Our site uses cookies to give you the best experience.
or continue shopping if you're happy. Accept & closePurpose of this privacy policy
This policy is designed to provide you with information about how we use the personal data and information that you provide to us during your use of the ao.com, ao-mobile.com and/or mobilephonesdirect.co.uk websites or mobile apps (as applicable) (the “Sites”) when you purchase from us in any physical store and any communication (for example telephone) made between us relating to or resulting from such use.
AO Retail Limited is the controller of the information you provide. AO Retail Limited (“AO” or “we” “us” “our”) (t/a ao.com, AO Mobile or Mobile Phones Direct,) is a company registered in England and Wales with registered number 03914998. We are part of the AO World PLC group of companies and our registered office address is 5A Parklands, Lostock, Bolton, BL6 4SD.
It is important that you read this privacy policy together with any other privacy policy or fair processing policy we may provide on specific occasions when we are collecting or processing personal data about you so that you are fully aware of how and why we are using your data. This privacy policy supplements other notices and privacy policies and is not intended to override them.
We may change our privacy policy from time to time. This policy was last updated on 16th August 2024 and is version 3.7.
Personal data, or personal information, means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data).
We may collect, use, store and transfer different kinds of personal data about you which we have grouped together as follows:
AO also collects, uses and shares Aggregated Data such as statistical or demographic data for any purpose. Demographic data may be obtained from a third party and then added to the personal data we already hold about you to give us a better understanding of what products and offers may be of interest to you.
Aggregated Data could be derived from your personal data but is not considered personal data in law as this data will not directly or indirectly reveal your identity. For example, we may aggregate your Usage Data to calculate the percentage of users accessing a specific website feature. However, if we combine or connect Aggregated Data with your personal data so that it can directly or indirectly identify you, we treat the combined data as personal data which will be used in accordance with this privacy policy.
We use different methods to collect data from and about you including through:
We will only use your personal data when the law allows us to. We only collect, keep, use or share your information for genuine business purposes in our legitimate interests, when you’ve approved us to do so or when we’re legally obliged to. Most commonly, we will use your personal data in the following circumstances:
Lawful Basis
For AO to be allowed to process your personal data, we must have a legal basis for the processing. The data protection legislation sets out what these bases are. We have described below the different bases that we rely on and provided examples of the processing.
Purposes for which we will use your personal data
We have set out below, in a table format, a description of all the ways we plan to use your personal data, and which of the legal bases we rely on to do so. We have also identified what our legitimate interests are, where appropriate.
Note that we may process your personal data for more than one lawful ground depending on the specific purpose for which we are using your data. Please contact us if you need details about the specific legal ground we are relying on to process your personal data where more than one ground has been set out in the table below.
Type of data
(a) Identity
(b) Contact
Lawful basis for processing including basis of legitimate interest
(a) Performance of a contract with you
(b) Consent (if account not used) – you may withdraw your consent at any time by contacting us
Type of data
(a) Identity
(b) Contact
(c) Financial Data
(d)Transaction Data
(e) Profile
(f) Marketing and Communications
(g) Technical
Lawful basis for processing including basis of legitimate interest
(a) Performance of a contract with you
(b) Necessary for our legitimate interests (to analyse any customer interactions)
Type of data
(a) Identity
(b) Contact
(c) Financial
(d) Transaction
(e) Marketing and Communications
(f) Technical data
Lawful basis for processing including basis of legitimate interest
(a) Performance of a contract with you
(b) Necessary for our legitimate interests (to recover debts due to us or to assess credit risk)
(c) Consent (only in respect of rental collections and vulnerable customers) – you may withdraw your consent at any time
Type of data
(a) Identity
(b) Contact
(c) Profile
(d) Marketing and Communications
Lawful basis for processing including basis of legitimate interest
(a) Performance of a contract with you
(b) Necessary to comply with a legal obligation
(c) Necessary for our legitimate interests (to keep our records updated and to study how customers use our products/services and provide other consumers with information about our products or services)
Type of data
(a) Identity
(b) Contact
(c) Profile
(d) Usage
(e) Marketing and Communications
Lawful basis for processing including basis of legitimate interest
(a) Performance of a contract with you
(b) Necessary for our legitimate interests (to study how customers use our products/services, to develop them and grow our business)
Type of data
(a) Identity
(b) Contact
(c) Technical
Lawful basis for processing including basis of legitimate interest
(a) Necessary for our legitimate interests (for running our business, provision of administration and IT services, network security.)
(b) Necessary to comply with a legal obligation
Type of data
(a) Identity
(b) Contact
(c) Profile
(d) Usage
(e) Marketing and Communications
(f) Technical
Lawful basis for processing including basis of legitimate interest
(a) Necessary for our legitimate interests (to study how customers use our products/services, to develop them, to grow our business and to inform our marketing strategy)
(b) Consent (where such use involves cookies), you may withdraw your consent at any time
Type of data
(a) Technical
(b) Usage
Lawful basis for processing including basis of legitimate interest
(a) Necessary for our legitimate interests (to define types of customers for our products and services, to keep our website updated and relevant, to develop our business and to inform our marketing strategy)
(b) Consent (where such use involves cookies) you may withdraw your consent at any time
Type of data
(a) Identity
(b) Contact
(c) Technical
(d) Usage
(e) Profile
(f) Marketing and Communications
Lawful basis for processing including basis of legitimate interest
(a) Necessary for our legitimate interests (to develop our products/services and grow our business)
(b) Consent (where such use involves cookies) or where you have made a purchase in store that is not being delivered, you may withdraw your consent at any time
Type of data
(a)Identity
(b) Contact
(c) Financial Data
(d)Transaction Data
(e) Profile
(f) Marketing and Communications
Lawful basis for processing including basis of legitimate interest
Necessary for our legitimate interests to ensure that we have all the relevant details to provide you with a smooth delivery and to grow our business
Type of data
(a) Identity
(b) Contact
(c) Marketing and Communications
Lawful basis for processing including basis of legitimate interest
Consent, you may withdraw this consent at any time
Type of data
(a) Identity
(b) Contact
(c) Financial
(d) Technical
(e) Usage
(f) Profile
Lawful basis for processing including basis of legitimate interest
(a) Necessary to perform the contract with you
(b) Necessary for our legitimate interests (to prevent fraudulent purchases on our websites)
(c)To comply with a legal obligation
Type of data
(a) Identity
(b) Contact
(c) Financial
(d) Transaction
Lawful basis for processing including basis of legitimate interest
(a) Necessary for our legitimate interests (to improve service quality and compliance)
(b) To comply with a legal obligation
Type of data
(a) Identity
(b) Contact
(c) Financial
(d) Transaction
(e) Technical
Lawful basis for processing including basis of legitimate interest
(a) Necessary to perform the contract with you
(b) Consent (where such use involves cookies), you may withdraw your consent at any time
Type of data
(a) Identity
(b) Contact
(c) Financial
(d) Transaction
(e) Technical
Lawful basis for processing including basis of legitimate interest
(a) Necessary to perform the contract with you
(b) Necessary for our legitimate interests (to present you with the offer of a discount)
(b) Consent (where such use involves cookies), you may withdraw your consent at any time
When we will contact you
We may contact you by telephone shortly after your purchase to discuss your delivery and make sure that it all goes smoothly for you. We may also offer you other services which relate to the products that you have purchased. If you decide not to purchase a product protection plan on such call we may contact you around the expiry of the manufacturer’s guarantee to see whether this would then be of interest to you. If you do not wish to receive these calls, please contact us by phone, email or post.
Please note, if you submit information in relation to your order but there is an error or delay in processing, we may use the details you've submitted to contact you to complete your order.
We may also contact you when an item is out of stock, have requested to discuss available alternatives or notify you when the out of stock item becomes available or you have requested updates on product releases. Please note If you have asked us to notify you when an out of stock item becomes available, the email will not have an unsubscribe link in it as it is a single email notification. Unsubscribing from marketing will not affect your ability to receive an out of stock notification.
Should you wish to review our products or services, we may contact you after leaving the review.
Promotional offers from us
We may use your Identity, Contact, Technical, Usage and Profile Data to form a view on what we think you may want or need, or what may be of interest to you. This is how we decide which products, services and offers may be relevant for you (we call this marketing).
You will receive marketing communications from us if you have requested information from us or purchased goods or services from us and you have not opted out of receiving that marketing.
Opting out
We like to be able to keep you up to date with news, offers and promotions, but you can opt out of receiving email and, text messages from us at any time. To do this, you can click the unsubscribe box that appears on the order confirmation page when you place an order, click on the “unsubscribe” link on the bottom of any of our marketing emails, text stop to the number provided in any text message or contact our contact centre, find our contact details here.
To unsubscribe from marketing from ao.com (including physical store customers) only, you may use the form below (please note this may not be used for MobilePhonesDirect or AO Mobile).
Another method of opting out of telephone calls or postal marketing is to contact us. To do this you can email us at [email protected] or call our contact centre, find our contact details here.
If you opt out of any marketing, it may take a couple of days for all of our systems to update, so bear with us whilst we process your request.
We may share your personal data with the parties set out below for the purposes set out in the list above.
Internal Third Parties
Other companies in the AO World Plc Group acting as joint controllers or processors and who are based England and provide IT, shared services, logistics services, system administration services and undertake leadership reporting.
External Third Parties
We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We never sell your data. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.
If you choose to purchase by using finance. The payment option is provided by our chosen partner, NewDay Ltd.
We've teamed up with NewDay Ltd to offer you an option to pay on finance. NewDay Ltd provides a credit amount which can be spent on ao.com. As part of the process an eligibility check will be completed; this will not leave a footprint on your credit file. If the check is successful you will then need to complete a full credit check.
If your application is successful, you will enter into a Credit Agreement with NewDay Ltd. At this point you will be allocated a credit limit tailored to your personal circumstances, this will be the amount of money you will be able to spend on our site. If your application is unsuccessful as a result of the automated decision you can request that it is reviewed by an individual at NewDay and that your application is reconsidered.
NewDay Ltd of 7 Handyside Street, London, N1C 4DA is authorised and regulated by the Financial Conduct Authority under registration number 690292.
AO Retail Limited of 5a Parklands, Lostock, Bolton BL6 4SD is acting as a credit broker for NewDay Ltd.
If NewDay are unable to offer you this service we may contact you via telephone or email with alternative proposals on how you may be able to obtain the product you wish to purchase or a similar product.
We may also send your information to:
AO may transfer your personal data outside of the European Economic Area.
Whenever we transfer your personal data out of the EEA, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:
How long will you use my personal data for?
We will only retain your personal data for as long as reasonably necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements. We may retain your personal data for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect to our relationship with you.
To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting or other requirements.
By law we have to keep basic information about our customers relating to purchases and rentals (including Contact, Identity, Financial and Transaction Data) for six years after they cease being customers for tax and other regulatory purposes. We retain your transaction data for a period of ten years after your purchase, this is a requirement inline with certain product liability provisions under the Consumer Protection Act 1987.
If you call or message our contact centre with an enquiry (but do not place an order) we will keep your personal data for one month.
If you ask us to notify you about an out of stock item, we will do so if it becomes available within one month of your request.
If you receive marketing emails and SMS from us and have not unsubscribed from these messages we will continue to process your personal data for this purpose for a maximum period of four years. You may ask us to stop processing for this purpose at any time.
In some circumstances you can ask us to delete your data: see Your legal rights below for further information.
In some circumstances we will anonymise your personal data (so that it can no longer be associated with you) for research or statistical purposes, in which case we may use this information indefinitely without further notice to you.
Under certain circumstances, you have rights under data protection laws in relation to your personal data.
You have the right to:
Request access to your personal data (commonly known as a "data subject access request"). This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it.
Request correction of the personal data that we hold about you. This enables you to have any incomplete or inaccurate data we hold about you corrected, though we may need to verify the accuracy of the new data you provide to us.
Request erasure of your personal data. This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data where you have successfully exercised your right to object to processing (see below), where we may have processed your information unlawfully or where we are required to erase your personal data to comply with local law. Note, however, that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request.
Object to the processing of your personal data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms. You also have the right to object where we are processing your personal data for direct marketing purposes. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedoms.
Request restriction of processing of your personal data. This enables you to ask us to suspend the processing of your personal data in the following scenarios:
Request the transfer of your personal data to you or to a third party. We will provide to you, or a third party you have chosen, your personal data in a structured, commonly used, machine-readable format. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.
Withdraw consent at any time where we are relying on consent to process your personal data. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent.
If you wish to exercise any of the rights set out above, please contact us at [email protected].
No fee usually required
You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we could refuse to comply with your request in these circumstances.
What we may need from you
We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
Time limit to respond
We try to respond to all legitimate requests within one month. Occasionally it could take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.
We’re always looking for new ways to improve your shopping experience with us, that’s why we love hearing from you. If you have any questions about how we use your personal data or if you’d like to amend or stop us from processing your data (for marketing purposes), please contact us. You can get in touch by giving our friendly contact centre a call on 0161 470 1200 for any purchases from ao.com or in any physical store and 0345 470 4000 for any MobilePhonesDirect or AO Mobile purchases. Alternatively, you can write to us at our registered office address - 5A Parklands, Lostock, Bolton, BL6 4SD.
If you have any questions about this privacy policy or our privacy practices, we have appointed a Data Protection Officer (DPO). You may contact the DPO by writing to us at the registered office address set out above or by emailing [email protected].
You have the right to make a complaint at any time to the Information Commissioner's Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk). We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance.
If you fail to provide personal data
You can set your browser to refuse all or some browser cookies, or to alert you when websites set or access cookies. If you disable or refuse cookies, please note that some parts of this website may become inaccessible or not function properly. For more information about cookies on our websites click here for ao.com or here for MobilePhonesDirect or here for AO Mobile.
Your privacy is important to us which is why we’ve ensured every part of our site uses secure connections. Look for the green padlock in the address bar and the letters ‘https’, as these should always be present when browsing our site.
We only take orders through web browsers that allow communication through Secure Socket Layer (SSL) technology. There’s no way you can order through an unsecured connection.
To keep you safe, we gain accreditation from the Payment Card Industry (PCI) every year. This third-party certification certifies that we take appropriate precautions to make sure your details are kept safe. This covers everything from ensuring our teams are well trained in the security risks and vulnerabilities today, to implementing security compliant IT solutions. More information regarding this security standard can be found here: https://www.pcisecuritystandards.org/pci_security/.
For extra security, you’ll see our checkout uses Verified by Visa, Mastercard SecureCard and American Express Safekey, which safeguards you from unauthorised use of your cards. Once you've registered and created a password with your card issuer, you'll be prompted to provide this each time you check out.
We’re constantly monitoring and testing our IT systems and using the latest technology to identify potential vulnerabilities and attacks to provide a safe and secure shopping environment.
We maintain physical, electronic and procedural safeguards in connection with the collection, storage and disclosure of personal customer information. Our security procedures mean that we may occasionally request proof of identity before we disclose personal information to you.
We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do.