Hanna Hats of Donegal Ltd
This is your guide to how personal data is managed by Hanna Hats of Donegal. It is important that you know what we do with the personal information you provide to us, why we gather it and what it means to you. This document outlines our approach to Data Privacy to fulfill our obligations under the General Data Protection Regulation (2018).
Who We Are
Throughout this document, ‘we’, ‘us’ or ‘our’ refers to Hanna Hats of Donegal Ltd.
We gather and process your personal information in accordance with this privacy notice and in compliance with the relevant data protection regulation and law. This notice provides you with the necessary information regarding your rights and obligations, and explains how, why and when we collect and process your personal data.
Information That We Collect
Hanna Hats processes your personal information to meet our legal, statutory and contractual obligations and to provide you with our products and services. We will never collect any unnecessary personal data from you and do not process your information in any way, other than that specified in this notice.
We collect information in the following ways:
- When you visit our website to browse or place orders
- When you send us correspondence or products orders via email
- When you telephone us with a product query or to place an order
- When you attend at our physical store
The information we collect falls into the categories outlined below:
- Identity and contact information
Data to identify you, including your name, address, email address, telephone number.
- Order information
Information associated with orders you initiate for our products including product style, quantity, date and time of purchase as well as any product reviews you submit.
- Payment information
Information required facilitating purchase of our products including credit card details, product description, purchase amount, billing and shipping address.
- Online information
Our website automatically collects information on your visit including your IP address, cookie identifiers, previous visits and orders, channels used to access our webpage, information about the device and browser you use as well as information on marketing emails opened and links used. Additional information on cookies is available below including how to manage and opt out.
Your image may be captured when you visit our premises
How We Use Your Personal Data and the Legal Basis
Hanna Hats takes your privacy very seriously and will never disclose, share or sell your data without your consent, unless required to do so by law or in accordance with this notice. We only retain your data for as long as is necessary and for the purposes specified in this notice.
The purposes and reasons for processing your personal data are detailed below:
- You have agreed or explicitly consented to the using of your data in a specific way (you may withdraw consent at any time by contacting us using the details provided below).
- We collect your personal data in the performance of a contract or to provide a service and to ensure that orders are completed and can be sent out to your preferred address.
- To manage our business for our legitimate interests such as payment fraud analysis and for marketing purposes.
Sharing and Disclosing Your Personal Information – who we share your information with
Other than for the purposes specified in this notice or where there is a legal requirement we do not share or disclose any of your personal information without your consent. Hanna Hats uses Shopify Inc to host our online store, Mailchimp for our newsletter service and Loox Online for product reviews. We also use Google Analytics for analyisis of our website performance. Each act as data processors on our behalf and only process your data in accordance with instructions from us, the data protection laws and any other appropriate confidentiality and security measures.
We share your personal data with the following categories of service providers:
Our professional advisers including our accountants, auditors and insurers as well as our delivery providers and email service providers.
Product Review Application
Transfers Abroad (outside the European Economic Area)
We or our service providers may transfer your personal data outside of the European Economic Area. Where personal data is transferred outside of the European Economic Area by our third party providers, we have confirmed appropriate safeguarding measures are in place including the EU-U.S. Privacy Shield Framework (for USA – Mailchimp, Loox Online, PayPal and Google) and Canada’s Personal Information Protection and Electronic Documents Act (PIPEDA) (for Canada – Shopify).
Information from cookies and similar tracking technologies
Cookies are small data files that are placed on your computer or mobile device when you visit a website. Cookies are widely used by online service providers in order to (for example) make their websites or services work, or to work more efficiently, as well as to provide reporting information.
- We also use web beacons, tracking technology and other automated tracking methods on our website, in communications with you, and in our products and services, to measure performance and engagement.
Automated Decision Making
Automated decision making means making decisions about you using no human involvement e.g. using computerised filtering equipment. Some personal information is used by our online store hosting company Shopify, for services that include elements of automated decision-making to automatically block certain potentially fraudulent transactions for a short period of time.
Hanna Hats takes your privacy seriously and we take appropriate measures and precautions to protect and secure your personal data. We work hard to protect you and your information from unauthorised access, alteration, disclosure or destruction.
f you provide us with your credit card information when purchasing our products directly with us, the payment is encrypted using secure socket layer technology (SSL) and stored with AES-256 encryption. If when purchasing from our online store you choose a direct payment gateway, then Shopify stores your credit card data. It is encrypted through the Payment Card Industry Data Security Standard (PCI-DSS). Your purchase transaction data is stored only as long as is necessary to complete your purchase transaction. After that is complete, your purchase transaction information is deleted. All direct payment gateways adhere to the standards set by PCI-DSS as managed by the PCI Security Standards Council, which is a joint effort of brands like Visa, MasterCard, American Express and Discover. PCI-DSS requirements help ensure the secure handling of credit card information by our store and its service providers.
You should note however that the transmission of information via the internet is not 100% secure and we cannot guarantee that data you supply will not be intercepted while being transmitted to us over the Internet.
You have the following rights in certain circumstances and subject to certain exemptions in relation to your personal data:
You have the right to access any personal information that Hanna Hats processes about you and to request information about:
- what personal data we hold about you;
- the purposes of the processing;
- the recipients to whom the personal data has/will be disclosed;
- how long we intend to store your personal data for;
You have the right to withdraw consent at any time where processing is based on consent.
If you believe that we hold any incomplete or inaccurate data about you, you have the right to ask us to correct and/or complete the information and we will strive to update/correct it as quickly as possible; unless there is a valid reason for not doing so, at which point you will be notified.
You also have the right to request erasure (deletion) of your personal data that we hold about you.
You have the right to request that we restrict processing in accordance with data protection laws.
You have the right to object to our processing for particular purposes including a right to object to any direct marketing from us.
You have the right to be informed about any automated decision-making that we use.
Data portability – you have the right to request us to provide you, or a third party, with a copy of your personal data in a structured, commonly used machine readable format.
If we receive a request from you to exercise any of the above rights, we may ask you to verify your identity before acting on the relevant request; this is to ensure that your data is protected and kept secure.
If you wish to exercise any of the rights set out above, please contact us at firstname.lastname@example.org
We do not knowingly collect personal information from children under the age of 16. In the event you become aware that an individual under the age of 16 has submitted personal information to us without parental permission, please advise us immediately.
How Long We Keep Your Data
Hanna Hats retains your personal data for as long as necessary to provide you with our services as our customer and to satisfy associated financial, legal and regulatory obligations. We will not hold your data for longer than is necessary. As a general rule, we keep your data for a specified period after the date on which a transaction has completed which in most cases is six years.
Consequences of Not Providing Your Data
You are not obligated to provide your personal information to us, however, if you wish to purchase a product from us we require some information (your name and address for example) as this information is required for us to process and deliver your orders. If you do not provide this information, we will not be able to offer our products without it.
Lodging a Query or a Complaint
Hanna Hats only processes your personal information in compliance with this privacy notice and in accordance with the relevant data protection laws. If, however you wish to raise a query or a complaint regarding the processing of your personal data or are unsatisfied with how we have handled your information, you have the right to lodge a complaint with us. You also have a right to lodge a complaint with the supervisory authority. The Irish supervisory authority is the Data Protection Commission.Hanna Hats of Donegal Ltd
Data Compliance Officer
Tirconaill Street, Donegal Town, Co. Donegal, Ireland
++353 (0) 74 9721084
The Supervisory Authority
Data Protection Commissioner
Canal House, Station Road, Portarlington, Co. Laois, Ireland
+353 (0) 57 8684800
Changes to our privacy notice
Hanna Hats may change this notice from time to time. All changes will be posted and updated here. We advise you to check back frequently to review the most current version of this notice.
This notice was last updated on 9 July 2018.