Privacy Policy

Who We Are and What This Policy Covers

Cheeky-Hats.com (Cheeky Hats) is a website providing bespoke millinery products, including ready-to-buy hats and commissioned pieces. 

Our website is hosted on WordPress.com, which is part of Automattic. To run the shop, we use a number of plugins such as WooCommerce, Stripe and Paypal.

This Privacy Policy applies to information that we collect about you when you:

  • Purchase a product from us.
  • Contact us for a bespoke order or general enquiry.
  • Sign up to our newsletter.
  • Use our services through Automattic or its related sites and services.

This Privacy Policy does not apply to third parties that we do not own or control, including WordPress or any third party services you access through Automattic. You can reference the Automattic Privacy Policy to learn more about its privacy practices. 

Below we explain how we collect, use, and share information about you, along with the choices that you have with respect to that information.

Information We Collect

We only collect information about you if we have a reason to do so — for example, to ship our products to you, to communicate with you, or to make our services better.

To fulfil your order, we need certain information, such as your name, email address, postal address, payment information, and the details of the product that you’re ordering. You may also choose to provide us with additional personal information (for a custom order, for example), if you contact us directly.

How and Why We Use Information

We use information about you for the purposes listed below:

  • To provide our services. For example, processing your payment or shipping your order, to settle disputes, or to provide customer support;
  • To communicate with you. For example, by emailing you to ask for your feedback, share tips for getting the most out of our products, or keep you up to date on our latest products; If you don’t want to hear from us, you can opt out of marketing communications at any time. (If you opt out, we’ll still send you important updates relating to your account).
  • To protect our Services, our users, and the public. For example, by detecting security incidents; detecting and protecting against malicious, deceptive, fraudulent, or illegal activity; complying with our legal obligations; and protecting the rights and property of Cheeky Hats and others, which may result in us, for example, declining a transaction or terminating Services.
  • To ensure quality and improve our Services. For example, by monitoring and analyzing how users interact with our Services so we can create new products that we think our customers will enjoy.

Legal Bases for Collecting and Using Information

A note here for those in the European Union about our legal grounds for processing information about you under EU data protection laws, which is that our use of your information is based on the grounds that:

(1) The use is necessary in order to fulfill our commitments to you under the applicable terms of service or other agreements with you or is necessary to administer your account; or

(2) The use is necessary for compliance with a legal obligation; or

(3) The use is necessary in order to protect your vital interests or those of another person; or

(4) We have a legitimate interest in using your information — for example, to provide and update our Services; to improve our Services so that we can offer you an even better user experience; to safeguard our Services; to communicate with you; to measure, gauge, and improve the effectiveness of our advertising; and to understand our user retention and attrition; to monitor and prevent any problems with our Services; and to personalize your experience; or

(5) You have given us your consent — for example before you sign up to our newsletter.

Sharing Information

How We Share Information

We share information about you in limited circumstances, and with appropriate safeguards on your privacy. These are spelled out as follows: 

  • Subsidiaries and independent contractors: We may disclose information about you to our subsidiaries and independent contractors who need the information to help us provide our Services or process the information on our behalf. We require our subsidiaries and independent contractors to follow this Privacy Policy for any personal information that we share with them.
  • Third-party vendors: We may share information about you with third-party vendors who need the information in order to provide their services to us, or to provide their services to you or your site. This includes vendors that help us provide our Services to you (like Stripe, which powers WooCommerce Payments, payment providers that process your credit and debit card information, payment providers you use for your own ecommerce operations, fraud prevention services that allow us to analyze fraudulent payment transactions, cloud storage services, postal and email delivery services that help us stay in touch with you, customer chat and email support services that help us communicate with you; those that assist us with our marketing efforts (e.g., by providing tools for identifying a specific marketing target group or improving our marketing campaigns, and by placing ads to market our services); those that help us understand and enhance our Services (like analytics providers); those that make tools to help us run our operations (like programs that help us with task management, scheduling, word processing, email and other communications, and collaboration among our teams); other third-party tools that help us manage operations; and companies that make products available on our websites (like the extensions on WooCommerce.com), who may need information about you in order to, for example, provide technical or other support services to you. We require vendors to agree to privacy commitments in order to share information with them. 
  • Business transfers: In connection with any merger, sale of company assets, or acquisition of all or a portion of our business by another company, or in the unlikely event that Cheeky Hats goes out of business or enters bankruptcy, user information would likely be one of the assets that is transferred or acquired by a third party. If any of these events were to happen, this Privacy Policy would continue to apply to your information and the party receiving your information may continue to use your information, but only consistent with this Privacy Policy.
  • Legal and regulatory requirements: We may disclose information about you in response to a subpoena, court order, or other governmental request. 
  • To protect rights, property, and others: We may disclose information about you when we believe in good faith that disclosure is reasonably necessary to protect the property or rights of Cheeky Hats, third parties, or the public at large. For example, if we have a good faith belief that there is an imminent danger of death or serious physical injury, we may disclose information related to the emergency without delay.
  • With your consent: We may share and disclose information with your consent or at your direction. For example, we may share your information with third parties when you authorize us to do so

We have a policy that we do not sell our users’ data. We aren’t a data broker, we don’t sell your personal information to data brokers, and we don’t sell your information to other companies that want to spam you with marketing emails.

Data Retention

We generally discard information about you when it’s no longer needed for the purposes for which we collect and use it — described in the section above on How and Why We Use Information — and we’re not legally required to keep it.

We retain your personal information only for as long as necessary to provide you with our services and as described in this Privacy Policy. However, we may also be required to retain this information to comply with our legal and regulatory obligations, to resolve disputes, and to enforce our agreements. We generally keep your data for the following time period: 4 years.

Transfers of Personal Information Outside the EU

We may store and process your information through third-party hosting services in the US and other jurisdictions. As a result, we may transfer your personal information to a jurisdiction with different data protection and government surveillance laws than your jurisdiction. 

Your Rights

European General Data Protection Regulation (GDPR)

If you are located in a country that falls under the scope of the GDPR, data protection laws give you certain rights with respect to your personal data, subject to any exemptions provided by the law, including the rights to:

  • Request access to your personal data;
  • Request correction or deletion of your personal data;
  • Object to our use and processing of your personal data;
  • Request that we limit our use and processing of your personal data; and
  • Request portability of your personal data.
  • You also have the right to make a complaint to a government supervisory authority.

How to Contact Us

If you have a question about this Privacy Policy, or you would like to contact us about any of the rights mentioned in the Your Rights section above, please contact us through our web form or via email at hello@cheeky-hats.com