Privacy Policy

We take your privacy very seriously and we ask that you read this privacy notice carefully as it contains important information on who we are, how and why we collect, store, use and share personal data, your rights in relation to your personal data and on how to contact us and supervisory authorities in the event that you require additional information or have a complaint.

Italicised words are explained in the glossary at the end of this document.

Who we are

On our website we use cookies. We do not operate a distance selling facility. Hotfrox website provides information about us, is a viewing gallery and offers a facility to contact us. Hotfrox collects, uses and is responsible for certain data about you. When we do we are required to comply with the General Data Protection Regulator (GDPR) and are responsible as a data controller of that personal data for the purpose of those laws.

Hotfrox Privacy Policy applies to anyone who visits our website, social media services and to any one we hold data on in store. It explains how we collect information from you online when you visit our website, social media services and with regards to our in-store data capture and how we may protect and use that information.

In this Privacy Policy ‘we’, ‘us’, ‘our, and ‘Hotfrox’ means ‘Hotfrox’ and ‘you’ and ‘your’ means the individual using the website.

Information you provide

Hotfrox will collect information that you provide when contacting us via our website ‘contact us’ communication message service, via our social media messaging services, via telecommunications and via your visit to the store.

Information gathered from your use of our website and social media services

Once you have contacted us via email or our website ‘contact us’ facility we will have collected technical information about your browser. For example, we will have collected your internet protocol (IP) address.

Once you have contacted us via our social media services we will have your data available to us on our receiving social media system.

Information we collect about you

Information you provide to us or we collect from third parties on your behalf is used to:

  • Communicate with you using the contact information you provide to us;
  • Verify your identity to prevent fraud;
  • Provide you with information, referrals, products and services that you request from us;
  • Tell you about changes to our website and/or social media services;
  • Carry out research; collate statistical and product analysis;
  • Improve our website and social media services to ensure that content is represented in the most effective manner for you and your device;
  • Allow you to participate in interactive features of our services, when you chose and consent to do so;
  • Assist in our efforts to keep our sites and services safe and secure;
  • Measure or understand the effectiveness of advertising we provide to you and others, and to deliver relevant advertising to you;

We will combine this information with information you give to us and information we collect about you. We will use this information for the purposes set out above (depending on the types of information we receive)

Sharing Information

Your data will not be shared nor sold to third parties for use in their marketing activities or email lists.

Sharing Information; Post-Purchase communications

We may share information, that we collect from you, when you have consented for us to do so, via our online, social media services and telecommunication services with businesses that provide services to us or that we are in association with; i.e third parties…

  • Brand suppliers
  • Agents and associates in relation to our products and services with regards to your enquiries

We may also share this information with third parties, in a secure manner, to help us contact you with regards to your account/order post purchase.

  • Purchasing relative; person with parental responsibility etc

We may share your personal data with third parties in relation to complaints, insurance purposes or recovering debt. For example; when seeking or pursuing legal advice from Trading Standards and/or law enforcement agencies/ regulators and insurance services.

Our Lawful Basis for processing, third parties and how long your personal data will be kept

Rational/ reason for processing Lawful Basis for processing Third-party recipients linked to that activity How long your personal data will be kept
To record and retain your personal details with regards to your, web enquiries, in store enquiries, orders and payments Consent Staff, brand suppliers, secure software, anti-malware Your enquiry – one month

Your order – 5 working days after the date of your event

To record, retain and process payments in store, on your behalf, via merchant processing, via telephone communications and via bacs Consent and compliance Staff and business banking. Secure software and anti-malware Your account data – until the final payment is processed
To receive and document feedback from you regarding the services we provide to you, including comments, reviews and photographic images Consent and

consent from person with parental responsibility for 16 and under

Staff, social media services, web designer, brand suppliers Your feedback, review, image on website and/or Hotfrox social media services – until an agreed time by client giving consent
To record and retain CCTV in store imaging for security purposes Legitimate interest in operating our business to ensure staff and visitor safety; that property and stock are protected. Customers, staff, associates, public 7 days – revolving loop system eraasure or until any incident is resolved based upon our legal obligations
To retain data of any communications or advice given to you by us at your bequest Consent Staff, suppliers, software and anti-malware; signposting to associate businesses e.g seamstress services, dry cleaners Record of your communications – until the date of your event

 

To retain data of any communications or advice received by Hotfrox Consent and

Legitimate interest in operating our business

Utility and business service providers, software and anti-malware Record of business communications/ activities – until the service/provision ceases
To retain records of complaints and legal claims communicated to us by you Consent and compliance Management, staff, brand suppliers, your advisors, insurance advisors/providers, legal advisors, ico, solicitors, software, anti-malware Your complaint – until the issue is resolved and/or in line with legal requirements
To retain employee, work experience and volunteer data Consent Management, HMRC Until employment, ceases; 1month after work experience and volunteer position ceases
To retain supplier data Consent Management, staff software and anti-malware Until supplier relations cease
To retain associate data Consent Management, staff, software, anti-malware Until associate relations cease
To record and to evidence satisfaction of any request made by you in accordance with your rights under the GDPR Compliance with a legal obligation Controller & Processor (business owner)

Software, anti-malware

1 month to comply and then In line with Information Commissioners Office

Terms and Conditions of sale

We will supply each customer with Hotfrox Terms and Conditions at the point of purchase and/or request. These Terms and Conditions supplement the information in this notice. Consent is sought separately from these Terms and Conditions at the point of purchase, that we can then retain and document your personal and purchase order data.

Keeping your personal data secure

At Hotfrox we make your safety and security a top priority and are committed to protecting your personal and financial information. If we collect that information from you, we will protect that information with controls based on internationally recognised anti-malware, security standards, regulations and best practice. We have appropriate measures in place to prevent personal data from being accidentally lost, used or accessed in an unauthorised way. We limit access to your personal data to those who have a genuine business need to know it. Those processing your information will do so only in an authorised manner and are subject to a duty of confidentiality.  Hotfrox maintains customer authentication procedures to protect your personal information and account from identity theft. These procedures are for your protection. If you suspect a website is ‘spoofing’ or pretending to be Hotfrox please do not enter any personal information but instead contact us through the details set out in the ‘contact us’ page, email us at info@hotfrox.com or call us on 01704807074. If you receive an email that claims to be from us but you are not sure, or you think it is suspicious, do not click on any of the links in the email. Instead delete it and contact us via telephone or separate email. We have measures in place to deal with any suspected data security. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.

Links

Our website includes links to third-party websites. These third parties are not subject to this Privacy Policy. Whenever you visit a third-party website and/or social media service, you should review its privacy notice. We do not accept any responsibility for any such third-party websites, including without limitation for their accuracy, security, the products and services which they offer or any information which is collected through them.

Accessing your personal information

You have a right under the General Data Protection Register (GDPR) to know about the data we hold about you, you have the right to access, the right to rectification, the right to erasure, the right to restrict processing, the right to data portability, the right to object, the right to complain and to know how the data is held about you by Hotfrox. Access to your information is free of charge. Hotfrox will respond to any request and comply within one month of the request.

How to contact us

Please contact our Data Privacy Manager if you have any questions about this privacy notice or the information we hold about you. If you wish to contact our Data Manager please send an email to info@hotfrox.com or write to The Manager, Hotfrox, 119-121 Eastbank Street, Southport, Merseyside, PR8 1DQ

Our supervisory authority

If you are not happy with the way we are handling your information please note you have a right to lodge a complaint with the Information Commissioner (ICO) www.ico.org.uk

Glossary

Datafacts and statistics collected for reference or analysis

General Data Protection Regulator (GDPR)

Data Controller a person who (either alone, jointly or in common with others, determines the purposes for which and the manner in which any personal data are or are to be processed

Browser– a software application that lets you visit web pages on the internet

Internet protocol (IP) addressis a numerical identifier assigned to a computer or device that connects to the internet

Cookies – a small piece of data sent from a website and stored on the user’s computer by the user’s web browser while the user is browsing

Distance selling facilitye.g. online shopping; buying products and services without face to face contact

Third parties – a person or group besides the two primarily involved in a situation

Interactive features of our services – relating to a two-way system of electronic communications e.g. adding images with consent to our website ‘Album’

Personal data – any information relating to an identified person, someone who can be identified by reference to a name, identification number, location data, online identifier or by physical, physiological, genetic, mental, economic, cultural or social identity

Consent – permission for something to happen or agreement to do something

Compliance – formal act of obeying an order, rule, request, law

Secure software – secure coding and software development to ensure that applications are safe from threats

Anti-malware – software that protect systems against computer virus, bugs, worms

Terms and Conditions – Information stating general and specific arrangements, provisions, requirements, rules

Processing – to perform a series of mechanical operations on something to change or preserve it

Duty of confidentiality – to respect the privacy of client’s information; information not to be used for the benefit of persons not authorised by the client

Customer authentication procedures – a process to authenticate and verify the identity of someone e.g. a person, user, device

Spoofing – hoax, imitate, trick

Post-purchase – post-purchase communications refer to essentially any interaction we have with our customers, brands after purchasing. Post purchase communications can be in person, on the phone, by email, in person

Rectification – the act of putting something right; correction

Data portability – the right to obtain, view, access and reuse your personal consumption and transaction data for your own purposes in a manner that is portable and safe.