Privacy Notice

Scope

MI HUB Limited t/a Alexandra (we, our, us) are committed to protecting and respecting your privacy.

Scope

This policy sets out the basis on which any personal data we collect from you, or that you provide to us, will be processed by us. Please read the following carefully to understand our views and practices regarding your personal data and how we will treat it.

Personal data, or personal information, means any information about an individual from which that person can be identified.  It does not include data where the identity has been removed (anonymous data).This policy only applies to personal data and does not necessarily apply to any data we may receive relating to business customers (for example, company names and addresses).

We may collect personal information about you via our website www.alexandra.co.uk or our other online portals, including our eBay portal, available at http://stores.ebay.co.uk/alexandra-official-store (our Website) or via any other means, including if you contact us by phone, email or post.

For the purpose of the General Data Protection Regulation 2016/679 and the Data Protection Act 2018, the data controller is MI HUB Limited t/a Alexandra of 3 Long Acres, Willow Farm, Castle Donington, Derbyshire, DE74 2UG.  Our main trading address is at Alexandra, West Park House, Midland Way, Thornbury, Bristol, BS35 2NT, United Kingdom.  You can contact us by email at customercare@alexandra.co.uk or by post at Alexandra, West Park House, Midland Way, Thornbury, Bristol, BS352NT or by phone on 0333 600 1111.

Alexandra is part of a group of companies (our Group), and it may be that another member of our group (rather than Alexandra) is collecting and processing your personal data (and is therefore a data controller). This policy applies to all members of our Group and if a member of our Group other than Alexandra is data controller of your personal data, this will be made clear to you before that data is collected.

Our data protection officer is Mr Jonathan Montgomery (“DPO”).  If you have any queries, complaints or requests please contact our DPO at dpo@mwuk.com or 01332 697227

Personal Data

Information we collect about you (your submitted information)

Type of information

Where collected?

Consequence of failing to provide

Name, Address, Email Address and Telephone Number

On-line registration form.

When you make an enquiry through our customer service number.

Purchase products or services from us.

Where you contact us directly including through our ‘Live Chat’ facility.

Request a catalogue.

Contact us directly (including by phone, email or by using our online form).

You will be unable to register an account with us.

 

We will be unable to communicate effectively with you.

Login information  (Username and Password)

On registration.

You will be unable to register an account with us.

Credit or debit card account information

When you purchase products or services from us.

You will be unable to purchase our products and services through our website.

Personal measurements

Where you use our “Fit Advisor” service.

You will be unable to use our ‘Fit Advisor’ service.


Information we collect from you

Type of information

Where collected?

Consequence of failing to provide

Technical information, including the Internet protocol (IP) address used to connect your computer to the Internet, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform;

Every time you visit our website.

Our website may not be presented in an effective way for you to use our website and it may not be tailored to you.

Information about your visit, including the full Uniform Resource Locators (URL), clickstream to, through and from our site (including date and time), products you viewed or searched for, page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), methods used to browse away from the page.

Every time you visit our website.

Our website may not be presented in an effective way for you to use our website and it may not be tailored to you.

Recordings of inbound and outbound telephone calls to our Customer Services, Sales and Credit Control teams.

When you make or receive a call to or from our Customer Services, Sales and Credit Control teams (if calls are transferred from Sales, Customer Services or Credit Control teams to a member of staff outside of these departments, the call recording will cease once the call is successfully transferred).

We may not be able to assess the performance of our contractual obligations, the quality of our services, or compliance with our legal obligations.

Information we receive from third parties

Type of information Collected from who? Consequence of failing to provide
Identity information, financial information, criminal history Credit reference agencies (Experian, Equifax and TransUnion). We may not be able to verify your credit worthiness, and therefore may not be able to provide you with our products or favourable contractual terms

Retention of Personal Data

We will only retain your personal data for as long as reasonably necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements.  We may retain your personal data for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect to our relationship with you.

 

To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting or other requirements.

Changes to privacy policy

Any changes we may make to our privacy policy in the future will be posted on this page and, where appropriate, notified to you. The new terms may be displayed on-screen and you may be required to read and accept them to continue your use of our Website.

This privacy policy was last updated in July 2020.

Contact

If you have any queries, complaints or requests with regard to this notice please contact our Compliance and Data Privacy Manager in the Data Privacy Office at dpo@mwuk.com or by phone 01332 697227


Other notes about personal data

We may collect personal information about you via our website alexandra.co.uk or our other online portals, including our eBay portal, available at http://stores.ebay.co.uk/alexandra-official-store (our Website) or via any other means, including if you contact us by phone, email or post.

We may also use anonymized aggregated personal data for profiling purposes.  We will not use information about identifiable individuals for that purpose.  We will use that aggregate information for market research purposes.

Telephone Call recording policy

Mi Hub UK Limited, trading as Alexandra, has a telephone system that is capable of recording conversations. This is a standard industry practice that allows the recording of telephone calls for the fulfilment of our contractual obligations, for quality monitoring, training, compliance and security purposes.

In-bound and Outbound calls received into Customer Services, Sales and Credit Control may be recorded and retained in accordance with defined retention periods. These recordings will only be used for the purposes specified in our Telephone call recording policy which is available at our web site or on request from sales@alexandra.co.uk. If calls are transferred from Sales, Customer Services or Credit Control to a member of staff outside of these departments, the call recording will cease once the call is successfully transferred.

Credit References

In order to process your application we will supply your personal information to credit reference agencies (CRAs) and they will give us information about you, such as about your financial history. We do this to assess creditworthiness and product suitability, check your identity, manage your account, trace and recover debts and prevent criminal activity. We will also continue to exchange information about you with CRAs on an ongoing basis, including about your settled accounts and any debts not fully repaid on time. CRAs will share your information with other organisations. The identities of the CRAs, and the ways in which they use and share personal information, are explained in more detail at http://www.experian.co.uk/crain/index.html

CRAIN (Credit Reference Agency Information Notice) is a document produced by the three Credit Reference Agencies- Experian, Equifax and TransUnion (formerly Callcredit)- that explains the use of personal data they receive from third parties about individuals and/or their businesses in relation to credit activity. CRAIN has been produced in conjunction with the Information Commissioner’s Office (ICO).


How long do we keep your personal data?

Whenever we collect your personal data, we’ll only keep it for as long as is necessary for the purpose for which it was collected. At the end of that retention period, your data will either be deleted completely or anonymized.

Marketing Preferences

If you choose to opt in to receive marketing preferences, we will provide you with information about goods or services we feel may interest you. In order to receive relevant marketing you must opt in at the point of becoming a registered user of this site, you can choose to opt in to receive telephone, email or written marketing communications by checking the relevant boxes where prompted.

If you decide that you do not want us to contact you, you can request that we stop using your information and that we stop sending information to you by using the opt-out function when you register on this site, or you can manage your preferences in My Account.

Security

Alexandra takes on-line security very seriously. We know how much data security matters to all our customers. We will treat you data with the utmost care and take all appropriate steps to protect it. We do this in the following way.


Browser & Web Server

Alexandra utilizes Transport Layer Security (TLS)/ Secure Socket Layer (SSL) to encrypt data transmission between your browser and our web server, to ensure that all personal and transactional information is protected from eavesdropping, tampering or alteration.

VeriSign

Alexandra is a subscribing member of VeriSign Secure Site programs. This gives you further assurance that:
• VeriSign has verified the organization name
• the site legitimately runs under the auspices of VeriSign
• All information sent to the site is encrypted if in a TLS/SSL (Secure Socket Layer) session, protecting against disclose to third parties.

You can check if you are in a secure part of any website by looking for the 'closed padlock' symbol. (Usually found in the bottom-right corner of the screen in your browsers task bar). Double-click on the padlock for details of the site's security certification. Also, when in secure areas, the address bar at the top of the browser shows the prefix 'https' (rather than just 'http').

Payments

Of equal importance is the security surrounding the payment system itself. Alexandra safely processes your card payment through your bank and completes the transaction securely behind protected firewalls, and encrypted connections between the bank and us. Any credit or debit card details that you provide will be processed with the utmost care and security. Alexandra are PCI / DSS compliant. PCI / DSS is the worldwide payment card industry data security standard that was set up to help businesses process card payment securely and  reduce card fraud.


Technology

We regularly monitor our system for possible vulnerabilities and attacks, and we carry out penetration testing to identify ways to further strengthen security

The security measures described above ensure that all reasonable steps are taken to protect your personal information. However, the nature of the Internet means that an absolute guarantee of security cannot be offered, and you should be aware that there may be a small security risk in exceptional circumstances when disclosing information online.

Your Rights

You have the following rights (dependent if Alexandra are acting as a data controller or data processor).  You can exercise these rights at any time by contacting us at Alexandra  You can contact us by email at customercare@alexandra.co.uk  or by post at Alexandra, West Park House, Midland Way, Thornbury, Bristol, BS352NT or by phone on 0333 600 1111.

You have the right:

  • To ask us not to process your personal data for marketing purposes. We will inform you (before collecting your data) if we intend to use your data for such purposes or if we intend to disclose your information to any third party for such purposes;
  • To ask us not to process your personal data where it is processed on the basis of legitimate interests provided that there are no compelling reasons for that processing;
  • To ask us not to process your personal data for scientific or historical research purposes, where relevant, unless the processing is necessary in the public interest.
  • to request from us access to personal information held about you;
  • to ask for the information we hold about you to be rectified if it is inaccurate or incomplete;
  • to ask for data to be erased provided that the personal data is no longer necessary for the purposes for which it was collected, you withdraw consent (if the legal basis for processing is consent), you exercise your right to object, set out below, and there are no overriding legitimate grounds for processing.
  • to ask for the processing of that information to be restricted if the accuracy of that data is contested, the processing is unlawful, the personal data is no longer necessary for the purposes for which it was collected or you exercise your right to object (pending verification of whether there are legitimate grounds for processing);
  • To ask for data portability if the processing is carried out by automated means and the legal basis for processing is consent or contract.

In the event that you are unhappy with our processing of your personal data, you have the right to lodge a complaint with the relevant supervisory authority, which is the Information Commissioner’s Office (ICO) in the UK, at any time.  The ICO’s contact details are available here: https://ico.org.uk/concerns/


Changes to Privacy Notice

Any changes we may make to our Privacy Notice in the future will be posted on this page and, where appropriate, notified to you. The new terms may be displayed on-screen and you may be required to read and accept them to continue your use of our Website.