This policy explains how we handle and use your personal information in connection with our website and services and your rights in relation to it. Under data protection law, H.Menzies Trading Ltd is the controller of that information.
H.Menzies Trading Ltd is committed to protecting and respecting your privacy in compliance with the new General Data Protection Regulation (GDPR)
This policy applies to our website located at hayleymenzies.com and related websites, social media accounts, our Facebook & Instashop and the services you can access through them.
H.Menzies Trading Ltd is the controller in relation to the processing activities described below. This means that H.Menzies decides why and how your personal information is processed in connection with those activities. Please see the section at the end of this policy for our contact and legal information.
The Site is intended for use by individuals aged 16 and over. We do not knowingly collect personal information about children. If you are under the age of 16, please do not use the Site.
Information We Collect About You
We receive personal information about you that you give to us (i.e. contact details, information you submit online via our Site and correspondence), that we collect from your use of the Site (i.e. device and Site activity data, traffic data and communication data) and that we obtain from other sources (i.e. account setup details). We only collect personal information that we need and that is relevant for the purposes for which we intend to use it.
Personal Information You Give Us
This is information about you that you give to us by entering information via the Site or our social media pages or by corresponding with us by phone, email or other means and is provided by you entirely voluntarily. The information you give to us can include your name, title and contact details (such as phone number, email address, postal address, social media handle), enquiry details, your opinion of our products, your comments on them and services and certain marketing preferences.
If you do not provide this information to us we may not be able to contact you and/or resolve your queries effectively.
Information We Collect About You From Your Use Of The Site
Each time you use the Site we automatically collect the following information:
- the following technical information: a unique identification code for our authentication system, the internet protocol (IP) address of your device and details regarding the type of browser software you use to access the Site;
- details of your use of the Site, namely traffic data, and other communication data, including where and when you clicked on certain parts of the Site and details of the webpage from which you visited it; and
- If you do not provide this information, you may be unable to access some or all of the Site or its features.
Information We Collect About You From Other Sources
Use of your personal information
We use your personal information for a variety of reasons. We rely on different legal grounds to process your personal information, depending on the purposes of our use and the risks to your privacy. You will only receive unsolicited marketing communications from us if you have consented and can opt-out of receiving them at any time. We do not share your personal information with companies that would send their marketing to you.
We use your personal information in the following ways:
Where You Have Provided Consent
We may use and process your personal information where you have consented for us to do so for the following purposes:
- to contact you via email (as you have indicated) with marketing information about our products, exciting product launches, events, promotions and general marketing communications; and
- to supply e-newsletters, brochures, marketing or other material you have specifically requested from us.
You may withdraw your consent for us to use your information in any of these ways at any time.
Where Required To Comply With Our Legal Obligations
We will use your personal information to comply with our legal obligation to keep a record relating to the rights you exercise in connection with our processing of your personal information.
Where Processing Is Necessary For Us To Pursue A Legitimate Interest
We may use and process your personal information where it is necessary for us to pursue our **legitimate interests** as a business for the following purposes:
Processing necessary for us to promote our business, brands and products
- Processing necessary for us to promote our business, brands and products and measure the reach and effectiveness of our campaigns
- for analysis and insight conducted to inform our marketing strategies, and to enhance and your visitor experience;
- to identify and record when you have received, opened or engaged with our website or electronic communications
- if you are a corporate subscriber, to contact you by email or by telephone with marketing information about our
- products and services (other than where we have asked you for your consent).
- to send you an electronic communication if you have closed your browser with items in your shopping basket; and
- in some cases we may use automated methods to analyse, combine and evaluate information that you have provided to us. We collect and analyse this information in this way so that we can deliver the most appropriate customer experience to you by tailoring and making relevant all our service and communications.
Processing necessary for us to support customers and users with sales and other enquiries
- to correspond and communicate with you in connection with the services we offer;
- to train and monitor our staff and to identify ways of improving their call handling and your customer service experience;
Processing necessary for us to respond to changing market conditions and our customer's needs
- for market research in order to improve the products and services that we deliver to you
Processing necessary for us to operate the administrative and technical aspects of our business efficiently and effectively:
- to administer the Site and our social media pages and for internal operations, including troubleshooting, testing and statistical reporting purposes;
- for the prevention of fraud and other criminal activities;
- to verify the accuracy of information we hold about you and create a better understanding of you as an account holder or visitor;
- for network and information security purposes in order for us to take steps to protect your information against loss or damage, theft or unauthorised access;
- to comply with a request from you in connection with the exercise of your rights (for example where you have asked us not to contact you for marketing purposes, we will keep a record of this on our suppression lists in order to be able to comply with your request);
- for the purposes of a corporate restructure or reorganisation or sale of our business or assets;
- for efficiency, accuracy or other improvements of our databases and systems e.g. by combining systems or consolidating records we or our group companies hold about you;
- to enforce or protect our contractual or other legal rights or to bring or defend legal proceedings; and
- for general administration including managing your queries, complaints, or claims, to send service messages and to provide you with important information about our business.
Where Necessary For The Performance Of Our Contract
We will use your personal information where this is necessary for us to perform our contract with you or to carry out any pre-contract steps you’ve asked us to so that you can enter into that contract, for the following purposes:
- to process and deliver your order;
- to process your payment card or bank details when taking payment for your orders or when providing a refund;
As described above, if we specifically request your permission to send (or you specifically ask us to send) you newsletters, marketing material or to notify you of special events, offers, promotions, competitions or new products and services by email, we rely on your consent to do so. If you do not wish to receive email communications from us, please inform us by using the unsubscribe link at the bottom of each email, or by sending an email to firstname.lastname@example.org
Otherwise we process your personal information for direct marketing purposes on the basis that it is necessary for us to pursue our legitimate interests as a business (see above in this section for further details). We try to tailor and personalise any marketing communications that we send to you, for example, by notifying you of products, services, offers or promotions that apply to your interests, location. If you do not wish to receive marketing communications from us, you can opt-out at any time by using the unsubscribe link inside the email or by sending an email to email@example.com
Disclosure of Your Personal Information By Us
We only disclose your personal information outside our business in limited circumstances. If we do, we will put in place a contract that requires recipients to protect your personal information, unless we are legally required to share that information. Any suppliers or other recipients that work for us will be obliged to follow our instructions.
We may disclose your information to our third party service providers, agents and subcontractors (suppliers) for the purposes of providing services to us or directly to you on our behalf, including the operation and maintenance of our Site and social media pages. Our Suppliers can be categorised as follows:
Banks, payment processors
- HSBC, Shopify
Cloud software system providers, including database, email and document management providers – EEA
Delivery and mailing services providers –
- Interparcel, Royal Mail
Website and data analytics platform providers
- Shopify, Mailchimp, Google Analytics
Website and App developers – WORLDWIDE
When we use Suppliers, we only disclose to them any personal information that is necessary for them to provide their services and only where we have a contract in place that requires them to keep your information secure and not to use it other than in accordance with our specific instructions.
Security And Links To Other Websites
We take the security of your personal information seriously and use a variety of measures based on good industry practice to keep it secure. Nonetheless, transmissions over the internet and to the Site may not be completely secure, so please exercise caution. When accessing links to other websites, their privacy policies, not ours, will apply to your personal information.
We employ security measures to protect the information you provide to us, to prevent access by unauthorised persons and unlawful processing, accidental loss, destruction and damage. Unfortunately, the transmission of information via the internet is not completely secure. Although we will do everything possible to protect your personal information, we cannot guarantee the security of any personal information you disclose online. You accept the inherent security implications of using the internet and will not hold us responsible for any breach of security unless we are at fault.
In addition, if you linked to the Site from a third party website, we cannot be responsible for the privacy policies and practices of the owners and operators of that third party website and recommend that you check the policy of that third party website.
The Periods For Which We Retain Your Personal Information
We will not hold your personal information in an identifiable format for any longer than is necessary for the purposes for which we collected it. The periods for which we hold your personal information will depend on the type of personal information and whether you are a user of the subscription services we provide to a subscribing client or of a prospective/trialling client, or a visitor to the Site. These periods also apply where we share your information with suppliers who process your personal information on our behalf.
We (and the suppliers we instruct) retain your personal information for the following periods:
|Type of personal information||When do we receive your personal information?||How long do we keep your personal information after we receive it?|
|IP addresses and type of device||From when you use the Hayley Menzies website||1 year|
|Location and frequency of your visits||From when signed up to our newsletter||Ongoing for active users|
|Social media handles||When you like or follow a Hayley Menzies account||Ongoing until you remove 'link' (i.e. unfriend, unfollow etc.) to Hayley Menzies social accounts or request comment removed as inappropriate.|
|Details regarding when you have consented to receiving marketing from us||When form completed||We keep an ongoing record from when form was completed|
|Name, email address, telephone number, postal address, date of birth, your marketing preferences||Signed up to received marketing||Data is retained ongoing if customer is active (i.e. opened trackable Marketing Comms within the last 5 years).|
In relation to any period mentioned above, we will retain your personal information from the expiry of that period until the start date of our next financial year to allow us to manage the deletion/destruction process efficiently.The only exceptions to the periods mentioned above are where:
- you exercise your right to have the information erased (where it applies) and we do not need to hold it in connection with any of the reasons permitted or required under the law.
- you exercise your right to require us to retain your personal information for a period longer than our stated retention period.
- we bring or defend a legal claim or other proceedings during the period we retain your personal information, in which case we will retain your personal information until those proceedings have concluded and no further appeals are possible.
- the terms of our contract with our client under which you access our subscription services require that we delete, destroy or return your personal information sooner; or
- in limited cases, existing or future law or a court or regulator requires us to keep your personal information for a longer or shorter period.
We retain an anonymised version of the submitted personal information for as long as we require it for reporting and other statistical and analytical purposes. Such anonymised information will not identify you and may be derived from personal information that was contained within accounts that have subsequently been deleted.
Your Rights Over Your Personal Information
You have a number of rights in relation to your personal information under data protection law. In relation to certain rights, we may ask you for information to verify your identity and, where applicable, to help us to search for your personal information. Except in rare cases, we will respond to you within 30 days after we have received this information or, where no such information is required, after we have received full details of your request.
You have the following rights, some of which may only apply in certain circumstances:
- to be informed about the processing of your personal information (this is what this statement sets out to do);
to have your personal information **corrected if it is inaccurate and to have incomplete personal information completed
- The accuracy of your information is important to us and we are working on ways to make it easier for you to review and correct the information that we hold about you. In the meantime, if you change your name or address/email address, or you discover that any of the other information we hold is inaccurate or out of date, please let us know by contacting us in any of the details described at the end of this policy.
to object to processing of your personal information
- Where we rely on our legitimate interests as the legal basis for processing your personal information for particular purposes, you may object to us using your personal information for these purposes by emailing or writing to us at the address at the end of this policy. Except for the purposes for which we are sure we can continue to process your personal information, we will temporarily stop processing your personal
to withdraw your consent to processing your personal information
- Where we rely on your consent as the legal basis for processing your personal information you may withdraw your consent at any time by contacting us using the details at the end of this policy. If you would like to withdraw your consent to receiving any direct marketing to which you previously opted-in, you can also do so using our unsubscribe link at the bottom of our emails. If you withdraw your consent, our use of your personal information before you withdraw is still lawful.
- to restrict processing of your personal information
You may ask us to restrict the processing your personal information in the following situations:
- where you believe it is unlawful for us to do so,
- you have objected to its use and our investigation is pending or you require us to keep it in connection with legal proceedings.
In these situations, we may only process your personal information whilst its processing is restricted if we have your consent or are legally permitted to do so, for example for storage purposes, to protect the rights of another individual or company or in connection with legal proceedings.
to have your personal information erased
- In certain circumstances, you may ask for your personal information to be removed from our systems by emailing or writing to us at the address at the end of this policy. Unless there is a reason that the law allows us to use your personal information for longer, we will make reasonable efforts to comply with your request.
to request access to your personal information and information about how we process it
- You have the right to ask for a copy of the information that we hold about you by emailing or writing to us at the address at the end of this policy. We may not provide you with a copy of your personal information if this concerns other individuals or we have another lawful reason to withhold that information.
- to electronically move, copy or transfer your personal information in a standard form (data portability) Where we rely on your consent as the legal basis for processing your personal information or need to process it in connection with a contract in place directly with you, you may ask us to provide you with a copy of that information in a structured data file. We will provide this to you electronically in a structured, commonly used and machine readable form, such as a CSV file. and
If you would like to find out more information about each of your rights please contact us using the details at the end of this policy.
You have the right to lodge a complaint with a data protection regulator in Europe, in particular in a country you work or live or where your legal rights have been infringed. The contact details for the Information Commissioner’s Office (ICO), the data protection regulator in the UK, are available on the ICO website, where your personal information has or is being used in a way that you believe does not comply with data, however, we encourage you to contact us before making any complaint and we will seek to resolve any issues or concerns you may have.
If you are a resident of the EEA, you have the right to access the Personal Information we hold about you, to port it to a new service, and to ask that your Personal Information be corrected, updated, or erased. If you would like to exercise these rights, please contact us through the contact information below.
Your Personal Information will be initially processed in Ireland and then will be transferred outside of Europe for storage and further processing, including to Canada and the United States. For more information on how data transfers comply with the GDPR, see Shopify’s GDPR Whitepaper: help.shopify.com/en/manual/your-account/privacy/GDPR
If you are a resident of California, you have the right to access the Personal Information we hold about you (also known as the ‘Right to Know’), to port it to a new service, and to ask that your Personal Information be corrected, updated, or erased. If you would like to exercise these rights, please contact us through the contact information below. If you would like to designate an authorised agent to submit these requests on your behalf, please contact us at the address below.
Please check this page regularly for changes to this policy. We will notify you of changes via your account and/or by email (if we hold a valid email address for you).
We may review this policy from time to time and any changes will be notified to you by posting an updated version on this Site and/or by contacting you by email or via your account. Any changes will take effect 7 days after we post the modified terms on our website or after the date we notify by email or via your account. We recommend you regularly check for changes and review this policy when you visit this Site. If you do not agree with any aspect of the updated policy, you must promptly notify us and cease using this Site.
A cookie is a small amount of information that’s downloaded to your computer or device when you visit our Site. We use a number of different cookies, including functional, performance, advertising, and social media or content cookies. Cookies can improve your browsing experience by allowing the website to remember your actions and preferences. This means you don’t have to re-enter this information each time you return to the site or browse from one page to another. Cookies also provide information on how people use the website, for instance whether it’s their first time visiting or if they are a frequent visitor.
Some cookies are necessary for the functioning of the store, however if you wish to opt-out or in of any reporting, tracking, or analytics cookies you can do so below.
The length of time that a cookie remains on your computer or mobile device depends on whether it is a “persistent” or “session” cookie. Session cookies last until you stop browsing and persistent cookies last until they expire or are deleted. Most of the cookies we use are persistent and will expire between 30 minutes and two years from the date they are downloaded to your device.
You can control and manage cookies in various ways. Please keep in mind that removing or blocking cookies can negatively impact your user experience and parts of our website may no longer be fully accessible. Most browsers automatically accept cookies, but you can choose whether or not to accept cookies through your browser controls, often found in your browser’s “Tools” or “Preferences” menu. For more information on how to modify your browser settings or how to block, manage or filter cookies can be found in your browser’s help file or through such sites as allaboutcookies.org.
Contact And Legal Information
You can contact us with your queries in relation to this policy or for any other reason at any time.
To contact us for any reason, including to exercise any of your rights in relation to your personal information, please write to the Data Protection Manager at the address below or email us at firstname.lastname@example.org
H.Menzies Trading Ltd. VAT number is GB132397222 and registered office address is at 1B Bracewell Road, London W10 6AE