Quality natural handmade straw hats from the weavers to you
This policy sets out the basis on which any personal data we collect from you, or that you provide to us, or that we obtain from other sources will be processed by us when you:
use our website: www.ecohats.co.uk ;
use our services; and
purchase products from us.
BASIS FOR PROCESSING PERSONAL DATA
1.1 Sections 1.2 – 1.18 below explain how and why we process your personal data, as well as the legal basis on which we carry out this processing.
1.2 To enter into contracts with you: Where you order goods and/or services from us, we will process your personal data to process your order so that we can deliver these goods and/or provide services to you. Our use of personal data in this way includes sharing your personal data with our payment system provider, with delivery companies and other potential subcontractors.
The legal basis on which we process your personal data in this way is the necessity to be able to enter into and perform the contract for the sale of goods and/or services you have requested from us. If you do not wish to provide us with your personal data in this way, you will be unable to purchase goods and/or services from us.
1.3 To respond to your queries, refund requests and complaints: Handling the information you have sent us enables us to respond to you. We may also keep a record of these to inform any future communication with us and to demonstrate how we communicated with you.
The legal basis on which we do this are our contractual obligations to you, our legal obligations and our legitimate interests in providing you with the best service; and understanding how we can improve our service and products based on your experience.
1.4 To protect our business and your account from fraud and other illegal activities: This includes using your personal data to maintain, update and safeguard your account.
We'll also use your browsing activity with us to quickly identify and resolve any problems and protect the integrity of our websites. We'll do all of this as part of our legitimate interest.
For example, by checking your delivery addresses to identify potentially fraudulent transactions by third parties (eg if someone were to use your bank card).
1.6 To process payments and to prevent fraudulent transactions.
We do this on the basis of our legitimate business interests. This also helps to protect our customers from fraud.
1.7 To send you relevant, personalised communications by post in relation to updates, offers, services and products.
We'll do this on the basis of your consent.
You are free to opt out of hearing from us by emailing us at ecohatsuk@gmail.com
1.8 To send you communications required by law or which are necessary to inform you about changes to the services we provide you. For example, updates to this Privacy Notice, product recall notices; and legally required information relating to your orders. These service messages will not include any promotional content and do not require prior consent when sent by email or text message.
If we did not use your personal data for these purposes, we would be unable to comply with our legal obligations.
1.9 To display the most interesting content to you on our website, we'll use data we hold about your favourite brands or products, etc. We do so on the basis of your consent to receive notifications for our website to place cookies or similar technology on your device. We refer you to our Cookie Policy for this purpose.
For example, we might display a list of items you've recently looked at, or offer you recommendations based on your purchase history and any other data you've shared with us.
1.10 To administer any of our prize draws or competitions which you enter, based on your consent given at the time of entering.
1.11 To develop, test and improve the systems, services and products we provide to you.
We'll do this on the basis of our legitimate business interests.
For example, we’ll record your browser's Session ID to help us understand any feedback about any problems you're having.
1.12 To comply with our contractual or legal obligations to share data with law enforcement.
For example, when a court order is submitted to share data with law enforcement agencies or a court of law.
1.13 Sometimes, we'll need to share your details with a third party who is providing a service (such as delivery couriers). We do so to fulfil out contractual commitments to you in connection with sales and returns. Without sharing your personal data, we'd be unable to fulfil your request.
1.14 To provide products to others: Where you have provided personal data about another person (for example, where you order goods as a gift to be delivered to someone else), we need to process such personal data in order to provide these products to the other person or people. This will include sharing their personal data with delivery companies and other potential subcontractors. We need to process their personal data in this way to be able to provide them with the goods you have ordered for them from us.
The legal basis on which we process their personal data in these circumstances is our contract to provide the person you have identified and requested with the products you have ordered.
1.15 To make our website better: We may process your personal data in order to provide you with a more tailored user experience (such as displaying goods we believe you will be interested in, based on your purchase history and browsing habits, or allowing our shopping basket to remember what you have ordered from us). We may also use your personal data to make sure our website is displayed in the most effective way for the device you are using. This processing means that your experience of our site will be more tailored to you, and that the products you see on our site may differ from someone accessing the same site with a different purchase history or browsing habits.
We also use various cookies to help us improve our website (more details are set out in our Cookie Policy), and share your personal data with the third party analytics and search engine providers that assist us in the improvement and optimisation of our website.
We will also process personal data for the purposes of making our website more secure, and to administer our website and for internal operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes.
The legal basis on which we process personal data in these circumstances is our legitimate interest to provide you with the best customer experience we can; and to ensure that our website is kept secure.
1.16 Automated Processing:
We may carry out automated processing in order to tailor your experience of our website. We will automatically collect information about your browsing habits and purchase history in order to promote more relevant products and/or services to you when you visit our site.
This profiling will not have a significant impact on you or produce any legal effects.
The lawful basis on which we carry out this processing is our legitimate interests to provide you with the best customer experience, grow our business and make adverts relevant to you. You can opt-out of this processing by deleting or disabling cookies (see here),
1.17 For marketing purposes, where:
1.17.1 you have opted in to receive marketing communications from us, we will process your personal data to provide you with marketing communications in line with the preferences you have provided;
1.17.2 you have opted in via our site to receive marketing communications from a third party, we will process your personal data by transferring it to the relevant third party,
in each case, the legal basis on which we process your personal data is your consent.
You are not under any obligation to provide us with your personal data for marketing purposes; and you can withdraw your consent to your personal data being processed in this way at any time by contacting us (please see section 12) or, where relevant, by following the unsubscribe link in every email marketing communication you receive from us. If you do choose to withdraw your consent, this will not mean that our processing of your personal data before you withdrew your consent was unlawful.
1.18 If our business is sold: We will transfer your personal data to a third party:
1.18.1 in the event that we sell or buy any business or assets, in which case we will disclose your personal data to the prospective seller or buyer of such business or assets (at all times in accordance with all applicable data protection laws); or
1.18.2 if ECOHATUK or substantially all of its assets are acquired by a third party, in which case personal data held by ECOHATUK about its customers will be one of the assets transferred to the purchaser, in each case, the legal basis on which we process your data in these circumstances is our legitimate interest to ensure our business can be continued by a purchaser. If you object to our use of personal data in this way, the relevant seller or buyer of our business may not be able to provide good and/or services to you.
- CATEGORIES OF INFORMATION WE COLLECT FROM YOU
2.1 We will collect and process the following personal data about you.
2.2 Information you give us: This is information about you that you give us when filling in forms on our website, making a purchase from our website and in our shops, or by corresponding with us by phone, email or otherwise. It includes information provided when you register to use our website, use our services, participate in social media functions on our website, enter a competition, promotion or survey and when you report a problem with our website. The information you give us may include names, addresses, financial information, email addresses and phone numbers.
2.3 Information we collect about you: With regard to each of your visits to our website we will automatically collect the following information:
2.3.1 technical information, including the Internet protocol (IP) address used to connect your computer to the internet, your login information, browser type and version, time zone setting, browser plug-in types and versions, screen resolution, operating system and platform; and
2.3.2 information about your visit, including the full Uniform Resource Locators (URL), clickstream to, through and from our website (including date and time), page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs) and methods used to browse away from the page.
2.4 Information we receive from other sources: We may receive information about you when you use our site. We are also working closely with third parties (including, for example business partners, sub-contractors in technical, payment and delivery services, advertising networks, analytics providers, hosting providers and search information providers) from whom we may also receive information about you.
2.5 We do not process any special categories of personal data, meaning personal data revealing:
2.5.1 racial or ethnic origin;
2.5.2 political opinions; religious or philosophical beliefs or trade union membership;
2.5.3 genetic or biometric data that uniquely identifies you; or
2.5.4 data concerning your health, sex life or sexual orientation.
2.6 We do not collect data relating to criminal convictions or offences or related security measures.
- CATEGORIES OF RECIPIENTS OF PERSONAL DATA
3.1 The details in our Privacy Policy relating to third parties other than ECOHATUK are for your information only. We are not responsible for the privacy policies or practices of third party recipients of your personal data. Where third parties are recipients of your personal data from us, please read any information those third parties provide you about how, why and the legal basis for, their processing of your personal data and make your own enquiries in respect of them.
3.2 Your personal data may be shared by us with categories of recipients that include:
3.2.1 Business partners, suppliers and sub-contractors for the performance of any contract we enter into with you.
3.2.2 Analytics and search engine providers that assist us in the improvement and optimisation of our website.
3.2.3 In the event that we sell or buy any business or assets, in which case we may disclose your personal data to the prospective seller or buyer of such business or assets.
3.2.4 If ECOHATUK or substantially all of its assets are acquired by a third party, in which case personal data held by it about its customers will be one of the transferred assets.
3.2.5 Those third parties with whom you have agreed that we can share your information in order to alert you to offers and promotions of interest to you. You can withdraw your consent by emailing us at ecohatsuk@gmail.com
3.2.6 If we are under a duty to disclose or share your personal data in order to comply with any legal obligation, or in order to enforce or apply our terms and conditions and other agreements; or to protect the rights, property, or safety of ECOHATUK, our customers, or others. This includes exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction.
- COOKIES
4.1 Our website uses cookies to distinguish you from other users of our website. This helps us to provide you with a good experience when you browse our website and also allows us to improve our website. By continuing to browse the website, users are agreeing to our use of cookies.
4.2 A cookie is a small file of letters and numbers that we store on your browser or the hard drive of their computer. We only use (and store) non-essential cookies on your computer's browser or hard drive if you provide your consent.
4.3 Please refer to our Cookie Policy for more information on Cookies.
4.4 Please note that third parties (including, for example, advertising networks and providers of external services like web traffic analysis services) may also use cookies, over which we have no control. These cookies are likely to be analytical/performance cookies or targeting cookies.
4.5 You can block cookies by activating the setting on your browser that allows you to refuse the setting of all or some cookies. However, if you use your browser settings to block all cookies (including essential cookies) you may not be able to access all or parts of our website.
- USES MADE OF THE INFORMATION
5.1 We will combine the information you provide to us with information we collect about you. We will use this information and the combined information for the purposes set out above (depending on the types of information we receive).
- WHERE WE STORE PERSONAL DATA
6.1 Some of our suppliers are based outside the EEA.
6.2 Whenever we transfer personal data out of the EEA, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:
6.2.1 We will only transfer personal data to countries that have been deemed to provide an adequate level of protection for personal data by the European Commission.
6.2.2 Where we use certain service providers, we may use specific contracts approved by the European Commission which give personal data the same protection it has in Europe.
All information you provide to us is stored on secure servers and we have implemented measures designed to secure your personal information from accidental loss and from unauthorised access, use, alteration and disclosure. By submitting your personal information to us, you agree to the transfer of your personal information, its storage and processing.
Any payment transactions will be encrypted using PCI compliant technology.
Where we have given you a password (or where you have chosen one) to access certain parts of this Site, you are responsible for keeping this password confidential. We ask that you do not share a password with anyone.
Although we will do our best to protect your person data, ECOHATUK cannot guarantee the security of data transmitted via the internet. Any transmission is at your own risk.
- PERIOD OF STORAGE
7.1 Where you order goods and/or services from us, we will retain your data for a period of six (6) years after the goods were delivered and/or the services performed, to ensure that we are able to assist you should you have any questions or feedback in relation to our goods and/or services or to protect, or defend our legal rights.
7.2 Where we have processed your personal data to provide you with marketing communications with consent, we may contact you at least every twelve (12) months to ensure you are happy to continue receiving such communications. If you tell us that you no longer wish to receive such communications, your personal data will be removed from our lists.
7.3 Where we have processed your data for any other reason (such as where you have contacted us with a question in connection with our goods and/or services), subject to section 7.1, we will retain your data for twelve (12) months.
- YOUR RIGHT TO OBJECT UNDER DATA PROTECTION LAWS
8.1 You have the right to object to us processing your personal data where we are processing personal data:
8.1.1 based on our legitimate interests (as set out at section 1 above). If you ask us to stop processing your personal data on this basis, we will stop processing your personal data unless we can demonstrate compelling grounds as to why the processing should continue in accordance with data protection laws; and
8.1.2 for direct marking purposes. If you ask us to stop processing your personal data on this basis, we will stop.
In each case please do so by making contact with us directly (please see section 12).
- YOUR OTHER RIGHTS UNDER DATA PROTECTION LAWS
Right of access
9.1 You have the right to receive confirmation as to whether your personal data is being processed by us, as well as various other information relating to our use of your personal data. You also have the right to access your personal data which we are processing. You can exercise this right by making contact with us directly (please see section 12). We will deal with Access Requests for free, however we are entitled under the Act to refuse to process your request, or to charge for a request to meet our costs in providing you with details of the information we hold about you, if we feel the request is manifestly unfounded or excessive.
Right to rectification
9.2 You have the right to require us to rectify any inaccurate personal data we hold about you.
9.3 You also have the right to have incomplete personal data we hold about you completed, by providing a supplementary statement to us.
9.4 If you request a correction of your personal information we will take reasonable steps to check its accuracy and correct it.
Right to restriction
9.5 You have the right to restrict our processing of your personal data where:
9.5.1 the accuracy of the personal data is being contested by you;
9.5.2 the processing by us of your personal data is unlawful, but you do not want the relevant personal data erased;
9.5.3 we no longer need to process your personal data for the agreed purposes, but you want to preserve your personal data for the establishment, exercise or defence of legal claims; or
9.5.4 we are processing your data on the basis of our legitimate interest (as set out at section 1 above) and you:
9.5.4.1 object to our processing on the basis of our legitimate interest under section 8.1.1 above; and
9.5.4.2 want processing of the relevant personal data to be restricted until it can be determined whether our legitimate interest overrides their legitimate interest.
9.6 Where any exercise by you of your right to restriction determines that our processing of particular personal data are to be restricted, we will then only process the relevant personal data in accordance with your consent and, in addition, for storage purposes and for the purpose of legal claims.
Right to data portability
9.7 You have the right to receive your personal data in structured, standard machine readable format and the right to transmit such personal data to another controller.
Right to erasure
9.8 You have the right to require we erase your personal data which we are processing where one of the following grounds applies:
9.8.1 the processing is no longer necessary in relation to the purposes for which your personal data was collected or otherwise processed;
9.8.2 our processing of your personal data is based on your consent, you have subsequently withdrawn your consent and there is no other legal ground we can use to process your personal data;
9.8.3 you object to the processing in your personal data as set out in section 8.1.1 above and we have no overriding legitimate interest for our processing;
9.8.4 the personal data have been unlawfully processed; and
9.8.5 the erasure is required for compliance with a law to which we are subject.
9.9 On verification of your request for erasure, please note that we will endeavour to erase the relevant data as quickly as possible. We will try to comply with your request within one month, however please note that our catalogues are ordered in advance and that you may receive another catalogue after you make your request.
9.10 You have the right to lodge a complaint with the Information Commissioner's Office, the supervisory authority for data protection issues in England and Wales.
9.11 Exercising your rights: You can exercise your rights by making contact with us directly (please see section 12).
- LINKS ON OUR WEBSITE
Our website may, from time to time, contain links to and from the websites of our partner networks and affiliates. Our service connects you to different websites. If you follow a link to any of these websites or use our service, please note that you have left our website and these websites have their own privacy policies. We do not accept any responsibility or liability for these policies or websites. Please check these policies before submitting any personal data to these websites.
- CHANGES TO OUR PRIVACY POLICY
Any changes we make to our privacy policy in the future will be posted on this page and, where appropriate, notified to you by email. Please check back frequently to see any updates or changes to our privacy policy.
- CONTACT
Questions, comments and requests regarding this Privacy Policy are welcomed.
You can contact us by emailing us at ecohatsuk@gmail.com
This Privacy Policy was last updated on 18 October 2022.