Privacy & cookies


Our Privacy Promise

We promise that we will collect, use, process and store your data properly and securely. We will:

  • Use and maintain your personal data in accordance with all applicable legal requirements
  • Inform you about what data we collect about you and how we use it
  • Ensure that the privacy of your data is maintained
  • Honour your legal rights in respect of personal data which we hold

We will not sell your data or transfer it outside of the Dunelm Group to anyone to use for their own marketing purposes.

This Privacy Policy explains what personal data we collect about you, how and why we use it, who we disclose it to, and how we protect your privacy.

Who is responsible for your data

Our Privacy Policy applies to the personal data that Dunelm collects and uses. This policy applies to all data that we acquire about you, whether you visit our stores, visit our websites using any device, or contact us by telephone, email or social media.

References in this Privacy Policy to “Dunelm”, “we”, “us” or “our” mean Dunelm (Soft Furnishings) Limited (a company registered in England and Wales with registration no 2129238 and registered office at Store Support Centre, Watermead Business Park, Syston, Leicester, LE7 1AD). We are the “data controller” for the purposes of the UK Data Protection Act 1998, the General Data Protection Regulation 2016, and other applicable data protection legislation.

We are part of a corporate group of companies (“our Group”), which includes Dunelm Group plc (a company registered in England and Wales with registration no 4708277 and registered office at Store Support Centre, Watermead Business Park, Syston, Leicester, LE7 1AD).

Personal data we collect about you

When using the term “personal data” in our Privacy Policy, we mean information that relates to you and allows us to identify you, either directly or in combination with other information that we may hold. Your personal data may include for example your name, your contact details, information relating to your order, information on how you use our website or you interact with us.

We collect some personal data from you, for example when you register on our website or buy products from us, when you agree to receive e-receipts, when you use our website, enter competitions or sign up to receive our newsletter, when you visit our stores, buy our goods, use our services or contact us. We may also receive your personal data from our suppliers who provide services to you on our behalf (for example when you provide feedback on our goods or services).

For more information on the parties who may share your personal data with us, please see below.

Categories of data we collect

We may collect and process the following categories of information about you:

Your name and surname and your account details (email address, telephone number and postal address, date of birth, password, your interests, preferences, feedback and survey responses, your location). When you create an account on our website

When you order products for home delivery

When you enter a competition or sign up to receive our newsletter

When you elect to receive e-receipts

When you are shopping in our stores

When you send us feedback or enter a review on a third party site
Information about your order and any products and services that you buy from us. This information may include your payment card details. When you buy products or services from us, or contact us in respect of your purchase.
Information about your health, if you have a medical condition. If you have an accident in our premises and we record this in our accident records. Also if you make a legal claim against us.
CCTV pictures of you When you visit one of our stores or one of our other sites.
The communications you exchange with us (for example, your emails, letters, calls, or your messages on our online chat service). We may record telephone conversations when you contact us by telephone. When you contact Dunelm or you are contacted by Dunelm
Your posts and messages on social media directed to Dunelm When you interact with us on social media
Your feedback When you reply to our requests for feedback or participate in our customer surveys
Information about what you buy in our stores, and how you use our website When you navigate on our website

Sensitive personal data

In the course of providing products and services to you, or when you visit our stores, we may collect information that could reveal your racial or ethnic origin, physical or mental health, religious beliefs or alleged commission or conviction of criminal offences. Such information is considered “sensitive personal data” under data protection laws. We only collect this information where you have given your explicit consent, it is necessary, or you have deliberately made it public.

Our websites are not intended for children (aged below 16). If we collect data relating to children (for example names, dates of birth, photographs) we will always ask for consent from an adult over the age of 18.

How and why we use your personal data

We use your personal data for the following purposes:

To manage your purchases and provide our services to you

When you visit our stores or order goods or services from us, we use your information to process appointment bookings, complete your order, to process your payment, to deliver goods to you, to process returns and refunds, and to deal with any queries you have.

Legal basis for this use: To fulfil our contractual obligations.

To communicate with you and manage our relationship with you

Occasionally we may need to contact you by email and/or telephone /SMS for administrative or operational reasons, for example in order to send you confirmation of your order bookings and your payments, to inform you about delivery of your order, or to advise of delays, or to provide you with policy updates or details of product recalls.

Please be aware that these communications are not made for marketing purposes and as such, you will continue to receive them even if you opt-out from receiving marketing communications.

We will also use your personal data if we contact you after you have sent us a request, filled in a web-form through our website or contacted us on social media.

We may also use it to verify your identity or for other security reasons.

Legal basis for this use: To fulfil our contractual obligations.

Your opinion is very important to us, so we may send you an email or SMS to seek your feedback.

We will use the communications you exchange with us and the feedback you may provide in order to manage our relationship with you as our customer and to improve our services and experiences for customers.

Legal basis for this use: For our legitimate interests, to improve our goods and services to you and other customers.

To personalise and improve your customer experience

We may use your personal data in order to tailor our services to your needs and preferences and to provide you with a personalised customer experience. To do so, we use software and other technology (automated processing). For example, we may collect information on how you use our website, which pages of our website you visit most, which products you search for and what products you buy, in order to understand what you like. We may use this information to tailor the content and offers that you see on our website and, if you have agreed to receiving marketing communications, to send you relevant messages that we think you like.

If you are in the process of placing an order under your account and you leave our website before your order has been placed, we may contact you in order to help you easily complete your order.

Legal basis for this use: For our legitimate interests, to improve our goods and services for you and other customers. You may opt out of receiving marketing communications at any time.

To inform you about our news and offers that you may like

If you are happy to receive marketing communications, we will provide you with news from us such as new products and services that you may be interested in or offers that you may like. This may include information about products and services from any of our brands ( eg Dunelm, Dorma). Please note that we do not share your contact details and other personal data with other companies so that they can market their own products and services to you.

Web Banner Advertising

If you visit our websites, you may receive personalised banner advertisements whilst browsing other websites. Any banner advertisements you see will relate to products you have viewed whilst browsing our websites on your computer or other devices. These advertisements are provided by Dunelm via our trusted partners using ‘cookies’ placed on your computer or other devices (see further information on the use of cookies in our Cookie Policy). You can remove or disable cookies at any time - see below for further information.

Legal basis for this use: For our legitimate interests, to improve the goods and services that we offer to you.

To improve our services, fulfil our administrative purposes and protect our business interests

The business purposes for which we will use your information include accounting, billing and audit, credit or other payment card verification, fraud screening, safety, security and legal purposes, systems testing, colleague training, maintenance and development.

Legal basis for this use: For our legitimate interest, to ensure the proper administration, security and safety of our business for ourselves and our customers; to make our business more efficient; to improve the goods and services which we offer to our customers.

To comply with our legal obligations, for example, our obligation to provide your information to government or law enforcement agencies, or to maintain records of our business transactions.

Legal basis for this use: to comply with our legal obligations

To combat fraud, for the detection or prevention of crime, or to protect our legal rights, for example we may use CCTV images to help us or enforcement authorities to identify individuals who have broken the law, or to pursue our legal rights or defend ourselves against legal or regulatory action.

Legal basis for this use: where relevant, to comply with our legal obligations. In other circumstances: to protect our legitimate interests in pursuing our legal rights or defending ourselves against legal or regulatory action.

Your rights in respect of your personal data

Lawful bases for processing data

  • We will only collect and process personal data about you where we have a lawful reason to do so (referred to below as “lawful bases”). Lawful bases include:
  • Where we need to process your data to enter into or perform our contract with you – for example to process a card payment or deliver goods to you.
  • Where necessary for us to comply with a legal obligation – for example if we are required to disclose your data by a court order.
  • Where needed to protect our vital interests, or that of a third party – for example if you have an accident in store and we have to call the emergency services and disclose your name and medical details.
  • Where we have a legitimate interest to do so, and these interests are not overridden by your interests or fundamental rights and freedoms. For example, we may process your personal data to:
  • Protect you, us, or others from threats (such as security threats or fraud)
  • Enable or administer our business, such as for quality control, consolidated reporting, and customer service
  • Send you news and information about our products and services that may interest you (you can opt out of this at any time)
  • Help us to provide a better service to you, or tailor the products that we send you information about (you can opt out of receiving marketing information at any time)
  • Provide colleague training
  • Understand and improve our business or customer relationships generally
  • Manage corporate transactions, such as mergers or acquisitions.

Where you have given your consent - you may withdraw your consent at any time.


You have a right to request access to the personal data that we hold about you. This could include information relating to purchases you have made or orders which you have placed with us via our website or in store.

If you would like to request a copy of your personal data, please contact us in writing at:

Dunelm –


If any of the personal data that we hold about you is incorrect, you have a right to request that we correct this. If you have an online account with us you can easily change your personal details by managing the preferences in your account. Alternatively, to notify us of any corrections please contact us at:

Dunelm –

Erasure / objection

You have a right to request us to erase any data that we hold about you, or to object to our use and processing of your data. If the only lawful basis on which we can process your personal data is that you have given your consent , we are obliged to comply with your request. In other circumstances we may need to continue to hold and process your data (for example where needed for safety, security or legal purposes, or to protect our legitimate interests). If this is the case, we will notify you of the reason.

If you would like to exercise this right please contact us at:

Dunelm –

Request a portable copy of your personal data

You have the right to request a portable copy of any personal data which you have provided to us. This applies if

  • The lawful basis on which we are processing your data is either that you have given your consent, or that we need to use the data to comply with our contract with you (for example to deliver goods to you); and
  • We are processing your personal data by automated means.

If you would like to exercise this right please contact us at:

Dunelm –

If you wish to exercise any of the rights above, you may need to provide proof of your identification and further information to help us to process your request.

Questions and complaints

If you have questions in relation to your personal data, please contact us at:

Dunelm –

If you are not happy with how we have managed your personal data, please give us the chance to put it right, by contacting us at:

Dunelm –

If you feel we have not resolved your complaint, you have the right to lodge a complaint with the Information Commissioner’s Office. Further information, including contact details, is available at

How to opt out of receiving marketing communications

We would like to stay in touch with you, to send you news and offers about products that you may like.

If you would prefer not to receive these from us, you can easily opt out by clicking on the relevant unsubscribe link at the bottom of any marketing related email you may receive from us.

Alternatively, you can also contact our Customer Service team and express your preference to not receive marketing communications by using the “Contact us” form at :

Dunelm –

Your request may take a few days to process.

Cookies or other tracking technologies

Cookies are small pieces of information stored by your browser on your computer's hard drive. They enable you to navigate on our website and allow us to provide features such as remembering aspects of your last search to make subsequent searches faster. You can delete cookies if you wish; while certain cookies are necessary for viewing and navigating on our website, most of the features will be still accessible without cookies.

In order to improve our services, to provide you with more relevant content and to analyse how visitors use our website, we may use technologies, such as cookies, pixels or tracking software. Please be aware that in most cases we will not be able to identify you from the information we collect using these technologies.

For example, we use software to monitor customer purchase patterns and website usage to help us develop the design and layout of the website in order to enhance the experience of the visitors to our website. This software does not enable us to collect any personal data. In addition, in order to understand how our customers interact with the emails and the content that we send, we use pixels that allow us to know if the emails we send are opened.

For more information on how we use cookies and how you can remove them, see below.

Managing cookies

Our cookies policy

Making full use of the online shopping and personalised features of, your computer, tablet or mobile phone will need to accept cookies, this way we can provide you with certain personalised features of our website by using them.

Our cookies don't store your name, address or payment details: they simply hold the 'key' that, once you're signed in, is associated with this information. However, you can restrict, block or delete cookies from, or any other website for that matter, your browser can do this. Each browser is different, so check the 'Help' menu of your particular browser (or your mobile phone's handset manual) to learn how to change your cookie preferences.

We do have relationships with selected and monitored suppliers who may also set cookies during your visit to show you different products and services based on what you have shown an interest in. If you'd like to opt out, please go to the Network Advertising Initiative website. You'll find information about 3rd party cookies further down.

The following table lists WebSphere Commerce session cookies. All of these cookies are considered essential for the operation of WebSphere Commerce. You cannot disable these cookies. Session cookies are not persistent.

Name Cookie purpose
_AN_CGID_COOKIE Stores the categories visited by a user, which is later used by the following Analytics tags: Product tag, Cart tag and Order tag.
REFERRER The value of referer in the HTTP header.
non-secured session cookie
This cookie contains the value of the store ID of the session. This value is used to select the store to run the command, if one is not specified on the URL.
  • value: langId | storeId
  • example: %2d1%2c10601
  • class name: ActiveConversationPointer
SESSION_COOKIEACCEPT Checks whether the client browser accepts cookies.
secured session cookie
WebSphere Commerce uses a secure authentication cookie to manage authentication data. An authentication cookie flows only over SSL. For increased security, it has a timestamp with a signature. This cookie is used to authenticate the user over SSL-connections.
  • value: userId | hashed using SHA-1(sessionKey| userId | timestmp) sessionKey is the key that is used to encrypt session-related data
  • example: 3002%2cy77JGV%2btHlOwnIITNCn%2f%2fiaH2ns%3d
  • class name: WCAuthenticationCookie
non-secured session cookie
This cookie exists only if it is a generic user (-1002) session. This cookie stores the session values such as store ID, language ID, and contracts.
  • value: activity token | storeId | business context values
  • example: [45123%3atrue%3afalse%3a0%3a4nhN%2fXerGUj5KgGYOnRBVcizyMw%3d][|1328734351734%2d2] [|null%26null%26null%26null%26null%26null][CTXSETNAME|Store] [|%2d1%26USD%26%2d1%26USD][|null%26null%26false%26false%26false] [|10601%26%2d1002%26%2d1002%26%2d1][|null] [|10503%2610503%26null%26%2d2000%26null%26null%26null][|null%26null%26null]
  • class name: GenericUserHelper
non-secured session cookie
This cookie is created on the first request that is processed by WebSphere Commerce run time. For example, a non-cache request. For more information, see Dynamic caching considerations for persistent session.
  • value: true
  • class name: HttpSessionContext
non-secured session cookie
This cookie is a user session cookie that flows between the browser and server over both SSL or non-SSL connection. It is used for user identification over non-SSL connections. It contains user session values such as login timeout, or session identifier.
  • value: cookieValue | encrypted using 3DES (activityToken | cookieValue)where cookie value is: userId | storeId | passwordInvalidationFlag | attemptedPasswordProtectedCommands | logonTime | expiryTime | expiredUserId | preExpiryURL | forUserId | activeOrgId |
  • example: %2d1002%2c10601%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2csExMBJjdNXecuyL5l71eSlqxmVWzSMmWp%2fdGhAV5JRJd5QHFxL%2f9jNLYYeKI1YtswEqhrSwXXhlp%0d%0aLOcvGb1IzzsfEA0y%2bPirawTDQ6rUaXcsnDRnR0GNayuSSrKf4p%2fEdxvj1CkiM8E%3d
  • class name: WCCookieUserSession
LTPA2 cookie
WebSphere Application Server cookie
This cookie is used when WebSphere Commerce enabled for single sign-on with other WebSphere applications information center.
WC_EdgeCacheComponent_storeId Used for Edge Caching.
WC_identitySignature Management Center session cookie.
fulfillmentCenterId Fulfillment center selected in Accelerator.
SoccomAuthToken Social bridging session cookie (Deprecated in Feature Pack 5).
SoccomUserInfoToken Social bridging session cookie (Deprecated in Feature Pack 5).
SoccomUserToken Social bridging session cookie (Deprecated in Feature Pack 5).
LtpaToken2 WebSphere Application Server LTPA token used for single sign on.

The following table lists Aurora starter store cookies.

analyticsFacetAttributes The list of facets that the customer clicked, making this data available to the analytics tags in those pages. The cookie is continually updated until the customer starts a new search or starts a new session.
analyticsPreCategoryAttributes Pre-category attributes used for Analytics.
analyticsSearchTerm Search terms used for Analytics.
CompareItems_storeId Catalog Entry IDs that are being compared.
priceMode Display mode for showing prices in the storefront.
searchTermHistory The history of terms that have been searched.
signon_warning_cookie Error key used to retrieve error messages.
WC_CartOrderId_storeId Active Order Id for the store.
WC_CartTotal_orderId Subtotal of order items (before tax and shipping), number of items, language, currency.
WC_DeleteCartCookie_storeId Cookie to force refresh of other Mini Shopping Cart cookies.
WC_physicalStores Physical stores that customer has selected.
WC_pickUpStore Pick-up store ID that customer has selected.
WC_recurringOrder_orderId Recurring order ID.
WC_ScheduleOrder_orderId_interval Scheduled orders interval.
WC_shipTypeValue Shipping type value: single or multiple.
WC_shipTypeValueOrderId The orderId that corresponds to the Shipping type.
WC_SHOW_USER_ACTIVATION_storeId Flag to show user activation message after user registration.
WC_PERSISTENT This cookie is used to persist user ID, language ID, and currency for each store ID visited in the session. Multiple sets of identifiers can exist if the user visits more than one store.

Category Cookie name Description
BloomReach Organic Search Analytics cookies _br_uid_2 Created by the BloomReach tracking pixel library (BrTrk). It creates a unique anonymous identifier for every browser or device. This cookie is set to expire after 1 year by default.
SNAP Analytics _br_mzs An analytics cookie that records the start and end of sessions. It is also used to route a specific shopper's traffic to the appropriate BloomReach SNAP web servers. This cookie is set to expire after 30 minutes by default.
_br_mzv An analytics cookie that records visit information such as first visit, last visit, and referrer information. This cookie is set to expire after 2 years by default.
A/B Testing _br_meu To continually improve BloomReach SNAP services, A/B tests are performed to measure and compare the performance of various algorithms and features. This cookie that contains unique identifiers for the shopper's experiment segments. It is created and updated by the REST API service. This cookie is set to expire after 1 year by default.
_br_me Contains per-experiment analytics and performance data. It is created and updated by the REST API service. This cookie is set to expire after 1 year by default.
User Preferences _br_mzp Stores a shopper's implicit and explicit preferences. These preferences are used by the BloomReach SNAP services such as Search, Auto-suggest, and JustForYou for personalization. It is created by the REST API service. This cookie is set to expire after 2 years by default.

Persistent sessions (Remember Me)

Customer type Can view Cannot view
Guest user the pending shopping cart from previous sessions
  • order history
  • previous shipping and billing addresses
Registered user
Note: Registered customers are prompted to log on before they can view sensitive information.
  • the pending shopping cart from previous sessions
  • coupons
  • promotions
  • eligible contracts

Third party cookies

You may notice some cookies that aren't related to Dunelm. If you go on to a web page that contains embedded content, for example from YouTube, you may be sent cookies from these websites. We don't control these cookies, so we suggest you check the third-party websites for more information about their cookies and how to manage them.

Partner Purpose Dunelm
Awin Awin is a global affiliate network that brings together over 100,000 contributing publishers and 6,000 advertisers. An Awin Cookie will be used by affiliate window when you purchase from us through another site. To opt out see
Bazaarvoice BazaarVoice manages and moderates all product review submissions.
Bing Bing offers and online advertising service, where Dunelm pay to display brief advertising copy, product listings, and video content. Bing use cookies to track how visitors get to and interact with websites.
ContentSquare ContentSquare is a solution which aggregates usage and frequency data to improve user experience. Statistics created are anonymous. To be excluded from this monitoring, please click here.
You can see more information via
Coremetrics Coremetrics provides reports on the activity of visitors on The insights that we gain from the these reports help us improve the customer experience.
Criteo Criteo is a personalised retargeting advertising company to display personalised online display advertising following a visit to To opt out see
Digital Window
DoubleClick Spotlight Google's program to allow us to control the time and location of where online ads appear.
Facebook The online social networking service, will use cookies to track how visitors get to websites
Google Google AdWords is an online advertising service, where Dunelm pay to display brief advertising copy, product listings, and video content. Google Adwords use cookies to track how visitors get to and interact with websites. Google Remarketing collects technical data relating to your browsing navigation to display personalized advertisements. Google Analytics is a web analytics service that tracks and reports on website traffic and conversion. GA Audiences / Google Tag Manager is a tag management system created by Google used to provide analytics.
Hotjar Script Hotjar allows us to see how vistors are really using our website by collecting feedback from journeys, forms and polls.
Kenshoo HD Anonymous tracking of users who engage our adverts and/or website. They may collect the time and date of the engagement, Details about the device, operation system and browser used by the User, The URL of the landing page of the Customer Website, The URL of the referring website and The search term used by the User to reach the Customer Website To opt out see
Monetate Monetate builds and runs A/B and multivariate tests aswel as personalised content that can target segments of customers.
New Relic New Relic monitors and measures the speed and performance of our websites and infrastructure.
Pinterest The social media service that helps you discover, share and collect your interests. Use cookies to track traffic.
Qubit A tag management solution to aid the maintenance of all these third party cookies.
Rich Relevance Rich Relevance offers personalised shopping experiences and product recommendations based on learned behaviours from all visitors.
Twitter The online news and social networking service where users post and interact with messages. Uses cookies to track visitors.
Ve Interactive Creates perspnalised experiences for customers

Managing cookies

If cookies aren't enabled on your computer, it will mean that your shopping experience on our website will be limited to browsing, it also means you won't be able to add products to your basket and buy them.

To enable cookies

If you're not sure of the type and version of web browser you use to access the Internet:

For PCs: select 'Help' at the top of your browser window and click the 'About' option

For Macs: with the browser window open, select the Apple menu and click the 'About' option

How to check cookies are enabled for PCs

Google Chrome

1. Select 'Tools' at the top of your browser window and select Options

2. Select the 'Under the Hood' tab, locate the 'Privacy' section, and select the 'Content settings' button

3. Now select 'Allow local data to be set'

Microsoft Internet Explorer 6.0, 7.0, 8.0, 9.0, 10 & 11

1. Select 'Tools' at the top of your browser window and click 'Internet options' , then select on the 'Privacy' tab

2. Ensure that your Privacy level is set to Medium or lower, which will enable cookies in your browser

3. Settings above Medium will disable cookies

Mozilla Firefox

1. Select 'Tools' at the top of your browser window and click Options

2. Then click the Privacy icon

3. Select Cookies, then click 'allow sites to set cookies'


1. Select the Cog icon at the top of your browser window and select the 'Preferences' option

2. Select 'Security', check the option that says 'Block third-party and advertising cookies'

3. Click 'Save'

How to check cookies are enabled for MACs

Microsoft Internet Explorer 5.0 on OSX

1. Select 'Explorer' at the top of your browser window and click 'Preferences'

2. Scroll down until you see 'Cookies' under Receiving Files

3. Select the 'Never Ask' option

Safari on OSX

1. Select 'Safari' at the top of your browser window and select the 'Preferences' option

2. Select 'Security' then 'Accept cookies'

3. Click the 'Only from site you navigate to'

Mozilla and Netscape on OSX

1. Click on 'Mozilla' or 'Netscape' at the top of your browser window and select the 'Preferences' option

2. Scroll down until you see cookies under 'Privacy & Security'

3. Select 'Enable cookies for the originating web site only'


1. Click on 'Menu' at the top of your browser window and select 'Settings'

2. Then select 'Preferences', select the 'Advanced' tab

3. Then select 'Accept cookies' option

All other browsers

Please consult your online help files or supporting documentation.

Further information about cookies

To learn more on cookies and how to manage them, visit

Banner advertising on other websites

Banner advertising is designed to provide you with a selection of products based on what you've been viewing on, which are presented to you by our agency when you visit other selected websites. The adverts may highlight alternative products as well as ones from other categories relevant to your browsing history. These adverts are based on cookies.

Your privacy

The data contained in the cookie used in these adverts is completely anonymous and doesn't contain any of your personal details.

Disabling these adverts

We would like to continue to display content that's relevant to you; however, you can choose to opt out of this type of advertising permanently by following this link Please note though, that if you delete your cookies too, we'll no longer know that you've opted out, so the banners from Struq will reappear when you visit other selected websites.

Transaction security

Our site uses the most advanced security software currently available for online transactions, find out more.

Security of your personal data

We are committed to taking appropriate technical and organisational measures to protect your personal data against unauthorised or unlawful processing and against accidental loss, destruction or damage. When you provide your personal data through our website, this information is transmitted across the internet securely.

Dunelm adheres to high security standards in order to protect your payment card details when you are sending us this information.

As described in this Privacy Policy, we may in some instances disclose your personal data to third parties. Where Dunelm discloses your personal data to a third party, we require that third party to have appropriate technical and organisational measures in place to protect your personal data; however in some instances we may be compelled by law to disclose your personal data to a third party, law enforcement agencies, and have limited control over how it is protected by that party.

The information that you provide to us will be held in our systems, which are located on our premises or those of an appointed third party. We may also allow access to your information by other third parties who act for us for the purposes described in this Privacy Policy or for other purposes approved by you. Your personal data may be accessed by and processed outside the European Economic Area (the European Economic Area being the European Union and Iceland, Liechtenstein and Norway, also referred to as the “EEA”) - including by staff operating outside the EEA who work for one of our suppliers or agents (this includes staff engaged in, among other things, the fulfilment of your order). Where your personal data are transferred outside of the EEA, we require that appropriate safeguards are in place.

We will retain your personal data for as long as we need it in order to fulfil our purposes set out in this Privacy Policy or in order to comply with the law.

Sharing your personal data

Your personal data may be shared with other companies within our Group. It may also be disclosed to a third party who acquires us, a member of our Group or substantially all of our assets.

We may also share some of your personal data with, or obtain your personal data from, the following categories of third parties:

Government authorities, law enforcement bodies and regulators when this is necessary to process an order or a request from you, or for legal or security purposes, or as required by law.

Courts, tribunals, legal advisors and / or insurers in order to comply with our legal obligations; exercise our legal rights (for example in court cases); enable the prevention, detection, investigation of crime or prosecution of offenders; and protect our employees, customers and other third parties.

Suppliers providing services to us in order to help us run our business and improve our services and your customer experience. For example we may share your personal data with:

  • suppliers who deliver goods directly to you, or service providers who pack and deliver goods to you.
  • companies who help us get your feedback on our services
  • companies who provide security and monitoring services in our stores and on our websites
  • companies who help us improve our business by analysing how customers shop when they visit our websites, or to enable them to contact you to ask you to review your purchase on their website
  • companies who send our marketing communications to you on our behalf
  • Google/Facebook and other digital media providers to show you advertising that might interest you while you’re browsing the internet, in apps and on websites.
  • External parties hold some of the data which is stored by us.

We select very carefully our suppliers who process your personal data on our behalf and require that they comply with high security standards for the protection of your personal data, including deletion of your data when our relationship with them ends.

Credit and debit card companies and payment processors
Dunelm shares some of your personal data, which includes information about your method of payment, with the credit or debit card company that issued the card you used to make your purchase and with third parties who process payments on our behalf. In order to ensure the security of your transactions and prevent or detect fraudulent transactions, we may also share your information with our fraud screening partner.

Our partners who promote offers or co-organise competitions/prize draws on our website, on social media or in our stores
From time to time, we make certain third party offers available through our website or we offer competitions and prize draws co-organised by third parties. If you choose to purchase products or services offered on our websites or in our stores by third parties, accept offers or participate in a competition, some of your personal data, such as your contact details and your billing information, may be directly collected by or disclosed to that third party. As such, if you purchase their products or services, your information may be collected by or transferred to those parties. Our partners have their own privacy policies and terms of use over which Dunelm does not have control. Whilst Dunelm carefully selects these partners, it has no responsibility or liability for their privacy policies, terms of use or the way they process your personal data. Please ensure that you review the relevant privacy policies and terms of use of these partners prior to purchasing their goods or services, using their websites or services or providing any personal data to them.

Other companies within our corporate group for administrative reasons connected with any of the above purposes.

How long we keep your data

We only keep your data for as long as we need it, and no longer than required by law. After that we will delete it, or anonymise it so that you can no longer be identified from it.

Some examples are set out below:

CCTV - 28 days (unless retained for security or legal reasons)

Order details - 7 years, to comply with legal and contractual obligations

Updates to our Privacy Policy

We may make changes to this Privacy Policy from time to time - we will update the Privacy Policy and we will publish on our website any new version of this Policy.

This policy was last updated in May 2018.

Contact information

Questions, comments and requests regarding this Privacy Policy are welcomed and should be addressed to:

Dunelm –