Privacy Policy

GDPR Privacy Policy ( Customers)

Smiffys II, trading as Smiffys (“we”, “us” or “our”) is committed to protecting your privacy and meeting its data protection obligations under the General Data Protection Regulation (“GDPR”).

This Privacy Policy (together with our Terms of Use (

and any other documents referred to in it) (“Policy”) sets out the basis on which any personal data we collect from or about you, as a result of your use of our website (“our website”) or when you communicate with us in person, by telephone, email or post will be processed by us.

This Policy only applies to our use of ‘personal data’ about ‘data subjects’ (as defined by data protection law) which includes personal data relating to our customers and prospective customers who are consumers (“you” or “your”).

We will be the data controller of your personal data which you provide, or which is collected by us via our website or when you communicate with us by telephone, email or post. This means that we are responsible for deciding how we hold and use personal information about you and that we are required to notify you of the information contained in this Policy. It is important that you read this Policy so that you are aware of how and why we are using such information and how we will treat it.

You can contact us using the details provided at the end of this Policy in the “Contacting Us” section.


We will collect various types of personal information from you when use our website and when you communicate with us in person, via telephone, post and email. Further details of the personal data we collect and how we use it are set out below.

In this section, we have indicated with asterisks whether we need to process your personal data:

  • * = to enter into and/or perform our contract with you to provide the products or services you request from us;
  • ** = to pursue legitimate interests of our own or of third parties, provided your interests and fundamental rights do not override those interests;
  • *** = to enable us to comply with our legal obligations; and/or
  • ****= with your consent.

When you open an account with us

You will need to complete our “Register with us” form ( and we will collect the following details:

  1. Name
  2. Email Address
  3. Telephone (optional)

In the “My Dashboard” feature you have the option of adding a default billing and default shipping address. We will use this information to create and administer your account with us**.

When you contact us

When you use the form on our website to contact us (, we will collect the following details:

  • Name
  • Email Address
  • Telephone Number
  • Your order number, subject and details of your enquiry

When you contact us by telephone, email or post, we will need to collect from you your Name, email address and order number (if query relates to a specific order), to allow us to locate your account, order and deal with your enquiry, together with any information you provide us with.

We will only use this information for the purpose of responding to and, to the extent possible, dealing with your enquiry**.

When you make a purchase on our Website

When you make a purchase on our website we will collect the following details:

  1. First & Last Name
  2. Billing Address & Postcode
  3. Delivery Address & Postcode
  4. Phone Number

Card Payment Details (name, card number, expiry date, CVV) which are provided via the website to our payment processing provider Stripe

Other Uses of our website

We will also process personal information about you to:

  • process your order, take payment, arrange delivery, keep records of payments and carry out analysis for financial purposes*/**;
  • allow you to participate in interactive features of our service, when you choose to do so*/**;
  • allow you to access offers and promotions or enter competitions via our website provided by third parties**;
  • provide you with information about our products, offers, events or promotions we feel may interest you where permitted by law**/****;
  • notify you about changes to the services provided through our website**;
  • ensure that content from our website is presented in the most effective manner for you and your device**;
  • personalise our website to you and provide you with targeted offers**; and
  • deal with any queries, complaints or claims made by you**/***.

Automatic Personal Data Collection

When you visit our website we will automatically collect technical information relating to the operating system, platform and device you use via behavioural cookies as is detailed further in our Cookie Policy.

We will use the above information in order to:

  • to administer our website and for internal operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes to comply with our legal obligations**/***;
  • to improve our website to ensure that content is presented in the most effective manner for you and for your computer / device**; and
  • as part of our efforts to keep our website safe and secure to comply with our legal obligations**/***.

We will not carry out any solely automated decision-making using your personal data.

Change of Purpose

We will only use your personal information for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If we need to use your personal information for an unrelated purpose, we will usually notify you and we will explain the legal basis which allows us to do so.


We will share your data with the following categories of companies in order to provide our services to you, as set out in this statement:

Companies that we need to use, in order to get your purchases to you, such as delivery and logistics companies, and payment service providers.

Professional service providers, that help us with important functions such as IT services, accounting services, marketing, advertising, and hosting our website, and those that help us run our business.

Government bodies including tax authorities, law enforcement and fraud prevention agencies, to help fight fraud.

We will also disclose your personal information to third parties:

  • in the event that we sell or buy any business or assets, in which case we will disclose your personal data to the prospective seller or buyer of such business or assets;
  • if Smiffys II T/A Smiffys or substantially all of its assets are acquired by a third party, in which case personal data held by it about its customers will be one of the transferred assets; and/or
  • if we are under a duty to disclose or share your personal data in order to comply with any legal obligation, or in order to enforce or apply our Terms and Conditions and other agreements; or to protect the rights, property, or safety of our company our customers or others.

Some of our service providers detailed above may be based outside of the European Economic Area or may transfer or allow access to personal data outside of the European Economic Area. Countries located outside the EEA are not governed by European Union (EU) data protection laws. However, your personal information will be protected by the safeguards required by EU data protection laws.

Details of the non-EEA countries which your personal data may be processed in and the safeguards in place (including how to obtain a copy of them) may be obtained by contacting us using the details below.



We will only keep your personal data for as long as we need to in order to fulfil the relevant purpose(s) it was collected for, as set out above in this Policy, and for as long as we are required to keep it for legal purposes. If you are a customer, we will keep your personal data for seven years from the date from which it is no longer needed by us for the purposes listed above for legal and tax purposes.

Please note that your credit and debit card details collected and processed by our payment processing service provider Stripe Payments Europe, Ltd (“Stripe”).

Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access, such as password protection, access controls, firewalls, encryption and anti-virus protection. Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our website; any transmission is at your own risk.

It is important that the personal information we hold about you is accurate and current. Please keep us informed if your personal information changes during your relationship with us.


Data protection laws provide you with the following rights to:

  • request access to your personal information (commonly known as a “data subject access request”). This enables you to receive a copy of the personal information we hold about you and to check that we are lawfully processing it;
  • request correction of the personal information that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected;
  • request erasure of your personal information. This enables you to ask us to delete or remove personal information where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal information where you have exercised your right to object to processing (see below);
  • request the restriction of processing of your personal information. This enables you to ask us to suspend the processing of personal information about you, for example if you want us to establish its accuracy or the reason for processing it;
  • transmit personal data you submitted to us back to you or to another organisation in certain circumstances; and
  • complain to the supervisory authority, which in the United Kingdom is the Information Commissioner’s Office.

You also have the right to object to the processing of your personal information where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground. You also have the right to object where we are processing your personal information for direct marketing purposes.

You will not have to pay a fee to access your personal information (or to exercise any of the other rights above). However, we may charge a reasonable fee if your request for access is clearly unfounded or excessive. Alternatively, we may refuse to comply with the request in such circumstances.

We may need to request specific information from you to help us confirm your identity and ensure your right to access the information (or to exercise any of your other rights). This is another appropriate security measure to ensure that personal information is not disclosed to any person who has no right to receive it.

If we rely on your consent to process your personal data, (for example if we need your consent to send you direct marketing), you have the right to withdraw your consent for that specific processing at any time. To withdraw your consent, please contact us using any of the details set out below in the “Contacting Us” section. Once we have received notification that you have withdrawn your consent, we will stop processing your information for the purpose(s) you originally agreed to, unless we have legal basis for doing so.


Any changes we make to our Policy in the future will be posted on this page and, where appropriate, notified to you by e-mail. Please check back frequently to see any updates or changes to our Policy.


If you have any queries, comments or requests regarding this Policy or you would like to exercise any of your rights set out above, you can contact us in the following ways:

  • by email to our Legal Department at;
  • by telephone at +44 (0) 1427 619799- please ask to speak with the Legal Department; or
  • by post at Central Park, New Lane, Leeds, LS11 5DZ


In order to be able to offer you Klarna’s payment options, we will pass to Klarna certain aspects of your personal information, such as contact and order details, in order for Klarna to assess whether you qualify for their payment options and to tailor the payment options for you.

General information on Klarna can be found on their website. Your personal data is handled in accordance with applicable data protection law and in accordance with the information in Klarna’s privacy policy.