Last Updated:
Hipbrflexox is committed to protecting your personal data and respecting your privacy rights. This Data Protection notice explains how we comply with data protection laws and regulations, including the General Data Protection Regulation and the Data Protection Act. We take our responsibilities seriously and have implemented appropriate measures to ensure your data is handled securely and lawfully.
Hipbrflexox is the data controller responsible for your personal data. We determine the purposes and means of processing your personal information. Our contact details are provided at the end of this notice should you need to reach us regarding data protection matters.
As a data controller, we are responsible for ensuring that your personal data is processed in accordance with applicable laws and regulations. We have appointed personnel responsible for overseeing data protection compliance and addressing any concerns you may have.
We process your personal data based on several legal grounds:
Consent: When you provide explicit consent for us to process your data for specific purposes, such as marketing communications. You have the right to withdraw your consent at any time, and we will cease processing your data for that purpose.
Contract Performance: When processing is necessary to fulfill our contractual obligations to you, such as providing the gift wrapping services you have requested. This includes processing your order, communicating with you about your project, and delivering completed work.
Legal Obligation: When we are required by law to process your data, such as for tax purposes, compliance with court orders, or other regulatory requirements. We only process data to the extent necessary to meet these obligations.
Legitimate Interests: When processing is necessary for our legitimate business interests, such as improving our services, preventing fraud, or maintaining the security of our systems. We balance these interests against your rights and freedoms to ensure fair processing.
We collect and process various categories of personal data:
Identity Data includes your name, title, and other identifiers. This information helps us address you appropriately and maintain accurate records of our customers.
Contact Data includes your address, email address, and telephone number. We use this information to communicate with you about your orders, respond to inquiries, and provide customer support.
Financial Data includes payment card details and bank account information. This data is necessary to process payments for our services. We use secure payment processors and do not store complete payment card details on our systems.
Transaction Data includes details about payments and services you have purchased from us. This information helps us maintain accurate records, process refunds if necessary, and understand your service history.
Technical Data includes your IP address, browser type, device information, and website usage data. We collect this information automatically when you visit our website to improve functionality and user experience.
Profile Data includes your preferences, feedback, and survey responses. This information helps us tailor our services to your needs and improve customer satisfaction.
Marketing and Communications Data includes your preferences for receiving marketing communications and your communication preferences. We respect your choices and only send marketing materials to those who have opted in.
We collect personal data through various methods:
Direct Interactions: You provide data when you fill out forms on our website, contact us by phone or email, request our services, subscribe to newsletters, or provide feedback. This is the primary way we collect information about you.
Automated Technologies: As you interact with our website, we automatically collect technical data using cookies and similar technologies. This includes information about your browsing behavior and device characteristics.
Third Parties: We may receive data from third-party service providers, such as payment processors, analytics providers, or advertising networks. These third parties collect data on our behalf in accordance with their own privacy policies and our instructions.
We use your personal data for the following purposes:
To provide and manage our services, including processing orders, delivering completed work, and handling customer inquiries. This is essential for fulfilling our contractual obligations to you.
To communicate with you about your orders, respond to questions, and provide customer support. Effective communication ensures you receive the service you expect and allows us to address any concerns promptly.
To improve our website and services based on user feedback and behavior analysis. Understanding how customers use our site helps us enhance functionality and user experience.
To send marketing communications about our services, special offers, and updates, subject to your preferences. You can opt out of marketing communications at any time.
To detect and prevent fraud, security breaches, and other illegal activities. Protecting our systems and your data is a priority, and we implement measures to identify and respond to threats.
To comply with legal obligations, such as tax reporting, responding to legal requests, and maintaining required records. We process data as necessary to meet these obligations.
We may share your personal data with the following categories of recipients:
Service Providers who perform functions on our behalf, such as payment processing, website hosting, email delivery, and analytics. These providers are contractually obligated to protect your data and use it only for the purposes we specify.
Professional Advisors including lawyers, accountants, and auditors who provide professional services to us. These advisors are bound by confidentiality obligations and use your data only as necessary to provide their services.
Regulatory Authorities and law enforcement agencies when required by law or to protect our rights and the rights of others. We disclose data only to the extent necessary to comply with legal obligations or respond to lawful requests.
Business Transferees in the event of a merger, acquisition, or sale of assets. In such cases, we will ensure that the receiving party agrees to protect your data in accordance with this notice.
We do not sell your personal data to third parties for their marketing purposes. Any sharing of data is done in accordance with applicable laws and with appropriate safeguards in place.
Your personal data may be transferred to and processed in countries outside of Great Britain. When we transfer data internationally, we ensure appropriate safeguards are in place to protect your information.
These safeguards may include standard contractual clauses approved by regulatory authorities, adequacy decisions recognizing that the destination country provides adequate protection, or other legally approved mechanisms.
We take steps to ensure that your data receives the same level of protection regardless of where it is processed. If you would like more information about international transfers of your data, please contact us.
We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. These measures include:
Encryption of data in transit and at rest using industry-standard protocols. This ensures that your data remains confidential even if intercepted or accessed without authorization.
Access controls that limit who can view and process your data. Only authorized personnel with a legitimate need to access your information can do so.
Regular security assessments and updates to identify and address vulnerabilities. We stay current with security best practices and emerging threats.
Employee training on data protection and security practices. Our staff understand their responsibilities and are equipped to handle your data appropriately.
Incident response procedures to detect, respond to, and recover from security breaches. In the event of a breach that poses a risk to your rights, we will notify you and relevant authorities as required by law.
We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected and to comply with legal obligations. Retention periods vary depending on the type of data and the purpose for which it was collected.
Customer data related to orders and transactions is typically retained for seven years to comply with tax and accounting requirements. After this period, we securely delete or anonymize the data.
Marketing data is retained until you withdraw consent or we determine that the data is no longer relevant. You can opt out of marketing communications at any time, and we will update our records accordingly.
Technical data collected through cookies and similar technologies is typically retained for shorter periods, often measured in months rather than years. This data is used for immediate operational purposes and is not retained longer than necessary.
When determining retention periods, we consider the nature of the data, the purposes for which it was collected, legal requirements, and our legitimate business interests.
Under data protection laws, you have several rights regarding your personal data:
Right of Access: You can request a copy of the personal data we hold about you. We will provide this information in a commonly used format within one month of your request.
Right to Rectification: You can request that we correct inaccurate or incomplete data. We will make corrections promptly and notify any third parties with whom we have shared the data.
Right to Erasure: You can request that we delete your personal data in certain circumstances, such as when it is no longer necessary for the purposes for which it was collected or when you withdraw consent.
Right to Restrict Processing: You can request that we limit how we use your data in certain situations, such as when you contest the accuracy of the data or object to processing.
Right to Data Portability: You can request a copy of your data in a structured, machine-readable format and have it transferred to another service provider.
Right to Object: You can object to processing based on legitimate interests or for direct marketing purposes. We will cease processing unless we have compelling legitimate grounds to continue.
Right to Withdraw Consent: Where processing is based on consent, you can withdraw that consent at any time. This will not affect the lawfulness of processing before withdrawal.
Right to Lodge a Complaint: You have the right to complain to a supervisory authority if you believe your data protection rights have been violated. In Great Britain, the relevant authority is the Information Commissioner's Office.
To exercise any of your data protection rights, please contact us using the details provided below. We will respond to your request within one month, though this may be extended by two additional months for complex requests.
We may need to verify your identity before processing your request to ensure we are disclosing data to the correct person. This is a security measure to protect your information.
In most cases, exercising your rights is free of charge. However, we may charge a reasonable fee for manifestly unfounded or excessive requests, particularly if you make repeated requests for the same information.
If you have questions about this Data Protection notice or wish to exercise your rights, please contact us:
Hipbrflexox
9-10 Warren Court, Chicksands, Shefford SG17 5QB, Great Britain
Phone: +44 1462 659040
Email: response@hipbrflexox.world
We are committed to addressing your concerns and will work to resolve any issues promptly and effectively.