We recognize the importance of your privacy and understand your concerns regarding the use and sharing of your personal data. We respect the privacy of all individuals who visit our website, utilize our online services, and purchase our products.
We are dedicated to safeguarding your privacy and personal data. Additionally, we are committed to transparency about the data we collect from you and how we use it.
We will process your personal data according to applicable legislation, including the UK General Data Protection Regulation (UK GDPR), the European General Data Protection Regulation (EU GDPR), and/or local legislation in the relevant country of our affiliates. In this privacy notice, you can read more about what personal data we process about you, including how we receive your personal data, for which purposes, for how long we store your personal data, if we share it with any data processors or third parties, and your rights.
The data controller of your personal data will be the Crown Paints affiliate that you are in contact with or whose website you are visiting, for the processing activities outlined in this privacy notice.
If you have any questions on how we process your personal data – please reach out to our Privacy Team. Please see contact details in ‘Contact Information’ section in this privacy notice.
The legal bases set out in the table below reflect the applicable legal grounds for processing under either the UK GDPR or the EU GDPR, depending on which Crown Paints affiliate is acting as the data controller in your specific case. This is determined by your location or the Crown Paints entity with which you interact.
|
When |
The categories of personal data we process about you |
The purpose of the processing |
The legal basis of the processing activity |
|||||
|
When you visit our operated websites |
Information such as your IP address, reverse DNS lookup |
This data is used for security purposes, especially the prevention of online threats like data breaches and denial of service assaults, as well as to deter the submission of multiple unauthorized applications. |
Legitimate interest - Article 6(1)(f) – to protect our website, users and infrastructure as well as to gain insights into the types of organizations engaging with our websites. It is our assessment that our legitimate interests do not override your rights and interests. |
|||||
|
When you use our websites more extensively |
IP address, login details, browser type/version, time zone, plug-ins, geolocation, OS, etc.
|
The IP address is almost always collected automatically because it's necessary for basic communication between the user's device and the website's server. It helps with things like routing requests and improving security. Other details collected, to help improve the user experience, optimize performance, and monitor usage patterns. Some may be used for analytics or to serve tailored content, but always with your consent. |
Legitimate interest - Article 6(1)(f) – this is considered a technical necessity for the website to function properly, such as enabling communication between the user’s device and the server, and maintaining security (e.g., detecting DoS attacks or abusive behavior). Consent - Article 6(1)(a) – These types of data are not strictly necessary and are used for enhancing user experience, personalization, and analytics. Therefore, explicit consent is required before processing. |
|||||
|
When you visit our operated websites, we place necessary cookies |
IP address, session ID, browser type, language preferences, and other technical identifiers |
To enable essential website functionality such as navigation, secure access to forms, and session management |
Legitimate interest – Article 6(1)(f) GDPR - The processing of necessary cookies and technical data is based on our legitimate interest in operating a secure and functional website. We have assessed that this interest does not override your fundamental rights and freedoms |
|||||
|
When you accept the use of cookies on our operated websites |
IP address, device details, browser type, preferences, and behavior on the website (such as pages visited and time spent) |
To personalize content and ads To customize the website and its content based on your preferences or behavior To retain and evaluate information about your visits for analytics, improving usability, and verifying website performance |
Consent – Article 6(1)(a) - We process your personal data on the basis of your consent, which you can withdraw at any time.
|
|||||
|
When you visit the website and interact with it (e.g., browsing, clicking links, viewing products). |
Your URL clickstreams (the path you take through our site), products/services viewed, page response times, download errors, how long you stay on our pages, what you do on those pages, how often, and other actions. |
To analyze user behavior, improve website performance, personalize content, track issues (e.g., errors), and optimize marketing. |
Consent - (Article 6(1)(a)): Required if using cookies or tracking technologies. Legitimate Interests – (Article 6(1)(f) GDPR): |
|||||
|
When you make a purchase or request a quote |
Name, company name, address, phone number, email address Products/services requested Payment and tax information |
To process orders and quotes, provide customer service, handle billing and tax compliance |
Contractual necessity – Article 6(1)(b) - Required to fulfill a purchase, provide a quote, or deliver related services. Legal obligation – Article 6(1)(c) - Required for complying with tax, financial, or recordkeeping regulations (e.g., VAT or invoice retention). |
|||||
|
When you subscribe to receive marketing communications |
Contact details such as name, company name, address, phone numbers, email address, engagement and competition entry details (where relevant) |
- To send promotional emails, product updates, offers, surveys, and other marketing content tailored to your preferences - To administer competitions and gather marketing feedback |
Consent – Article 6(1)(a) - Your data is processed only when you actively provide consent, which can be withdrawn at any time. Legitimate interest – Article 6(1)(f) - for administering competitions or sending marketing to existing customers (soft opt-in). We have assessed that our legitimate interest does not override your fundamental rights and freedoms |
|||||
|
When you contact us with a query or request for support. |
Contact details such as name, company name, address, phone numbers, email address. Purchase & Quote Details: Products/services purchased or enquired about.
|
To respond to your queries and provide customer support. |
Contractual necessity – Article 6(1)(b) - When your request relates to an existing contract or a potential order. Legitimate interest – Article 6(1)(f) - For general inquiries or requests not related to a specific contract. We have assessed that our interest in responding to your queries does not override your rights and freedoms. |
|||||
|
|
- To create and manage customer accounts and memberships - To process payments and manage deliveries - To send marketing communications where requested |
Contractual necessity – Article 6(1)(b) - To fulfil product orders, manage shipments, and provide membership services. Legal obligation – Article 6(1)(c) - For processing and recording payment-related data in compliance with applicable tax or accounting laws. Consent – Article 6(1)(a) - For sending marketing materials and administering membership preferences where consent has been given. |
|||||
|
When conducting due diligence on agents or distributors |
- Identification details - Contact details - Professional background - Compliance-related declarations |
- To evaluate the integrity and suitability of business partners - To ensure compliance with anti-bribery, anti-corruption, and ethical standards |
Legitimate interest – Article 6(1)(f) - To safeguard our business from compliance and reputational risks. We have assessed that these interests do not override your fundamental rights and freedoms.
|
|||||
|
When customers submit credit applications or make payments |
|
|
Contractual necessity – Article 6(1)(b) - Required to process credit and payments related to customer agreements. Legal obligation – Article 6(1)(c) - Required to meet financial and accounting obligations, such as anti-fraud checks or recordkeeping. Legitimate interest – Article 6(1)(f) - To ensure efficient credit processing and reduce financial risk. We have assessed that these interests do not override your rights and freedoms. |
|||||
|
When a customer contacts Customer Care via phone, email, or other electronic means |
Name, contact details, order and delivery information, communication history |
To provide support and resolve issues related to orders, deliveries, shipping, logistics, and complaints, and to improve overall service quality |
Legitimate interest – Article 6(1)(f) - To provide effective customer service and respond to individual queries. We have assessed that this does not override your fundamental rights and freedoms. |
|||||
|
When we engage suppliers for corporate hardware, software, IT services, or other professional services |
|
- To assess and manage supplier relationships - To negotiate, execute, and oversee contracts - To ensure smooth procurement and service delivery |
Legitimate interest – Article 6(1)(f) - We process this data to support effective vendor management and ensure operational efficiency. We have assessed that our legitimate interest does not override your fundamental rights and freedoms. |
|||||
|
When individuals enter areas monitored by CCTV on our premises |
Visual recordings (video footage), time and location of presence |
To ensure the safety and security of staff, visitors, property, and assets, and to support the investigation of incidents if needed |
Legitimate interest – Article 6(1)(f) - We process CCTV footage to protect people, property, and our premises. We have assessed that this interest does not override your fundamental rights and freedoms.
|
|||||
|
When you visit our facilities |
Name, contact details, photo (for entrance card), entrance/exit time, mail recipient details |
To manage access, issue and track visitor cards, handle mail services (including scanning mail addressed to roles), and administer employee benefits |
Legitimate interest – Article 6(1)(f) - We process this data to maintain facility security, support operational needs, and deliver internal services efficiently. We have assessed that our legitimate interests do not override your rights and freedoms. |
|||||
|
- Name and contact details (optional, reports may be anonymous) - Details of the report (e.g., suspected misconduct, individuals involved, supporting evidence) - Any follow-up communication and investigation findings |
- To allow individuals to report suspected unethical, illegal, or non-compliant behavior confidentially |
Legal obligation – Article 6(1)(c) - Where reporting and investigation is required under applicable laws or regulatory frameworks (e.g. whistleblower protection laws). Legitimate interest – Article 6(1)(f) - To detect and address misconduct, protect the integrity of our organisation, and ensure a safe and lawful workplace. We have assessed that this interest does not override the rights and freedoms of individuals involved. |
We will only retain your personal data for as long as necessary to fulfill the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements. When determining the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorized use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
We may share your personal data with Crown Paints Limited or other relevant Crown Paints affiliates, where necessary, for purposes such as processing and delivering your orders or where one affiliate acts as a data processor on behalf of another.
We may also share your personal data with external third parties where relevant for the provision of specific services. This includes, for example, IT service providers (such as data hosting or maintenance support under our instructions) or logistics partners responsible for delivering our products. In all such cases, we ensure that any third-party processors are contractually bound to protect your personal data in accordance with applicable data protection laws, and we enter into data processing agreements where required.
In some cases, your personal data may be transferred to countries outside the European Economic Area (EEA) or the UK that are not deemed to provide an adequate level of data protection by the European Commission or the UK government. Where such transfers occur, we implement appropriate safeguards, including the use of Standard Contractual Clauses approved by the European Commission and the UK Information Commissioner, and we conduct transfer impact assessments where necessary to ensure compliance with the UK GDPR and EU GDPR.
We take the security of your personal data seriously. We have implemented appropriate technical and organizational measures to protect it from accidental loss, unauthorized access, use, alteration, or disclosure.
Access to your personal data is restricted to individuals who have a legitimate business need to access it and are subject to confidentiality obligations. Our internal procedures, access controls, and contractual safeguards help ensure that your data is handled securely and in accordance with applicable data protection laws.
Depending on your location and the Crown Paints entity acting as the data controller, your personal data may be processed under the EU General Data Protection Regulation (GDPR) or the UK GDPR. Subject to applicable local legal requirements and limitations, you have the following rights:
Right of access
You have the right to request confirmation of whether we process your personal data and to access that data. This includes the right to receive a copy of the personal data we hold about you, as well as information about how and why we process it. We may redact or restrict certain information where required to protect the rights of others or comply with legal obligations.
Right to rectification
You have the right to rectify inaccurate and inadequate personal data about you.
Right to erasure (right to be forgotten)
You have the right to request us to erase the personal data we process about you. You can either request the ‘right to be forgotten’ in your profile in our recruitment system or by contacting us.
Right to restriction
You have the right to restrict our processing of your personal data and thereby ask us to suspend the processing of your personal information.
Right to data portability
Where our processing of your personal data is based on your consent and the processing is carried out by automated means, you have the right to receive your personal data in a structured, commonly used and machine-readable format. You also have the right to transmit this personal data to another data controller without hindrance from us, where technically feasible.
Right to object
You have the right to object – on grounds relating to your particular situation – to processing personal data where the legal basis for our processing is legitimate interests. If you exercise your right to object, we may no longer process your personal data unless we demonstrate compelling legitimate grounds for the processing which overrides your interests, rights and freedoms, or the processing is necessary for the establishment, exercise, or defense of legal claims.
If you have any questions, comments, or concerns about how we process your personal data, you are welcome to contact our Privacy Team at privacy@crownpaints.co.uk. Please note that this address is for privacy-related matters only, and other requests will not be considered.
You can reach us through the following methods:
Email:
privacy@crownpaints.co.uk (Please be aware that we handle only privacy questions and no other matters when you reach out to this email.)
Post:
Customer Relations Team, Crown Paints Ltd, Crown House, Hollins Road, Darwen, Lancashire, BB3 0BG. United Kingdom
Customer Relations Team, Crown Paints Ireland Limited, Units 28 & 29, Grattan Business Park, Clonshaugh, Dublin, D17 X478
We may change this privacy notice from time to time (for example, if the law changes). Any changes will be immediately posted on our site. We recommend you check the privacy notice regularly to remain up to date.