Last Updated 07.04.22
For the purposes of applicable data protection legislation, Halcyon Days Ltd, whose registered office is at 251 Brompton Road, London, SW3 2EP (‘we’, ‘our’, or ‘us) is the ‘controller’ of your personal information. This means we decide why and how your personal information is used and are responsible for protecting it. Please refer to the end of this policy for our contact and company information. We work with other, more independent, organisations in connection with some of the processing activities described in this notice, such as social media platforms and our group companies. Where that information is collected and sent to other organisations for processing that is in both our and their interests, we will be making decisions together in relation to that particular processing and will be ‘joint controllers’ with the organisations involved. As joint controllers, we and the other organisations involved in making these decisions will be jointly responsible to you under data protection laws for this processing. In other circumstances, the organisation receiving your information will be separately responsible to you and use your personal information in the ways described in its privacy statement (and not ours).
- INFORMATION WE COLLECT
When you use the website or interact with us offline we collect and use information about you in the course of providing you with our products and services and with customer support. We may collect some or all of the information listed below to help us with this:
- information that you submit online via the Website or give to us by phone or via the webchat function, including your name, contact details, date of birth, age, preferences, login credentials (including login credentials that you have instructed third parties to send to us) and bank details. We collect this in a number of ways, including when you register for an account with us and/or make a purchase online or via the phone;
- information that you submit via any contact forms on the Website and any correspondence we have with you over email or phone or via the webchat function on the Website;
- details of transactions you carry out or orders you place through the Website, or by phone;
- details of your marketing preferences;
- details when you enter a competition or prize draw, including any personal information contained in the entry itself;
- your social media handle, any information you post on our social media pages or posts in which you include a hashtag or mention relating to us and information regarding your activities on our social media pages generally (for example, the time and date of your posts);
- interest-based groups, including those we create or use from social media or other sources, to understand our audience and which we use to send the more relevant and targeted communications. Examples of groups used by us, which we refer to as “Segments” in this notice, include the following: age and socio-demographic data, interests and hobbies, location, purchase history and customer spending habits
- extra information that you choose to tell us;
- details of any complaints or incidents experienced whilst using our products that you disclose to us over email or by phone or using the webchat feature on the Website; and,
- technical information about your visit, including details of your visits to the Website and your navigation around the Website, traffic data, communication data, information about the device you use to access the Website, your Internet protocol (IP) address used to connect your computer to the Internet, your login information, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform.
Some of the personal information we collect from you is required to enable us to fulfil our contractual duties to you or to others. For example, when buying products from us, we need to collect your financial details in order to be able to process your payment. Other items may simply be needed to ensure that our relationship can run smoothly.
Depending on the type of personal information in question and the legal grounds (i.e. the ‘lawful bases’) on which we may be processing it, should you decline to provide us with such data, we may not be able to fulfil our contractual requirements or, in extreme cases, may not be able to continue with our relationship with you.
We may, from time to time, receive personal information about you from third party data providers. Where possible, we will contact you with details of the personal information we have received from such providers, together with that provider’s details.
- HOW WE USE YOUR INFORMATION
- PERSONAL INFORMATION
The purposes for which we use your personal information and the lawful basis under data protection laws on which we rely to do this are explained below.
Where you have provided CONSENT
We will rely on your consent, in certain cases, to send you the following where we invite you to opt-in on the Website:
- electronic marketing communications including by email and SMS; and
- market research surveys and related communications and to use your responses to those communications individually, or combined with responses from other individuals, for insight purposes.
We may also rely on consent to use your name and image for publicity purposes. For example, we may rely on consent to feature winners in advertising for future competitions or prize draws.
You may withdraw your consent at any time. Please see the Marketing section below for further details.
Where it is required to complete or, at your request, take steps to enter into, a CONTRACT
The use of your personal information may be necessary to perform a contract that you have with us or perform steps you request to enter into a contract. For example, when you buy a product from us, we need to use your personal information to process your order, to send you the product, for billing purposes, and to respond to any requests you may have. We also need to use your personal information to enable you to use some parts of the Website, and to notify you about changes to our services.
Where there is a LEGAL REQUIREMENT
We will use your personal information to comply with our legal obligations, including where the law requires us:
- to respond or assist the public authorities or the police and other criminal investigation bodies;
- to identify you when you contact us or to authenticate you when logging into your account;
- to verify the accuracy of data we hold about you;
- to comply with a request from you in connection with the exercise of your rights (for example where you have asked us not to contact you for marketing purposes, we will keep a record of this on our suppression lists in order to be able to comply with your request)
Where it is in your VITAL INTERESTS
We will use your personal information to notify you of any product safety or product recall issues.
Where there is a LEGITIMATE INTEREST
We may use and process your personal information where it is necessary for us to pursue the following legitimate interests (whether ours, in connection with our business, or that of a third party), for the following purposes:
Processing necessary for us to promote our business, products, and measure the reach and effectiveness of our campaigns
- to communicate marketing information to you by phone or by post;
- for analysis and insight conducted to inform our marketing strategies, and to enhance and your visitor experience;
- to tailor and personalise our marketing communications based on your attributes;
- to identify and record when you have received, opened or engaged with the Website or electronic communications (please see our Cookies Notice for more information);
- to use mathematical and statistical methods to create information and offers customised for you based on your information, including by making predictions about your behaviour. This may include predicting your preferences, suitable product recommendations, your likelihood of making another purchase or your loyalty to a brand or product;
- to contact you with targeted advertising delivered online through social media and other platforms operated by other companies, unless you object. You may receive advertising based on information about you that we have provided to the platform or allowed the social media platform to collect using cookies on our Website. You may also receive advertising because, at our request, the platform has identified you as falling within a group whose attributes we have selected as Segments (defined above) or a group that has similar attributes to the individuals whose details it has received from us (or a combination of the two). To find out more, please refer to the information provided in the help pages of the platforms on which you receive advertising from us. Please also see the section below for further information regarding Social Media Platforms specifically;
Processing necessary for us to support Website visitors and customers with their enquiries
- to respond to correspondence you send to us and fulfil the requests you make to us relating to our products and services;
Processing necessary for us to respond to changing market conditions and the needs of our guests and visitors
- to analyse, evaluate and improve our products and services so that your visit and use of the Website and social media pages are more useful and enjoyable (we will generally use data amalgamated from many people so that it does not identify you personally);
- to carry out (or instruct a third party to carry out on our behalf) market research and analysis (including contacting you with customer surveys) so that we can better understand you and your needs as a customer but only where we do not rely on your consent (i.e. during any period which the Website does not present you with an opt-in option for this purpose);
- to aid product development;
- to ensure that the Website’s content is presented as effectively as possible for you;
Processing necessary for us to operate the administrative and technical aspects of our business efficiently and effectively
- to notify you about changes to our services;
- to administer the Website and our social media pages and for internal operations, including troubleshooting, testing, statistical purposes;
- for the prevention of fraud and other criminal activities;
- to verify the accuracy of data that we hold about you and create a better understanding of you as an account holder or visitor;
- for network and information security in order for us to take steps to protect your information against loss or damage, theft or unauthorised access;
- to correspond or communicate with you in relation to administrative, legal and business matters;
- for the purposes of corporate restructure or reorganisation or sale of our business or assets;
- for efficiency, accuracy or other improvements of our databases and systems, for example, by combining systems or consolidating records we hold about you;
- to enforce or protect our contractual or other legal rights or to bring or defend legal proceedings;
- to inform you of updates to our terms and conditions and policies;
- for our internal purposes, such as quality control, Website performance, system administration and to evaluate use of the Website, so that we can provide you with enhanced services;
- in the rare event that we stop providing the Website, to move and combine your personal information held within our databases relating to the Website with those of another similar or related online service (whether a Website or App). If we do so, we will always email you to inform you of these changes in advance; and to enable you to participate in the features of the Website, when you choose to do so;
- to assess and improve our service to customers; and
- for other general administration including managing your queries (including through social media), complaints, or claims, and to send service messages to you.
We may collect your preferences to receive marketing information directly from us by email or SMS in the following ways:
- if you register for an account on the Website, we will ask you if you would like to opt in to receive marketing information directly from us; or
- if you click on the link on our Website to sign up to our newsletter.
If you do not complete a purchase and you have opted-in to receive marketing information, we may send a reminder to you about your incomplete purchase or ask why you did not complete the purchase so that we may better refine the service we offer.
From time to time, we may ask you to refresh your marketing preferences by asking you to confirm that you consent to continue receiving marketing information from us.
You have the right to opt-out of our use of your personal information to provide marketing to you in any of the ways mentioned above at any time. Please see Your rights below for further details on how you can do this.
2.3 Use of Device and Software Usage Information
We may monitor your use of the Website and record your IP address, operating system and browser type for system administration purposes.
We collect aggregated statistics data about visitors to the Website and sales and traffic patterns. This information does not identify users in any personal capacity and we do not use this information to build profiles on individual users: it just contains generalised information about the users of the Website.
A cookie (and other technologies like pixels and beacons) is a small data file that is placed on your browser or the hardware of your computer or other device to allow a website to recognise you as a user when you return to the website.
- SHARING YOUR INFORMATION WITH THIRD PARTIES
We will never share your information with any third-part except for the rare occurrence with any of the following groups:
- our payment providers when you make a purchase on this Website. Our payment processor operates a secure server to process your payment details. They encrypt your credit or debit card information and authorise payment directly.
- tax, audit, or other authorities, when we believe that the law or other regulation requires us to share this data (for example, because of a request by a tax authority or in connection with any anticipated litigation);
- lawyers who provide us with legal and regulatory advice;
- external consultants who provide industry insights, market research and technical support;
- auditors and accountants who prepare and examine financial records, assess financial operations and assist in becoming more efficient;
- IT technical support functions, IT consultants and third-party analytics service providers who carry out testing, research and development work on our business technology systems;
- third party data service providers who help us to create Segments and understand our audience by providing additional information so that we can send the more relevant and targeted communications to you and other users;
- social media platforms such as Facebook, Instagram, Twitter and Youtube (collectively “Social Media Platforms”) (please see the social media platforms section below for further details);
- if our business entity merges with or is acquired by another business or company in the future, we may share your personal information with the new owners of the business or company, as well as with any administrators or insolvency practitioners, where they are involved (and provide you with notice of this disclosure); and
- if we have to share your information to comply with legal or regulatory requirements, or if we have to enforce or apply our Terms & Conditions or any other agreements or to protect our rights, property, or our customers, etc. This may involve exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction.
- SOCIAL MEDIA PLATFORMS
We use a number of different social media platforms to communicate with you and to promote products and services. We process your personal information using these platforms in a variety of ways, as follows:
Pages. We use your personal information when you post content or otherwise interact with us on our official pages on Facebook, Instagram, Twitter and other social media platforms. We also use the Page Insights service for Facebook and Instagram to view statistical information and reports regarding your interactions with the pages we administer on those platforms and their content. Where those interactions are recorded and form part of the information we access through these Page Insights services, we and the relevant platform are joint controllers of the processing necessary to provide that service to us.
Our relationship with Facebook. As we are joint controllers with these platforms for certain processing, we and each platform have:
- entered into agreements in which we have agreed each of our data protection responsibilities for the processing of your personal information described above;
- agreed that we are responsible for providing to you the information in this privacy notice about our relationship with each platform; and
- agreed that each platform is responsible for responding to you when you exercise your rights under data protection law in relation to that platform’s processing of your personal information as a joint controller.
Facebook also processes, as our processor, personal information that we submit for the purposes of matching, online targeting, measurement, reporting and analytics purposes. These services include the processing these platforms carry out when they display our advertisements to you in your news feed at our request after matching contact details for you that we have uploaded to them. These advertisements may include forms through which we collect contact information you give to us.
Further information. The Facebook company that is a joint controller of your personal information is Facebook Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. For further information regarding these platforms and their use of your personal information, please see:
- Facebook’s Controller Addendum for Page Insightsand Controller Addendum for Business Tools which include information regarding how our and those platforms’ responsibilities to you are allocated as controllers of your personal information;
- Facebook’s help pagesregarding its Page Insights and Business Tools and its terms and conditions relating to those tools.
- HOW WE SAFEGUARD YOUR INFORMATION
We care about protecting your information. That's why we put in place appropriate measures that are designed to prevent unauthorised access to, and misuse of, your personal information.
We are committed to taking all reasonable and appropriate steps to protect the personal information that we hold from misuse, loss, or unauthorised access. We do this by having in place a range of appropriate technical and organisational measures, including encryption measures and disaster recovery plans.
If you suspect any misuse or loss of or unauthorised access to your personal information, please let us know immediately by contacting our Customer Services Manager using the details provided at the end of this notice.
Unfortunately, the transmission of information via the internet is never completely secure. Although we will apply our normal procedures and comply with legal requirements to protect your information, we cannot guarantee the security of your information transmitted to the Website and any transmission is at your own risk.
The Website may from time to time contain links to and from other websites. If you follow a link to any of those websites, please note that those sites ought to have their own privacy policies and that we do not accept any responsibility or liability for those sites or for their privacy policies. Please check those privacy policies before you submit your information to those websites.
- HOW LONG WE KEEP YOUR INFORMATION
We will keep your information relating to orders you have placed with us as required by law or other regulation (for example, because of a request by a tax authority or in connection with any anticipated litigation).
If you have registered an account with us: we will store your personal information for as long as your account is open. If you no longer wish to hold an account with us, you can go into “My Account” on the Website and select the option to delete your account. By doing so, we will delete your account and remove you from our mailing list if you are on there. However, as noted above, we may still retain details of orders you have placed with us for legal or regulatory reasons.
If you have signed up to receive email or SMS marketing from us: we will store your personal information for as long as you are subscribed to our email or SMS marketing list (unless your account has been closed). If you unsubscribe or are otherwise removed from our marketing list, we will keep your email address or telephone number on our suppression list to ensure that we do not send you marketing emails or SMS.
If you have contacted us with a complaint or query: we will store your personal information for as long as is reasonably required to resolve your complaint or query.
The exceptions to the above are where:
- we have carefully considered whether we need to retain your personal information after the periods described above to potentially establish, bring or defend legal proceedings or to comply with a legal or regulatory requirement;
- we actually bring or defend a legal claim or other proceedings during the period we retain your personal information, in which case we will retain your personal information until those proceedings have concluded and no further appeals are possible;
- you exercise your right to require us to retain your personal information for a period longer than our stated retention period (see further Right to restrict processing below);
- you exercise your right to have the information erased (where it applies) and we do not need to hold it in connection with any of the reasons permitted or required under the law (see further Right to erasure below); or
- in limited cases, a court or regulator requires us to keep your personal information for a longer or shorter period.
When it is no longer necessary to retain your data, we will delete the personal information that we hold about you from our systems (either by erasing or anonymising that data). After that time, we may retain aggregated data (from which you cannot be identified) and retain it for analytical and statistical purposes.
- YOUR RIGHTS
You have a number of rights in relation to your information under data protection law. In relation to certain rights, we may ask you for information to confirm your identity and, where applicable, to help us to search for your personal information. Except in rare cases, we will respond to you within one month from either: (i) the date that we have confirmed your identity; or (ii) where we do not need to do this because we already have this information, from the date we received your request.
Right to object
This right enables you to object to us processing your personal information where we do so for one of the following reasons:
- where we rely on our legitimate interests to do process your information;
- to enable us to perform a task in the public interest or exercise official authority;
- to send you direct marketing materials and where your right to withdraw consent does not apply; or
- for scientific, historical, research, or statistical purposes.
Except for the purposes for which we are sure we can continue to process your personal information, we will temporarily stop processing your personal information in line with your objection until we have investigated the matter. If we agree that your objection is justified in accordance with your rights under data protection laws, we will permanently stop using your personal information for those purposes. Otherwise we will provide you with our justification as to why we need to continue using your personal information.
Right to withdraw consent
Where we have obtained your consent to process your personal information for certain activities (for example, for marketing), you may withdraw this consent at any time and we will cease to use your personal information for that purpose unless we consider that there is an alternative legal basis to justify our continued processing of your data for this purpose, in which case we will inform you of this condition. If you withdraw your consent, our use of your personal information before you withdraw is still lawful.
To withdraw your consent to marketing communications, please use the unsubscribe tool in the relevant communication or update your preferences in the account section on the Website.
Right of access (‘Data Subject Access Requests’)
You may ask us for a copy of the information we hold about you at any time, and request us to modify, update or delete such information. If we provide you with access to the information we hold about you, we will not charge you for this unless permitted by law. If you request further copies of this information from us, we may charge you a reasonable administrative cost. Where we are legally permitted to do so, we may refuse your request. If we refuse your request we will always tell you the reasons for doing so.
If you would like to request access to your information, it would assist us with dealing with your request if you could use the subject heading ‘Data Subject Access Request’, or quote this over the phone, when contacting us. Please note that this is not mandatory and we will still deal with any requests without this reference.
Right to erasure
You have the right to request that we erase your personal information in certain circumstances. Normally, this right exists where:
- the data is no longer necessary;
- you have withdrawn your consent to us using your data, and there is no other valid reason for us to continue;
- the data has been processed unlawfully;
- it is necessary for the data to be erased in order for us to comply with our obligations under law; or
- you object to the processing of your data and we are unable to demonstrate overriding legitimate grounds for our continued processing.
We would only be entitled to refuse to comply with your request for erasure in limited circumstances and we will always tell you our reason for doing so.
When complying with a valid request for the erasure of data we will take all reasonably practicable steps to delete the relevant data.
Right to restrict processing
You have the right to request that we restrict our processing of your personal information in certain circumstances, for example if you dispute the accuracy of the personal information that we hold about you, you object to our processing of your personal information for our legitimate interests or you require us to keep it in connection with legal proceedings. We will, of course, notify you before lifting any restriction on processing your personal information.
We may only process your information whilst its processing is restricted if we have your consent or are legally permitted to do so, for example for storage purposes, to protect the rights of another individual or company or in connection with legal proceedings.
Right to rectification
You have the right to request that we rectify any inaccurate or incomplete personal information that we hold about you. If we have shared this personal information with third parties, we will notify them about the rectification unless this is impossible or involves disproportionate effort. Where we think that it is reasonable for us not to comply with your request, we will explain our reasons for this decision.
You can access and update certain parts of your information by logging into your account on the Website.
Right of data portability
If you wish, you have the right to transfer your personal information between service providers where we rely on your consent or the performance of your contract as the lawful basis to use that information. In effect, this means that you are able to transfer the details we hold on you to another third party. To allow you to do so, we will provide you with your data in a commonly used machine-readable format so that you can transfer the data. Alternatively, we may directly transfer the data for you if technically possible.
Right to complain
You have the right to lodge a complaint with your local supervisory authority which is the Information Commissioner's Office in the UK. You can contact them in the following ways:
- Phone: 0303 123 1113
- Email: email@example.com
- Post: Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF
How to exercise your rights
If you would like to exercise any of these rights, please contact us on the details provided under How to contact us. Please note that we may keep a record of your communications to help us resolve any issues that you raise.
We may make changes to this Privacy Notice at any time by posting a copy of the modified notice on the Website or, where appropriate, by sending you an email with that notice. Any changes will take effect 7 days after the date of our email or the date on which we post the modified terms on the Website, whichever is the earlier.
- HOW TO CONTACT US
If you have any queries about this Privacy Notice, including your rights in relation to your personal information, please contact our Customer Services by email at firstname.lastname@example.org or by post at:
Halcyon Days Ltd,
251 Brompton Road,