Privacy Notice | Effective [30th May 2022]
The Hut.com Limited (trading as THG Ingenuity / Ingenuity) is committed to protecting our customer's privacy. Please take the time to review this notice which explains what information we collect about you, how we use it, and your rights. [The Hut.com] Limited (“[Ingenuity]”, “we” or “us”) is the data controller of the personal data collected via or in connection with thgingenuity.com and any associated App (the “Site”).
What personal data do we collect about you?
We collect personal data from you when you provide it to us directly and through your use of the Site. This information may include:
- Information you provide to us when you use our Site (e.g. your name, contact details, gender, product reviews, company name and industry, and any information which you add to your account profile)
- Transaction and billing information, if you make any purchases from us or using our Site (e.g. credit/debit card details and delivery information)
- Records of your interactions with us (e.g. if you contact our customer service team, interact with us on social media)
- Information you provide to us when you enter a competition or participate in a survey
What do we use this personal data for?
Depending on how you use our Site, your interactions with us, and the permissions you give us, the purposes for which we use your personal data include:
- To fulfil your order and maintain your online account
- To manage and respond to any queries or complaints to our customer service team.
- To personalise the Site to you and show you content we think you will be most interested in, based on your account information, your purchase history and your browsing activity.
- To improve and maintain the Site, and monitor its usage.
- For market research, e.g. we may contact you for feedback about our products.
- To send you marketing messages and show you targeted advertising, where we have your consent or are otherwise permitted to do so.
- For security purposes, to investigate fraud and where necessary to protect ourselves and third parties.
- To comply with our legal and regulatory obligations.
We rely on the following legal basis, under data protection law, to process your personal data:
- Because the processing is necessary to perform a contract with you, or take steps prior to entering into a contract with you (e.g. where you have made a purchase with us, we use your personal data to process the payment and fulfil your order).
- Because we have obtained your consent (e.g. where you contact us with a query, where you add optional information to your account profile, or if you consent to receive marketing from us).
- Because it is in our legitimate interests as an e-commerce provider to maintain and promote our services. We are always seeking to understand more about our customers in order to offer the best products and customer experience. We use information about you to tailor your view of the Site, to make it more interesting and relevant in respect of the products and offers on view.
We love to communicate with our customers and so, depending on your marketing preferences, we may use your personal data to send you marketing messages by email, phone or post. Some of these messages may be tailored to you, based on your previous browsing or purchase activity, and other information we hold about you.
If you no longer want to receive marketing communications from us (or would like to opt back in!), you can change your preferences at any time by contacting us by email at [email protected] or by clicking on the ‘unsubscribe’ link in any email. If you unsubscribe from marketing, please note we may still contact you with service messages from time to time (e.g. order and delivery confirmations, and information about your legal rights).
You may also see ads for our Site on third party websites, including on social media. These ads may be tailored to you using cookies (which track your web activity, so enable us to serve ads to customers who have visited our Site). Where you see an ad on social media, this may because we have engaged the social network to show ads to our customers, or users who match the demographic profile of our customers. In some cases, this may involve sharing your email address with the social network. If you no longer want to see tailored ads you can change your cookie and privacy settings on your browser and these third party websites.
Who do we share this personal data with?
We may share your personal data with third parties in the following circumstances:
- With other companies in our group of companies, as required to operate the Site and provide services to you.
- With our suppliers and service providers working for us, e.g. payment processors and delivery companies.
- With our professional and legal advisors.
- With third parties engaged in fraud prevention and detection.
- With law enforcement or other governmental authorities, e.g. to report a fraud or in response to a lawful request.
- Otherwise where we have your consent or are otherwise legally permitted to do so.
Transfers of data to other countries
We use service providers based around the world. Consequently, your personal data may be processed in countries outside of Europe, including in countries where you may have fewer legal rights in respect of your data than you do under local law. If we transfer personal data outside the European Economic Area we will, as required by applicable law, ensure that your privacy rights are adequately protected by appropriate safeguards, which may include the EU’s standard contractual clauses or equivalent. Please contact us if you would like more information about these safeguards.
We will keep your personal data for as long as we need it for the purposes set out above, and so this period will vary depending on your interactions with us. For example, where you have made a purchase with us, we will keep a record of your purchase for the period necessary for invoicing, tax and warranty purposes. We may also keep a record of correspondence with you (for example if you have made a complaint about a product) for as long as is necessary to protect us from a legal claim. Where we no longer have a need to keep your information, we will delete it. Please note that where you unsubscribe from our marketing communications, we will keep a record of your email address to ensure we do not send you marketing emails in future.
We implement appropriate technical and organizational security safeguards to protect your data from loss, misuse, and unauthorized access, disclosure, alteration and destruction. We also maintain ISO 27001 and PCI DSS (Payment Card Industry - Data Security Standard) security certifications. Unfortunately no company we can guarantee absolute security and integrity of the information that has been transmitted to our Site.
Our Site is not intended for, and should not be used by, children under the age of 18. We do not knowingly collect personal data from children under 18.
You have certain rights in respect of your personal data, including the right to access and correct your personal data, and, in specific circumstances, to transfer your personal data to another entity in a commonly-used format.
You have the right to object to your personal data being used for certain purposes, including to send you marketing. See ‘Marketing’ above, for more details of how to opt-out of marketing.
You also have the right to request erasure of your personal data, for example; where our purposes for processing your personal data have come to an end; where you object to our processing of your personal data based on legitimate interests and we have no overriding legitimate grounds to continue to process your personal data; and where our processing was based on your consent which you have withdrawn.
We will comply with any requests to exercise your rights in accordance with applicable law. Please be aware, however, that there are a number of limitations to these rights, and there may be circumstances where we are not able to comply with your request. To make any requests regarding your personal data, or if you have any questions or concerns regarding your personal data, you should contact us using the details below.
If you are not happy with the way we have handled your personal data or related requests, you can make a complaint to us using the contact details below. If you are still not satisfied, you are also entitled to contact your local supervisory authority for data protection. In the UK this is the ICO.
YOUR CALIFORNIA PRIVACY RIGHTS
Consumers residing in California are afforded certain additional rights with respect to their personal data under the California Consumer Privacy Act (“CCPA”). If you are a California resident, this section applies to you.
Your Rights: Subject to certain limitations, you have the right to request: more information about the categories and specific pieces of personal data we have collected and disclosed for a business purpose in the last 12 months; deletion of your personal data; and that we stop selling your personal data. You may make these requests by emailing [email protected]. Once we receive your request, we will verify it by asking you to provide information related to your account or your recent interactions with us, such as information regarding a recent purchase. If you would like to use an authorized agent to exercise your rights, we may request evidence that you have provided such agent with power of attorney or that the agent otherwise has valid written authority to submit requests on your behalf. We will not discriminate against you if you exercise your rights under the CCPA.