Privacy Statement

PPG [Johnstone’s Paint Shop] Privacy Statement


We are committed to protecting your privacy. In this statement you will find out how we use and protect your personal data (“Personal Data”) on the Johnstone’s Paint Shop website (hereinafter called “the Website”). This statement will apply whenever you are located or your Personal data is processed by a PPG entity established in the European Union (EU), the European Economic Area (EEA) or Switzerland.

Data Controller

The Data Controller is PPG Architectural Coatings UK Limited (hereinafter the "PPG" or "we") with registered office in Birstall (West Yorkshire). You can get in touch with PPG by using the link provided in the How to Contact Us section below or by sending a letter to PPG’s office.


What Personal Data do we collect?

We may collect the following information when you visit the Website:

  • Personal information such as your name;
  • Contact information including home, office, phone and email address;
  • Areas of interests and marketing preferences;
  • Other information relevant to customer surveys/feedback;
  • Order history;
  • Account information including username and encrypted password;
  • Information collected automatically while you visit our Sites, including IP addresses, generic locations, service providers, time of activity, technology and device identifiers, and information gathered through cookies/tracking pixels (please also see our Cookies Policy for more information).

All of which you submit to us, for example, by:

  • Purchasing, ordering and paying for products or services;
  • Completing forms on the Website;
  • Signing up to our newsletters;


  • Creating a user account on the Website;
  • Providing us with your feedback or leaving a product review;
  • Contacting PPG with questions and comments.

Why do we process Personal Data?

We may process your Personal Data for the following purposes (the legal bases for our processing are highlighted in bold characters):

  • To perform our obligations under a contract between you and us in relation to our products or services, that is to respond to your queries and fulfil your requests, orders or process payments;


  • To pursue our legitimate interests which include, for instance:
    • Providing you with customer service;
    • Handling and attending to your complaints;
    • Understanding your needs and providing you with a better service and understanding you better as our customer;
    • Improving the content, general administration and customization of the Website, for example, by customizing user experience, measuring effectiveness of communications and Sites’ performance, and optimizing Website’s performance;
    • Improving our products and services;
    • Providing you with offers, products, samples, invitations to events and training courses, and other advertisement information which we have reason to believe you may find interesting based on your previous requests or based on similar products you have bought or expressed your interest in before;
    • Compiling market insights;
    • Setting up and administering user accounts on the Website;
    • Troubleshooting software issues, security and operational problems;
    • To enable us to carry out corporate transactions such as mergers and acquisitions; and
    • To enable us to comply with our policies and procedures including PPG
  • Where you have given us your consent, for example, to periodically contact you via email about promotions, new products or services, or events or to provide you with other advertisement information;
  • To comply with our legal obligations which include, for instance:
    • Maintaining our business records;
    • Preventing fraud;
    • Complying with requests of public authorities; and
    • Conducting verification, vetting and background checks

Where we ask you for your Personal Data due to statutory or contractual requirements, we will indicate which information is voluntary. However, if you do not provide us with certain information voluntarily, we may not be able to provide you with the respective products or services, or respond to your requests, for which we need that information.

Data retention

We retain your data for the period strictly necessary to fulfil the purposes for which the data were collected and, for statutory purposes, no longer than 5 years.

Processing  means

Your Personal Data will mainly be processed with IT systems by authorized personnel specifically trained by PPG. We implement measures designed to ensure the application of the principles of fairness, legality and transparency laid down by the data protection legislation (including the GDPR), and protection of your privacy by means of technical and organizational security measures designed to prevent loss, unlawful and incorrect use of your data, and unauthorized access to it.

Sharing and disclosing your data

PPG uses third-party suppliers to guarantee the operation of the Website and provide you with the services offered on it (including Shopify as described below). In addition to disclosures required to comply with our legal obligations, your data may be communicated to PPG’s authorized personnel who have been suitably informed and trained, or to third parties’ personnel who work on PPG’s behalf and in accordance with its instructions as Data Processors. For full list of potential recipients of your Personal Data, consult our Privacy Statement for Europe.

PPG generally stores the European Union, but some data may be managed by suppliers located outside the European Union. In these cases PPG undertakes to guarantee appropriate protection and safeguarding of data subjects’ rights, including the use of standard contractual clauses provided by the European Commission. If you have specific questions or wish to obtain copy of these safeguards, please contact us by using the link provided in the How to Contact Us section below.


Our Website is hosted on Shopify Inc. They provide us with the online e-commerce platform that allows us to sell our products and services to you. Your Personal Data is stored through Shopify’s data storage, databases and the general Shopify application. They store your Personal Data on a secure server behind a firewall.

If you choose a direct payment gateway to complete your purchase, then Shopify stores your credit card data and is directly responsible for it. To learn more about how Shopify uses and protects your Personal Data, including payment data, you may want to read Shopify’s Privacy Policy here.

Your rights

You have the following rights:

  • Right to access: You may require us to provide you with confirmation as to whether we process your Personal Data and, where that is the case, obtain from us access to your Personal Data and information on how we process it.
  • Right to rectification: You may require us to correct inaccurate Personal Data concerning you or complete any such data, which is incomplete.
  • Right to erasure (“right to be forgotten”): Under certain circumstances, you may obtain from us erasure of your Personal Data.
  • Right to restriction of processing: Under certain circumstances, you may obtain from us restriction of the processing of your Personal Data.
  • Right to data portability: Where our processing of your Personal Data is based on your consent or on a contract between you and us, you may require us to provide you with your Personal Data which you have provided to us, in a structured, commonly used and machine-readable format and have the right to transmit such data to another controller without hindrance from us or, where technically feasible, to have the data transmitted directly from us to another controller.
  • Right to object: You may object to our processing of your Personal Data (i) for direct marketing purposes at any time; or (ii), on grounds relating to your particular situation, where we are performing a task in the public interest or pursuing our legitimate interests or those of a third party.

Where you have given us your consent to process your Personal Data, you can withdraw your consent at any time and at no cost with effect for the future. If you do, we will stop the respective processing of your Personal Data based on that consent. However, this may, for example, prevent us from providing you with certain services for which we processed your Personal Data.

If you would like to exercise any of the above rights, please contact us by using the link provided in the “How to contact us” section below.

In any case and at any time, you may lodge a complaint with the data protection authority.

How to Contact Us

Should you have any questions about this privacy statement or how we process your Personal Data or if you like to exercise your rights, please contact us by clicking here.

Updates to this Statement

This Statement may be updated from time to time. PPG will provide details of the last update at the end of this Privacy Statement.

Latest update: 29 May 2020