Privacy Policy
GDPR
- Hannants will comply with the GDPR when it becomes enforceable on May 25, 2018.
- Data Protection Officer: [email protected]
Your Data
- We retain and process your personally data in order to provide you with an online ordering service.
- The personally identifiable data we hold on our system; Name, Billing Address, Delivery Address, Telephone Number, Email Address, Last IP Address.
- All data relating to card payments is processed by our payment provider Sagepay UK and Paypal.
- No third-party all be given access to your personal data. Your email address and mobile phone number may be given to DPD, Royal Mail or Parcelforce for delivery tracking alerts.
Data Retention
- We are required under UK Tax Law to retain a record of all sales for a minimum of 6 years.
- To remove your personal data please login here and click "Clear Details”. Alternately please request data removal by email our Data Protection Officer (DPO). Email: [email protected]
Data Security
- All your personal data is protected using an industry standard Advanced Encryption Standard (AES-256) encryption algorithm to encrypt data in transfer and at rest.
- Our servers are protected by fully managed Amazon Web Services firewalls.
- Only key technical staff have direct access to our servers.
- Backoffice systems have user based access control and a full audit history.
- All employees and contractors are required to sign a confidentiality or non-disclosure agreements.
- Server software is updated daily to ensure we have all the security latest patches.
- Cyber insurance policy in place.
- Servers are regularly tested using a industry standard PCI security scan.
Data Location
Mailling List
Your Rights
If at any point you believe the information we process on you is incorrect you request to see this information and even have it corrected or deleted. If you wish to raise a complaint on how we have handled your personal data, you can contact our DPO who will investigate the matter.
If you are not satisfied with our response or believe we are processing your personal data not in accordance with the law you can complain to the Information Commissioner’s Office (ICO).