We are committed to protecting the privacy of everyone we work with.
We do not sell your personal data to anyone.
We will not spam you, and you can opt out of our mailing at any time by following the link on the mail or emailing us on firstname.lastname@example.org
Hasso Fashion Ltd collects and uses information about its customers and people with whom it communicates. This information must be dealt with properly and securely however it is collected, recorded and used; whether on paper, in a computer, or recorded on other material, and there are safeguards to ensure this in the Data Protection Act 1998.
Hasso Fashion Ltd regards the lawful and correct treatment of information as very important to the successful and efficient performance of its functions, and to maintain confidence between those with whom it deals.
To this end Hasso Fashion Ltd fully endorses and adheres to the Principles of Data Protection, as set out in the Data Protection Act 1998 and also those in the General Data Protection Regulation 2016 (GDPR).
Purpose of this Document
This document describes how we collect your data, what data of yours we collect, and what we do with your data once we have collected them.
Please read it carefully, and if you have any questions or concerns, please contact email@example.com
The Data Protection Act 1998 regulates the processing of information relating to living and identifiable individuals (data subjects). This includes the obtaining, holding, using or disclosing of such information, and covers computerised records as well as manual filing systems and card indexes.
Data users must comply with the data protection principles of good practice which underpin the Act. To comply with the law, information must be collected and used fairly, stored safely and not disclosed to any other person unlawfully.
To do this Hasso Fashion Ltd follows the eight Data Protection Principles outlined in the Data Protection Act 1998, which are summarised below:
I. Personal data will be processed fairly and lawfully
II. Data will only be collected and used for specified purposes
III. Data will be adequate, relevant and not excessive
IV. Data will be accurate and up to date
V. Data will not be held any longer than necessary
VI. Data subject’s rights will be respected
VII. Data will be kept safe from unauthorised access, accidental loss or damage
VIII. Data will not be transferred to a country outside the European Economic Area, unless that country has equivalent levels of protection for personal data.
The principles apply to “personal data” which is information held on computer or in manual filing systems from which they are identifiable. Staff and board members who process or use any personal information in the course of their duties will ensure that these principles are followed at all times.
Hasso Fashion as a data user also follows the following Data Subject Rights under the GDPR:
1. Breach Notification
2. Right to Access
3. Right to be Forgotten
4. Data Portability
5. Privacy by Design
6. Data Protection Officers
More information can be found on https://www.eugdpr.org/
All of our data systems are based on the principles of privacy by design, meaning data protection is included as part of the design of our systems, rather than as an addition. We also adhere to data minimisation principles, meaning we hold and process only the data absolutely necessary for the completion of our duties and limit the access to personal data to those needing to act out the processing.
Hasso Fashion Ltd and the expressions, “Hasso Fashion”, “we” and “us” and “our” and “the Company” means Hasso Fashion Ltd, (Company number 09815776) (VAT number GB 235 6841 93) (Data Protection Registration Number: ZA236260) whose registered office is at 51 Murrayfields, West Allotment, Newcastle upon Tyne, NE27 0RD.
Hasso Fashion as a body is a Data Controller under the Act, and the Data Manager has responsibility for the day-to-day implementation and compliance with the policy, and reports directly to the highest level of management, and has direct access to the board, who have overall responsibility for the policy.
The Data Manager has been appointed on the basis of appointed on the basis of professional qualities; in particular, expert knowledge on data protection law and practices and their contact details have been supplied to the ICO (being the relevant Data Protection Authority).
During the course of their duties staff and directors will be dealing with information such as names/addresses/phone numbers/e-mail addresses of suppliers/customers/staff.
They may be told or overhear personal information while working for Hasso Fashion.
The Data Protection Act (1988) and the GDPR (2016) gives specific guidance on how this information should be dealt with. In short to comply with the law, personal information must be collected and used fairly, stored safely and not disclosed to any other person unlawfully. Staff, paid or unpaid must abide by this policy.
How we collect data
We collect data via email, newsletter subscriptions, payment providers, internet browsing (cookies and IP address), social media interaction, telephone calls, and face to face meetings.
We use third party payment processors to assist us in processing your payment information securely.
A PCI Level 1 compliant service provider deals with all transactions.
All checkout and payment pages are served over 128 bit encrypted and verified SSL. (superseding the out-dated SSL protocol).
Newsletters and Mailing Lists
If you have opted in to our newsletter we will periodically send you emails.
You may opt out of our mailing at any time by following the link on the email or emailing us on firstname.lastname@example.org
Cookies and IP address
We collect information about your device or computer, IP address, operating system, browser type and navigation data to improve and improve our services and usability and make more informed decisions.
This is not personally identifiable data and is reported anonymously as part of a large dataset.
You may refuse to accept cookies by activating this setting on your browser. If you select this setting you may be unable to access parts of the site, and other parts may not work as expected.
This website allows users to interact with the content using social media. Interactions using social media are often publicly viewable outside this website. Each social media site has it’s own privacy policies, which should be taken into consideration if you choose to use these features. By using these social media features, you are consenting to the storage, transfer or processing of your data by these companies. We are cannot be responsible for the security and privacy of the information you provide when using these features.
Links to other sites
Our website contains links to other websites of interest. We have no control over these sites, and we cannot be responsible for the security and privacy of any information you provide while visiting such sites.
Personal data we collect
If you purchase from us, email us, sign up to our newsletter or engage with us in any format we may collect the following information about you:
- Your name, age and sex
- Your billing and delivery postal addresses, email, and phone details
- Your social media handles
- Your communication and shopping preferences
- Your date of birth
We may also collect this data from third parties whom you have authorised to give your details to us.
We do not and will not knowingly collect information from any person under the age of 18. If you are under 18 you must not use this website or submit any personal data to us unless you have the consent of a parent or guardian.
Storage of your data
Your data we collect may be transferred to, and stored outside the EEA. It may also be processed by staff operating outside the EEA who may work for us or for one of our suppliers.
By submitting your personal data, you consent to this storage, transfer or processing.
We will take all reasonable steps to ensure that our suppliers have the same rigorous standards we have.
Access to your data
The Data Protection Act and GDPR gives you the right to access the information we hold about you.
On request we will provide:
- whether any personal data are being processed;
- a description of the personal data, the reasons they are being processed, and whether they will be given to any other organisations or people;
- a copy of the information comprising the data; and details of the source of the data (where this is available).
Right of Access requests are free of charge, and you will receive a response within one month, in electronic format. We will charge a fee or may refuse to respond if the request is manifestly unfounded or excessive, particularly if it is repetitive.
This supersedes the old Subject Access Request (SAR) requests.
If you wish to make a request for your data, please email email@example.com and put “Right of Access Request” in the subject line.
Right to be Forgotten
You may request that we erase all of your personal data, and cease any further dissemination of the data, where appropriate we can also ask any third parties to halt processing of the data. Any request for erasure of data will be compared against public interest in the availability of the data.
If we become aware of a breach that will result in a risk for the rights and freedoms of individuals, we will publish a notification without undue delay after first becoming aware of the breach.
If you have any queries, please contact firstname.lastname@example.org