Privacy & cookies

Currys is a trading name of Currys Group Limited (referred to using "we", "us", "our" or the “Company”), a company registered in England and Wales (Company registration number: 504877) and which is part of the Currys group of companies (“Currys Group”). Currys Group is a leading omnichannel retailer of technology products and services, operating through online and 830 stores in 8 countries. We help everyone enjoy amazing technology, however they choose to shop with Us.

Data protection law sets out a number of different lawful reasons for which a company may collect and process your personal information. These are:

• Where we have entered into a contract with you;
• Where we have your consent;
• Where we are legally obligated to;
• Where we have determined a legitimate interest that does not impact your rights and freedoms; and
• Where it is in your vital interests to.

The table below provides examples of when we might rely on these lawful reasons:

Where we process your information under Legitimate Interest, we will have assessed this processing and balanced it against your rights and freedoms.

Under data protection law, some personal information is considered more sensitive, including information relating to a person’s racial origins, certain beliefs or health conditions. It can also include information relating to criminal activity.

We do not expect to handle any of your more sensitive information unless it becomes relevant in our dealings with you or you volunteer the information. Examples of this might be where you have a vulnerability or health condition which is relevant to our dealings with you; where you are involved in a medical emergency or accident; if the information is relevant to a legal dispute or complaint; or while addressing criminality impacting our business. On the rare occasions we handle more sensitive information, we only do so as allowed by data protection law (for example, where we have your consent, to protect someone’s vital interests or to prevent or detect crime) or as required by law.

We sometimes use systems to make automated decisions based on your personal information or the information we are allowed to collect from others about you or your business (for example where we perform credit or internal fraud checks). This helps us to make sure our decisions are quick, fair, efficient and correct, based on what we know. These automated decisions can affect the products, services or features we may offer you now or in the future, or the price that we charge you for them.

You have rights over automated decisions:

• Under certain circumstances, you can ask that we do not make our decision based on the automated score alone; and
• You can object to an automated decision and ask that a person reviews it.

If you want to know more about these rights, please contact us.

We understand the importance of protecting those that may be in vulnerable circumstances or who are children, especially when signing up for one of our FCA regulated products, such as applying for credit or insurance.

Children’s information

In line with FCA guidelines we do not allow under 18s to sign up for credit or insurance products. Our Online Services are aimed at adults, and we do not knowingly collect or expect to collect or store children’s information. In the event a child visits our website we ensure the highest privacy by design, including only collecting the minimum information that is necessary.

Customers in vulnerable circumstances

Occasionally, we may need to handle more sensitive information of customers with vulnerabilities or in vulnerable circumstances. This can include, for example, information about medical conditions or symptoms they have. We do this to assist our customers who have a need for additional support. We only collect the minimal amount of information required to achieve this, and only keep it for as long as reasonably necessary.

We analyse customer and transactional information to understand customer attitudes and propensity to act in a certain way in the future. We use algorithms to group customers into segments based on their socio-demographics, frequency of their interaction with Currys, size and type of their purchases, and feedback they provide via surveys.

We analyse customer information to:

• Build new products and services or modify our services or store environment to better meet customers’ expectations.

• Design and deliver marketing campaigns, product and services recommendations that are relevant to you. This would be based on your past purchases, your online browsing behaviour or on what you have told us in surveys.

• Develop product assortments based on types of customers, their preferences and shopping behaviour.

• Develop commercial forecasts.

• If you have provided consent, personalise your experience on our website.

We may also carry out analytics activities on information which has been fully anonymised.

We engage in advertising activity across all digital platforms with both targeted and non-targeted advertising. For targeted advertising, we may use information obtained through the use of cookies or similar technologies in your web browser to display ads to you, which you may see on other websites or digital platforms. Our website We will seek your consent to deploy these kinds of cookies and similar technologies through our website cookies consent mechanism. More information is available in our Cookie Policy.

In order to ensure that appropriate ads are displayed, we work with partners and agencies (e.g. Epsilon & Criteo) to analyse and prepare the information and measure the effectiveness of our advertising. This may include matching and combining pseudonymised offline data (such as transaction data) with pseudonymised online data (cookies) to create an online profile for you, based on your cookies preferences. See below the section on ‘Who we share your personal information with’. Where applicable, we or our advertising partners will combine this information with your transaction information and other information, such as your cookie consent instruction, interactions with our emails, and information from external or publicly available sources. By building a richer picture of your preferences in this way, we can make sure you see ads most relevant to you. We also use this information to ensure you do not receive unnecessary ads.

The digital advertising includes advertising across social media platforms. The media owners we most commonly work with are Meta (which owns Facebook and Instagram) and Google (which owns YouTube). The individual privacy policies are linked for your information.

We will also use the information we have on existing customers for modelling purposes, to help identify potential new customers who may be interested in our products.

We share personal information within the Currys group of companies. Members of the Currys group that receive this information are not authorised to use or disclose the information except as provided in this Privacy Policy.

Where we share your information with any third parties, we will undertake due diligence prior to sharing any information with them and will have in place robust contracts that cover the security of any information shared.

Our service providers

We work with partners, suppliers, insurers and agencies so they can process your personal information on our behalf and only where they meet our standards on the processing of information and security. We only share information that helps them provide their services to us or to help them provide their services to you. For example, some of our service providers place advertising for us online, about our products and services and those of our retail partners, suppliers and third parties. As a result, where you have indicated you are happy to receive online marketing from us in our cookie preference centre, you might see online advertising that we or our partners have placed on the websites you visit, or the interactive services you use.

Our third-party service providers include:

• Credit and Insurance Partners: When you apply for credit or purchase an insurance product we will pass on your information to trusted third party partners responsible for these products. When you are an approved credit customer or purchase an insurance product, we will continue to exchange your information while you use the credit facility or have an active insurance product. Please note we act as a credit broker and not as a lender in respect of our insurance products credit facility within our UK and Republic of Ireland stores. See ‘Credit Reference Agencies and Insurance’ section below for more information.
• We share your information with financial institutions to improve levels of service, reduce risk and provide due duty of care to you and other customers.
• Providers that we work with to deliver our marketing campaigns and facilitate our competitions
• Manufacturers of products sold to our customers for whom we carry out repairs.
• Companies that enable us to collect your reviews and comments, both online and offline, such as Feefo.
• Companies which run our contact centres because they need your personal information to identify and contact you.
• Third party vendors who help us to manage and maintain the Currys Group IT infrastructure.
• Companies that provide insights and analytics services for us so we can stock the right products, send the right marketing campaigns and understand our business and customers better.
• Specialist providers of digital advertising and personalising content to provide customers with adverts tailored to them, such as Epsilon & Criteo.
• Partners that support our services, such as where we need to arrange a specialist engineer visit.
• Companies that work on our behalf processing and sorting information, monitoring how customers use our websites, issuing our emails for us and collecting product/customer feedback from you via surveys.

Where you have asked us to deliver your purchases either to the store (‘Click & Collect) or any other place, we will also share your address and contact details with our delivery partners like DPD or Royal Mail, to ensure a successful delivery. These partners may contact you to provide periodic updates on your delivery.

Other organisations and individuals

We may also transfer your personal information to other organisations in certain scenarios. For example:

• If required to by law, under any code or practice by which we are bound, or we’re asked to do so by a public or regulatory authority such as the Department for Work and Pensions.
• To prevent and detect criminality impacting our business, we may voluntarily or on request share information with the Police or other crime prevention organisations, such as the National Business Crime Solution (NBCS). NBCS is a non-profit initiative that works with the Police and the business community to help tackle business crime in the UK by gathering and sharing information.
• To providers of specialist software which enables us to record retail crime and share intelligence across our business, such as Auror.
• Information may also be shared with fraud prevention agencies to prevent fraudulent claims.
• If we need to do so in order to exercise or protect our legal rights, users, systems and services.
• With banks and insurance companies if you are a financial services (insurance or credit) customer.
• With mobile phone operators if you buy a phone contract through us.
• With broadband and televisions providers if you buy a related product through us, including Sky and TalkTalk.
• In response to requests from individuals (or their representatives) seeking to protect their legal rights or the rights of others.
• With emergency services (if you make an emergency call), including your approximate location.
• To trusted third party companies who have subscribed to our services to consume anonymised commercial data.

In order to process your application, we will share your personal information with credit reference agencies (“CRAs”) and they will give us information about you. This will include information from your credit application and about your financial situation and financial history. CRAs will supply to us both public (including the electoral register) and shared credit, financial situation and financial history information, and fraud prevention information. We will use this information to:

• Assess your creditworthiness and whether you can afford to take the product.
• Verify the accuracy of the information you have provided to us.
• Prevent criminal activity, fraud and money laundering.
• Trace and recover debts.
• To make sure any offers provided to you are appropriate to your circumstances.

We will also continue to exchange information about you with CRAs on an on-going basis, including about your settled accounts and any debts not fully repaid on time. CRAs will share your information with other organisations. Your information will also be linked to that of your spouse, any joint applicants or other financial associates.

The identities of the CRAs, and the ways in which they use and share personal information, are explained in more detail at www.equifax.co.uk/crain.

We will share your information with our lending partners (where Currys is the credit broker and not the lender) when you apply for a credit account. We will do this in order to facilitate an agreement with you and administer the agreement throughout its term. Our lending partners and Currys will continue to exchange your information while you use the credit facility including information about your credit application, purchases and transactions history (not limited to credit purchases and including any that are not fully complete). Lending partners and Currys will also between themselves share the lending decision, the status of your account and your remaining balance.

We may share and use your information for assessment and analysis, including credit or behaviour scoring (or both), and other related investigations such as product analysis. We may also use this information to prepare statistical reports, although the reports themselves will not contain any personally identifiable information relating to our customers.

We are a UK-based business and so your personal information will be handled by us in the UK. From time-to-time we may transfer your personal information (for example, to our suppliers, service providers or other companies within Currys Group) out of the UK for the purposes described in this Privacy Policy. Unless otherwise allowed by data protection law, where we transfer information to a country not recognised as having equivalent protections for information as the UK, we will put in place appropriate safeguards to ensure your information is protected in the same way as if it was being used in the UK. This can include putting in place contractual protections (known as standard contractual clauses) and other organisational or technical measures designed to safeguard information.

We will keep your personal information for as long as you're a customer. If you haven't made a purchase or engaged with us for 3 years or more, then we will remove you from our marketing mailing lists. After you stop being a customer, in most cases, we will keep your information for up to 7 years after the last time you interacted with us or if you have purchased insurance products up to 7 years from the end of the cover.

We may keep your information for longer than 7 years if we cannot delete it for legal, regulatory or technical reasons. We may also need to keep it in order to help support product recalls or safety notices. If we do, we will make sure that your privacy is protected and only use it for those purposes.

We do not retain personal information in an identifiable format for longer than is necessary.

The table below outlines the Data Protection Rights available to you:

If you would like to exercise any of these rights, please contact us.

We won't send you direct marketing messages if you tell us not to. You can tell us in a number of ways:

• You can click on the "unsubscribe" link in any communication that we send to you by email, or send a free SMS short code to opt out of SMS marketing, both of which will automatically unsubscribe you from those channels of communication. Please also note that you will continue to receive any Service communications we need to send in relation to the product and services we have sold to you.
• Alternatively, you can unsubscribe by submitting your request here. Please note that it may take up to 28 days to process your request.
• To stop online marketing through cookies please see our Cookie Policy.
• If you are seeing marketing from us through your social media channels you can stop these directly within the social media site.

You can find further information within our Direct Marketing Charter at the end of this Privacy Policy.

We take our responsibility to protect your information very seriously. All companies within the Currys Group use physical, technical and organisational security measures to protect the personal information supplied by you against loss, destruction, and any unauthorised access by third parties. We do this in several ways which include, but is not limited to:

• Following the Payment Card Industry Data Security Standard (PCI DSS) when handling debit and credit card information.

• Adhering to General Data Protection Regulation (GDPR) guidelines when collecting, processing and storing information.

• Using encryption protocols and software to protect your personal information during transmission.

• Carrying out regular back-ups of our critical information.

• Regular testing and evaluation of our security measures.

Our websites (which includes this Privacy Policy) contain links to other websites run by other organisations which we do not control. This Policy does not apply to those other websites and apps‚ so we encourage you to also read their privacy statements.

We use so-called social plugins (buttons) of social networks such as Facebook, Google+, YouTube, Instagram and Twitter. After activation of a button, the social network can retrieve information, independently of whether you interact with the button or not. If you are logged on to a social network, the network can assign your visit to the website to your user account. A social network cannot assign a visit to websites operated by our other group companies unless you activate the respective button there as well.

If you are a member of a social network and do not want that network to combine information retrieved from your visit to our websites with information they hold on you, you must log out from the social network concerned before activating the buttons.

If you would like to access any of your rights as listed above, or have any questions with regards to this Policy, please use the contact us section of our website.

Alternatively, you can contact our Data Protection Office at:

• Email: [email protected]
• Post: Data Protection Office, 1 Portal Way,, London, W3 6RS

You can also contact the Information Commissioner’s Office (ICO) if you have any concerns or complaints with how Currys has handled your personal information: https://ico.org.uk/global/contact-us/

This Privacy Policy was last updated July 2025 and replaces all previous versions. This Policy is regularly reviewed and if updates and changes are made we may notify you either by email or with an announcement on social channels.

When you purchase a product or service online or in store, or create an account with us, we collect personal information about you to let you know about our latest products, services or offers. We may do this by post, email, text message, online, or by using social media.

We will only use your personal information to send you marketing messages if we have a legal right to do so. That could be either with your explicit consent or where there is ‘legitimate interest’, like when we have a business or commercial reason to use your information. We will always provide you with the opportunity to opt out of marketing when we first collect your contact details and in every subsequent message.

We may ask you to confirm or update your marketing choices, if you purchase any new products or services with us in future. We’ll also ask you to do this if there are changes in the law, regulation, or the structure of our business.

The personal information we have about you is made up of what you tell us, and the information we collect when you use our services, or from third parties we work with, like Experian. For more information on the third parties we work with and how we use your personal information, please see our Privacy Policy.

We also gather statistics about email opening and clicks, using industry standard technologies to help us monitor and improve our e-mail communications.

We won’t send unsolicited one-to-one (direct) marketing email and/or SMS communications unless they comply with the rules of General Data Protection Regulations (GDPR), Data Protection Act 2018 (DPA18) and Privacy Electronic Communication Regulations (PECR) and related guidance.

Specifically, our promise to you is that:

I. We will always ask you to actively opt-in to receiving electronic direct marketing messages. That is, unless we’re contacting you about receiving marketing for our own similar products during the course of a sale or when you are setting up a Currys account, and we offered you the opportunity to opt-out when you gave us your details.

II. Our store and contact centre colleagues will always inform you about any further use of your contact details for direct marketing when you make a purchase.

III. We will offer you a choice of how you would like to receive marketing from us, including email or text.

IV. We will make sure that the products or services we are marketing are the same or similar to the product you originally agreed / permitted to receive marketing for.

V. We will ask for your consent to pass details to third parties for their own marketing purposes. We will name those individual companies when we request your consent.

VI. We will record when and how we obtained permission from you for marketing , and exactly what it covers.

VII. We will make sure the language we use is clear and easy to understand, and that it’s clearly distinguishable from any other matters, including other Terms & Conditions.

VIII. We won’t use confusing language in our marketing statements, including the use of double negatives, technical or legal jargon and confusing terminology or inconsistent language.

IX. For telephone and postal marketing communications, we’ll screen your name and contact details against the Telephone & Mail Preference Service.

X. We will always offer you the option to opt out of direct marketing at the point when we capture your contact details and in every subsequent communication by clicking the unsubscribe link.

XI. We will make sure we promptly (and always within 28 days) opt you out of our marketing activities on your request. We will make sure there is always a simple, easy-to-access and free of charge way for you to withdraw your approval.

XII. We will operate and maintain an in-house suppression file listing the names and contact details of customers who have told Us they don’t want to receive marketing communications through all or particular means of communication.

XIII. We will rely on the legitimate interests of the business (as an alternative to explicit consent) when we undertake postal marketing, when we conduct live outbound phone sales or when we are contacting our business customers. We will include information in our telephone scripts and in all postal marketing on how to opt out of receiving such marketing.

XIV. We will screen information to remove files of deceased people so that they are not used for marketing.

XV. We will not send you any direct marketing if you haven’t been in touch with us or purchased from us in the past three years.

XVI. We have procedures for dealing with inaccuracies and complaints.

XVII. We will cooperate fully with any investigation by the Information Commissioners Office (ICO) in relation to our direct marketing activities.

XVIII. We may remove you from direct marketing if we believe that doing so could cause you financial harm or distress.

Bought in lists

We will only use bought-in lists for texts, emails or recorded calls where we have proof of opt-in consent which specifically names us.

I. We will only use the information on the lists for marketing purposes.

II. We will delete any irrelevant or excessive personal information.

III. We will screen the names on bought-in lists against our own list of customers who say they do not want our calls, texts or emails.

IV. We will carry out small sampling exercises to assess the reliability of the information on the lists.

V. When marketing by post or email, we will include our company name, address and telephone number in the content.

VI. We will always tell customers where we obtained their details.

VII. We will provide you with a link to our Privacy Policy.

VIII. We will undertake adequate due diligence when we first select information suppliers and in our ongoing work with them in order to make sure it has received and used personal information fairly.

IX. We will make sure that adequate contractual terms are in place requiring information suppliers to make sure personal information was obtained and provided fairly and in accordance with the requirements of GDPR.

X. We will take all necessary steps to satisfy ourselves that the information has been properly sourced, permissioned and cleaned. We will make sure that sufficient due diligence is undertaken and contractual arrangements are in place with suppliers of personal information.