For the purposes of this policy, hush homewear ltd is the Data Controller. The policy has been updated to incorporate the General Data Protection Regulations 2018 (otherwise known as GDPR) and we are committed to protecting your privacy in accordance with this legislation and any other relevant legislation.
If you have any questions at all, please email us at firstname.lastname@example.org, or in writing to:
Data Protection Officer
37-38 Spaces Business Centre
What type of information do we collect?
You can browse this website without being asked to provide any personal information, but we obviously require a certain amount of information from you to allow us to fulfil your order, answer your queries and offer you the best possible shopping experience.
We only ever ask you to provide the minimum required to allow us to do that – name, address (including delivery address, if different), email and telephone number.
We ask you for payment card details in order to process payment for your order, but we do not store these. (In addition, we are certified as being PCI-DSS compliant, so the transaction is as safe as we can reasonably make it.)
Apart from that, we use web analytics tools when you browse the website that may record things like your IP address, browser type, browser plug-ins, operating system, time zone settings etc.
If you make a purchase from us, we record details of any transactions you have made, including the products (or services) you have bought from us.
We do NOT knowingly collect or store anything that is categorised as sensitive under the terms of the GDPR, including racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, health, sex life or sexual orientation, and genetic and/or biometric data.
How do we use this information?
We use this information to provide you with the products and services we offer and to make your experience easier and more enjoyable.
Principally, that means:
- Processing your order
- Keeping you up-to-date on what’s happening at hush
- Improving our products and services
We do this on the basis that it is necessary to fulfil our contract with you or to meet our legitimate business interests (where of course they don’t compete with your rights).
Contractual necessity, for instance, includes identifying you, responding to enquiries you may have, providing requested services (including processing orders and refunds), allowing you to register and set up an account on our website etc.
Legitimate interest includes fraud prevention, website security, personalising your online experience, allowing you to leave reviews and keeping you informed of new collections, promotions etc.
You always have the right to withhold your personal information or request that we not process it. (See more about your rights below.) However, that may result in us not being able to provide products and services to you or our service being significantly impaired.
For instance, our communications are designed to tell you about the benefits we can offer, so that you have exclusive access to our best deals. We use the information we have about you to tailor the content and try to ensure that the offers are as relevant to you as possible.
In addition, we may be required by law (legal compliance) to process your personal data - for instance, to comply with a court order.
Do we share this information with any third parties?
We have to share your personal information with a number of third parties to allow us to provide the services we do.
For instance, processing your order involves sharing information with our payment service providers (who process the payment), our warehouse provider (who prepares your order for despatch), our couriers (who deliver the order to you), our email service provider (who send out the order confirmation email) and our independent review partner (who will email you to invite you to leave a review of your order).
Keeping you up-to-date regarding new collections etc. involves sharing your information with our data marketing agency and mailing house (who we use to send out our catalogues) and our email service provider (who we use to send out the marketing emails), plus we use digital marketing networks, specific services (like Google Match and Facebook Custom Audiences) and various advertising partners to ensure we only show you adverts that are relevant to you.
Analysing sales and customer behaviour involves sharing information with our data marketing agency, as well as technology providers who help us understand how we can provide you with better products and a better service.
Finally, if you have indicated that you are happy to receive catalogues from like-minded brands, we will also share your information with data co-operatives.
In all instances, we share only the minimum information required and we have agreements in place with all these partners to ensure that they treat your personal information with the same care that we treat it.
Do we share it with anyone else?
If you have indicated that you are happy to receive catalogues from like-minded brands, we will also share your information with data co-operatives.
They include Epsilon Abacus, a company that manages the Abacus Alliance on behalf of UK retailers. The participating retailers are active in the clothing, collectables, food & wine, gardening, gadgets & entertainment, health & beauty, household goods, and home interiors categories – and share information on what their customers buy. Epsilon Abacus analyses this pooled information to help the retailers understand consumers’ wider buying patterns. From this information, retailers can tailor their communications, sending people suitable offers that should be of interest to them, based on what they like to buy.
Please note that Epsilon Abacus may transfer data outside the EEA. The transfer will take place in the presence of appropriate safeguards, including standard data protection clauses adopted by the EU Commission.
What communication will you receive from us after you place an order?
We will ordinarily send you an email confirming the order; a further email when the order has been despatched (with tracking number); and, if you return any part of the order, an email confirming that you have been refunded.
In addition, you will receive an email about 10 days after you have placed the order from our independent review partner inviting you to leave a review of your purchases on our website.
Will you receive marketing communications from us?
We would like to contact you by post (in the form of a catalogue) and/or by the email to show you our new collections, let you know about promotions, offer styling advice etc.
When you place an order with us, therefore, you should expect to receive marketing emails and catalogues from us unless you opt out at the point of creating an account or during the checkout process.
However, you have the right at any stage to change your mind and unsubscribe (or indeed resubscribe). Please see below for details.
How can you unsubscribe from marketing communications?
If you no longer wish to receive marketing communications from us, we're committed to making it as easy as possible to unsubscribe.
Every marketing email we send out has an unsubscribe link at the bottom. Every catalogue you receive has instructions on the back about how to opt out of future mailings.
If you are a registered user of our website, you can also log in to your account and adjust your marketing preferences.
Alternatively, you can email us directly at email@example.com to let us know what marketing communications you want - or don’t want - to receive and we will adjust your preferences accordingly.
Please note that we will act on all requests as quickly as possible, but the nature of catalogue mailings in particular means that it may take a couple of weeks to take effect.
How can you find out what information about you we hold? (Right of access)
You have the right to know what personal data we hold and how it is being processed.
You should make any request by email to firstname.lastname@example.org, or in writing to:
Data Protection Officer
37-38 Spaces Business Centre Ingate Place
We will ordinarily provide the following free of charge and within 30 days of the request:
- Confirmation of what personal data we hold about you and where it is held;
- A copy of the data;
- Any supporting documentation
However, please note that we may charge a fee if a request is deemed excessive or unfounded. We may also extend the time period to respond by a further 60 days if the request is very complex or we are responding to numerous requests.
In either instance, we will contact you to explain the reason for any delay/fee.
Can you request your personal information be provided in a certain format? (Right of portability)
In addition to the above right of access, you can normally ask us to provide a copy of any information in a commonly used machine-readable format.
Can you ask to have your personal information deleted? (Right to be forgotten)
You have the right to ask us to remove any personal information that you no longer want us to hold (unless we are required by law to retain it).
You should make any request by email to email@example.com (or by post to the above address).
We will delete or anonymise any information that is stored by us (or by any third party who processes the data on our behalf).
However, please note that we can only do this when an order is complete - and, after your data has been deleted, we will not be able to identify you, so we cannot accept any returns or answer questions around previous orders etc.
How can you correct personal information that is inaccurate? (Right of rectification)
You should make any request by email to firstname.lastname@example.org (or by post to the above address), specifying what information you believe to be incorrect and what the correct information is.
Please note that in all the above instances we will ask you to provide proof of your identity to ensure that you are the owner of the personal information in question. We reserve the right not to comply with the request if we are not satisfied that the proof of identity provided.
How long do we keep your personal information?
We keep your information on our databases until you ask us to delete it or for as long as it is relevant. That means we will delete it if you have not interacted with us for a while and we believe you have no intention of doing so in the future.
The exact time period for this is kept under constant review.
How is this information stored and transmitted?
We have security measures in place to restrict access to your data, to maintain data integrity and to prevent data loss.
Data can only be accessed or processed by employees of hush or third parties with whom we have appropriate contractual arrangements.
We use technologies like SSL, password protection and encryption to ensure that it is stored and transmitted securely.
And we regularly review all procedures, including how – and how much - information is stored in order to minimise any risk.
However, while we will always do our best to keep your data secure, we cannot completely guarantee the security of data transmitted to us. For instance, if you use a password to access your account online, please make sure you keep the password to yourself. Any transmission of data is always at your own risk.
Last updated July 25 2018