Privacy and Security

This page is designed to provide you with information about how we use the personal data and information that you provide to us during your use of the ao.com website or mobile app and any communication (for example telephone) made between us relating to such use.

AO Retail Limited is the data controller of the information you provide. AO Retail Limited (t/a ao business) is a company registered in England and Wales with registered number 03914998. We are part of the AO World PLC group of companies and our registered office address is 5A Parklands, Lostock, Bolton, BL6 4SD.

We may change our privacy policy from time to time. This policy was last updated on 23/02/2021 and is version 1.2.

The information we collect when you place an order with us includes: name, address, telephone numbers. Through your product reviews or surveys you may provide us further personal data or we may collect such data from third party data aggregators or publicly available sources such as Companies House and LinkedIn. Further we may have, profiling data, technical information about your internet connection and browser as well as the country and telephone code where your computer is located, the web pages viewed during your visit, the advertisements you clicked to, IP addresses and cookies.

We only collect, keep, use or share your information for genuine business purposes, when you’ve approved us to do so, or when we’re obliged to legally. There are a few reasons why we use your personal details:

1. if you contact us with an enquiry either by telephone, email or live chat;
2. to process any order that you place on our website and arrange for its delivery and installation;
3. to maintain any registered accounts you have with us;
4. to make our website and our app accessible to you with informative content tailored to your needs including serving you with any pop-up messages and voucher codes;
5. if you have purchased a product from us we may contact you from time to time, by SMS, email or telephone regarding our latest promotional offers, products and services that we think you may be interested in;
6. promoting and advertising (including personalisation) of our products and services both on our website and elsewhere on the internet
7. promoting and advertising our products and services to you via email, SMS and post;
8. to train our employees to ensure that we are providing the best possible service;
9. we record telephone calls for compliance and legal reasons;
10. to get in touch regarding customer satisfaction surveys and market research;
11. when you provide a review on our website;
12. when you request contact from us;
13. matching and aggregating your personal data for analysis and to provide you with a more personalised experience;
14. to analyse any problems with our website and improve its performance;
15. when you engage with us on any social media platform
16. we also use personal details to contact you regarding our services and products and if we need to verify your identity;
17. for research, analysis, testing, monitoring, risk management and administration purposes; and 
18. for crime or fraud prevention purposes.

For AO Business to be allowed to process your personal data, we must have a legal basis for the processing. The data protection legislation sets out what these bases are. We have described below the different bases that we rely on and provided examples of the processing.

Contractual

There are some contractual reasons why we have to process your personal data. When you buy a product on our website, it creates a contract between us. We need to process the personal data that you provide in order to fulfil our part of the contract. If you do not provide your details we won’t be able to complete your order.

Legal

Sometimes we are required to process the personal data that we hold about you for legal reasons - for example, if there is a product recall.

Legitimate Interests

We also rely on being able to process your personal data on the basis that it is in our legitimate interests. When we do this we will always consider your interests and balance any positive or negative impact relating to such processing and your legal rights relating to data protection. The legitimate interests of AO Business do not automatically override your interests.

If you do not want us to process any of the personal data we have listed as being processed for legitimate purposes, you have the right to object. For more information see the section below relating to your rights. Please note that if you object we may still continue to process your personal data in certain circumstances. Please also remember that if we can’t process your personal data for these purposes your customer experience may not be as enjoyable.

Our legitimate interests include:

• analysing and understanding your customer journey and behaviour to improve efficiencies and interaction
• sending you email or SMS marketing messages, if you have previously bought something from us
• calling you to discuss your delivery and any other services that we would like to offer you
• promoting and advertising our products and services both on our website and elsewhere on the internet
• analysing our website’s performance and solving any problems
• staff training
• personalisation of your shopping experience

Consent

In some cases, we will ask whether you would like us to process your personal data. For example, if you would like us to notify you when an out of stock item becomes available or if you have requested contact from us via our “contact us” function. If you provide us with consent, you may withdraw it at any time by contacting us.

We may contact you by telephone shortly after your purchase to discuss your delivery and make sure that it all goes smoothly for you. We may also offer you other services which relate to the products that you have purchased. If you decide not to purchase a product protection plan on such call we may contact you around the expiry of the manufacturer’s guarantee to see whether this would then be of interest to you. If you do not wish to receive these calls, please contact us by phone, email or post.

We like to be able to keep you up to date with news, offers and promotions, but you can opt out of receiving marketing from us at any time. To do this, you can click the unsubscribe box that appears on the order confirmation page when you place an order, click on the “unsubscribe” link on the bottom of any of our unsolicited marketing emails, or contact our contact centre. It may take a couple of days for all of our systems to update, so bear with us whilst we process your request. Please note, if you submit information but there is an error or delay in processing, we may use the details you've submitted to contact you to complete your order.

If you have requested contact from us we will contact you shortly after you enter your contact details on our site.

If you have asked us to notify you when an out of stock item becomes available, the email will not have an unsubscribe link in it as it is a single email notification. Unsubscribing from marketing will not affect your ability to receive an out of stock notification.

If you get in touch by email or live chat to ask a question about your order or our services, we’ll keep a record of your emails and our responses. This helps us to resolve any problems, and to answer your query quickly and easily if you need to get in touch again. It also helps us to check our advisors have all the training they need to give you the best possible help. Your telephone calls to AO Business may also be recorded for training and regulatory purposes.

We share your information in very limited circumstances set out below:

• where we’re obliged to do so (for example a legal request),
• when we need to work with a third party or core service provider, for example a delivery service, insight companies, marketing communications providers or IT service providers. Each provider is carefully selected, and we’d only pass on the information required for them to perform that service on our behalf; they cannot use your data for any other purpose e.g. their own marketing purposes;
• with our group companies who may provide us with services;
• fraud prevention purposes;
• with our insurance brokers or insurers for claims (or potential claims) purposes;
• social media platforms or internet platforms (this is based on cookies - for more information see cookies)

We’ll never sell your information. We’ll always comply with all relevant data protection legislation (including the General Data Protection Regulation).

We sometimes share anonymised information and analytics with third parties but not in a way that they could identify you as an individual.

We use third party payment service providers which are integrated into our website. When you pay using one of these methods e.g. PayPal, you are redirected to the provider’s portal. Your use of these services are subject to the terms and conditions (and privacy policies) of the payment providers.

AO Business may transfer your personal data outside of the European Economic Area. This will only be as a result of our service providers being based outside of this area e.g. cloud hosting service providers such as Amazon Web Services or Microsoft Azure. We will always ensure that such providers are in a country that has been assessed to provide adequate protection to personal data by the European Commission, or if the service provider signs a contract with us which contains the relevant protections for you; for example, if a company is based in the United States of America and has signed up to the Privacy Shield we may also send personal data to them for the limited purposes referred to above.

We will only keep your personal data for as long as it remains necessary in line with the reason that we collected it from you and to meet any legal requirements (such as resolving a dispute). The time that the personal data is kept for is called the retention period. We retain your personal data relating to the purchase of your products for a period of 10 years after your purchase. This is in line with certain product liability provisions under the Consumer Protection Act 1987.

If you call or message our contact centre with an enquiry (but do not place an order) we will keep your personal data for twelve months.

If you request contact from us via our “contact us” function and do not purchase a product we will keep your information for one month.

If you ask us to notify you about an out of stock item, we will do so if it becomes available within one month of your request.

If you receive marketing emails and SMS from us and have not unsubscribed from these messages we will continue to process your personal data for this purpose for a maximum period of four years. You may ask us to stop processing for this purpose at any time.

You have a set of legal rights in relation to your personal data. These rights are to ensure that you are in control of how your personal data is used by organisations. We have provided a summary of your rights below:

• You have the right to know what personal data we store that relates to you (also known as a subject access request);
• If any personal data is not correct (for example it is old information), you have the right for it to be corrected;
• You have the right to tell us to stop using your personal data for the purpose of sending you direct marketing;
• You have the right to tell us you no longer consent to any processing, which was based on you giving consent;
• You have the right to ask us to no longer process your information on the basis of our legitimate interests. We will stop processing your personal data unless there is a legitimate reason that does not prejudice you.
• You have the right to ask us to erase your personal data where the personal data is no longer necessary for the purpose for which it is collected. The right to erasure is not an absolute right.
• You have the right to ask for an individual to review any decision made using an automated process.

If you would like to exercise any of your rights, please contact us at [email protected].

If you ask us to no longer send you any marketing (by email or SMS) please allow 48 hours for your request to be processed in our system. You can unsubscribe from email and SMS by clicking here. If you ask for us not to call you for marketing purposes, please allow 48 hours for us to action this request.

Creating an account with AO gives you the ability to check out more quickly by allowing us to remember your delivery address and payment information, so you don’t have to re-enter those details every time. You can save a number of addresses and payment options, along with your contact telephone numbers.

We do our part in protecting your account by strongly hashing your password using modern ciphers and cryptographic patterns. Our staff have no way of accessing your password.

In addition, your card details will never be sent, or stored on our platforms. Instead, your details are managed and protected by a dedicated E-commerce credit card payment management company.

It’s important that you also take responsibility for protecting your account information. Make sure your password is suitably complex, don’t share it with others, and try not to use the same one for lots of online accounts. Never send your password by email – we’ll never ask you to do so. We won’t ask you for your password information over the phone; but we can advise you on how to reset it.

It’s a good idea to reset online passwords occasionally, and you can do so through the My Account area. If you think anyone has accessed your account information without your approval, contact us to let us know.

If you are not happy with the way in which we have dealt with your personal data or your enquiries relating to that personal data, it is your right to make a complaint to the data protection regulator. The regulator is the Information Commissioner’s Office. You can find more detail at www.ico.org.uk.

We’re always looking for new ways to improve your shopping experience with us, that’s why we love hearing from you. If you have any questions about how we use your personal data or if you’d like to amend or stop us from processing your data (for marketing purposes), please contact us. You can get in touch by giving our friendly contact centre a call on 0330 058 0021 or you can write to us at our registered office address - 5A Parklands, Lostock, Bolton, BL6 4SD.

We have appointed a Data Protection Officer (DPO). You may contact the DPO by writing to us at the registered office address set out above or by emailing [email protected].

Your privacy is important to us which is why we’ve ensured every part of our site uses secure connections. Look for the green padlock in the address bar and the letters ‘https’, as these should always be present when browsing our site.

We only take orders through web browsers that allow communication through Secure Socket Layer (SSL) technology. There’s no way you can order through an unsecured connection.

To keep you safe, we gain accreditation from the Payment Card Industry (PCI) every year. This third-party certification certifies that we take appropriate precautions to make sure your details are kept safe. This covers everything from ensuring our teams are well trained in the security risks and vulnerabilities today, to implementing security compliant IT solutions. More information regarding this security standard can be found here: https://www.pcisecuritystandards.org/pci_security/

For extra security, you’ll see our checkout uses Verified by Visa, Mastercard SecureCard and American Express Safekey, which safeguards you from unauthorised use of your cards. Once you've registered and created a password with your card issuer, you'll be prompted to provide this each time you check out.

We’re constantly monitoring and testing our IT systems and using the latest technology to identify potential vulnerabilities and attacks to provide a safe and secure shopping environment.

Cookies are small file containing letters and numbers that is stored in your browser or the hard drive of your device and it is used to transfer information.

For more information on how we use cookies see our cookies policy.