Date of last revision: May 2018
The privacy notice informs you of:
For the purposes of the General Data Protection Regulation (GDPR), the “data controller” is HUS & HEM Ltd of 12 High Street, Ledbury, Herefordshire, United Kingdom, HR8 1DS, which is registered with the ICO with the registered number ZA179274. Our registered VAT number is GB948535091.
A “data controller” means that we are responsible for deciding how we hold and use your personal information. By registering or placing an order on this website, you consent to the collection, use and transfer of your information under the terms of this policy.
For simplicity throughout this notice, ‘we’ and ‘us’ refers to Hus & Hem Ltd.
For the purpose of our business, we may collect the following personal data when you contact, visit, register or order products or services with us:
2.1. Personal details and contact information, for example
Name and title
Date of birth
For your security your login password is encrypted
2.2. Payment card details
Your credit and/or debit card details. Hus & Hem will not receive this information
When you contact us by email or telephone or through any contact form provided on the Website, we may ask you to provide some or all of the information set out in paragraphs (2.1) and (2.2).
2.3. Image data, for example
Your image may be recorded on CCTV when you visit our shop
2.4. Order information, for example
Information about payments and refunds to and from you
Details of products you have purchased from us
2.5. Website data, for example
Login data, browser type and version, and plug-ins
Internet protocol (IP) address
2.6. Usage data, for example
Information about how you use our website
Information about you from messages you post to the website or on social media and e-mails or letters you send to us
2.7. Newsletter Subscription
We obtain your personal data when you create an account with us, buy our products online or in our store, sign up to our newsletter, or request information by letter, email or over the phone.
We will only use your personal information when the law allows us to. Generally, we will use your personal information as follows:
Where we need to perform the contract we have entered into with you
Where we need to comply with a legal obligation
Where it is necessary for our legitimate interests and your interests and fundamental rights do not override those interests.
We may also use your personal information in the following situations, which are likely to be rare:
Where we need to protect your interests (or someone else’s interests)
Where it is needed in the public interest.
Your information will enable us to provide you with access to all parts of our website and to supply the goods, services or information you have requested. It will enable you to participate in interactive features of our service, when you choose to do so. It will also enable us to process your order and to contact you where necessary concerning your order. Further, where you have consented, we might also use your information to let you know by email about other products and services that we offer. If you have chosen to receive newsletters via email and wish to “unsubscribe” you can do so by clicking the unsubscribe link at the bottom of any newsletter that we send you.
We will not sell, distribute or disclose information about you as an individual or your personal usage of the site without your consent.There are only three circumstances where we may share some of your data with others:
With agents (Sage Pay & Paypal, our online payment processing services, delivery companies and data processing analysts) that we use to process the orders you place with us or who assist us in the service we provide to you. In these instances, we provide them with only the information they need to perform their function. We require all such third parties to treat your personal data as fully confidential and to fully comply with all applicable UK Data Protection and Consumer Legislation.
To the extent required by law, police, court order or as requested by al information as fully confidential and to fully comply with all applicable UK Data Protection or Consumer Legislation.
In the unlikely event that our business assets are ever sold to or purchased by another company (our data records are part of our business).
We will only retain your personal information for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements. At the end of a retention period, your data will either be deleted or anonymised. For example, we are required by UK tax law to keep certain information for a minimum of six years.
Although we are based in Ledbury, Herefordshire, UK, your data may be transferred to countries outside the European Union (EU).
We employ the appropriate security measures to protect your information from access by unauthorised persons and against unlawful processing, accidental loss, destruction and damage. In addition, we limit access to your personal information to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal information on our instructions and they are subject to our Processor Agreement.
All credit/debit card payments are processed through Sage Pay, which provides a secure payment gateway (256-bit SSL certificate) processing payments for thousands of online businesses, including ours. It is Sage Pay’s utmost priority to ensure that transaction data is handled in a safe and secure way.
Every time you enter an area of the site that carries or requires sensitive information such as your credit card details, an icon resembling a padlock will appear somewhere within the browser window dependant on the browser you are using. This indicates that the site is secure. You can click on the padlock to see more information.
We have put in place procedures to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so.
When we provide services, we want to make them easy, useful and reliable. Where services are delivered on the internet, this sometimes involves placing small amounts of information on your device, for example, your computer or mobile phone. These include small files known as cookies. They cannot be used to identify you personally.
We use only first party cookies: these are our own cookies, controlled by us and used to provide information about usage of our site.Overall, cookies help us provide you with a better website, by enabling us to monitor which pages you find useful and which you do not. A cookie in no way gives us access to your computer or any information about you, other than the data you choose to share with us.
Alternatively, you may wish to visit ico.org.uk, which contains comprehensive information on how to do this on a wide variety of browsers. You will also find details on how to delete cookies from your machine as well as more general information about cookies.
Please be aware that restricting cookies may impact on the functionality of our website.
Under the GDPR, you have the right to obtain:
Confirmation that your data is being processed
Access to your personal data
Other supplementary information in the privacy notice
In response to a subject access request, we will provide you with the necessary information according to the GDPR guidelines within a month and generally free of charge. However, we can charge a ‘reasonable fee’ when a request is manifestly unfounded or excessive, especially if it is repetitive.
You have the right to have inaccurate personal information amended, for example if you have moved house or changed contact details. It is your responsibility to ensure the information we hold is accurate and up-to-date.
In certain circumstances, you have the right to have personal data we hold about you erased.
Further information about your rights is available on the ICO’s website:https://ico.org.uk
All comments, queries and requests relating to our use of your information are welcomed and should be addressed to HUS & HEM Ltd:
12 High Street, Ledbury, Herefordshire, HR8 1DS
Or via email on firstname.lastname@example.org