Retailer Login

Article : GDPR Compliance

Date: Thursday 17th May, 2018

With the introduction of GDPR, Mica has published a new public Privacy Notice, setting out the rights of our Members, Suppliers and Consumers, as well as our responsibilities with regards to all personal data. A copy is included in this article, and a fully formatted version can be found under the Privacy Policy link at the bottom of this page.

Our new policy details the laws restricting the data we can obtain and retain, the data we collect and how we then process it. It also covers the retention of our data and the occasions we may share it with third parties. It covers your rights as to that data, including the right to view or delete data we hold.

General Privacy Notice


Mica DIY Ltd (Mica) is a Co-operative Group of Independent Hardware, DIY & Garden retailers from across the United Kingdom. We understand the importance of looking after the data (and especially the personal data) we collect from our retailers members, preferred suppliers, third party partners, retailers customers and colleagues.

It is important that this information is handled lawfully and appropriately in line with the requirements of the General Data Protection Regulation (collectively referred to as the ‘Data Protection Requirements’).

Mica is a controller of personal data provided to us, but our core activities do not involve large scale data monitoring or processing. Our registered address is Unit 15, Whitebridge Estate, Stone, Staffordshire, ST15 8LQ and we can also be contacted via our website contact us button (

We may share personal data we hold with any appropriate member of our group, which means our co-operative shareholders and their subsidiaries, our ultimate holding company etc, as defined in section 1159 of the UK Companies Act 2006.

We take our data protection duties seriously, because we respect the trust that is being placed in us to use personal information appropriately and responsibly.
Processing for Limited Purposes

In the course of our business, we may collect personal data such as set out in the ‘Information we collect’ section. This may include data we receive directly from a data subject (for example, by completing forms or by corresponding with us by mail, phone, email or otherwise) and data we receive from other sources (including, for example, location data, business partners, sub-contractors in technical, payment and delivery services, credit reference agencies and others).

We will only process personal data for the specific purposes set out in the ‘information we process’ or other purposes specifically permitted by the Data Protection Requirements.

Your Privacy

Your privacy is protected by the law, specifically the GDPR regulation. This states that we may only use personal information if we have a valid reason to do so.

There are six lawful grounds for data processing, but we will only process your data where (at least) one of the following four relevant grounds applies:

It is our legal duty to do so
(for example a request by HMRC)
We have a contract with you that requires or allows us to do so
(for example a supplier agreement or membership application form)
Where it is in our legitimate business interest to do so
(for example direct mail updates to Membership on Co-operative developments)
Where you have expressly consented to it
(for example anyone who have requested to receive marketing material from Mica)

Information We Collect

We may collect personal data, such as names, email addresses, mobile numbers of individuals associated with a potential or actual Mica Member or supplier from any of the following sources:

Membership application forms
Reference forms / responses
Directorship paperwork
Supplier contracts
Event booking forms
Sales, purchase and financial data

We may also collect information from these parties plus the general public from the following sources:

Via email, website contact form or social media
On the telephone, to the Mica offices or Mica staff
When you visit our website
In person at Mica Head Office, or during an instore visit or at a Mica event
Publicly accessible information (such as information on third party websites)
Purchased marketing lists
Job application forms & followup paperwork
Mailing list sign up forms

We also hold personal and financial information with respect to employees of Mica DIY Ltd.

We may also on infrequent occasions be required to collect sensitive information, such as dietary or access requirements for attendees of a Mica event.
Information We Process

As previously stated Mica must have a legitimate reason to process your data which is either legal, contracted, in legitimate interests of Mica or with expressed consent. This section provides a summary of those reasons we may process your data, we have summarised under a series of headings, although some items may apply in more than one category:


To produce and carry out marketing campaigns
To respond to enquiries received by Mica
To make and receive payments
To update any party of a change to our business or terms and conditions
To carry out requirements of our co-operative constitution, such as notification of director elections
To send invitations to Mica events
To carry out market research

Retailer Members

To setup and manage the membership of a retailer
To check an individual or businesses credit worthiness
To offer credit terms to an individual or business
To enable the use by our membership of our preferred products and services providers
To provide the membership with information and updates regarding Mica
To collect monies owed and recover debts
To supply information regarding suppliers to our membership
To provide support with the use of our products and services

Supplier Partners

To setup and manage the preferred status of a product supplier/wholesaler
To setup and manage the preferred status of a service provider
To supply necessary and approved data regarding members to preferred supplier partners
To provide information and updates regarding Mica

Information We Share

Mica treats the personal information it holds as private and confidential, however there are limited occasions where we may share certain information outside of our co-operative:

Where you have expressly consented
Where contracts or agreements state we may or should do so
For events to ensure your requests such as room or food requirements can be met
Where a third party agency or business holds data securely on our behalf (such as Paypal or our Website providers)
Where authorities’ such as HMRC, the police or other government bodies require it


We will retain different personal data for different time periods to allow the correct functioning of the business, within the law. A summary of these time periods is as follows:

Customer volunteered marketing data – upon a request opt out of the mailing list, usually within 3 working days
General enquiries – for two years after receipt of final communication
Events information – for two years after the event concludes
Employee information – for seven years after employee leaves
All financial records – for seven years after the transaction
Supplier partnership information – for five years after partnership is ended
Membership application information – for ten years after membership concludes

Your Rights

Anyone who we collect the personal data of has the right to:

Request the purpose (or purposes) for which we intend to process that personal data, as well as the legal basis for the processing.
Be informed of any third parties outside the Co-operative, if any, with which we may share or disclose that personal data.
Be informed about the period that their information will be stored or the criteria used to determine that period.
Request from us (as the controller) access to/erasure of personal data or restriction of processing, as well as their right to data portability.
Limit our use and disclosure of that personal data, and withdraw their consent to hold or process this data in part or full without affecting the lawfulness of the processing before the consent was withdrawn.
As a last resort lodge a complaint with the Information Commissioners Office.

As a business we do not currently or plan to in the future transfer personal data to a non-EEA country or international organisation, but if we did the appropriate and suitable safeguards would be put in place. We do not carry out automated decision-making.

Data Requests

Individuals seeking to discover the personal information we hold must make a formal request. When receiving telephone enquiries, we will only disclose personal data we hold on our systems if we can confirm the caller’s identity to make sure that information is only given to a person who is entitled to it. If not, the caller will be asked to put their request in writing.

Where a request is made electronically, data will be provided electronically where possible.

Data Breaches

Should we become aware or suspect personal data has been accidentally or maliciously shared with unapproved third parties, we will report the incident to the Information Commissioners Office within three working days and inform those affected as soon as is practically possible.

Website Privacy Policy

Online Data Collection & Cookies

Email address and other information as volunteered to Mica by users will be collected, retained and disposed of in accordance with the GDPR, of which the policy is explained in our Privacy Notice (below). No users will not receive marketing communications unless they have expressly opted in.

This site uses some unobtrusive cookies to store information on your computer. Some cookies on this site are essential, and the site won’t work as expected without them. These cookies are set when you submit a form, login or interact with the site by doing something that goes beyond clicking on simple links.

We also use some non-essential cookies to anonymously track visitors or enhance your experience of the site. If you’re not happy with this, we won’t set these tracking cookies but some nice features of the site may be unavailable.

Information from tracking Cookies is anonymous and used by us to understand how our site is used and to improve the perfomance of the site for visitors. This information is not used for mailing purposes.

To control third party cookies, you can also adjust your browser settings.

As a condition of use of our website, all users give permission for Mica Hardware© to use its access logs to attempt to track users who are reasonably suspected of gaining or attempting to gain unauthorised access.

« Return To Index