Portobello / UP Global Sourcing UK Ltd and UP Global Sourcing Holdings PLC – Privacy Notice
What is the purpose of this document?
Portobello is a brand of UP Global Sourcing UK Limited. UP Global Sourcing UK Limited is committed to protecting the privacy and security of your personal information and is a "data controller". This means that we are responsible for deciding how we hold and use personal information about you. We are required under data protection legislation to notify you of the information contained in this privacy notice.
This privacy notice describes how we collect and use personal information about you in accordance with data protection laws.
It applies to all customers, potential customers, users of this website and job applicants in respect of whom we hold personal data. This notice does not form part of any contract to provide services or any other contract. We may update this notice at any time.
It is important that you read this notice, together with any other privacy notice we may provide on specific occasions when we are collecting or processing personal information about you, so that you are aware of how and why we are using such information.
Data protection principles
- We will comply with data protection law. This says that the personal information we hold about you must be:
- Used lawfully, fairly and in a transparent way.
- Collected only for valid purposes that we have clearly explained to you and not used in any way that is incompatible with those purposes.
- Relevant to the purposes we have told you about and limited only to those purposes.
- Accurate and kept up to date.
- Kept only as long as necessary for the purposes we have told you about.
- Kept securely.
How may your personal information be collected?
We may collect personal information about you in a number of different ways, such as when:
- you visit our websites;
- register with and buy products or services from our websites;
- take part in promotions and competitions;
- contact us via our customer services team in regards to returning products, faulty items and claims;
- register for a product warranty or guarantee; and
- you apply to join our team via our recruitment methods
- you visit our premises.
We may also collect personal data which is publicly available on websites. We may use third-party applications which source their data from publicly available websites.
The kind of information we may hold about you
Personal data, or personal information, means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data).
Depending on the circumstances, we may collect, store, and use the following categories of personal information about you:
- Name, address and postcode – without this we won't know where or whom to send your order to. We also use this information to identify whether we can deliver to you, at what cost and via which partner route.
- Email address – we can send a confirmation of your orders via email, as well as other service related communication and may also respond this way if you have a general enquiry. If you have agreed to receive marketing communications, these may also be sent by email.
- Telephone numbers – if there are any problems with your order or anything needs to be checked, we need to be able to contact you as quickly as possible
- Payment card number, expiry date, issue number and name of card holder – a payment card or Paypal account is required in order to process your order. Payment card information will be retained for the duration of the time that you hold an account with us, or for no longer than 12 months from your last order. This is necessary to enable payment, process refunds and help us monitor fraudulent activity on accounts.
- Correspondence - if you contact us we may keep a record of that correspondence.
- IP addresses – when you visit our site, we will automatically receive your IP address; a unique identifier for your computer or other access device.
- Username and password – if we collect these details, it is so that we can keep your information safe and have it to hand each time you visit us.
- Joining our team – you may need to supply us with details including your name, address, date of birth, employment status, educational background and other sensitive personal data (related to your health, race, religion or ethnic origin) through your application and via the recruitment process.
- CCTV footage and details of visitors at our premises – We operate CCTV at our premises and we ask you to sign the visitors book.
We may also collect any other personal information obtained through electronic means such as telephone recordings and emails.
Using your Information
We may need the categories of information above for the reasons set out in this section. Primarily this will be where we are taking steps at your request prior to entering into a contract and to perform a contract we have entered into with you, and in some cases we may use your personal information to pursue legitimate interests of our own, provided your interests and fundamental rights do not override those interests.
Collecting personal information helps UP Global Sourcing UK Ltd better understand your needs, so that we can provide you with a better service. We use your information to:
- Ensure that you receive your orders – without this information we could not get our products and services to you.
- Provide customer care and correspondence – as part of our customer care procedures we may follow-up, either by letter, phone, email or app messenger service, customers who have purchased goods or services from us or who have contacted us, posted comments about us on the internet to resolve a complaint, investigate any concerns, or to discuss faulty goods.
- Personalise our service and your shopping experience – from time to time, we may personalise your shopping experience utilising new technology; using your past purchases and browsing habits to present special offers and new products and services from our range of brands that we think may be of interest to you in order to improve your shopping experience.
- Improve our website – to help us improve your experience and continue the design our website, we may collect information about the way you use and access our website. Our web system collects information about each visitor, including IP address, the length of time spent on the website and the order in which pages are visited. We may employ third-party experts to help us look at this information, however we make sure that anyone we employ treats all information with the same sensitivity and security that we do.
- Prevent fraud – in order to protect both us and our customers from fraud and theft, we may need to look at the information that you provide to make identity checks, as well other information in our customer records and order history. This may be passed to other group companies and financial and other organisations (including law enforcement agencies) involved in fraud prevention and detection, to use in the same way.
- IT Security – In order to monitor your use of our information and communication systems to ensure compliance with our IT policies and to ensure network and information security, including preventing unauthorised access to our computer and electronic communications systems and preventing malicious software distribution.
- Recruit – in order to consider you for roles within our company we will need to discuss your application and personal information with relevant employees. Only employees involved within the recruitment process (mainly the HR team) will have access to your information and will keep it secure. If you are not selected for an interview your personal information will be deleted from our systems within 6 weeks. Should you gain an interview but not be selected for the role we will keep your details on file for 12 months.
- Security and health and safety – Visitors to our premises will likely be caught on CCTV and will be asked to sign the visitors book, this is for crime prevention, security and health and safety purposes.
If you fail to provide personal information
If you fail to provide certain information when requested, we may not be able to supply you with any goods or services or consider you for a role within our company, or we may be prevented from complying with our legal obligations.
Keeping your Information Secure
We keep your information secure at all times (see below for details as to how) and you should do the same whenever you use our services or websites.
- Payment card security – we use technology including Paypal and Realex to make sure that the details you provide when placing an order are kept private and secure, making shopping on our website safe. Once payment information has been received, your payment card is processed through our secure systems by only team members who have suitable access and permission.
- Security in our offices – access to your information is restricted in our offices and warehouses. Only employees who need the information to perform a specific role are granted access to personally identifiable information, so that we can provide a service to you. The servers that store this information are kept in a secure environment.
- Security – information security is very important to us and we have taken many steps to ensure that your experience with us is secure and that all of your information is kept safe. In order to prevent unauthorised access or disclosure of your information, we have put in place suitable physical, electronic and managerial procedures to protect and secure information that is collected online.
- Regular archiving and deletion - we annually review and audit our procedures to ensure that they remain at the highest standards of security and only those necessary employees have access. As part of this, we will only keep personal information active for legitimate business reasons and usually delete data when it has been inactive for 12 months or longer.
- Password – you should choose a password that is not obvious or known to anyone else and should never give it to a third party, as you will be responsible for all activity and charges incurred through use of your password whether authorised by you or not.
Change of purpose
We will only use your personal information for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If we need to use your personal information for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.
We may process your personal information without your knowledge or consent where this is required or permitted by law.
Automated decision-making takes place when an electronic system uses personal information to make a decision without human intervention. We are allowed to use automated decision-making in any of the following circumstances:
1. Where it is necessary to perform the contract with you and appropriate measures are in place to safeguard your rights.
2. Where we have notified you of the decision and given you 21 days to request reconsideration.
3. In limited circumstances, with your explicit written consent and where appropriate measures are in place to safeguard your rights
You will not be subject to decisions which have a significant impact on you based solely on automated decision-making, unless we have a lawful basis for doing so and we have notified you.
In the event we need to share your data with third parties we require third parties to respect the security of your data and to treat it in accordance with the law.
Why might you share my personal information with third parties?
We may share your personal information with third parties where required by law, where it is necessary to administer the working relationship with you or where we have another legitimate interest in doing so.
Which third-party service providers process my personal information?
"Third parties" includes third-party service providers (including contractors and designated agents) who are not part of UP Global Sourcing UK Ltd. The following activities are carried out by third-party service providers: administration, IT services, sales and marketing, delivery services, payment services, product manufacturers. Pension providers, Health care providers and Medical advice providers for employees only.
How secure is my information with third-party service providers?
All our third-party service providers are required to take appropriate security measures to protect your personal information in line with our policies. We do not allow our third-party service providers to use your personal data for their own purposes. We only permit them to process your personal data for specified purposes and in accordance with our instructions.
What about other third parties?
We may share your personal information with other third parties, for example in the context of the possible sale or restructuring of the business. We may also need to share your personal information with a regulator or to otherwise comply with the law.
How long will you use my information for?
We will only retain your personal information for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements. To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
In some circumstances we may anonymise your personal information so that it can no longer be associated with you, in which case we may use such information without further notice to you.
Further details on our retention policy can be obtained by contacting us using the methods below.
Rights of access, correction, erasure, and restriction
Your duty to inform us of changes
It is important that the personal information we hold about you is accurate and current. Please keep us informed if your personal information changes during your working relationship with us.
Your rights in connection with personal information
Under certain circumstances, by law you have the right to:
- Request access to your personal information (commonly known as a "data subject access request"). This enables you to receive a copy of the personal information we hold about you and to check that we are lawfully processing it.
- Request correction of the personal information that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected.
- Request erasure of your personal information. This enables you to ask us to delete or remove personal information where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal information where you have exercised your right to object to processing (see below).
- Object to processing of your personal information where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground. You also have the right to object where we are processing your personal information for direct marketing purposes.
- Request the restriction of processing of your personal information. This enables you to ask us to suspend the processing of personal information about you, for example if you want us to establish its accuracy or the reason for processing it.
- Request the transfer of your personal information to another party.
If you want to review, verify, correct or request erasure of your personal information, object to the processing of your personal data, or request that we transfer a copy of your personal information to another party, please write to us at the address below.
No fee usually required
You will not have to pay a fee to access your personal information (or to exercise any of the other rights). However, we may charge a reasonable fee if your request for access is clearly unfounded or excessive. Alternatively, we may refuse to comply with the request in such circumstances.
What we may need from you
We may need to request specific information from you to help us confirm your identity and ensure your right to access the information (or to exercise any of your other rights). This is another appropriate security measure to ensure that personal information is not disclosed to any person who has no right to receive it.
Right to withdraw consent
In circumstances where you may have provided your consent to the collection, processing and transfer of your personal information for a specific purpose, you have the right to withdraw your consent for that specific processing at any time. To withdraw your consent, please write to us at the address below. Once we have received notification that you have withdrawn your consent, we will no longer process your information for the purpose or purposes you originally agreed to, unless we have another legitimate basis for doing so in law.
Address for Exercising Your Rights
If you wish to exercise any of your rights listed above please write to
If you have any questions about this privacy notice or how we handle your personal information, please contact by email firstname.lastname@example.org. You have the right to make a complaint at any time to the Information Commissioner's Office (ICO), the UK supervisory authority for data protection issues.
Notification of Changes to this Policy
We want to make sure that we're giving you the information that you want about privacy and security – let us know what you think. If you have any feedback, questions or concerns, please email us at email@example.com or by post to the address above.