Who We Are and What This Policy Covers
Cheeky-Hats.com (Cheeky Hats) is a website providing bespoke millinery products, including ready-to-buy hats and commissioned pieces.
- Purchase a product from us.
- Contact us for a bespoke order or general enquiry.
- Sign up to our newsletter.
- Use our services through Automattic or its related sites and services.
Below we explain how we collect, use, and share information about you, along with the choices that you have with respect to that information.
Information We Collect
We only collect information about you if we have a reason to do so — for example, to ship our products to you, to communicate with you, or to make our services better.
To fulfil your order, we need certain information, such as your name, email address, postal address, payment information, and the details of the product that you’re ordering. You may also choose to provide us with additional personal information (for a custom order, for example), if you contact us directly.
How and Why We Use Information
We use information about you for the purposes listed below:
- To provide our services. For example, processing your payment or shipping your order, to settle disputes, or to provide customer support;
- To communicate with you. For example, by emailing you to ask for your feedback, share tips for getting the most out of our products, or keep you up to date on our latest products; If you don’t want to hear from us, you can opt out of marketing communications at any time. (If you opt out, we’ll still send you important updates relating to your account).
- To protect our Services, our users, and the public. For example, by detecting security incidents; detecting and protecting against malicious, deceptive, fraudulent, or illegal activity; complying with our legal obligations; and protecting the rights and property of Cheeky Hats and others, which may result in us, for example, declining a transaction or terminating Services.
- To ensure quality and improve our Services. For example, by monitoring and analyzing how users interact with our Services so we can create new products that we think our customers will enjoy.
Legal Bases for Collecting and Using Information
A note here for those in the European Union about our legal grounds for processing information about you under EU data protection laws, which is that our use of your information is based on the grounds that:
(1) The use is necessary in order to fulfill our commitments to you under the applicable terms of service or other agreements with you or is necessary to administer your account; or
(2) The use is necessary for compliance with a legal obligation; or
(3) The use is necessary in order to protect your vital interests or those of another person; or
(4) We have a legitimate interest in using your information — for example, to provide and update our Services; to improve our Services so that we can offer you an even better user experience; to safeguard our Services; to communicate with you; to measure, gauge, and improve the effectiveness of our advertising; and to understand our user retention and attrition; to monitor and prevent any problems with our Services; and to personalize your experience; or
(5) You have given us your consent — for example before you sign up to our newsletter.
How We Share Information
We share information about you in limited circumstances, and with appropriate safeguards on your privacy. These are spelled out as follows:
- Third-party vendors: We may share information about you with third-party vendors who need the information in order to provide their services to us, or to provide their services to you or your site. This includes vendors that help us provide our Services to you (like Stripe, which powers WooCommerce Payments, payment providers that process your credit and debit card information, payment providers you use for your own ecommerce operations, fraud prevention services that allow us to analyze fraudulent payment transactions, cloud storage services, postal and email delivery services that help us stay in touch with you, customer chat and email support services that help us communicate with you; those that assist us with our marketing efforts (e.g., by providing tools for identifying a specific marketing target group or improving our marketing campaigns, and by placing ads to market our services); those that help us understand and enhance our Services (like analytics providers); those that make tools to help us run our operations (like programs that help us with task management, scheduling, word processing, email and other communications, and collaboration among our teams); other third-party tools that help us manage operations; and companies that make products available on our websites (like the extensions on WooCommerce.com), who may need information about you in order to, for example, provide technical or other support services to you. We require vendors to agree to privacy commitments in order to share information with them.
- Legal and regulatory requirements: We may disclose information about you in response to a subpoena, court order, or other governmental request.
- To protect rights, property, and others: We may disclose information about you when we believe in good faith that disclosure is reasonably necessary to protect the property or rights of Cheeky Hats, third parties, or the public at large. For example, if we have a good faith belief that there is an imminent danger of death or serious physical injury, we may disclose information related to the emergency without delay.
- With your consent: We may share and disclose information with your consent or at your direction. For example, we may share your information with third parties when you authorize us to do so
We have a policy that we do not sell our users’ data. We aren’t a data broker, we don’t sell your personal information to data brokers, and we don’t sell your information to other companies that want to spam you with marketing emails.
We generally discard information about you when it’s no longer needed for the purposes for which we collect and use it — described in the section above on How and Why We Use Information — and we’re not legally required to keep it.
Transfers of Personal Information Outside the EU
We may store and process your information through third-party hosting services in the US and other jurisdictions. As a result, we may transfer your personal information to a jurisdiction with different data protection and government surveillance laws than your jurisdiction.
European General Data Protection Regulation (GDPR)
If you are located in a country that falls under the scope of the GDPR, data protection laws give you certain rights with respect to your personal data, subject to any exemptions provided by the law, including the rights to:
- Request access to your personal data;
- Request correction or deletion of your personal data;
- Object to our use and processing of your personal data;
- Request that we limit our use and processing of your personal data; and
- Request portability of your personal data.
- You also have the right to make a complaint to a government supervisory authority.
How to Contact Us