What is your Privacy Policy?

Privacy Policy

GDPR

Hannants will comply with the GDPR when it becomes enforceable on May 25, 2018.
Data Protection Officer: [email protected]


Your Data

We retain and process your personally data in order to provide you with an online ordering service.
The personally identifiable data we hold on our system; Name, Billing Address, Delivery Address, Telephone Number, Email Address, Last IP Address.
All data relating to card payments is processed by our payment provider Opayo (formerly Sage Pay) and Paypal.
No third-party all be given access to your personal data. Your email address and mobile phone number may be given to DPD, Royal Mail or Parcelforce for delivery tracking alerts.


Data Retention

We are required under UK Tax Law to retain a record of all sales for a minimum of 6 years.
To remove your personal data please login here and click "Clear Details”. Alternately please request data removal by email our Data Protection Officer (DPO). Email: [email protected]


Data Security

All your personal data is protected using an industry standard Advanced Encryption Standard (AES-256) encryption algorithm to encrypt data in transfer and at rest.
Our servers are protected by fully managed Amazon Web Services firewalls.
Only key technical staff have direct access to our servers.
Back office systems have user based access control and a full audit history.
All employees and contractors are required to sign a confidentiality or non-disclosure agreements.
Server software is updated daily to ensure we have all the security latest patches.
Cyber insurance policy in place.
Servers are regularly tested using a industry standard PCI security scan.


Data Location

Our servers are hosted by Amazon Web Services in their EU Ireland datacenter.
Security documentation: https://aws.amazon.com/security/
Compliance documentation: https://aws.amazon.com/compliance/


Mailling List

Our weekly newsletter uses a double opt-in practice. You can unsubscribe here: https://www.hannants.co.uk/mailinglist/


Your Rights

If at any point you believe the information we process on you is incorrect you request to see this information and even have it corrected or deleted. If you wish to raise a complaint on how we have handled your personal data, you can contact our DPO who will investigate the matter.

If you are not satisfied with our response or believe we are processing your personal data not in accordance with the law you can complain to the Information Commissioner’s Office (ICO).

Back to help

These questions may also be helpful