Privacy Policy
1. Introduction
At Hatton McEwan (“we,” “our,” or “us”), accessible via hattonmcewan.com (the “Website”), your privacy is of paramount importance to us. We are fully committed to upholding the highest standards of data protection and transparency. This Privacy Policy outlines how we collect, use, and safeguard your personal data when you interact with our Website, in compliance with the General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), and other applicable laws and regulations.
2. Scope of the Policy & Data Controller
This Privacy Policy applies to all users of hattonmcewan.com and governs the data practices related to your use of the Website, whether as a visitor, registered user, or customer. Hatton McEwan acts as the Data Controller for the personal data collected through the Website. If you have questions about this Policy or our data handling practices, you may contact us at [email protected].
3. Categories of Data We Process
We process the following categories of personal data, depending on your interactions with the Website:
a. Usage Data
Information automatically collected during your visits to the Website, including your IP address, browser type, operating system, referral source, pages visited, date/time stamps, and session duration.
b. Account Data
If you create an account or engage in transactions with us, we may collect your full name, residential or billing address, email address, and telephone number.
c. Profile Data
Information related to your preferences, previous purchases, browsing and shopping behavior, and user-selected interests.
d. Communication Data
Records of correspondence you initiate with us, including customer support requests, messages sent through contact forms, and responses to surveys.
e. Technical Data
Data about the device and system you use to access the site, such as device type, operating system, browser configurations, and system diagnostics.
f. Transaction Data
Details pertaining to purchases and orders, including billing information, shipping addresses, payment method and status, and fulfilment records.
g. Preference Data
Choices and consents related to marketing communications, email frequency, preferred content and interaction settings, and areas of interest.
4. Legal Bases for Processing
We only process your personal data in accordance with applicable data protection laws and based on one or more of the following legal bases:
– Consent: Where you have provided explicit consent for specific processing activities, such as subscribing to our newsletter or receiving promotional offers.
– Contractual Necessity: Processing required to fulfil our contractual obligations to you, such as providing a purchased service or responding to service inquiries.
– Legitimate Interests: Where processing is necessary for our legitimate business interests, provided those interests are not overridden by your rights and interests.
– Legal Obligation: To comply with legal responsibilities, enforce our legal rights, or respond to lawful government or law enforcement requests.
5. Your Rights
Subject to applicable law, you have the following rights with respect to the personal data we hold about you:
– Right of Access: Obtain confirmation as to whether or not personal data concerning you is being processed, and access such data.
– Right to Rectification: Request correction of inaccurate or incomplete personal data.
– Right to Erasure: Request deletion of your personal data when it is no longer needed or if processing is unlawful.
– Right to Restriction: Request the restriction of processing of your personal data in specific circumstances.
– Right to Data Portability: Receive your personal data in a structured, commonly used format and have it transmitted to another controller where technically feasible.
To exercise these rights, please contact us at [email protected].
6. Security Measures
We implement a range of security measures to protect your personal data:
– Encryption protocols are used to secure sensitive data during transmission and at rest.
– Role-based access controls ensure that only authorized personnel access your information.
– Regular data backups enable the recovery of information in the case of data loss.
– Our staff are trained on data privacy and security best practices and subject to confidentiality obligations.
7. International Transfers
Where your personal data is transferred outside the United Kingdom, the European Economic Area (EEA), or other jurisdictions offering similar protections, we ensure such transfers are lawful under applicable standards. We rely on appropriate safeguards such as Standard Contractual Clauses approved by applicable authorities, or ensure that the recipient country has an adequate level of data protection.
8. Data Retention
We retain personal data for only as long as necessary to achieve the purpose for which it was collected, including:
– Account Data: Retained for the duration of your account and up to 6 years following closure for legal auditing requirements.
– Transaction Data: Retained for 7 years to comply with tax and financial regulations.
– Communication Data: Retained for 2 years from the date of the last communication.
– Marketing and Preference Data: Retained until you revoke your consent or opt-out.
– Technical and Usage Data: Retained for analytic and security purposes up to 18 months.
9. Cookie Policy
Our Website uses cookies to enhance functionality, personalize content, and analyze web traffic. We classify cookies into the following categories:
– Essential Cookies: Required for the Website to function properly (e.g., login session cookies).
– Functional Cookies: Help remember user preferences and choices.
– Analytics Cookies: Track Website performance and usage statistics to improve our services.
– Performance Cookies: Measure the responsiveness and performance of our website features.
10. Cookie Management and Legal Compliance
Visitors from the EU, California, and other applicable jurisdictions are shown cookie consent banners and have the right to opt in or out of non-essential cookie use.
You can modify your cookie preferences at any time via your browser settings or cookie preference panel provided on the Website. Under the CCPA, California residents also have the right to request “Do Not Sell My Personal Information” preferences, which we honor fully.
11. Children’s Privacy
Our services are not directed to individuals under the age of 13, and we do not knowingly collect personal data from children. If you believe that a child under 13 has submitted personal data to us, please contact us immediately at [email protected] and we will take prompt steps to remove such data.
12. Policy Updates
We may update this Privacy Policy from time to time to reflect changes in our legal, regulatory, or operational practices. If changes are material, we will notify you through prominent notices on the Website or via direct communication, where appropriate.
We encourage you to review this Policy regularly to remain informed about how we are protecting your data.
13. Contact Information
If you have any questions, concerns, or requests regarding this Privacy Policy or how your personal data is handled, please contact us at:
Email: [email protected]
Website: https://hattonmcewan.com
We are committed to ensuring robust privacy practices and maintaining compliance with all applicable data protection laws. Thank you for trusting Hatton McEwan with your personal information.