Last updated: 16 October 2025
1) Who we are (the “controller”)
Hickies Limited (Company No. 01897404)
153 Friar Street, Reading, Berkshire, RG1 1HE, United Kingdom
Email: admin@hickies.co.uk • Phone: 0118 957 5771
This policy explains how we use your personal data when you shop with us in-store or online at www.hickies.co.uk.
2) What this policy covers
How we collect, use, share and protect your data; your rights; who to contact. It applies to our website, in-store purchases, customer service, finance applications we broker, and marketing.
3) Data we collect
- Identity & contact: name, email, phone, billing/delivery addresses.
- Account & order: login details, order history, returns, support messages.
- Payment: payment method, amount, status, fraud-prevention signals. We do not store full card numbers or CVV. Card details are handled by Dojo via its secure gateway.
- Finance (if you apply): information needed by Novuna Consumer Finance to assess creditworthiness (e.g., DOB, address history, employment/income), as prompted during the application.
- Device & usage: IP address, device/browser info, pages viewed, interactions (see our Cookie Policy).
- Preferences: cookie/consent choices and marketing preferences.
4) Where we get your data
- Directly from you at checkout, account sign-up, contact forms or in-store.
- Automatically via cookies/SDKs that you consent to (analytics/ads).
- From finance/anti-fraud partners when you apply for credit (e.g., Novuna’s credit-reference & fraud-prevention checks).
5) Why we use it & lawful bases
We only use your data when we have a legal reason to. Here’s a summary:
Purpose | Examples | Lawful basis |
---|---|---|
Sell & deliver your order | Processing orders, receipts, shipping, returns | Contract |
Payment processing & fraud prevention | Route card payments to Dojo (online & in-store), fraud checks | Contract; Legitimate interests (prevent fraud); Legal obligation (accounting/AML) |
Retail finance broking | Pass your application to Novuna; help with queries | Contract; Legal obligation; Legitimate interests (prevent fraud) |
Customer support | Emails, phone, contact forms, repairs/warranty | Legitimate interests |
Account management & security | Login, preferences, access controls | Contract; Legitimate interests |
Direct marketing | News, offers by email/SMS | Consent (new prospects) or Legitimate interests (soft opt-in for existing customers about similar products) with a simple opt-out at any time |
Analytics & ads measurement | GA4/Jetpack usage stats, ads conversion linker | Consent (non-essential cookies under PECR) |
Security, legal & compliance | Detect abuse, keep services reliable, comply with tax/regulators | Legitimate interests; Legal obligation |
Non-essential cookies (e.g., analytics/advertising) are set only after your consent. Our banner presents “Accept all”, “Reject all” and “Set preferences” with equal prominence, and you can change choices any time via Manage consent.
6) Who we share data with (and why)
- Payments – Dojo (Paymentsense Limited): processes card payments for our online checkout and in-store terminals and acts as an independent data controller for card processing. We do not store full card numbers or CVV. See Dojo’s privacy information.
- Retail finance – Novuna Consumer Finance (a business of Mitsubishi HC Capital UK PLC): controller of finance applications; performs credit-reference and fraud-prevention checks (e.g., with UK CRAs and CIFAS/National Hunter). See Novuna’s privacy notice.
- Hosting & infrastructure – Amazon Web Services (AWS Lightsail): we self-host WooCommerce/WordPress on a VPS provided by AWS.
- Analytics/measurement (only with consent): Google Analytics (GA4), Automattic/Jetpack, Sourcebuster, Google Ads Conversion Linker (see Cookie Policy for details and controls).
- Operational partners: delivery/courier services, email/SMS and IT/security support as needed to run our business. We share only what’s necessary.
7) International transfers
Some partners (e.g., AWS or analytics vendors) may process data outside the UK/EEA. Where this happens, we use appropriate safeguards such as the UK International Data Transfer Addendum and/or Standard Contractual Clauses, or rely on another lawful transfer mechanism.
8) How long we keep data
- Orders, invoices & payment records: 6 years (tax, accounting & limitation).
- Accounts & support history: while your account is active and up to 12 months after inactivity, unless we need to keep it longer for legal reasons.
- Finance applications (our copy): as long as needed to broker your application, handle queries/complaints and meet regulatory obligations; Novuna keeps application/loan data under its own policy.
- Cookie/analytics data: per your consent choices and the lifetimes in our Cookie Policy.
9) Cookies & similar technologies
Our Cookie Policy lists the cookie categories, names (e.g., WooCommerce cart/session, _ga
, _gcl_*
, tk_ai
, sbjs_*
), purposes and typical lifetimes, and gives you control to Accept all, Reject all or Set preferences. You can update choices any time via Manage consent in the footer.
10) Your rights
- Access a copy of your data; correct inaccuracies.
- Delete your data in certain cases; or restrict how we use it.
- Portability of data you provided to us, where technically feasible.
- Object to processing based on legitimate interests, including objecting to direct marketing at any time.
- Withdraw consent at any time (this won’t affect past processing).
To exercise your rights, contact admin@hickies.co.uk. You also have the right to complain to the UK Information Commissioner’s Office (ICO): ico.org.uk / 0303 123 1113.
11) Children
We sell to adults. Our finance options are for 18+. If you believe a child’s data has been provided to us, please contact us so we can delete it.
12) Automated decisions & profiling
If you apply for finance, Novuna may use automated decision-making and profiling as part of credit/risk checks. See Novuna’s privacy notice for details, including your right to request human review.
13) Security
We protect our systems and your data with reasonable technical and organisational measures, including TLS encryption, access controls and secure operation of our self-hosted WooCommerce/WordPress on AWS Lightsail.
14) Changes to this policy
We’ll post updates here and change the “Last updated” date. Significant changes will be highlighted on-site.
15) Contact us
Questions or requests: admin@hickies.co.uk • Hickies Limited, 153 Friar Street, Reading, RG1 1HE, United Kingdom.