Posted on

Privacy Policy

Last updated: 16 October 2025

1) Who we are (the “controller”)

Hickies Limited (Company No. 01897404)

153 Friar Street, Reading, Berkshire, RG1 1HE, United Kingdom

Email: admin@hickies.co.uk • Phone: 0118 957 5771

This policy explains how we use your personal data when you shop with us in-store or online at www.hickies.co.uk.

2) What this policy covers

How we collect, use, share and protect your data; your rights; who to contact. It applies to our website, in-store purchases, customer service, finance applications we broker, and marketing.

3) Data we collect

  • Identity & contact: name, email, phone, billing/delivery addresses.
  • Account & order: login details, order history, returns, support messages.
  • Payment: payment method, amount, status, fraud-prevention signals. We do not store full card numbers or CVV. Card details are handled by Dojo via its secure gateway.
  • Finance (if you apply): information needed by Novuna Consumer Finance to assess creditworthiness (e.g., DOB, address history, employment/income), as prompted during the application.
  • Device & usage: IP address, device/browser info, pages viewed, interactions (see our Cookie Policy).
  • Preferences: cookie/consent choices and marketing preferences.

4) Where we get your data

  • Directly from you at checkout, account sign-up, contact forms or in-store.
  • Automatically via cookies/SDKs that you consent to (analytics/ads).
  • From finance/anti-fraud partners when you apply for credit (e.g., Novuna’s credit-reference & fraud-prevention checks).

5) Why we use it & lawful bases

We only use your data when we have a legal reason to. Here’s a summary:

PurposeExamplesLawful basis
Sell & deliver your orderProcessing orders, receipts, shipping, returnsContract
Payment processing & fraud preventionRoute card payments to Dojo (online & in-store), fraud checksContract; Legitimate interests (prevent fraud); Legal obligation (accounting/AML)
Retail finance brokingPass your application to Novuna; help with queriesContract; Legal obligation; Legitimate interests (prevent fraud)
Customer supportEmails, phone, contact forms, repairs/warrantyLegitimate interests
Account management & securityLogin, preferences, access controlsContract; Legitimate interests
Direct marketingNews, offers by email/SMSConsent (new prospects) or Legitimate interests (soft opt-in for existing customers about similar products) with a simple opt-out at any time
Analytics & ads measurementGA4/Jetpack usage stats, ads conversion linkerConsent (non-essential cookies under PECR)
Security, legal & complianceDetect abuse, keep services reliable, comply with tax/regulatorsLegitimate interests; Legal obligation

Non-essential cookies (e.g., analytics/advertising) are set only after your consent. Our banner presents “Accept all”, “Reject all” and “Set preferences” with equal prominence, and you can change choices any time via Manage consent.

6) Who we share data with (and why)

  • Payments – Dojo (Paymentsense Limited): processes card payments for our online checkout and in-store terminals and acts as an independent data controller for card processing. We do not store full card numbers or CVV. See Dojo’s privacy information.
  • Retail finance – Novuna Consumer Finance (a business of Mitsubishi HC Capital UK PLC): controller of finance applications; performs credit-reference and fraud-prevention checks (e.g., with UK CRAs and CIFAS/National Hunter). See Novuna’s privacy notice.
  • Hosting & infrastructure – Amazon Web Services (AWS Lightsail): we self-host WooCommerce/WordPress on a VPS provided by AWS.
  • Analytics/measurement (only with consent): Google Analytics (GA4), Automattic/Jetpack, Sourcebuster, Google Ads Conversion Linker (see Cookie Policy for details and controls).
  • Operational partners: delivery/courier services, email/SMS and IT/security support as needed to run our business. We share only what’s necessary.

7) International transfers

Some partners (e.g., AWS or analytics vendors) may process data outside the UK/EEA. Where this happens, we use appropriate safeguards such as the UK International Data Transfer Addendum and/or Standard Contractual Clauses, or rely on another lawful transfer mechanism.

8) How long we keep data

  • Orders, invoices & payment records: 6 years (tax, accounting & limitation).
  • Accounts & support history: while your account is active and up to 12 months after inactivity, unless we need to keep it longer for legal reasons.
  • Finance applications (our copy): as long as needed to broker your application, handle queries/complaints and meet regulatory obligations; Novuna keeps application/loan data under its own policy.
  • Cookie/analytics data: per your consent choices and the lifetimes in our Cookie Policy.

9) Cookies & similar technologies

Our Cookie Policy lists the cookie categories, names (e.g., WooCommerce cart/session, _ga, _gcl_*, tk_ai, sbjs_*), purposes and typical lifetimes, and gives you control to Accept all, Reject all or Set preferences. You can update choices any time via Manage consent in the footer.

10) Your rights

  • Access a copy of your data; correct inaccuracies.
  • Delete your data in certain cases; or restrict how we use it.
  • Portability of data you provided to us, where technically feasible.
  • Object to processing based on legitimate interests, including objecting to direct marketing at any time.
  • Withdraw consent at any time (this won’t affect past processing).

To exercise your rights, contact admin@hickies.co.uk. You also have the right to complain to the UK Information Commissioner’s Office (ICO): ico.org.uk / 0303 123 1113.

11) Children

We sell to adults. Our finance options are for 18+. If you believe a child’s data has been provided to us, please contact us so we can delete it.

12) Automated decisions & profiling

If you apply for finance, Novuna may use automated decision-making and profiling as part of credit/risk checks. See Novuna’s privacy notice for details, including your right to request human review.

13) Security

We protect our systems and your data with reasonable technical and organisational measures, including TLS encryption, access controls and secure operation of our self-hosted WooCommerce/WordPress on AWS Lightsail.

14) Changes to this policy

We’ll post updates here and change the “Last updated” date. Significant changes will be highlighted on-site.

15) Contact us

Questions or requests: admin@hickies.co.uk • Hickies Limited, 153 Friar Street, Reading, RG1 1HE, United Kingdom.

Posted on

Cookie Policy

Last updated: 16 October 2025

1) Who we are

Hickies Limited (also known as Hickies Music), Registered in England & Wales No. 01897404.

Registered office: 153 Friar Street, Reading, Berkshire, RG1 1HE, United Kingdom.

Email: admin@hickies.co.ukPhone: 0118 957 5771

This Cookie Policy explains how we use cookies and similar technologies on www.hickies.co.uk (the “site”).

2) What are cookies?

Cookies are small files stored on your device to make websites work, remember your choices, keep you signed in, and help us understand how the site is used. Some are essential (e.g., keeping your cart), others are optional (e.g., analytics or advertising).

When you first visit, we show a banner with a real choice: Accept all, Reject all, or Set preferences. We only set non-essential cookies after you consent. You can change your mind any time:

  • Use the Manage consent link to update settings.
  • You can also use your browser settings (blocking essential cookies may break core site functions like cart and checkout).

Strictly necessary cookies are placed to provide the service you request (e.g., adding to cart, staying logged in) under PECR—no consent required.

Analytics, advertising and other non-essential cookies are used only with your consent. You can withdraw consent at any time via Manage consent; withdrawal applies going forward.

Note: UK law includes limited exceptions for certain low-risk uses. Unless an exception clearly applies to our specific configuration, we will continue to rely on consent for non-essential cookies.

5) Cookies we use

Below is a list of the cookies you may encounter on our site. Exact lifetimes can vary by configuration and browser.

5A. Strictly necessary (always on)

These make the site and checkout work. Without them, you can’t add items to your cart or stay logged in.

NameProviderPurposeTypical lifetime
woocommerce_cart_hash, woocommerce_items_in_cartWooCommerceTrack cart changes/contents so cart & mini-cart work.Session
wp_woocommerce_session_*WooCommerceLinks your browser to your cart session in the database.~2 days
wc_cart_hash_*, wc_fragments_*, wc_cart_createdWooCommerceKeep cart fragments/mini-cart and checkout stable.Session
storeApiCartData, storeApiNonceWooCommerceSecure and operate WooCommerce Store API/Blocks (cart/checkout).Session
wordpress_test_cookieWordPressChecks if cookies are enabled.Session
wordpress_logged_in_*WordPressKeeps you logged in.Session (up to ~2 weeks if “remember me”)
wp_langWordPressStores interface language (login/translation support).Session
wpEmojiSettingsSupportsWordPressChecks browser support for emoji/rendering.Session
wp-settings-1, wp-settings-time-1, WP_DATA_USER_1WordPressRemember dashboard/editor preferences for logged-in users.Up to ~1 year (varies)
cmplz_functional, cmplz_statistics, cmplz_preferences, cmplz_marketingComplianz (CMP)Save your consent choices per category so we honour them on future visits.~1 year

5B. Preferences / functionality

Improve your experience (e.g., remembering a tool choice). These are used when you engage that feature.

NameProviderPurposeTypical lifetime
pbf-deposit-last-used, pbf-service-used-from-widgetFinance/deposit widgetRemembers the last finance/deposit option you chose to streamline checkout.Varies (plugin-defined)

5C. Analytics / statistics (only with your consent)

NameProviderPurposeTypical lifetime
_ga, _ga_<container-id> (e.g., _ga_RM3G736SJG, _ga_WMZ0WZ5WLS)Google Analytics 4Distinguish users/sessions to understand site usage & performance.≈ 2 years
tk_ai, tk_qsAutomattic / JetpackAnonymous ID and feature usage for analytics (some features set these on the front-end).Session (typical)
sbjs_current, sbjs_current_add, sbjs_first, sbjs_first_add, sbjs_session, sbjs_udata, sbjs_migrationsSourcebuster JSTrack how you arrived (source/medium/campaign) for analytics attribution.Session to ~6 months

5D. Advertising & measurement (only with your consent)

NameProviderPurposeTypical lifetime
_gcl_au, _gcl_lsGoogle Ads / Conversion LinkerStore ad-click info so conversions can be attributed.Typically up to ~90 days

5E. Admin-side cookies

These may appear for store staff when using the WordPress/WooCommerce dashboard.

NameProviderPurposeTypical lifetime
customer-effort-score-exit-pageWooCommerce (admin)Triggers/records WooCommerce admin CES surveys or flows.Varies

6) Change or withdraw your consent

You can update your choices any time via Manage consent. When you withdraw consent, we’ll stop setting the relevant cookies from that point forward. You can also clear existing cookies in your browser.

7) Third parties & international transfers

Some providers (e.g., Google) may process data outside the UK/EEA. Where they do, they rely on appropriate safeguards (e.g., standard contractual clauses). See each provider’s privacy information for details.

8) Updates to this policy

We review this policy when our cookie practices change (for example, when we add a new tool). We’ll post any changes here and update the “Last updated” date.

9) Questions?

We’re happy to help. Email admin@hickies.co.uk or write to Hickies Limited, 153 Friar Street, Reading, RG1 1HE, United Kingdom.