Privacy Policy

What is this policy?

Our privacy policy is in line with current legislation and is a clear outline of how and why we use your personal information. Lizzie’s Hats are committed to protecting personal information about our customers. Ensuring we comply with our legal obligations, as well as being clear about what we do with your personal information. Key points are: 

      • We DO NOT sell your data to third parties 

      • We DO make it easy to manage your information and you can change it at any time 

      • We DO use data to help provide great customer service, which includes tailoring the information we share with you to be relevant, useful and timely 

      • We share your concern about the protection of your personal information and are committed to safeguarding your privacy. 

      • We DO use specialist third parties to process your data

This policy covers information we collect about you through our websites, customer service centre, events, agents or otherwise. Here for your quiet enjoyment is all the details…

What information do we collect from you?

We may collect the following

      • IDENTITY Data may include your first name, maiden name, last name, username, title. 

      • CONTACT Data may include your billing address, delivery address, email address and telephone numbers. 

      • FINANCIAL Data may include your bank account and payment card details. 

      • TRANSACTION Data may include details about payments between us and other details of purchases made by you. 

      • OTHER personal information that you choose to provide us with. 

How do we collect your data?

Through direct interactions with us, you may provide data by filling in forms on our site (or otherwise) or by communicating with us by post, phone, email or otherwise, including when you

      • Order our products or services; 

      • Give us feedback. 

Other information collected whilst you are interacting with us, including: 

      • Information that you provide by filling in forms on our websites. This includes information provided at the time of registering to use our site, subscribing to our service, posting material or requesting further services. 

      • If you contact us, we may keep a record of that correspondence. 

      • Details of transactions you carry out with Lizzie’s Hats and of the fulfilment of your orders. 

How do we use your information?

We will only use your personal data when legally permitted. The most common uses of your personal data are:

      • Where we need to perform the contract between us. 

      • Where is it necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests. 

      • Where we need to comply with a legal or regulatory obligations.

Generally, we do not rely on consent as a legal ground for processing your personal data, other than in relation to sending marketing communications to you via email or text message. Set out below is a description of the ways we intend to use your personal data and the legal ground on which we process such data. We have also explained what our legitimate interests are where relevant, all personal data is processed and stored securely, for no longer than is necessary in light of the reason for which it was first collected.  On the whole, our primary use of your information is in the following ways:

      • to maintain our relationship with you whilst you are a customer; 

      • to process orders and provide agreed goods and services to you; 

      • for invoicing, processing payments, account set up and maintenance; 

      • to communicate with you, including to respond to information requests /enquiries submitted and/or to obtain your feedback on our products and services; 

      • for record keeping, statistical analysis and internal reporting and research purposes; 

      • to ensure data security and to provide you with access to secure areas of our Websites; 

      • to notify you about news and changes to our products and services; to decide on and notify you about price changes; 

      • to monitor the quality of our products and services; 

      • for logistical purposes, including to plan and log delivery routes; 

      • to investigate any complaint you make; 

      • to provide evidence in any dispute or anticipated dispute between you and us; 

      • to customise various aspects of our Websites to improve your experience; 

      • as we may otherwise consider necessary to support the operation of our Website; 

      • for fraud detection and prevention and risk management purposes;

Marketing

We will only send you direct marketing in relation to our own products and services by email or SMS if you have consented to this. 

If you are an existing customer, we will only contact you by electronic means (e-mail or SMS) with information about goods and services similar to those which were the subject of a previous sale or prospective sale to you. 

With your permission and where permitted by law, we may also use your data for marketing purposes which may include contacting you by email, telephone or post with information, news and offers on our products and services. We will not, however, send you any unsolicited marketing or spam and will take all reasonable steps to ensure that we fully protect your rights and comply with Our obligations under the GDPR and the Privacy and Electronic Communications (EC Directive) Regulations 2003. 

You have the right to withdraw your consent to us at any time by e-mailing lizzie@lizzieshats.com

Change of Purpose

We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If you wish to find out more about how the processing for the new purpose is compatible with the original purpose, please email us. If we need to use your personal data for a purpose unrelated to the purpose for which we collected the data, we will notify you and we will explain the legal ground of processing. We may process your personal data without your knowledge or consent where this is required or permitted by law.

Disclosure

We may disclose your personal information to:
Service providers who provide IT and system administration services. 
Professional advisers including insurers, bankers and auditors who provide consultancy and accounting services. 
We require all third parties to whom we transfer your data to respect the security or your personal data and to treat it in accordance with the law. We only allow such third parties to process your personal data for specified purposes and in accordance with our instructions. If we are under a duty to disclose or share your personal data in order to comply with any legal obligation, or in order to enforce or apply our terms and conditions of purchase and other agreements; or to protect the rights, property, or safety Lizzie’s Hats, our customers, or others. This includes exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction.

Where is your information stored?

We will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with current legislation.

Our website is hosted by Salisbury Apps Limited. Credit card payments are taken by FIS Payments which is encrypted through the Payment Card Industry Data Security Standard (PCI-DSS).  Although no method of transmission over the Internet or electronic storage is 100% secure, they follow all PCI-DSS requirements and implement additional generally accepted industry standards. Your purchase transaction data is stored only as long as is necessary to complete your purchase transaction. 

For more insight, you may also want to read FIS privacy notice (www.fisglobal.com/privacy):

Shipping data is dealt with in house but may include Royal Mail. 

Other third party providers. In general, the third-party providers used by us will only collect, use and disclose your information to the extent necessary to allow them to perform the services they provide to us.. 

Our site may, from time to time, contain links to and from the websites of our partner networks, advertisers and affiliates. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to these websites.

Your Rights

The following section details your rights in bold and a simplified explanation of those rights. The various rights are not absolute and each is subject to certain exceptions or qualifications. We will grant your request only to the extent that it follows from our assessment of your request that we are allowed and required to do so under data protection laws. Nothing in this Privacy Statement is intended to provide you with rights beyond or in addition to your rights as a data subject under data protection laws.

      • The right to be informed. You have the right to be provided with clear, transparent and easily understandable information about how we use your personal information and your rights. This is why we’re providing you with the information in this Privacy Statement. 

      • The right of access. You have the right to obtain a copy of your personal information (if we’re processing it), and other certain information (similar to that provided in this Privacy Statement) about how it is used. This is so you’re aware and can check that we’re using your personal information in accordance with data protection law. We can refuse to provide information where to do so may reveal personal information about another person or would otherwise negatively impact another person‘s rights. 

      • The right to rectification. You can ask us to take reasonable measures to correct your personal information if it’s inaccurate or incomplete. E.g. if we have the wrong date of birth or name for you. 

      • The right to erasure. This is also known as ‘the right to be forgotten’ and, in simple terms, enables you to request the deletion or removal of your personal information where there’s no compelling reason for us to keep using it or its use is unlawful. This is not a general right to erasure; there are exceptions, e.g. where we need to use the information in defence of a legal claim. 

      • The right to restrict processing. You have rights to ‘block’ or suppress further use of your personal information when we are assessing a request for rectification or as an alternative to erasure. When processing is restricted, we can still store your personal information, but may not use it further. We keep lists of people who have asked for further use of their personal information to be ‘blocked’ to make sure the restriction is respected in future. . 

      • The right to object You have the right to object to certain types of processing, on grounds relating to your particular situation, at any time insofar as that processing takes place for the purposes of legitimate interests pursued by us or by a third party. We will be allowed to continue to process the personal information if we can demonstrate “compelling legitimate grounds for the processing which override [your] interests, rights and freedoms” or we need this for the establishment, exercise or defence of legal claims. 

Should you wish to exercise any of these rights we will review any legitimate request: 

      • Please contact us and provide as much information as possible to help us identify the information you are requesting, the action you are wanting us to take and why you believe this action should be taken. 

      •  Before assessing your request, we may request additional information in order to identify you. 

      •  If you do not provide the requested information and, as a result we are not in a position to identify you, we may refuse to action your request. 

      • We will generally respond to your request within one month of receipt of your request. We can extend this period by an additional two months if this is necessary taking into account the complexity and number of requests that you have submitted. 

      • We will not charge you for such communications or actions we take, unless: you request additional copies of your personal data undergoing processing, in which case we may charge for our reasonable administrative costs, or you submit manifestly unfounded or excessive requests, in particular because of their repetitive character, in which case we may either: (a) charge for our reasonable administrative costs; or (b) refuse to act on the request.

Updates

We reserve the right to modify this privacy policy at any time, so please review it frequently. Changes and clarifications will take effect immediately upon their posting on the website. If we make material changes to this policy, we will notify you here that it has been updated, so that you are aware of what information we collect, how we use it, and under what circumstances, if any, we use and/or disclose it .

Consent

When you provide us with personal information to complete a transaction, verify your credit card, place an order, arrange for a delivery or return a purchase, we imply that you consent to our collecting it and using it for that specific reason only, including contacting you about this transaction via email and other means.

If we ask for your personal information for a secondary reason, like marketing, we will either ask you directly for your expressed consent, or provide you with an opportunity to say no.

Contact

We try to respond to all legitimate requests for updating of details your information within one month. Occasionally, it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated. Any questions on this policy should be addressed to PRIVACY COMPLIANCE OFFICER and e-mailed to lizzie@lizzieshats.co.uk

Scroll to Top
×