PRIVACY POLICY
1. Who We Are
Barber HMZ (“we”, “us”, “our”) is responsible for your personal data. We operate from 95 Coldharbour Lane, Hayes, UB3 3EF, United Kingdom.
We are committed to protecting your personal data and respecting your privacy. This Privacy Policy explains how we collect, use, store and share your personal data when you visit our website at barberhmz.co.uk or make a purchase from us.
If you have any questions about this policy or how we handle your data, please contact us:
Email: sales@barberhmz.co.uk
Phone: 07428 425952
Address: 95 Coldharbour Lane, Hayes, UB3 3EF
2. What Data We Collect
2.1 Data you give us directly
When you place an order or contact us, we collect:
Your name
Email address
Phone number (if provided)
Delivery address
Billing address
Order details including products purchased, quantities and amounts
Communications you send us
2.2 Payment data
We use Stripe to process payments. Stripe collects and processes your card details directly — we never see or store your full card number, CVV or expiry date. Stripe’s privacy policy is available at stripe.com/gb/privacy.
2.3 Data collected automatically
When you visit our website, we automatically collect:
Your IP address
Browser type and version
Pages you visit and time spent on them
Referring website
Device type and operating system
This data is collected through cookies and similar technologies. See Section 7 for more information about cookies.
3. How We Use Your Data
3.1 To fulfil your order
We use your data to process and deliver your order, send order confirmations and dispatch notifications, handle returns and refunds, and respond to queries about your order. The legal basis for this processing is the performance of a contract with you.
3.2 To communicate with you
We use your email address and phone number to contact you about your order, respond to your enquiries, and notify you about important changes to our service. The legal basis is our legitimate interests in providing good customer service.
3.3 To improve our website
We use automatically collected data to understand how visitors use our website, identify technical issues, and improve our service. The legal basis is our legitimate interests in improving our business.
3.4 Legal obligations
We may process your data where necessary to comply with legal obligations, such as maintaining financial records for tax purposes. Records of transactions are kept for 6 years in accordance with HMRC requirements.
3.5 Marketing
We will only send you marketing communications if you have explicitly opted in to receive them. You can unsubscribe at any time by clicking the unsubscribe link in any email or contacting us at sales@barberhmz.co.uk.
4. Who We Share Your Data With
We do not sell your personal data. We share your data only where necessary with trusted third parties:
Stripe
Our payment processor. They receive your payment details and billing information to process transactions securely. Stripe is PCI DSS compliant and certified to handle card data.
Delivery partners
We share your name and delivery address with our courier or postal service to fulfil your order.
Hostinger
Our website hosting provider. Your data is stored on servers operated by Hostinger. They process data only on our instructions.
Legal requirements
We may disclose your data if required to do so by law, court order, or in response to a valid request from a law enforcement or government authority.
All third parties are required to handle your data securely and in accordance with applicable data protection law. We do not allow them to use your data for their own marketing purposes.
5. International Data Transfers
Some of our third-party service providers may process your data outside the UK or European Economic Area (EEA). Where this occurs, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses approved by the UK Information Commissioner’s Office (ICO), to protect your data.
Stripe processes data in the United States and is certified under the UK-US Data Bridge framework.
6. How Long We Keep Your Data
We retain your personal data only for as long as necessary for the purposes described in this policy:
Order records: 6 years from the date of purchase (HMRC requirement)
Customer communications: 2 years
Marketing preferences: until you unsubscribe or request deletion
Website analytics data: 26 months
After these periods, your data is securely deleted or anonymised.
7. Cookies
Our website uses cookies — small text files stored on your device — to make the site work properly and to understand how it is used.
Essential cookies
These are necessary for the website to function and cannot be switched off. They include cookies that remember your cart contents and session information.
Analytics cookies
These help us understand how visitors interact with our website. The information is aggregated and anonymous. You can opt out of analytics cookies using your browser settings.
You can control cookies through your browser settings. Blocking essential cookies may affect your ability to use the website, including completing a purchase.
8. Your Rights
Under the UK General Data Protection Regulation (UK GDPR), you have the following rights:
Right to access
You can request a copy of the personal data we hold about you. We will respond within one month.
Right to rectification
You can ask us to correct inaccurate or incomplete data we hold about you.
Right to erasure
You can ask us to delete your personal data where there is no legitimate reason for us to continue processing it. Note that we may be required to retain certain data for legal reasons.
Right to restrict processing
You can ask us to pause the processing of your data in certain circumstances, for example while we verify its accuracy.
Right to data portability
You can request that we provide your data in a structured, commonly used, machine-readable format.
Right to object
You can object to our processing of your data where we rely on legitimate interests as our legal basis.
Right to withdraw consent
Where we rely on your consent to process your data (e.g. for marketing), you can withdraw that consent at any time.
To exercise any of these rights, please contact us at sales@barberhmz.co.uk. We will respond within one month. We may need to verify your identity before processing your request.
9. Right to Complain
If you are unhappy with how we have handled your personal data, you have the right to lodge a complaint with the UK Information Commissioner’s Office (ICO):
Website: ico.org.uk
Helpline: 0303 123 1113
Address: Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, SK9 5AF
We would appreciate the opportunity to address your concerns before you contact the ICO, so please contact us first at sales@barberhmz.co.uk.
10. Data Security
We take the security of your personal data seriously. We use appropriate technical and organisational measures to protect your data against unauthorised access, loss, destruction or alteration. These include:
SSL/TLS encryption on all pages of our website
Secure payment processing through Stripe (PCI DSS compliant)
Password-protected systems with limited access
Regular security updates and monitoring
Despite these measures, no method of transmission over the internet is 100% secure. If you have concerns about the security of your data, please contact us immediately.
11. Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. The date of the most recent update is shown at the top of this page. Where changes are significant, we will notify you by email if we hold your contact details.
We encourage you to review this policy periodically.
