Haddonstone Group Privacy and Security Policy
Haddonstone values and respects the privacy of its customers and visitors. The purpose of this Privacy and Security Policy is to provide you with information about how Haddonstone collects, uses, and shares the information we collect from our customers and visitors. It also describes the choices you can make about our use of your information. Our collection efforts are designed to improve the shopping experience of our customers and to provide customers with relevant information about our products, services and promotions.
The Privacy and Security Policy describes the privacy practices of Haddonstone Ltd and its subsidiaries, divisions, affiliates, brands and other Haddonstone Group companies (“Haddonstone”, “our” or “we”). It applies to our interactions with our customers and visitors, including, but not limited to:
• Use of our websites, including mobile websites
• Attendance at one of our events or exhibitions
• Use of our applications for mobile phones, tablets or other smart devices
• Written, telephone, fax and email communications
• Social media interactions on our websites
• Viewing our online advertisements or emails
By visiting www.haddonstone.com or by entering into the contractual arrangement for the supply of our products you are accepting and consenting to the practices described in this policy.
For the purpose of the General Data Protection Regulation, the data controller is Haddonstone Limited of the Forge House, East Haddon, Northampton NN6 8DB.
Information Haddonstone Collects
Contact information. We may collect the names and user names of our customers and other visitors. Additionally, we may collect your purchase history, billing and shipping addresses, phone numbers, email messages, email addresses and other digital contact information. We may also collect information that you provide us with about others – for instance, delivery information when an item is purchased as a gift.
Payment information. When you make a purchase you provide your payment information, including information from your credit or debit card. For online transactions, Haddonstone does not have access to this credit or debit card information and does not store such information. All credit or debit card data is processed by our secure merchant services provider. For credit and debit card details received by telephone or other medium, the payment will be processed and the card details will be immediately and securely destroyed.
Demographic information. We may collect information about products or services you like, reviews you submit, or where you shop.
Location information. If you use our mobile websites or applications, we may collect location data obtained from your mobile device’s GPS. If you use our websites, we may collect location data obtained from your IP address. We use this location data to serve content in your local currency and or language.
Other information. If you use our websites, we may collect information about the browser you are using. We might track the pages you visit, look at what website you came from, or what website you visit when you leave us. We collect this information using cookies and analyse it using Google and Bing Webmaster tools. To control cookies Click Here.
How Information is Collected
• We collect information directly from you. The following are a few examples of when we collect information from you: during website or CAD/Technical Sheet registration; in connection with an online purchase; if you upload a comment, photo or other digital content through one of our websites or applications.
• We collect information from you passively. We may use tracking tools like browser cookies. To learn more about these tools and how you can control them, click here.
• We collect information from other sources. We may get information about you from third party business partners – for example, an updated address from a shipping vendor. We may collect information about you from a friend. For example, if your friend purchases something for us to send to you.
How We Use Information
We will only use your personal information when the law allows us to. Most commonly, we will use your personal information in the following circumstances:
To respond to your questions and requests. Examples include: fulfilling orders or providing services; entering you into a prize draw or sending you prizes you might have won; responding to a product or service query or review.
To improve our products and services. We may use your information to make website or product and service improvements.
To look at website trends and customer interests. We might use your information to customize your experience with us. We may also combine information we receive from you with information about you we have received from third parties to assess trends and interests.
For our marketing. In certain circumstances, we may send you communications containing information such as special Haddonstone promotions or offers. For example, if you have registered on the website and indicated you want to receive this information or if you gave us your information at an exhibition. We may also notify you of new website features or product and service offerings. To manage our communications with you, follow the instructions in the Your Privacy Preferences section below.
For other uses we may disclose to you, including order, contract, processing and delivery information.
We may share your information for our business purposes and as legally required or permitted, including:
With third parties who perform services on our behalf. We share information with our service providers, such as Mollom (anti-spam and quality monitoring) and our delivery service providers who ship and deliver your online orders. We might also authorize our service providers to collect information on our behalf.
With any successor to all or part of our business. For example, if all or part of our business is sold we may sell our customer list as part of that transaction.
If we think we have to in order to comply with the law. For example, we will disclose information to respond to a court order or subpoena. We may also disclose information if requested by a government agency or investigatory body.
With our business partners. For example, we might share information with a business partner who is running a joint promotion with us.
To protect us. For example, we will disclose information if we suspect fraud. We will also share information as part of an investigation.
Analytics and search engine providers. Organisations that assist us in the improvement and optimisation of our site.
Credit reference agencies. This is for the purpose of assessing your credit score where this is a condition of us entering into a contract with you.
At your direction. For example, if you ask us to provide your information to a third-party to facilitate the resolution of a dispute.
We require third parties to respect the security of your data and to treat it in accordance with the law. We may transfer your personal information outside the EU. If we do, you can expect a similar degree of protection in respect of your personal information.
All our third-party service providers and other entities in the group are required to take appropriate security measures to protect your personal information in line with our policies. We do not allow our third-party service providers to use your personal data for their own purposes. We only permit them to process your personal data for specified purposes and in accordance with our instructions.
Your Privacy Preferences
You can change your preferences to receive or not receive marketing communications from us by using the unsubscribe link at the bottom of our email newsletters or by emailing us. Please allow sufficient time for your preferences to be processed. Even if you opt out of receiving marketing messages, we may still contact you for transactional purposes such as confirming or following up on an order or service request, asking you to review a product or service you have ordered. If you later opt back into getting marketing communications from us, we will remove your information from our opt-out databases. [A1] To find out more about cookies, please click here
Your California Privacy Rights
If you live in California and have an established business relationship with us, you can request a list of the personal information we have shared with third parties for our marketing purposes. We will also give you a list of the third parties that have received your information. You can make a request one time each year.
To exercise your rights, you can email us or write to your nearest Haddonstone office. Mention in your letter that you are making a “California Shine the Light” inquiry. We will respond within 30 days.
Our Site and Children
Our website and mobile applications were not created for children. To our knowledge we do not collect information online from children under 18. If you are a parent or guardian and think we have information about your child, please email email@example.com.
When you place an order on our website, all of your order information, including your credit card number and delivery address, is transmitted through the Internet using Secure Sockets Layer (SSL) technology. SSL technology causes your browser to encrypt your order information before transmitting it to our secure server. SSL technology, an industry standard, is designed to prevent someone other than operators of our websites from capturing and viewing your personal information.
Whilst we use industry standard means to protect our website and your information, the Internet is not 100% secure. The measures we use are appropriate for the type of information we collect. We cannot guarantee that your use of our websites or mobile applications will be completely safe. We encourage you to use caution when using the Internet.
Commitment to Data Security
Your personally identifiable information is kept secure. Only authorized employees, agents and contractors (who have agreed to keep information secure and confidential) have access to this information. All emails and newsletters allow you to opt out of further mailings.
Our websites contain links to third party websites. If you click on one of those links, you will be taken to websites we do not control. This Privacy and Security Statement does not apply to the information practices of those websites. You should read the privacy policies of other websites carefully. We are not responsible for third party websites.
Our Tracking Techniques
• Tracking Tools We Use. We use several common online tracking tools. These may include browser and flash cookies. We may also use web beacons and similar technologies. We use these tools: to track new visitors to our websites; to recognize returning customers; to store your password if you are registered on our website; to serve content in your local currency or language; so we can better understand our audience, our customers, our website visitors and their respective interests.
• Controlling Our Tracking Tools. Your browser may give you the ability to control cookies. How you do so depends on the type of cookie. Certain browsers can be set to reject browser cookies. To control browser cookies, click here. To control flash cookies, click here. Why? Because flash cookies cannot be controlled through your browser settings. If you configure your computer to block cookies, you will limit the functionality we can provide when you visit our website.
My Account Registration and Use.
My Account registration is an optional service provided by our website. You do not have to register to browse or shop online. When you register, you are asked for personal information such as your name, address, phone number, email address and a username and password. You may also optionally provide information regarding your interests and home improvement projects or register your credit cards. This information may be used to help make your online shopping quicker and easier by pre-filling certain parts of your shopping information.
How Long We Retain Your Personal Data
We will only retain your personal information for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements. Details of retention periods for different aspects of your personal information are available in our Data Protection Policy Statement which is available from The Data Protection Officer. In order to comply with law and to ensure we have the necessary information required in order to resolve future issues that might arise, we retain all personal data for a period of 8 years from collection. To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
In some circumstances we may anonymise your personal information so that it can no longer be associated with you, in which case we may use such information without further notice to you.
Your Rights of Access, Correction, Erasure and Restriction
Your duty to inform us of changes
It is important that the personal information we hold about you is accurate and current. Please keep us informed if your personal information changes at any point in the future.
Your rights in connection with personal information
Under certain circumstances, by law you have the right to:
Request access to your personal information (commonly known as a “data subject access request”). This enables you to receive a copy of the personal information we hold about you and to check that we are lawfully processing it.
Request correction of the personal information that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected.
Request erasure of your personal information. This enables you to ask us to delete or remove personal information where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal information where you have exercised your right to object to processing (see below).
Object to processing of your personal information where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground. You also have the right to object where we are processing your personal information for direct marketing purposes.
Request the restriction of processing of your personal information. This enables you to ask us to suspend the processing of personal information about you, for example if you want us to establish its accuracy or the reason for processing it.
Request the transfer of your personal information to another party.
If you want to review, verify, correct or request erasure of your personal information, object to the processing of your personal data, or request that we transfer a copy of your personal information to another party, please contact Nick Lantsbery, Data Protection Officer, in writing.
No fee usually required
You will not have to pay a fee to access your personal information (or to exercise any of the other rights). However, we may charge a reasonable fee if your request for access is clearly unfounded or excessive. Alternatively, we may refuse to comply with the request in such circumstances.
What we may need from you
We may need to request specific information from you to help us confirm your identity and ensure your right to access the information (or to exercise any of your other rights). This is another appropriate security measure to ensure that personal information is not disclosed to any person who has no right to receive it.
Right to withdraw consent
In the limited circumstances where you may have provided your consent to the collection, processing and transfer of your personal information for a specific purpose, you have the right to withdraw your consent for that specific processing at any time. To withdraw your consent, please contact Nick Lantsbery, Data Protection Officer. Once we have received notification that you have withdrawn your consent, we will no longer process your information for the purpose or purposes you originally agreed to, unless we have another legitimate basis for doing so in law.
Our site may, from time to time, contain links to and from the websites of our partner networks, advertisers and affiliates. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to these websites.
Automated decision-making takes place when an electronic system uses personal information to make a decision without human intervention. We are allowed to use automated decision-making in the following circumstances:
Where we have notified you of the decision and given you 21 days to request a reconsideration.
Where it is necessary to perform the contract with you and appropriate measures are in place to safeguard your rights.
In limited circumstances, with your explicit written consent and where appropriate measures are in place to safeguard your rights.
You will not be subject to decisions that will have a significant impact on you based solely on automated decision-making, unless we have a lawful basis for doing so and we have notified you. We do not envisage that any decisions will be taken about you using automated means, however we will notify you in writing if this position changes.
Data Privacy Manager
We have appointed a Data Protection Officer to oversee compliance with this privacy notice. If you have any questions about this privacy notice or how we handle your personal information, please contact the Data Privacy Officer. You have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues.
If you have additional questions you can telephone us in the UK on 01604 770711, email us at firstname.lastname@example.org or write to us at:
The Forge House,
In the USA you can telephone us on 719 948 4554, email us at email@example.com or write to us at:
Haddonstone (USA) Ltd,
32207 United Avenue
Changes to this Privacy and Security Policy
Effective Date: 24 May 2018
Last Revision Date: 24 May 2018
From time to time we may change our privacy policies. We will notify you of any material changes to our Privacy and Security Statement by posting an updated copy on our website. Please check our website periodically for updates.