Retailer Login

Privacy - Mica DIY Ltd

Website Privacy Policy

Online Data Collection & Cookies

Email address and other information as volunteered to Mica by users will be collected, retained and disposed of in accordance with the GDPR, of which the policy is explained in our Privacy Notice (below). No users will not receive marketing communications unless they have expressly opted in.

This site uses some unobtrusive cookies to store information on your computer. Some cookies on this site are essential, and the site won’t work as expected without them. These cookies are set when you submit a form, login or interact with the site by doing something that goes beyond clicking on simple links.

We also use some non-essential cookies to anonymously track visitors or enhance your experience of the site. If you’re not happy with this, we won’t set these tracking cookies but some nice features of the site may be unavailable.

Information from tracking Cookies is anonymous and used by us to understand how our site is used and to improve the perfomance of the site for visitors. This information is not used for mailing purposes.

To control third party cookies, you can also adjust your browser settings.

As a condition of use of our website, all users give permission for Mica Hardware© to use its access logs to attempt to track users who are reasonably suspected of gaining or attempting to gain unauthorised access.

General Privacy Notice


Mica DIY Ltd (Mica) is a Co-operative Group of Independent Hardware, DIY & Garden retailers from across the United Kingdom. We understand the importance of looking after the data (and especially the personal data) we collect from our retailers members, preferred suppliers, third party partners, retailers customers and colleagues.

It is important that this information is handled lawfully and appropriately in line with the requirements of the General Data Protection Regulation (collectively referred to as the ‘Data Protection Requirements’).

Mica is a controller of personal data provided to us, but our core activities do not involve large scale data monitoring or processing. Our registered address is 225 Bristol Road, Edgbaston, Birmingham, B5 7UB, we can also be contacted via our website contact us button (

We may share personal data we hold with any appropriate member of our group, which means our co-operative shareholders and their subsidiaries, our ultimate holding company etc, as defined in section 1159 of the UK Companies Act 2006.

We take our data protection duties seriously, because we respect the trust that is being placed in us to use personal information appropriately and responsibly.

Processing for Limited Purposes

In the course of our business, we may collect personal data such as set out in the ‘Information we collect’ section. This may include data we receive directly from a data subject (for example, by completing forms or by corresponding with us by mail, phone, email or otherwise) and data we receive from other sources (including, for example, location data, business partners, sub-contractors in technical, payment and delivery services, credit reference agencies and others).

We will only process personal data for the specific purposes set out in the ‘information we process’ or other purposes specifically permitted by the Data Protection Requirements.

Your Privacy

Your privacy is protected by the law, specifically the GDPR regulation. This states that we may only use personal information if we have a valid reason to do so.

There are six lawful grounds for data processing, but we will only process your data where (at least) one of the following four relevant grounds applies:

  1. It is our legal duty to do so
    (for example a request by HMRC)
  2. We have a contract with you that requires or allows us to do so
    (for example a supplier agreement or membership application form)
  3. Where it is in our legitimate business interest to do so
    (for example direct mail updates to Membership on Co-operative developments)
  4. Where you have expressly consented to it
    (for example anyone who have requested to receive marketing material from Mica)

Information We Collect

We may collect personal data, such as names, email addresses, mobile numbers of individuals associated with a potential or actual Mica Member or supplier from any of the following sources:

  • Membership application forms
  • Reference forms / responses
  • Directorship paperwork
  • Supplier contracts
  • Event booking forms
  • Sales, purchase and financial data

We may also collect information from these parties plus the general public from the following sources:

  • Via email, website contact form or social media
  • On the telephone, to the Mica offices or Mica staff
  • When you visit our website
  • In person at Mica Head Office, or during an instore visit or at a Mica event
  • Publicly accessible information (such as information on third party websites)
  • Purchased marketing lists
  • Job application forms & followup paperwork
  • Mailing list sign up forms

We also hold personal and financial information with respect to employees of Mica DIY Ltd.

We may also on infrequent occasions be required to collect sensitive information, such as dietary or access requirements for attendees of a Mica event.

Information We Process

As previously stated Mica must have a legitimate reason to process your data which is either legal, contracted, in legitimate interests of Mica or with expressed consent. This section provides a summary of those reasons we may process your data, we have summarised under a series of headings, although some items may apply in more than one category


  • To produce and carry out marketing campaigns
  • To respond to enquiries received by Mica
  • To make and receive payments
  • To update any party of a change to our business or terms and conditions
  • To carry out requirements of our co-operative constitution, such as notification of director elections
  • To send invitations to Mica events
  • To carry out market research

Retailer Members

  • To setup and manage the membership of a retailer
  • To check an individual or businesses credit worthiness
  • To offer credit terms to an individual or business
  • To enable the use by our membership of our preferred products and services providers
  • To provide the membership with information and updates regarding Mica
  • To collect monies owed and recover debts
  • To supply information regarding suppliers to our membership
  • To provide support with the use of our products and services

Supplier Partners

  • To setup and manage the preferred status of a product supplier/wholesaler
  • To setup and manage the preferred status of a service provider
  • To supply necessary and approved data regarding members to preferred supplier partners
  • To provide information and updates regarding Mica

Information We Share

Mica treats the personal information it holds as private and confidential, however there are limited occasions where we may share certain information outside of our co-operative:

  • Where you have expressly consented
  • Where contracts or agreements state we may or should do so
  • For events to ensure your requests such as room or food requirements can be met
  • Where a third party agency or business holds data securely on our behalf (such as Paypal or our Website providers)
  • Where authorities’ such as HMRC, the police or other government bodies require it


We will retain different personal data for different time periods to allow the correct functioning of the business, within the law. A summary of these time periods is as follows:

  • Customer volunteered marketing data – upon a request opt out of the mailing list, usually within 3 working days
  • General enquiries – for two years after receipt of final communication
  • Events information – for two years after the event concludes
  • Employee information – for seven years after employee leaves
  • All financial records – for seven years after the transaction
  • Supplier partnership information – for five years after partnership is ended
  • Membership application information – for ten years after membership concludes

Your Rights

Anyone who we collect the personal data of has the right to:

  1. Request the purpose (or purposes) for which we intend to process that personal data, as well as the legal basis for the processing.
  2. Be informed of any third parties outside the Co-operative, if any, with which we may share or disclose that personal data.
  3. Be informed about the period that their information will be stored or the criteria used to determine that period.
  4. Request from us (as the controller) access to/erasure of personal data or restriction of processing, as well as their right to data portability.
  5. Limit our use and disclosure of that personal data, and withdraw their consent to hold or process this data in part or full without affecting the lawfulness of the processing before the consent was withdrawn.
  6. As a last resort lodge a complaint with the Information Commissioners Office.

As a business we do not currently or plan to in the future transfer personal data to a non-EEA country or international organisation, but if we did the appropriate and suitable safeguards would be put in place. We do not carry out automated decision-making.

Data Requests

Individuals seeking to discover the personal information we hold must make a formal request. When receiving telephone enquiries, we will only disclose personal data we hold on our systems if we can confirm the caller’s identity to make sure that information is only given to a person who is entitled to it. If not, the caller will be asked to put their request in writing.

Where a request is made electronically, data will be provided electronically where possible.

Data Breaches

Should we become aware or suspect personal data has been accidentally or maliciously shared with unapproved third parties, we will report the incident to the Information Commissioners Office within three working days and inform those affected as soon as is practically possible.