This Privacy Policy explains how FASHNETIC LTD, operating the hearthora store and website (the "Services"), collects, uses, and protects your personal information. We are committed to safeguarding your privacy and complying with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

FASHNETIC LTD is the data controller responsible for your personal data.

1. The Personal Information We Collect

When you use our Services, we may collect and process the following categories of personal information:

• Contact Information: Your name, billing address, shipping address, email address, and phone number.
• Financial Information: Credit card, debit card, and bank account details for processing payments.
• Account Information: Your username, password, security questions, and preferences.
• Transaction Details: Information about your purchases, returns, exchanges, and items you view or add to your cart.
• Communication Data: Information you provide when you contact us for customer support or other inquiries.
• Technical Data: Your IP address, browser type, device details, and unique identifiers collected through cookies and similar technologies.
• Usage Data: How you interact with and navigate our website, including the pages you visit and the time you spend on them.

2. How We Collect Your Personal Information

We collect your personal information from a few sources:

• Directly from You: When you create an account, make a purchase, or communicate with us.
• Automatically: Through cookies and other tracking technologies when you use our website.
• From Our Service Providers: We use trusted third parties, such as Shopify, who process your personal information on our behalf to provide our Services.
• From Our Partners: We may receive information from our marketing partners or other third parties.

3. Our Legal Basis for Processing Your Personal Information

Under UK GDPR, we must have a valid legal reason to process your personal data. We rely on the following legal bases:

• Performance of a Contract: We process your information to provide the Services you have requested, such as fulfilling your order and processing your payment.
• Legitimate Interests: We use your data to improve our Services, prevent fraud, ensure security, and for our marketing and business purposes, provided these interests do not override your rights.
• Legal Obligation: We may process your data to comply with legal requirements, such as responding to law enforcement requests.
• Your Consent: In specific situations, such as sending you marketing emails, we will ask for your explicit consent. You have the right to withdraw this consent at any time.

4. How We Use Your Personal Information

We use your information for the following purposes:

• To Provide and Improve the Services: We use your data to process payments, manage your accountPolicy, fulfill orders, and create a personalised shopping experience.
• Marketing and Advertising: We may use your information to send you promotional communications and show you relevant online advertisements based on your activity on our website.
• Security and Fraud Prevention: We use your data to authenticate your account and protect against fraudulent or malicious activity.
• To Communicate with You: We use your information to provide customer support and respond to your inquiries.
• To Comply with Legal Obligations: We may use your data to comply with applicable laws and enforce our terms and policies.

5. Sharing Your Personal Information

We may share your personal information with third parties in the following circumstances:

• With Service Providers: We share data with third parties like Shopify and other vendors who help us operate our business, including IT management, payment processing, shipping, and data analytics.
• With Business and Marketing Partners: We may share data with partners to assist with our marketing and advertising efforts.
• For Business Transfers: In the event of a merger, acquisition, or bankruptcy, your data may be transferred as part of the transaction.
• For Legal Reasons: We may disclose your data to comply with legal obligations, enforce our policies, or protect our rights and the safety of our users.

6. International Transfers of Your Personal Information

As a UK-based company, we may transfer your personal information outside of the UK. We ensure that any such transfer is made in compliance with UK data protection laws, using recognised transfer mechanisms, such as the UK-approved International Data Transfer Agreements or Addendums, to ensure your data receives adequate protection.

7. Your UK GDPR Rights

Under UK GDPR, you have the following rights regarding your personal data. You can exercise these rights by contacting us using the details below.

• Right to Access: You have the right to request a copy of the personal data we hold about you.
• Right to Rectification: You can ask us to correct any inaccurate or incomplete information we hold.
• Right to Erasure (Right to be Forgotten): You have the right to request that we delete your personal data in certain circumstances.
• Right to Restrict Processing: You can ask us to limit how we use your data in specific situations.
• Right to Data Portability: You can request a copy of your data in a structured, machine-readable format to transfer it to another service.
• Right to Object: You have the right to object to our processing of your data based on legitimate interests or for direct marketing.
• Right to Lodge a Complaint: If you are not satisfied with how we handle your data, you have the right to lodge a complaint with the Information Commissioner's Office (ICO), the UK's data protection authority.

8. Children's Data

Our Services are not intended for children. We do not knowingly collect personal information from anyone under the age of 18. If you are a parent or guardian and believe your child has provided us with personal information, please contact us to request its deletion.

9. Data Security and Retention

While no security measure is 100% effective, we take appropriate technical and organisational measures to protect your personal data from unauthorised access, loss, or destruction.

We will retain your personal information for as long as necessary to provide our Services, comply with our legal obligations, and resolve disputes.

10. Changes to This Privacy Policy

We may update this policy periodically. The revised policy will be posted on our website, and the "Last updated" date will be changed. We will notify you of any significant changes as required by law.

11. Contact Us

If you have any questions about this Privacy Policy or wish to exercise your rights, please contact us:

• Email: info@hearthora.co.uk
• Address: Unit 15, Five Arces, ENG, mk6 3ad, GB