PRIVACY POLICY

This Site is run by Hobbs Limited (“Hobbs”/”we”/”us"/”our”). Hobbs Limited is the “controller” of the personal information collected through the Site, by phone, email or other communication, with our Customer Services team, or in any Hobbs store. This means that Hobbs decides why and how your personal information is processed. Hobbs is subject to the UK General Data Protection Regulation (the UK GDPR) and the Data Protection Act 2018.

1. Information we collect when you visit our Site

We will collect personal information that you provide to us when you:

• create an account on our Site;
• place an order through our Site;
• fill in forms on our Site, for example to leave feedback, enter a competition or respond to a survey; or
• subscribe to our mailing list.

Any personal information you provide to us in the ways listed above is voluntary. However, if you do not provide this information to us, we may be unable to provide products and services to you or interact or communicate with you effectively.

We will also collect certain information automatically when you visit our Site, in particular:

• when you access our Site, we use “cookies” to make it easier for you to use our Site. These cookies record data about the pages you browse and the activities you carried out during your visit. Further details about our use of cookies is set out in our Cookie Policy;
• we record details of the resources that you access to visit our Site (for example, URL addresses, traffic data etc.); and
• we record information about the type of device you have used to visit our Site, your device settings, and the cause of any system errors. Your device manufacturer or operating system provider will have further details on what information your device makes available.

2. Information we collect in our stores

We will collect personal information that you provide to us in our stores when you:

• ask us to provide you with a digital receipt;
• subscribe to our mailing list; or
• enter a competition or respond to a survey.

We will also collect image data, namely: CCTV images (may be used in some stores), photographs (for example, if we are taking pictures during an event).

3. Information we collect when you contact us

We will collect personal information about you when you contact us by telephone, e-mail, online chat function or via social media. We may monitor, record and store such communication with you as needed and, in particular, for training and/or quality purposes.

4. Information we collect if you apply for a job with us

You may be able to apply for a job with us through our Site, in-store or through third party websites such as LinkedIn. The personal information we collect about you may include your name, contact details, employment history, and any information set out in your CV.

We share your information with our core service providers and third party platforms as required for our business to function; for example, payment processing, picking, packaging and processing orders, fulfilling deliveries, customer support, fraud detection, credit risk reduction checks, IT systems support, and internal audits. Every external company we work with has a contract with us which clearly sets out our expectations and requirements in handling personal information and obligates them to meet these standards and those contained in the UK GDPR. We will only share the personal information that each company needs in order to perform the specific services we have instructed them to carry out. Examples include:

• If you have made an order, your contact details will be passed to delivery couriers.
• If you choose to provide feedback on your transaction, we may share your information with, third party feedback sites who will capture your feedback on transactions which we use to enhance our customer service.
• Your information may be processed by a third party in order to maintain the functionality of our Site and database.
• In the event that you add items to your basket but do not complete a transaction, we will use our partner Bloomreach B.V.’s technology to automatically send you an e-mail to remind you that there are items in your basket.
• We operate a refer-a-friend programme to enable our customers to recommend us to their friends and family. Our refer-a-friend programme is operated on our behalf by Mention Me Limited as our data processor. You can find more details of the data Mention Me processes for us in their privacy policy which can be viewed here. You can object to us processing your data in connection with our refer-a-friend programme at any time by contacting us.
• Whilst you are a member of our mailing list we may share your information with trusted non-core service providers, such as marketing partners we have carefully selected to deliver incentives to participate in offers, polls, surveys, analysis or research, all of which assist us in enhancing our services. They are not permitted to use your information after you unsubscribe.

We also use services offered by Google, Facebook, Instagram and other similar social media platforms to better tailor our marketing communications and for targeted advertising. As part of this process, some personal information, such as your e-mail address, is provided to the relevant third party, however for security purposes this data is “hashed” prior to being shared. Hashing is a process of identity masking or “pseudonymisation” which means we do not disclose your e-mail but still enables linking between your social media presence and our Site. Your personal information will be transmitted to countries outside of the EEA, including the United States. If you would like more information about how your personal information may be transmitted, and the safeguards applied, please contact privacy@hobbs.co.uk. You may have the right to object to your personal information being used in this way (see “Rights you may have” below).

We receive insights from Facebook about the effectiveness of our advertising campaigns which you experience on our Site and social channels. This helps to better target our advertising.

If you make an international online order, Globale UK Limited will fulfil this and complete the delivery. Global-e UK Limited will collect your data from you directly, and your data will then be processed by Global-e UK Limited.

We also work with partners such as Experian, who process your personal data on our behalf to help us better understand our customers. This allows us to make our marketing more relevant, plan smarter for the future, and create shopping experiences that feel more tailored to you.

We may also share your information with other companies in our corporate group, including our parent company, subsidiary companies and affiliated entities.

The delivery of products to you may require us to transfer your data outside of the European Economic Area. In such cases we will protect your personal data and ensure that the transfer complies with data protection law, usually by using clauses approved by the European Commission and the relevant UK authorities, i.e. standard contractual clauses.

We retain the information you provide for the following periods:

• for as long as you are subscribed to receive marketing information and, afterwards, indefinitely in our suppression lists to ensure that you do not receive such information;
• for as long as your account is being used and for a period of three years after the date you cease to use your account, after which period we will anonymise the personal information on file by deleting the personal information and allocating a personally unidentifiable unique reference ID and store the remaining information for a period of five years (“Data Retention Period”). After this time it will be permanently deleted from all systems and back-ups. If you wish to set up an account after this period this will be treated as a new account and your transaction history will not be available; and
• in the case of any contact you may have with our Customer Care team, for as long as is necessary to provide support-related reports and trend analysis.

Our Data Retention Period has been determined to cover contractual and legal requirements, credit risk, fraud detection and customer service periods, as well as to cover regulatory requirements, and the resolution of disputes or fraud prevention.

Your information may be processed by our staff or by the staff of our suppliers to the extent necessary to fulfil your order. By submitting your personal information to us, you agree to the transfer of your personal information, its storage and processing.

We will keep the data which we collect from you on a secure server. Any information you give us relating to credit card details is handled by a PCI DSS compliant third party and encrypted using secure server technology. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access and require our suppliers to do the same.

Where we have given you a password (or where you have chosen one) to access certain parts of this Site, you are responsible for keeping this password confidential. We ask that you do not share a password with anyone.

We do not seek to collect sensitive personal information (i.e. information relating to race or ethnic origin, political opinions, religious or other beliefs, trade union membership, physical or mental health, sexual orientation or criminal records). We ask that you do not provide such information to us.

You may have certain rights in relation to personal information that we hold about you. These include the right to request access to your personal information, to request that it is erased, that its processing is restricted, or that any inaccurate personal information is rectified. You may also have the right to object to the processing of your personal information, or in some circumstances to obtain a copy of the personal information in a machine readable format and will always have a right at any time to withdraw any consent you have given to us.

In particular, you have the right to object or withdraw your consent (as applicable) to any use we make of your personal information for direct marketing purposes. You have the option to unsubscribe from our e-mails through a link at the bottom of every e-mail we send to you. You have the option to unsubscribe from our text or WhatsApp messages by following the instructions in the text or WhatsApp message or contacting the Customer Services team.

If you want to change the details that you have registered with us, or would like to amend your marketing preferences or unsubscribe altogether, this can be changed in the “My Account” section of our Site or by contacting our Customer Services team.

You also have the right to complain about the use of your personal information to the Information Commissioner’s Office.

Please contact our privacy officer at privacy@hobbs.co.uk if you would like to make a request.