We are HyggeBox Ltd, a company registered in the UK. We operate the website www.HyggeBox.co.uk. The term “HyggeBox Ltd”, “HyggeBox”, “us” or “we” refers to the owner of the website whose registered office is 101 Derby Road, Ambergate Belper DE562GD. The term “you” refers to the user or viewer of our website.
We take your privacy seriously and are committed to protecting it, as indeed we are required to by law. We will only use the information that we collect about you within the restrictions placed on us by law. HyggeBox is based in the UK and operates in accordance with UK law. This policy tells you how we deal with your personal data (i.e. any data that can identify you), what kinds of personal data we collect, how we use and protect it, and who we disclose it to. Please do not use our website unless you are completely happy with this policy. If you do use our website, we will assume that you do accept it.
YOUR PRIVACY AND HYGGEBOX
This website is an e-commerce site, and needs to maintain customer details and associated information for the purpose of maintaining records so that we can send our boxes to customers, communicate with customers about their account and market to them, and for website optimisation.
Our website is hosted and maintained by Cratejoy, an e-commerce company who specialise in subscription-based sites. Cratejoy is based in the USA; the GDPR privacy regulations regarding our use and storage of data don’t require personal data to be stored in Europe, only that the data is appropriately protected. Please be assured that personal data stored by Cratejoy is encrypted and compliant under the US Privacy Shield and under GDPR.
Secure payment card transactions and associated privacy are handled by our payment providers Stripe and Paypal. Their privacy statements are can be found on their respective websites. Please see below for further details on our secure payment systems.
THE DATA WE GATHER
We may collect the following information: name, contact information (physical and email addresses) and website usage data including IP addresses, the web browser used, and referrer IP sites. We may occasionally gather additional information when it is relevant such as during competitions, special offers and the use of discounts.
We will not collect any personally-identifiable information about you (e.g. your name, address, telephone number or e-mail address), unless you voluntarily choose to provide it to us (e.g. by deciding to use this site, by purchasing a product, or by signing up for newsletters or competitions). By providing us with personal information, you consent to the use of it as set out in this policy.
We will use this data to communicate with you, answer your queries, process your order, or provide you access to specific account information and also, subject to you agreeing to receive marketing communications, to support our relationship with you and offer you free products and special offers. In cases of suspicious activity we may use information provided by you in order to conduct appropriate anti fraud checks. We may store and process personal information to better understand your business needs and how we can improve our products and services. We may disclose personal data so far as reasonably necessary if we have reason to believe that it breaches our terms and conditions, or that such steps are necessary to protect us or others, or that a criminal act has been committed, or if there has been a complaint about content posted by you, or if we are required to do so by law. If you choose not to have your personal information used to support our customer relationship by receiving marketing communications, we will respect your choice. You can choose to opt out of marketing communications at any time by unsubscribing using the link provided on our email marketing.
We do not store credit card details nor do we share customer details with any third parties except for the purpose of processing orders (e.g. for creating postage labels and processing payments) unless you give us permission to do so, or we are obliged or permitted by law to disclose them.
Customers are requested to log in and keep their own personal information, such as name, address, email, billing information etc up to date.
HOW WE STORE YOUR DATA
The e-commerce engine used (Cratejoy) captures customer contact details (email, postal address etc) so that we know who to send our boxes to. We use this information to print address labels, and communicate with customers if necessary for example if an address is incomplete. The only data we store is for the purpose of printing address labels; all information is kept within password-protected documents on encrypted servers and all information is deleted as soon as its purpose has been fulfilled. When you access our website, we may automatically collect information that is not personally identifiable (e.g. type of Internet browser and computer operating system used; domain name of the website from which you came; number of visits, average time spent, pages viewed etc).
The information that we collect from you may be transferred to and stored at a destination outside the United Kingdom: for example our website is hosted in the USA. The GDPR doesn’t require personal data to be stored in Europe, only that the data is appropriately protected; please be assured that personal data stored by Cratejoy is encrypted and compliant under the GDPR.
We retain the personal data that you provide to us when you registered with our website and/or application or any other information that you volunteered while using the website and/or application for (i) as long as your account is active or (ii) otherwise for a limited period of time as long as we need to fulfill the purposes for which we have initially collected it, unless otherwise required by law. Emails received for customer service purposes and to fulfull an order are deleted on a regular basis, no less than once a month. Data gathered by Google Analytics is removed entirely after 14 months.
As part of the registration process for our e-newsletter, we collect personal information. We use that information for a couple of reasons: to tell you about stuff you’ve asked us to tell you about; to contact you if we need to obtain or provide additional information; to check our records are right and to check every now and then that you’re happy and satisfied. We use a third-party provider, MailChimp, to deliver our newsletter. We gather statistics around email opening and clicks using industry standard technologies to help us monitor and improve our e-newsletter. You can unsubscribe to general mailings at any time of the day or night by clicking the unsubscribe link at the bottom of any of our emails or by emailing our data protection officer Sally Morris firstname.lastname@example.org
Information regarding Mailchimp’s commitment to data privacy can be found here. For more information, please see MailChimp’s privacy notice.
Our website also uses Google’s remarketing technology. This technology enables users who have already visited our website and shown interest in HyggeBox to see targeted advertising on the websites of the Google partner network. The advertising will be displayed using cookies. The information generated by the cookie about the website use will be transmitted to and stored on servers in the United States by Google. In the event that the IP address is transferred, it will be reduced by the last 3 digits thereby becoming anonymous. Using cookies, the user behavior on a website can be analysed to provide targeted advertising based on the user’s interests.
Our website also uses the Conversion Tracking Pixel service provided by Facebook. This tool allows us to follow the actions of users after they are redirected to our website by clicking on a Facebook advertisement. We are then able to record how effective our Facebook advertisements are. The collected data remain anonymous. This means that we cannot see the personal data of any individual user. However, the collected data is saved and processed by Facebook. Facebook is able to connect the data with your Facebook account and use the data for their own advertising purposes, in accordance with Facebook’s Data Use Policy found here. Facebook Conversion Tracking also allows Facebook to show you advertisements on and outside Facebook. In addition, a cookie will be saved onto your computer for these purposes.
Facebook Pixel information can be found here. Please click here if you would like to change your ad preferences within Facebook.
CONTROLLING HOW WE USE YOUR DATA
Because it is Cratejoy who store and process our customer information, you have the right to have your data removed completely from Cratejoy IF you meet the following requirements: If and only if your relationship with HyggeBox is completely terminated. Your subscription cannot be active; subscriptions must be cancelled or expired before Cratejoy can remove a customer’s information. The subscription must have no unshipped boxes; removing data includes removing your mailing address, which will make it impossible to ship future shipments. What Cratejoy will remove: Customer Name. Customer Email. Customer Addresses. Customer Payment Records. This action cannot be undone.
As you are no doubt aware, the Internet is not a completely secure communication system, and users must assume that this may pose a risk to the integrity of information they provide. Accordingly, we accept no legal responsibility for any loss or misuse of the data that may occur while the data is in transmission. For payment services however, we make use of e-commerce infrastructure providers who provide encrypted internet level security. The methods used are based on Certification Authority certificates (built into computer operating systems) and encrypted communication methods based on HTTPS and SSL/TLS techniques (built into browser applications). We of course have no responsibility for the security of users’ own IT and communication systems, and strongly recommend that all users follow good IT practices when using the web. We are committed to ensuring that your information is secure, and have chosen the following providers who have the necessary infrastructure to provide secure communications.
As noted previously this website is hosted by the US e-commerce subscription specialist Cratejoy. We make use of Cratejoy’s payment provider partners Stripe and PayPal to process credit card and processor payments.
Stripe and PayPal are both major international payment providers. Stripe have provided comprehensive documents on their commitment to data protection within the framework of the GDPR – please read them here.
Please note that payment details including credit card numbers are supplied directly to our payment partners. We do not receive or store any financial details, other than the bare minimum needed to trace transactions for auditing purposes. For anti fraud reasons and to ensure your payments have not been misused, your personal data may be supplied by our payment partners to relevant third parties including credit reference and fraud prevention agencies, who may keep a record of that information.
The outcome of any payment transaction (successful or otherwise), is communicated back to the e-commerce engine, and in turn this information is related back to HyggeBox. We will then fulfil the order if the payment has succeeded or make contact in case there is a problem with the credit card (for example if the credit card expiry date has been reached).
To comply with online payment security regulations we do not accept payment by any other means other than those outlined here.
©HyggeBox Subscriptions Ltd 2018.