Data we collect and how we collect it
At Hectic we collect data directly from individuals and we never purchase or acquire data outside of the public domain. We collect, process and store data of employees, prospective employees, supported brands, prospective supported brands, brand consumers, wholesale clients and 3rd party suppliers.
We never collect sensitive or special category data other than to satisfy additional laws outside of data protection such as employment law or when you give it to us directly.
Here is a useful table:
|Data||Supported Brand||Prospective Supported Brand||Brand Consumers||Wholesale Clients||3rd Party Suppliers|
*when visiting Hectic.com or our supported brand websites
Data we collect for employment purposes can be found within our employee contracts and full data protection policy.
Supported brand = a brand that Hectic works with directly to support eCommerce sales
Prospective supported brand = a brand that could benefit from Hectic’s services but does not currently have a contract with Hectic
Brand consumers = individuals who visit a brand website, purchase goods online and sign up for emails
Wholesale client = a client who purchases wholesale stock from one of Hectic’s supported brands
3rd Parties = suppliers of goods or services to Hectic
Employee = someone who works for Hectic
Prospective employee = someone who has applied for or has been approached directly by Hectic for a vacant job role
Your Privacy Choices and Rights
You can choose not to provide us with personal data. If you choose to do this, you can continue to use the Hectic/supported brand website(s) and browse its pages, but we will not be able to process transactions or continue a relationship without personal data.
You can opt-out from marketing by clicking the unsubscribe option in any of our marketing communications.
You can exercise your rights by sending us an email at email@example.com
You have the right to access the information we hold about you. This includes the right to ask us for supplementary information about:
- the categories of data we’re processing
- the purposes of data processing
- the categories of third parties to whom the data may be disclosed
- how long the data will be stored (or the criteria used to determine that period)
- your other rights regarding our use of your data
We will provide you with the information within one month of your request unless doing so would adversely affect the rights and freedoms of others (e.g. another person’s confidentiality or intellectual property rights). We’ll tell you if we can’t meet your request for that reason.
You have the right to make us correct any inaccurate personal data about you.
You can object to us using your data for profiling you or making automated decisions about you
We may use your data to determine whether we should let you know information that might be relevant to you (for example, tailoring emails or social media advertising to you based on your behaviour).
You have the right to port your data to another service. We will give you a copy of your data in CSV format so that you can provide it to another service.
If you ask us and it is technically possible, we will directly transfer the data to the other service for you. We will not do so to the extent that this involves disclosing data about any other individual.
You have the right to be ‘forgotten’ by us. You can do this by asking us to erase any personal data we hold about you if it is no longer necessary for us to hold the data for purposes of your use of Hectic, a supported brand or any other law.
You have the right to lodge a complaint regarding our use of your data, please tell us first, so we have a chance to address your concerns. If we fail in this, you can address any complaint to the UK Information Commissioner’s Office, either by calling their helpline or as directed on their website at www.ico.org.uk.
These rights apply to all of the data categories listed in the ‘Data we collect and how we collect it’ section
We do everything we can to ensure the security of your data and in today’s data-driven and connected world the security of your data is more important than ever. We recognise this and have implemented the following security controls:
All passwords to platforms or systems containing personal data are generated via a password vault. Access to the vault is only permitted via multi-factor authentication.
Access to any platform or system containing consumer data is only granted to those who absolutely require it, even our Privacy and Compliance Manager doesn’t have access.
We deploy mobile device management to every single device that accesses any Hectic system and we can remotely wipe that device at any time. All devices are regularly scanned for viruses and malware and patches are remotely deployed to applications regularly.
All staff are bound by confidentiality and will never disclose or share your data unless authorised to do so.
Hectic’s data protection role
Hectic is not currently a subprocessor of any 3rd party data and we process all data as either a controller, joint controller or processor.
Where is your data stored?
Like most companies, Hectic utilises 3rd parties to provide services to our brands and their consumers and to store data. A list of the 3rd parties who process personal data is listed below.
These 3rd parties will be based in the UK, EEA and in some cases outside of the both the UK and EEA.
Hectic conducts thorough reviews of all of its 3rd parties, including data protection agreements, where possible to ensure that every possible safeguard is in place and that the data is secure. Should there be a possibility that data could be exposed to a high level of risk a Data Protection Impact Assessment will be completed and will be available upon request.
Hectic works with a number of 3rd parties to offer eCommerce solutions to our brands, most of which do not process brand consumer data in any way, below is a list of those who have access to or process the data of our brands consumers and a brief description of what they do.
|3rd Party||Brief Description|
|Amazon/AWS||Amazon market place and AWS data storage solutions|
|Brandscope||Online wholesale platform|
|Brightpearl||Digital operations platform that integrates with Shopify|
|Facebook Group||Advertising of brand products via lookalike audiences, cookies/pixels and custom audiences|
|Analytics via cookie/pixel information|
|Hectic Numbers||Hectic’s sister company who provide trade reporting between Hectic and our brands|
|Klaviyo||Marketing via brand website sign up|
|Power BI (Microsoft)||Business Intelligence platform to analyse trading and product trends|
|RIF||Warehouse, stock and delivery fulfilment|
|Shiptheory||Shipping integration and label printing|
|Shopify||The platform that our brand websites are built upon|
|vvast||Hectic’s brand partner who manages and co-manages relationships alongside Hectic|
How long is your data stored?
Once per year, we perform a full cleanse of data to ensure that we are only processing the data of those individuals who have an ongoing and active relationship with Hectic and/or our brands.
As part of our Record of Processing Activities we have defined the length of time we store all of our data, should your data be due for deletion it will be erased during the yearly data cleanse.
To understand data retention in relation to your data please feel free to contact us at firstname.lastname@example.org
|_ga||This cookie is installed by Google Analytics. The cookie is used to calculate visitor, session, campaign data and keep track of site usage for the site’s analytics report. The cookies store information anonymously and assign a randomly generated number to identify unique visitors.||2 years||Analytics|
|_gid||This cookie is installed by Google Analytics. The cookie is used to store information of how visitors use a website and helps in creating an analytics report of how the website is doing. The data collected including the number visitors, the source where they have come from, and the pages visited in an anonymous form.||1 day||Analytics|
|_gat||This cookie is installed by Google Universal Analytics to throttle the request rate to limit the collection of data on high traffic sites.||1 minute||Performance|
You can update your cookie preferences via our cookie banner.
Should a breach of your data occur that is likely to result in the harm to the rights and freedoms on an individual or group of individuals Hectic will notify those involved within 72 hours along with the ICO, where applicable.
Hectic has not appointed a statutory Data Protection Officer as we are not required to by law, however, we have appointed a full-time Privacy and Compliance Manager to ensure the continued security of our data.
Hectic maintains and updates a Record of Processing Activities (ROPA) in which we list the lawful basis for processing all of our data. Wherever Legitimate Interests is relied upon Hectic has conducted an impact assessment available upon demand to those whose data is included.
From January 1st 2021 the UK will no longer be part of the European Economic Area (EEA). As Hectic maintains an office in the EEA we are not required to appoint a European representative to comply with Article 27 of the GDPR.
This notice is reviewed regularly to ensure it is up to date and contains the latest information required by privacy and security standards and to ensure we inform you of everything we do with your data.
This notice was last reviewed on the 19th December 2022. The next review will take place in 2024.
Bye for now
Still with us? Wow! Well done for reading this notice all the way through. We totally get that privacy and security can be confusing and often notices like this are full of jargon that is hard to understand.
If you would like to speak to a human in regard to your data please feel free to email us at email@example.com and we will be happy to talk further.