SECURITY AND PRIVACY NOTICE
This Privacy and Security Notice explains how we handle the collection, processing, use, and disclosure of your (personal) data*. In this notice you and your refer to the person that personal data relates to, being our customer or any representative of our customer, or being a visitor to our website.
* Personal data means any information relating to an identified or identifiable natural person.
At Office Depot, the fundamental principles related to personal data are followed are:
- We are thoughtful about the (personal) information we ask you to provide and the (personal) information that we collect about you;
- We store (personal) information for only as long as we have a legal basis to keep it;
- We aim to make it as simple as possible for you to control the (personal) information we collect, process and disclose of you; and.
- We aim to be fully transparent on how we collect, use, and share your personal information.
2. Who are we?
Office Depot is a group of companies with a European headquarters in Venlo, the Netherlands. Office Depot is data controller with regard to the processing of personal data as defined in the General Data Protection Regulation. For further information please visit http://eur-lex.europa.eu/. When we mention Office Depot in this policy, we are referring to the separate and distinct legal entities that make up the Office Depot Group of companies. Which of the Office Depot Companies controls your personal information depends on the country in which your account is managed. The companies which make up the Office Depot Group currently are:
- Office Depot Europe, Columbusweg 33, Venlo, Netherlands
- Office Depot Deutschland GmbH, Linus-Pauling-Straße 2, 63762 Großostheim
- Office Depot GmbH, Sägestraße 50-52, 5600 Lenzburg
- Office Depot UK Ltd, 501 Beaumont Leys Lane, Leicester, Leicestershire, LE4 2BN
- Office Depot, Unit 35 Rosemount Business Park, Ballycollin, Blanchardstown, Dublin 11, Republic of Ireland
- Office Depot France SNC, 126 Avenue du Poteau 60300 Senlis
- Office Depot SL, Rotonda Rene Decartes, Parcela 101. Nave 3, 28806, Alcala de Henares, Madrid
- Office Depot Italia SR, Centro Direzionale Milanofiori, Palazzo E Scala 3-4, 20090 Assago (MI)
- Office Depot Svenska AB, Telegrafgatan 4, Box 3132, 169 03 Solna
- Office Depot International BVBA/SPRL, Antwerpen Harmonie, Lange Lozanastraat 142, 2018 Antwerpen, Belgium
3. The information we collect *¹
Office Depot collects (personal) information when you register with us or place an order. We also collect (personal) information e.g. when you voluntarily complete customer surveys, provide feedback, participate in competitions from our site(s) and when you may be requested to provide some or all of the following information:
- Your name;
- Your E-mail address;
- Your mailing/postal address;
- Your delivery address;
- Your telephone number; and
- Your contact details.
We may also collect certain non-personal information including:
- The type of browser you are using;
- The type of operating system; and
- The domain name of your Internet service provider.
4. Our legal basis for processing your personal information
Whenever we process your personal information we have a legal basis for what we do. The different legal bases we rely on are:
- Consent: You have told us you are happy for us to process your personal information for a specific purpose;
- Legitimate interests: The processing is necessary for us to conduct our business, but not where our interests are overridden by your interests or rights.
- Performance of a contract: We must process your personal information in order to be able to provide you with one of our products or services;
- Prevention of fraud: Where we are required to process your data in order to protect us and our customers from fraud or money laundering;
- Public information: Where we process personal information which you have already made public;
- Legal claims: The processing of your personal information is necessary for the establishment, exercise or defence of legal claims or whenever courts are acting in their judicial capacity; and
- Legal obligation: We are required to process your personal information by law.
5. How we use the information
The (personal) data collected about you will be processed, used and stored and used only for the indicated purpose(s), including to:
- Manage your account;
- Process and execute your order;
- Payment process;
- Personalization of the website;
- Deliver products based on your interests;
- Improve the quality of our products and develop new ones;
- Analyse trends; and
- Improve of site design and security.
6. Our service providers
Office Depot may engage subcontractors, partners and suppliers to provide the product and services. These third parties process your (personal) information on our behalf and are required to meet our security and privacy standards. These third parties include:
- Logistics and delivery providers;
- Payment service providers;
- Partners that provide insights and analytics services;
- Advertising companies;
- Credit Reference Agencies who may share your data with other organisations to make credit decisions (CRAIN)
- Security and fraud prevention companies to ensure the safety and security of our customers, suppliers and employees; and
- Partners which run our customer service centers.
Office Depot will not share any of your information with companies outside our group unlawfully.
7. How we protect your (personal) data
We are dedicated to protect your (personal) data and the systems it is held in. We have defined and implemented adequate technical and organisational measures against any unauthorised access, unlawful use, accidental loss, corruption or destruction. This way, we are confident that your (personal) data will be processed on a strictly ‘need to know basis’, when and where appropriate and necessary. As we are fully aware threats evolve and diversify and we wish to sustain your trust throughout the years, we regularly review and update our security measures and infrastructure, with a view to mitigate operational risks and maintain our security programs up to the latest industry-accepted standards and best practices. 8. International transfers of your (personal) data Please be informed that we might transfer and process any (personal) data you provide to us to countries other than your country of residence. The laws of these countries may not afford the same level of protection to your (personal) data. We will therefore seek to ensure that all adequate safeguards are in place and that all applicable laws and regulations are complied with in connection with such transfer. More in particular for data transferred from the EU to countries outside the EU, we will use Intra Group Data Transfer Agreements based on EU Model Clauses.
We will take reasonable steps to ensure that your (personal) data are properly secured using appropriate technical, physical, and organizational measures, so that they are protected against unauthorized or unlawful use, alteration, unauthorized access or disclosure, accidental or wrongful destruction, and loss. Your (personal) data will be retained for as long as required for the above purposes or in so far as such is necessary for compliance with statutory obligations and for solving any disputes.
10. Data retention
We retain your (personal) data for as long as required to perform the purpose for which they were collected and used (for example, for the time necessary for us to send you the newsletters you subscribed to, to provide you with customer service, answer queries, etc.), unless a longer period is necessary for our legal obligations or to defend a legal or financial claim.
11. Your rights*²
You have a number of rights under data protection legislation which, in certain circumstances, you may be able to exercise in relation to the personal information we process about you; These include:
- the right to access a copy of the personal information we hold about you;
- the right to correction of inaccurate personal information we hold about you;
- the right to restrict our use of your personal information;
- the right to be forgotten;
- the right of data portability; and
- the right to object to our use of your personal information.
Where we rely on consent as the legal basis on which we process your personal information, you may also withdraw that consent at any time. Please note that we will need to verify your identity before we can fulfil any of your rights under data protection law. This helps us to protect the personal information belonging to our customer against fraudulent requests. The following link will take you to the subject access request form if you would like to exercise one of your rights as set out above. http://sar.officedepot.eu *² Viking Direct Insurance Services access requests are handled directly by the Insurance Factory Ltd. If you have any questions or want to exercise any of your data rights please contact the Data Protection Officer at: Data Protection Officer, Distinct Business Insurance, 45 Westerham Road, Bessels Green, Sevenoaks, Kent, TN13 2QB.
12. Cookies and similar technologies
What are Cookies? A cookie is a piece of data, a text file with anonymous information that includes a unique user identification and website name. Tracking technologies such as cookies, beacons, tags and scripts may be used for analysing trends. For further information please be referred to the Cookie Notice. https://www.viking-direct.co.uk/en/cookies
13. Other websites
This Security and Privacy Notice only applies to this website. Our websites contain links to other websites. Please note that Office Depot is not responsible and assumes no liability for the content of external websites even if links refer to them.
14. How to Opt out of receiving a newsletter
When registering for the newsletter, your e-mail address and, if applicable, your name will be used for Office Depot own advertising purposes until you unsubscribe from the newsletter. To opt-out scroll to the bottom of the email newsletter and click on ‘unsubscribe from this list’ clicking the unsubscribe link. If you wish to be removed from our mailing at any time please contact our Customer Service Department by phone, email or the chat function.
15. Complaints *³
If Data Subjects have a concern or intend to complain to Office Depot about how their Personal Data has been processed or appeal against any decision, they can reach out to the Data Protection Office by using the email address email@example.com or lodge a complaint with a supervisory authority. *³ Viking Direct Insurance Services complaints should be raised by telephone on 0121 296 3100. Alternatively, please write to us at: Customer Experience Team, Viking Direct Insurance Services, Haden House, Unit 16 Waterfall Trading Estate, Waterfall Lane, Cradley Heath, B64 6PU. 16. How to contact us You can contact our Data Protection Officer via:
or write to us at:
Office Depot Columbusweg 33 5928LA Venlo Netherlands.
This document is amended from time to time. Venlo, 7 May 2020.