Who we are

The pages on this website (“the Website”) are published by Eddie Stobart Logistics Plc  (“ESL”), a company registered in England and Wales with company registration number 8922456, whose registered address is at Stretton Green Distribution Park, Langford Way, Warrington Cheshire, WA4 4TQ.

Maintaining the security of your data and your right to privacy is a priority to ESL. We will handle your personal data legally and fairly at all times and we will be transparent about what data we collect about you and how we use it.

This policy provides you with details about:

  • what personal data we collect;
  • how we use your personal data;
  • how we ensure your privacy is maintained
  • your legal rights about your personal data.

The personal data collected

ESL may collect the following information about you:

  • your name, age/date of birth and gender;
  • your contact details: postal address including billing and delivery addresses, telephone numbers (including mobile numbers) and e-mail address;
  • purchases and orders made by you;
  • your on-line browsing activities on our websites;
  • your password(s) where applicable;
  • when you make a purchase or place an order with us, your payment card details;
  • your communication and marketing preferences;
  • your interests, preferences, feedback and survey responses;
  • your location;
  • your correspondence and communications with us; and
  • other publicly available personal data, including any which you have shared via a public platform (such as a Twitter feed or public Facebook page).

Our websites are not intended for children and we do not knowingly collect data relating to children via our website.

This list is not exhaustive and, in specific instances, we may need to collect additional data for the purposes set out in this Policy.  Some of the above personal data is collected directly, for example when you apply for a training course or send an email to our customer services team.  Other personal data is collected indirectly, for example your browsing activity.  We may also collect personal data from third parties who have your consent to pass your details to us, or from publicly available sources.

How we use your data

ESL (and trusted partners acting on our behalf) uses your personal data:

  • to provide goods and services to you;
  • to make a tailored website available to you;
  • to manage any registered account(s) that you hold with us;
  • to verify your identity;
  • for crime and fraud prevention, detection and related purposes;
  • with your agreement, to contact you electronically about promotional offers and products and services which we think may interest you;
  • for market research purposes - to better understand your needs;
  • to enable us to manage customer service interactions with you; and
  • where we have a legal right or duty to use or disclose your information (for example in relation to an investigation by a public authority or in a legal dispute).

Other Marketing

Promotional communications

ESL may use your personal data for electronic marketing purposes (with your consent) and may send you postal mail to update you on the latest ESL offers.  

ESL aims to update you about products & services which are of interest and relevance to you as an individual. 

You have the right to opt out of receiving promotional communications at any time, by contacting ESL via the contact channels set out in this Policy.

Sharing data with third parties

Our service providers and suppliers

In order to make certain services available to you, we may need to share your personal data with some of our service partners.  These include IT, delivery and marketing service providers, accountants.

ESL only allows its service providers to handle your personal data when we have confirmed that they apply appropriate data protection and security controls.  We also impose contractual obligations on service providers relating to data protection and security, which mean they can only use your data to provide services to ESL and to you, and for no other purposes.

Other third parties

Aside from our service providers, ESL will not disclose your personal data to any third party, except as set out below.  We will never sell or rent our customer data to other organisations for marketing purposes.

International transfers

To deliver products and services to you, it is sometimes necessary for ESL to share your data outside of the European Economic Area.  This will typically occur when service providers are located outside the EEA or if you are based outside the EEA.  These transfers are subject to special rules under data protection laws.

If this happens, we will ensure that the transfer will be compliant with data protection law and all personal data will be secure.  Our standard practice is to use ‘standard data protection clauses’ which have been approved by the European Commission for such transfers.  

How long do we keep your data?

We will not retain your data for longer than necessary for the purposes set out in this Policy. Different retention periods apply for different types of data, however the longest we will normally hold any personal data is 6 years.

How we protect your data

ESL is committed to keeping your personal data safe and secure.  

Our security measures include: -

  • encryption of data;
  • regular cyber security assessments of all service providers who may handle your personal data;
  • regular scenario planning and crisis management exercises to ensure we are ready to respond to cyber security attacks and data security incidents;
  • regular penetration testing of systems;
  • security controls which protect our entire IT infrastructure from external attack and unauthorised access; and
  • internal policies setting out our data security approach and training for employees.

Legal basis for using your data

ESL collects and uses personal data because is it necessary for:

  • the pursuit of our legitimate interests;
  • the purposes of complying with our duties and exercising our rights under a contract for the sale of goods or services to a customer; or
  • complying with our legal obligations.

In general, we only rely on consent as a legal basis for processing in relation to sending direct marketing communications to customers.

Customers have the right to withdraw consent at any time.  Where consent is the only legal basis for processing, we will cease to process data after consent is withdrawn.

Cookies

Cookies are small text files that are placed on your computer by websites that you visit. They are widely used in order to make websites work, or work more efficiently, as well as to provide information to the owners of the site. The table below explains the cookies we use and why.

Cookie name Description
__utma Used to distinguish users and sessions. The cookie is created when the javascript library executes and no existing __utma cookies exists. The cookie is updated every time data is sent to Google Analytics.
__utmz Stores the traffic source or campaign that explains how the user reached your site. The cookie is created when the javascript library executes and is updated every time data is sent to Google Analytics.
_ga Used to distinguish users.
_gid Used to distinguish users.
exp_last_activity Every time the state is updated (the page reloaded) the last activity is set to the current datetime. Used to determine expiry. This is essential for logged in users, but not for guests - it is set for both.
exp_last_visit Sets the datetime that the user last visited the site, and is set for both guests and logged in users. If not set, is automatically set to 10 years ago. Affects guests and logged in users.
exp_tracker Tracks the last 5 pages viewed by the user, and is used primarily for redirection after logging in etc. Affects guests and logged in users.
exp_cartthrob_session_id The shopping cart sets a cookie to remember which items are in the cart. No personal information is stored in these cookies, only a fingerprint ID related to that browser session.
exp_csrf_token This cookie protects against Cross Site Request Forgery (CSRF). A CSRF attack forces a logged-on victim’s browser to send a forged HTTP request, including the victim’s session cookie and any other automatically included authentication information, to a vulnerable web application. This allows the attacker to force the victim’s browser to generate requests the vulnerable application thinks are legitimate requests from the victim.

 

How do I change my cookie settings?

Most web browsers allow some control of most cookies through the browser settings. To find out more about cookies, including how to see what cookies have been set, visit www.aboutcookies.org or www.allaboutcookies.org.

Find out how to manage cookies on popular browsers:

To find information relating to other browsers, visit the browser developer's website.

To opt out of being tracked by Google Analytics across all websites, visit http://tools.google.com/dlpage/gaoptout.

Your rights

You have the following rights:

  • the right to ask what personal data that we hold about you at any time;
  • the right to ask us to update and correct any out-of-date or incorrect personal data that we hold about you free of charge; and
  • the right to opt out of any marketing communications that we may send you.

If you wish to exercise any of the above rights, please contact us using the contact details set out below.

Contact Information

If you have any questions about how ESL uses your personal data that are not answered here, or if you want to exercise your rights regarding your personal data, please contact us by emailing dataprotection@eddiestobart.com

You have the right to lodge a complaint with the Information Commissioner’s Office.  Further information, including contact details, is available at https://ico.org.uk.