hf Chocolates Limited is committed to protecting and respecting your privacy.  We want you to understand how we collect and use information about you.  We also value your comments in this regard.

 

The Privacy Policy describes to you:

  • who we are
  • what personal data we collect and store about you, and how we collect it
  • why we collect personal data and what we do with it
  • the categories of third parties with whom we share personal data
  • how we retain your information and keep it secure
  • your rights and how to exercise them
  • how to contact us

 

  1. Who are we?

 

We are hf Chocolates Limited, a company incorporated and registered in England and Wales under company number 5166686 and having its registered office address 1 Victoria Street, Dunstable LU6 3AZ.  Our registered VAT number is GB697941172.

 

If you would like to contact us about this policy our details are as follows:

E-mail

sales@hfChocolates.co.uk

 

Post

The Directors, hf Chocolates Limited, 5 Fitzhamon Court, Wolverton Mill, Milton Keynes MK12 5LB

 

  1. What information do we collect from you?

 

  • personal details, such as name and title

 

  • contact data, such as delivery address, billing address, e-mail address, telephone and mobile number(s)

 

  • payment card details - these are not stored electronically and shredded after use unless we have your explicit permission to retain them

 

  • transaction data, such as details about payments to and from you, details of products and services you have purchased from us

 

  • profile data, such as username and password, orders made by you

 

  • marketing data, such as your preferences in receiving marketing and communications

 

  1. How do we collect personal data?

 

We obtain personal data as follows:

 

  • directly from you when you interact with us, for example when you create an account, buy our products through our office or online, sign up to our mailing lists, request information, write to us, phone our customer services team

 

  1. How do we use your personal data?

 

We will only use your personal data when the law allows us to.  Most commonly, we will use your personal data in the following circumstances:

 

  • to allow us to register an account
  • to perform a contract we are about to enter into or have entered into with you
  • where we need to comply with a legal or regulatory obligation

 

Lawful Processing

 

In order to process personal data, we must have a lawful reason.  We always ensure that this is the case, and we set out our lawful bases below.

 

We will use your personal data only for the purposes for which we collected it, unless we fairly consider that we need to use it for another reason that is compatible with the original purpose.

 

Contractual Necessity

 

If you are our customer, we will process your personal data for the following purposes, on the legal basis that it is necessary to provide our products and services to you:

 

  • to enable us to carry out our services
  • to identify you
  • to respond to your enquiries
  • to allow you to register an account
  • to the extent necessary to provide you with information you requested in relation to our products and services before you decide to purchase them
  • to provide our products and services, including enabling them to be delivered to you and contacting you about your order (for example, regarding stock or availability)
  • to carry out billing and administration activities, including refunds and credits

 

Of course, you are not obliged to provide us with any of this information but, if you choose not to, we may be unable to provide the product or service that you have requested.

 

Legitimate Interests

 

We process your personal information for our legitimate business purposes, which include the following:

 

  • to conduct and manage our business
  • to ensure our website and systems are secure (for example, by conducting security penetration tests on our website to ensure our security tools are effective)
  • to analyse, improve and update our services for the benefit of customers
  • to deal with complaints
  • where you have opted to receive our marketing communications, to let you know about our products, services, promotions or events that we consider may be of interest to you.  We do this only where you have provided us with a preferred means of contact for this purpose.  You can opt out of receiving this information by unsubscribing from our emails or by contacting us as set out in section 1 above.

 

Whenever we process your personal data for these purposes, we ensure that your interests, rights and freedoms are carefully considered.

 

Compliance with Laws

 

We may process your personal data in order to comply with applicable laws (for example, if we are required to co-operate with an investigation pursuant of a court order).

 

If you have never purchased from us or have not purchased from us for a long time, but have given us your explicit consent to hear from us about our products, services, promotions or events that we consider may be of interest to you, we will contact you by post or email (according to the contact preference you have provided).  You have the right to withdraw consent to marketing at any time.

 

  1. Do we share your personal data?

 

We never share your personal data with any other organisations except:

 

  • contact data, as noted in section 2 above, to logistics providers, such as those who deliver our orders
  • e-mail and mail service providers
  • technical and support partners, such as companies who host our website and who provide technical support and back-up services
  • law enforcement agencies, government or public agencies or officials, regulators, and any other person or entity that has the appropriate legal authority where we are legally required or permitted to do so, to respond to claims, or to protect our rights, interests, privacy, property or safety
  • any other parties, where we have your specific consent to do so

 

  1. Do you have to provide personal data?

 

To form a contract with you, we will need some or all of the personal data described above so that we can perform that contract or the steps that lead up to it: this is set out above in this policy.  If we do not receive the data, the contract could not be performed.

 

If you sign up to our mailing list, you will have to provide certain personal data.  Of course, you may decide to stop receiving our emails at any time.

 

  1. How long will your personal data be kept for?

 

We carefully consider the personal data that we store, and we will not keep your data in a form that identifies you for longer than is necessary for the purposes set out in this policy or as required by applicable law.  In some instances we are required to hold data for minimum periods: for example, UK tax law currently specifies a seven-year period for retention of some of your personal data.

 

  1. How do we keep your personal data secure?

 

hf Chocolates has security measures in place designed to prevent data loss, to preserve data integrity, and to regulate access to data.  Only authorised hf Chocolates employees and third parties processing data on our behalf have access to your personal data.

 

All hf Chocolates employees who have access to your personal data are required to adhere to the hf Chocolates Privacy Policy.

 

The security measures we have in place include:

 

  • regular reviews of information collection, storage and processing practices to protect against unauthorised access
  • restriction of access to personal information
  • monitoring of systems storing and processing information
  • use of secure technologies (for example, firewalls, password protection, anti-malware protection and the use of ‘best practice’ in accordance with our Computer Use Policy)

 

Where we have given you (or where you have chosen) a password which enables you to access certain parts of our website, you are responsible for keeping this password confidential.  We ask you not to share this password with anyone.

 

We take all reasonable steps to keep your data safe and secure and to ensure the data is accessed only by those who have a legitimate interest to do so.  Unfortunately, the transmission of information via the internet is not completely secure.  Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to us.  Any transmission is at your own risk.  Once we have received your personal data, we will use strict procedures and security features to try to prevent unauthorised access. 

 

  1. Your Information Rights

 

We draw your attention to your following rights under data protection law:

 

  • right to be informed about the collection and use of your personal data
  • right of access to your personal data, and the right to request a copy of the information that we hold about you and supplementary details about that information – you will be asked to provide proof of your identity and residential address, and we may ask you to provide further details to assist us in the provision of such information
  • right to have inaccurate personal data that we process about you rectified - we want to ensure that the personal information that we process and retain about you is accurate, so please do remember to tell us about any changes, for example if the business name has changed, you have moved premises or changed any other contact details.  It is your responsibility to ensure you submit true, accurate, and complete information to us; please also update us in the event this information changes.
  • the right to object to, or restrict  processing of personal data concerning you for direct marketing

 

You will not have to pay a fee to access your personal data (or to exercise any other rights).  However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive.  Alternatively, we may refuse to comply with your request in these circumstances.

 

Please contact us using the details in section 1 of this policy if you would like to exercise any of these rights or know more about them.

 

These rights are subject to certain limitations that exist in law.  Further information about your information rights is available on the ICO’s website: https://ico.org.uk/.

 

  1.    Changes to this Privacy Policy

 

We may change this policy from time to time.  You should check this policy on our website occasionally in order to ensure you are aware of the most recent versions.

 

  1.   What should you do if you have a complaint?

 

We hope you will be satisfied with the way in which we approach and use your personal data.

 

However, if you have a complaint about the way we handle your personal data, please contact us using the contact details in section 1 above, so that we have an opportunity to resolve it.