Hector’s Post Privacy Policy Last updated 21-Dec 2021
Introduction Choosing to shop with Hector’s Post means you've placed a great deal of trust in us. In sharing your personal information we hope you in return benefit from a tailored and convenient user experience. With trust comes responsibility and we take this responsibility very seriously.
This Privacy Notice applies if you use our website, www.hectorspost.com, and it helps you to understand how we use your personal information, who we share it with and the rights that you have. For more information on your rights and how to exercise them, head straight to the Your Rights section later in this document.
We change the terms of this Privacy Notice from time to time and you should check it regularly. The last updated date is shown at the beginning of the document. If we make any material changes we will take steps to bring it to your attention. Who we are We are Hector’s Post Limited (“we”, “our”, “us”) and operate under the name of Hector’s Post. We are registered with company number 12668923.
We are the data “controller”, which means we are responsible for deciding how and why your personal information is used. We’re also responsible for making sure it is kept safe, secure and handled legally.
We operate to the highest standards when protecting your personal information and respecting your privacy. If you have any questions about your personal information, or how we use it, you can contact our Data Protection Team via email at info@hectorspost.com.
Your rights You have a number of ‘Data Subject Rights’, below is some information on what they are and how you can exercise them. There is more information on the Information Commissioners website www.ico.org.uk • Right of access - You have the right to request a free copy of the personal information that we hold about you. • Right to rectification – If you think any of your personal information that we hold is inaccurate, you have the right to request it is updated. We may ask you for evidence to show it is inaccurate. • Right to erasure (also known as the Right to be Forgotten) and the Right to restriction of processing – You have the right to request that we stop processing, or delete, all of your personal information that we hold. If you exercise this right we will keep a note of your name linked to your request and it won’t prevent us from processing any new information you provide to us subsequently. • Right to data portability – You have the right to ask us to electronically move, copy or transfer your personal information in a machine readable format. • Rights with regards to automated decision making, including profiling – We sometimes use your personal information to make decisions by automated means. This involves us analysing your account activity including applications, orders, payments etc. We do this to confirm your identity, prevent and detect crime. This automated decision making is necessary if you would like to continue to shop with us online. You have a right to reject automated decisions. • Right to withdraw Consent – Where we are relying on your consent for processing you can withdraw or change your consent at any time.
The above rights may be limited in some circumstances, for example, if fulfilling your request would reveal personal information about another person, if you ask us to delete information which we are required to have by law, or if we have compelling legitimate interests to keep it. We will let you know if that is the case and will then only use your information for these purposes. You may also be unable to continue using our services if you want us to stop processing your personal information.
If you have any general questions or want to exercise any of your rights please contact info@hectorspost.com. Our security procedures mean that we may need to request proof of identity before we disclose personal information to you in response to any request.
We encourage you to get in touch if you have any concerns with how we collect or use your personal information. You do however also have the right to lodge a complaint directly with the Information Commissioners Office, the data protection regulator in the UK, their contact details can be found on their website www.ico.org.uk
The lawful bases we use to process data We will only ever process your information if we have a lawful basis to do so. The lawful bases we rely on are; • Contract – This is where we process your information to fulfil a contractual arrangement we have made with you. • Consent – This is where we have asked you to provide explicit permission to process your data for a particular purpose. • Legitimate Interests - This is where we rely on our interests as a reason for processing, generally this is to provide you with the best products and service in the most secure and appropriate way. • Legal Obligation – This is where we have a statutory or other legal obligation to process the information, such as for the investigation of crime or to meet responsible lending criteria.
The information we collect and how we use it We collect and use the information that you provide to us directly, for example when you register for an account; we may keep records when you speak to our customer service teams; and we take personal information from a number of third parties to help us manage your account and improve your user experience. For more detailed information you can read the below which outlines how we use your personal information:
To process any orders that you place with us and to facilitate any returns (Contract) • We take payment details to process payment for any credit or debit card orders you place with us. We share these details with our chosen payment processors (for example Stripe or Paypal) • We use your account information plus your chosen delivery address details to; deliver your purchases and keep you informed of their status, and to process any returns including (where appropriate) collecting the item from you. • Our chosen payment processors store your payment card details at your request to speed up your checkout in the future (consent)
To provide customer service to you (Legitimate interest) • We may record calls and keep correspondence (customer service records) when you contact our customer service teams or interact with us on social media. We use these customer service records to manage your queries or complaints effectively, for quality monitoring and to continually improve our services.
To keep in touch with you (Legitimate Interest) • When you provide us with your contact details we start to keep you up to date with news of products and services including events, offers, promotions and sale information, unless you tell us you don’t want us to using the link in every email that we send to you. • When we send you communications we use records of any marketing we’ve sent to you, along with purchase history, to tailor the messages to include information you are most likely to be interested in. • We use your account information to notify you about important service messages, such as material changes to this policy, product recalls or information about your account.
To develop and improve our products, range and services (Legitimate Interest) • We may contact you to take part in customer satisfaction surveys, if you respond we collect your feedback and contributions (customer feedback). We use this information to develop the services we offer. • We work with information providers that specialise in consumer profiling. These organisations provide demographic or other data to help better understand customers' demographics, lifestyles or sopping behaviours, usually linked to the areas where people live. • We use information about how you browse and engge with our website to improve our websites. • We use all information, including third party data in the development of new products, services and systems to ensure they work as expected and will be useful to our customers.
To prevent and detect crime (Legitimate interest/Legal obligation) • We use your account information, order history and payment history to assist in monitoring for fraudulent transactions or suspected money laundering. • We use device identifiers and IP addresses in fraud prevention and investigation, and to maintain network and data security.
To fulfil our legal obligations (Legal obligation) • We use your data to ensure we comply with any requirements imposed on us by law or court order, including disclosure to law or tax enforcement agencies and authorities or pursuant to legal proceedings. • We will share data with regulatory and other official bodies if they make formal requests. • We will maintain records to meet regulatory and tax requirements. • We will use your account information to contact you in connection with product recalls or other similar product quality issues.
How long we keep it for We keep your personal information as long as you are a customer of ours and generally for seven years afterwards to comply with legal requirements. During that time we take steps to remove any personal data as soon as we no longer need it.
We consider you a customer • for 2 years from the point you last made a purchase from our website, or • during any time we are managing a customer service request from you.
Third Parties we share data with and receive data from We work with a number of trusted third parties to provide you high quality goods and services. Anybody we work with is subject to stringent security and data privacy assessments before we begin to do business with them and on an ongoing basis.
We always make efforts to anonymise data and only pass over personal information that is absolutely necessary for the purposes it is being processed. We always do so securely.
We have contracts in place with all suppliers that help us to ensure security and privacy of your personal information, these are reviewed and updated regularly and always in line with data protection laws. • Manufacturing Partners – Creating the goods and fulfilling the orders. • Delivery Partners – Helping us to deliver the goods you order to you including our brand partners that dispatch and deliver goods to you directly. • IT Companies – Supporting us in maintaining our website and other business systems including; providing phone lines, data storage facilities, and providing and supporting Cloud based infrastructure used in providing our products and services. • Marketing Companies and Online Advertising - Helping us to manage our electronic communications to you and to help us show you the advertising you are most likely to be interested in, Companies that provide marketing and advertising assistance (including management of email marketing operations, mobile messaging services such as SMS, and services that deploy advertising on the internet or social media platforms, such as Facebook and Google) as well as analysis of the effectiveness of our advertising and communications campaigns. • Payment processors - Payment card processors to process credit and debit card payments and store payment information; for example Stripe and Paypal.
Third-party apps, websites and services If you use any third-party apps, websites or services to access our services, your usage is subject to the relevant third party's terms and conditions, cookies policy, and privacy notice. For example, if you interact with us on social media, your use is subject to the terms and conditions and privacy notices of the relevant social media platform (Facebook, Twitter etc.). The same stands if you use third-party services, like Amazon's Alexa, as your use of the service is subject to their applicable terms and conditions. We may be required to share customer information relating to transactions and use of such third party services with that third party.
How you can get in touch
Should you need to contact us please use info@hectorspost.com.