who may help prevent fraud, protect Keter, its staff and its property, and assert our rights.
We will always make sure that we require them to meet agreed standards for the protection of your data and they will only ever be allowed to use the data in order to provide services to us and not for their own commercial purposes. If any of these trusted third-party suppliers is based outside of the UK or EEA (i.e. in a territory where local laws may not provide the same level of protection for your data), we will implement safeguards to ensure that your personal data is protected in accordance with our obligations under Data Protection Law.
We periodically add and remove third party providers. At present, the types of third party providers to whom we transfer personal data include the provision of the following services:
- Payment provider;
- Credit provider;
- Delivery fulfilment;
- Website analytics;
- Document management and sharing services;
- Customer support services (including call centre services);
- On-site and cloud-based database services;
- Website hosting and the provision of the interfaces on our website ;
- Data security, data backup, and data access control systems;
- Project Management system;
- Web VC and meeting room platforms;
- Our standard business software (including CRM and ERP software) and partners.
If you choose to utilise Klarna's payment methods, we will be required to pass your personal data to Klarna in order for Klarna to assess whether you qualify for their payment methods and to tailor those payment methods for you. Your personal data transferred is processed in line with Klarna’s own privacy notice.
Other scenarios in which we might share your personal data:
- With our professional advisors including tax, legal or other corporate advisors who provide professional services to us and our wider corporate group.
- With regulators, law enforcement or fraud prevention agencies, as well as our legal advisers, courts, the police and any other authorised law enforcement bodies, for the purposes of investigating any actual or suspected criminal activity or other regulatory or legal matters etc.
- In the event that we consider selling or buying any business or assets we will disclose your personal data to any prospective sellers or buyers of such business or assets.
- In the event of any insolvency situation (e.g. administration or liquidation).
- If we, or substantially all of our assets, are acquired by a third party, in which case personal data held by us about our members and customers will be one of the transferred assets.
- To protect the rights, property or safety of our employees, our customers, or others. This includes exchanging personal data with other companies and organisations (including without limitation the local police or other local law enforcement agencies) for the purposes of employee and customer safety, crime prevention, fraud protection and credit risk reduction.
- If we are under a duty to disclose or share your personal data in order to comply with any legal obligation or regulatory requirements, or otherwise for the prevention or detection of fraud or crime.
We may share any data that is not personal data with third parties at our own discretion.
6. Retention of your personal data
Summary: We retain your personal data for as long as we need it in connection with our relationship with you.
Keter will retain your personal data in accordance with our data retention policy, as long as required to provide our services to you and as necessary to comply with our legal and other obligations, to resolve disputes and to enforce agreements. We will also retain personal data to meet any audit, compliance and business best-practices.
The applicable retention periods will always be linked to our purposes for processing your personal data. This means that the retention periods will vary according to the type of personal data. Where you have activated a warranty on one of our products for a defined warranty period, we will retain your personal data relating to that warranty for the defined warranty period. In some instances this might be for a lifetime.
We may retain some statistical information concerning the use of our website and about our customer base for longer than this however this data will be wholly statistical and anonymised and we will not be able to identify you from this data.
We also place tracking cookies in our marketing emails as this helps us to improve our marketing activities – for example, these cookies allow us to see how many people open our emails, what time of day they open our emails and whether they click through on any of the information contained in the emails.
Summary: We take data security very seriously and we invest in security systems and provide our staff with appropriate training.
We take the security of your personal data very seriously and have taken great care in implementing, enforcing and maintaining the security of your personal data. Keter implements, enforces and maintains security measures, technologies and policies to prevent the unauthorised or accidental access to or destruction, loss, modification, use or disclosure of personal data as required by Data Protection Law and in accordance with good industry practice. We likewise take steps to monitor compliance of such policies on an ongoing basis. Where we deem it necessary in light of the nature of the data in question and the risks to data subjects, we may encrypt data.
Please note however that unfortunately (as you probably already know) the transmission of information is not completely secure and no data security measures are perfect or impenetrable. We cannot guarantee that unauthorised access, leaks, viruses and other data security breaches will never occur. Although we will do our best to protect your personal data, any personal data that you transfer to us is at your own risk.
Within Keter, we limit access to personal data to those of our personnel who: (i) require access in order for Keter to fulfil its obligations; (ii) have been appropriately and periodically trained in personal data practices, and (iii) are under confidentiality obligations as may be required under applicable law.
Keter shall act in accordance with its policies and with Data Protection Law to promptly notify the relevant authorities and data subjects in the event that any personal data processed by Keter is lost, stolen, or where there has been any unauthorized access to it, all in accordance with Data Protection Law.
Where you have chosen a password which enables you to access certain parts of our website, you are responsible for keeping this password confidential. We ask you not to share your password with anyone.
9. Where we may process your personal data
Summary: We transfer personal data within and to the EEA, UK, USA, Israel and elsewhere, with appropriate safeguards in place. We store your personal data across multiple locations globally.
Keter transfers data from its various locations and jurisdictions to other jurisdictions as follows:
· To Israel. Keter headquarters are in Israel and this website is hosted in Israel. Israel is considered by the European Commission to offer an adequate level of protection for the personal data; we may transfer data to other countries with an adequacy ruling too; and
· To the United States of America and additional non-EEA locations. When we transfer personal data to the US and elsewhere we ensure that the overseas recipient (including any of our group companies) enter info particular contract terms such as the European Commission's Standard Contractual Clauses, or some other mechanism valid under Data Protection Laws; and
· Within / to the UK, Switzerland and the EEA.
Examples of when your personal data may be transferred outside of the EEA / UK / Switzerland include the following specific purposes in order to:
· Store or backup the information;
· Enable us to provide you with the services and products and fulfil our contract with you;
· Fulfil any legal, audit, ethical or compliance obligations which require us to make that transfer;
· Facilitate the operation of our group businesses, where it is in our legitimate interests and we have concluded these are not overridden by your rights;
· Serve our customers across multiple jurisdictions;
· Operate parent company, subsidiaries and affiliates in an efficient and optimal manner; or
· Detect and prevent damage to Keter, its employees and third parties.
10. Your rights in relation to your personal data
Summary: You have various data subject rights in relation to your personal data, such as rights to access, erase, and correct personal data, and information rights. We will respect any lawful request to exercise those rights.
You have a number of rights in relation to your personal data as set out below.
If you would like to exercise any of those rights, please contact us email@example.com.
Access - A right to access personal data held by us about you.
Rectification - A right to require us to rectify any inaccurate personal data held by us about you.
Erasure - A right to require us to erase personal data held by us about you. This right will only apply where (for example): we no longer need to use the personal data to achieve the purpose we collected it for; or where you withdraw your consent if we are using your personal data based on your consent; or where you object to the way we process your data (in line with your right to object, below).
Restriction - In certain circumstances, a right to restrict our processing of personal data held by us about you. This right will only apply where (for example): you dispute the accuracy of the personal data held by us; or where you would have the right to require us to erase the personal data but would prefer that our processing is restricted instead; or where we no longer need to use the personal data to achieve the purpose we collected it for, but you require the data for the purposes of dealing with legal claims.
Portability - In certain circumstances, a right to receive personal data, which you have provided to us, in a structured, commonly used and machine-readable format. You also have the right to require us to transfer this personal data to another organisation, at your request.
Objection - A right to object to our processing of personal data held by us about you where the processing of such data is necessary for the purposes of our legitimate interests, unless we are able to demonstrate, on balance, legitimate grounds for continuing to process personal data which override your rights or which are for the establishment, exercise or defence of legal claims.
Not to be subject to automated processing - A right for you not to be subject to a decision based solely on an automated process, including profiling, which produces legal effects concerning you or similarly significantly affect you.
Withdrawal of consent and objection to marketing - A right to withdraw your consent, where we are relying on it to use your personal data (for example, to provide you with marketing information about our services or products). You can object to direct marketing at any time.
11. Third-party websites
Our website may, from time to time, contain links to and from the websites of our retail partners, credit providers, warranty registration partners, other business partner networks, advertisers and affiliates, or other sites. We also may, from time to time, include links to a number of social channels such as Facebook, Instagram, LinkedIn, Twitter, Pinterest, and Google Maps.
If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to these websites.
Our website may, from time to time, include product videos demonstrating our products. These videos are available on YouTube and are made available on our website by our use of the YouTube API Service. When you click on these YouTube videos, you:
- Agree to be bound by the YouTube terms of service which can be found here - (https://www.youtube.com/t/terms); and
14. Data controllers, contacting us and your right to complain
Territory: Data Controller
Luxembourg: Keter Luxembourg Sarl
The Netherlands: Jardin Netherlands BV, Keter Benelux BV
Germany: Keter Germany Gmbh
Poland: Keter Poland Sp.z.o.o
Italy: Keter Italia S.p.A
Spain: Keter Iberia SLU
France: Keter France Inc
Hungary: Keter Hungary Ltd
Belgium: Keter Belgium BV
UK : Keter UK Ltd
Data subjects in the UK and the EEA have the right to lodge a complaint, with a data protection supervisory authority in the place of their habitual residence.
If you are based in:
- the UK you may contact the UK Information Commissioner at telephone number 0303 123 1113 or https://ico.org.uk/;
- any territory within the EEA, our lead supervisory authority is the National Commission for Data Protection (‘CNPD’) of the Grand Duchy of Luxembourg and complaints may be lodged at https://cnpd.public.lu/en/particuliers/faire-valoir/formulaire-plainte.html.
If the supervisory authority fails to deal with a complaint you may have the right to an effective judicial remedy.