We take your privacy very seriously and we ask that you read this privacy notice carefully as it contains important information on who we are, how and why we collect, store, use and share personal data, your rights in relation to your personal data and on how to contact us and supervisory authorities in the event that you require additional information or have a complaint.
Italicised words are explained in the glossary at the end of this document.
Who we are
Information you provide
Hotfrox will collect information that you provide when contacting us via our website ‘contact us’ communication message service, via our social media messaging services, via telecommunications and via your visit to the store.
Information gathered from your use of our website and social media services
Once you have contacted us via email or our website ‘contact us’ facility we will have collected technical information about your browser. For example, we will have collected your internet protocol (IP) address.
Once you have contacted us via our social media services we will have your data available to us on our receiving social media system.
Information we collect about you
Information you provide to us or we collect from third parties on your behalf is used to:
- Communicate with you using the contact information you provide to us;
- Verify your identity to prevent fraud;
- Provide you with information, referrals, products and services that you request from us;
- Tell you about changes to our website and/or social media services;
- Carry out research; collate statistical and product analysis;
- Improve our website and social media services to ensure that content is represented in the most effective manner for you and your device;
- Allow you to participate in interactive features of our services, when you chose and consent to do so;
- Assist in our efforts to keep our sites and services safe and secure;
- Measure or understand the effectiveness of advertising we provide to you and others, and to deliver relevant advertising to you;
We will combine this information with information you give to us and information we collect about you. We will use this information for the purposes set out above (depending on the types of information we receive)
Your data will not be shared nor sold to third parties for use in their marketing activities or email lists.
Sharing Information; Post-Purchase communications
We may share information, that we collect from you, when you have consented for us to do so, via our online, social media services and telecommunication services with businesses that provide services to us or that we are in association with; i.e third parties…
- Brand suppliers
- Agents and associates in relation to our products and services with regards to your enquiries
We may also share this information with third parties, in a secure manner, to help us contact you with regards to your account/order post purchase.
- Purchasing relative; person with parental responsibility etc
We may share your personal data with third parties in relation to complaints, insurance purposes or recovering debt. For example; when seeking or pursuing legal advice from Trading Standards and/or law enforcement agencies/ regulators and insurance services.
Our Lawful Basis for processing, third parties and how long your personal data will be kept
|Rational/ reason for processing||Lawful Basis for processing||Third-party recipients linked to that activity||How long your personal data will be kept|
|To record and retain your personal details with regards to your, web enquiries, in store enquiries, orders and payments||Consent||Staff, brand suppliers, secure software, anti-malware||Your enquiry – one month
Your order – 5 working days after the date of your event
|To record, retain and process payments in store, on your behalf, via merchant processing, via telephone communications and via bacs||Consent and compliance||Staff and business banking. Secure software and anti-malware||Your account data – until the final payment is processed|
|To receive and document feedback from you regarding the services we provide to you, including comments, reviews and photographic images||Consent and
consent from person with parental responsibility for 16 and under
|Staff, social media services, web designer, brand suppliers||Your feedback, review, image on website and/or Hotfrox social media services – until an agreed time by client giving consent|
|To record and retain CCTV in store imaging for security purposes||Legitimate interest in operating our business to ensure staff and visitor safety; that property and stock are protected.||Customers, staff, associates, public||7 days – revolving loop system eraasure or until any incident is resolved based upon our legal obligations|
|To retain data of any communications or advice given to you by us at your bequest||Consent||Staff, suppliers, software and anti-malware; signposting to associate businesses e.g seamstress services, dry cleaners||Record of your communications – until the date of your event
|To retain data of any communications or advice received by Hotfrox||Consent and
Legitimate interest in operating our business
|Utility and business service providers, software and anti-malware||Record of business communications/ activities – until the service/provision ceases|
|To retain records of complaints and legal claims communicated to us by you||Consent and compliance||Management, staff, brand suppliers, your advisors, insurance advisors/providers, legal advisors, ico, solicitors, software, anti-malware||Your complaint – until the issue is resolved and/or in line with legal requirements|
|To retain employee, work experience and volunteer data||Consent||Management, HMRC||Until employment, ceases; 1month after work experience and volunteer position ceases|
|To retain supplier data||Consent||Management, staff software and anti-malware||Until supplier relations cease|
|To retain associate data||Consent||Management, staff, software, anti-malware||Until associate relations cease|
|To record and to evidence satisfaction of any request made by you in accordance with your rights under the GDPR||Compliance with a legal obligation||Controller & Processor (business owner)
|1 month to comply and then In line with Information Commissioners Office|
Terms and Conditions of sale
We will supply each customer with Hotfrox Terms and Conditions at the point of purchase and/or request. These Terms and Conditions supplement the information in this notice. Consent is sought separately from these Terms and Conditions at the point of purchase, that we can then retain and document your personal and purchase order data.
Keeping your personal data secure
At Hotfrox we make your safety and security a top priority and are committed to protecting your personal and financial information. If we collect that information from you, we will protect that information with controls based on internationally recognised anti-malware, security standards, regulations and best practice. We have appropriate measures in place to prevent personal data from being accidentally lost, used or accessed in an unauthorised way. We limit access to your personal data to those who have a genuine business need to know it. Those processing your information will do so only in an authorised manner and are subject to a duty of confidentiality. Hotfrox maintains customer authentication procedures to protect your personal information and account from identity theft. These procedures are for your protection. If you suspect a website is ‘spoofing’ or pretending to be Hotfrox please do not enter any personal information but instead contact us through the details set out in the ‘contact us’ page, email us at firstname.lastname@example.org or call us on 01704807074. If you receive an email that claims to be from us but you are not sure, or you think it is suspicious, do not click on any of the links in the email. Instead delete it and contact us via telephone or separate email. We have measures in place to deal with any suspected data security. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.
Accessing your personal information
You have a right under the General Data Protection Register (GDPR) to know about the data we hold about you, you have the right to access, the right to rectification, the right to erasure, the right to restrict processing, the right to data portability, the right to object, the right to complain and to know how the data is held about you by Hotfrox. Access to your information is free of charge. Hotfrox will respond to any request and comply within one month of the request.
How to contact us
Please contact our Data Privacy Manager if you have any questions about this privacy notice or the information we hold about you. If you wish to contact our Data Manager please send an email to email@example.com or write to The Manager, Hotfrox, 119-121 Eastbank Street, Southport, Merseyside, PR8 1DQ
Our supervisory authority
If you are not happy with the way we are handling your information please note you have a right to lodge a complaint with the Information Commissioner (ICO) www.ico.org.uk
Data – facts and statistics collected for reference or analysis
General Data Protection Regulator (GDPR)
Data Controller – a person who (either alone, jointly or in common with others, determines the purposes for which and the manner in which any personal data are or are to be processed
Browser– a software application that lets you visit web pages on the internet
Internet protocol (IP) address – is a numerical identifier assigned to a computer or device that connects to the internet
Cookies – a small piece of data sent from a website and stored on the user’s computer by the user’s web browser while the user is browsing
Distance selling facility – e.g. online shopping; buying products and services without face to face contact
Third parties – a person or group besides the two primarily involved in a situation
Interactive features of our services – relating to a two-way system of electronic communications e.g. adding images with consent to our website ‘Album’
Personal data – any information relating to an identified person, someone who can be identified by reference to a name, identification number, location data, online identifier or by physical, physiological, genetic, mental, economic, cultural or social identity
Consent – permission for something to happen or agreement to do something
Compliance – formal act of obeying an order, rule, request, law
Secure software – secure coding and software development to ensure that applications are safe from threats
Anti-malware – software that protect systems against computer virus, bugs, worms
Terms and Conditions – Information stating general and specific arrangements, provisions, requirements, rules
Processing – to perform a series of mechanical operations on something to change or preserve it
Duty of confidentiality – to respect the privacy of client’s information; information not to be used for the benefit of persons not authorised by the client
Customer authentication procedures – a process to authenticate and verify the identity of someone e.g. a person, user, device
Spoofing – hoax, imitate, trick
Post-purchase – post-purchase communications refer to essentially any interaction we have with our customers, brands after purchasing. Post purchase communications can be in person, on the phone, by email, in person
Rectification – the act of putting something right; correction
Data portability – the right to obtain, view, access and reuse your personal consumption and transaction data for your own purposes in a manner that is portable and safe.