Banner image representing assorted sewing and haberdashery related items. A monthly box of sewing goodies, delivered to your door

Privacy Policy

Summary

  • This website is for SewHayleyJane Ltd (known as SewHayleyJane throughout this document), a sewing subscription box service and sewing related stockist based in Romsey in Hampshire, United Kingdom. You can contact the company for support at hello@sewhayleyjane.com
  • SewHayleyJane processes your data to provide our services to you, or for our legitimate interests.
  • SewHayleyJane will only hold and process your data for as long as is absolutely necessary, either to provide the sewing subscription service to you, or if you signed up to our newsletter, to send you news and information related to our business and industry.
  • SewHayleyJane will never sell your data with anyone outside the company. We will only ever share your information with other companies if they are providing a service to us for your benefit as a customer – for example our online payment providers (Chargebee or Stripe), which allows us to charge you for your subscription costs securely without storing your full card information and to dispatch your goods.
  • We do not advertise to you without your consent and, if you give us your consent, you can withdraw it at any time by either unsubscribing from the service in question or contacting hello@sewhayleyjane.com
  • Your data is held securely on our server based in London, in the United Kingdom.
  • You have the right to complain to the Information Commissioner’s Office if you ever feel your data has been mishandled, but we would appreciate the opportunity to address and rectify any concerns you may have before you complain, by contacting us at hello@sewhayleyjane.com

About Us

SewHayleyJane Ltd (“we”, “us”, “our”) is a limited company registered in England & Wales (registration number 10022538), the registered address is Suite 5, Chatmohr Estate, Crawley Hill, Romsey, SO51 6AP. This privacy policy covers how we will use, collect and process any data provided to us.

How we process your data

Throughout your interactions with us we will collect only the data that we require in order to provide you with the service that you are requesting. The key information that we process is shown below:

IP Address

When you access any of our services we will store a record of your IP address along with details of your request in our logs. This information is stored and used by our team to ensure the integrity of our services. Note that we do not attach IP addresses to particular users in our system, so it is effectively anonymous.

This information is regularly cleared out, usually within one year.

Authorisation & session data

Whenever you login to one of our services we will use at least two cookies that will identify your session to our services. This is necessary to provide our service to you.

Specifically:

  • CSRF-TOKEN: This is used to make sure that when you submit a form, for example when updating your address to receive the boxes, that it really is you making the request.
  • Session Cookie: This allows us to keep you logged in so you don’t need to log back in every time you load a new page.

Occassionally we use external services to provide additional functionality, for example, we used to use Disqus as a comments system, this would have stored a cookie in your browser which enabled you to comment, or sign up to comment on a blog article.

The cookies above will last as long as you are on our website or until your account is deleted.

Information We Store

When you subscribe to the subscription box service, or purchase a one off item, we collect only the information we need to deliver this service to you. Specifically:

  • Your Name (and/or the delivery name to send to)
  • Your Email Address
  • Your/Delivery Address, Postcode, Country
  • Any special offer codes you use.
  • Your card data, to be charged monthly. Note, we only ever see the last 4 digits of your card number, expiry date and the type, e.g Visa.
  • Our third party payment provider Chargebee will store your password, email and delivery/billing information to allow you to manage and have a subscription.

How we use your data

The data provided directly to us is housed on a secure server based in the United Kingdom. We also store some of this data with Stripe & ChargeBee (our PCI-compliant payment processors). We also use this data in our accounting software Xero & Kashflow, in order to keep legally required records of our sales (e.g for providing tax returns). Additionally when creating the address labels we upload them to the Post Office portal via Shipstation, which we can then generate the labels from.

Please note: We do not handle or store your payment information, all card payment data is kept with Stripe & Chargebee (our payment providers), the only thing we ever see related to your card is the last four digits, expiry date and the card brand (e.g Visa). You can find out more about their privacy policies here: Stripe Privacy Policy – Worldwide

We retain the data as long as is necessary to comply with our legal obligations – e.g we must keep our accounting records which contain your name and purchase history for VAT accounting.

However, should you wish for the data to be removed from our website or payment providers (e.g delete your account) you can request this at any time – however this does not mean all of your information is necessarily removed from our accounting records or payment platform due to our legal obligations as a limited company.

E-mail addresses

We will store your e-mail address for the purposes of managing your account with us. This will be used for transactional e-mails that relate directly to your account or services. This information is required in order to ensure you are informed about your account and can take appropriate actions in various situations. Your email address will be kept on our website or third party payment providers systems until such time as your account is deleted at your request. Note that records will still exist in our accounting and payment systems of your email to comply with our legal obligations.

If you have signed up to our newsletter you may receive occassional emails from us, you can click the unsubscribe option at the bottom of those emails at any time.

Email

If we send you transactional e-mails, these will be passed through our external mail provider Google Apps, this is necessary to provide service to you.

The information stored in Google Apps would include the content of the messages sent, the e-mail addresses of the recipients and any other headers. This information is stored in a log that we can access to review the history and check delivery was successful.

If you send us emails, these may be passed through our mail servers. This is necessary to provide our service to you. Our email system is encrypted and secure, so your communications with us are private. We can permanently delete emails sent to us if requested.

Passwords

We never store your passwords on our services in plain text. Passwords are salted and hashed using an industry standard hashing algorithm. As a good security practice, we recommend the following with regards to choosing your password:

  • Use a unique password with our services that is not shared with any others.
  • Choose a long secure password containing either multiple random words, or a good combination of letters, numbers & symbols.
  • Exercise good password hygiene and change your password on a regular basis.

Analytics

We use Google Analytics to help us track the details of visitors browsing our public website. We do not send any personal data to Google’s services through Google Analytics.

Support by e-mail

If you contact us by e-mail or through our website, you will be sharing your contact details (e-mail address and/or phone number) with us for the purposes of responding to your query. This is necessary to provide our service to you.

E-mails directly to/from our employees

If you communicate with our employees directly by e-mail (i.e. not using our normal support channels), we may retain your name & e-mail address in the mailboxes of the employee(s) that you communicate with. This is necessary to provide our service to you.

Third party processors

In some cases, we may use third parties to provide storage or computing services. We maintain a list of third parties that process data on our behalf.

  • Professional Services: We may share your details with processional service companies such as accountants or accounting software.
  • Payment service providers: We may share your details with company who provide us with payment services for taking payments from credit/debit cards.
  • Technical service providers: We may share your details with providers we use to provide computing services.
  • Email Marketing: We may share your details with e-mail marketing software providers to allow us to send e-mails to customers.
  • Communication services: We may share your details with companies who provide us with communication services such as a live chat or e-mail providers.

We will not share your data with third parties for the purposes of any marketing without your consent unless otherwise specified in this privacy notice.

Correcting your personal data:

It is important to us that the information we store is up to date and accurate. You may update your details at any time through our website.

Removal of your data

In some cases, you may be able to request that we remove your personal data from our systems, please feel free to contact us at hello@sewhayleyjane.com to request deletion. We will then delete your information from all systems within 7 days which do not impact our legal obligations. E.g we must retain your information for accounting purposes, but can delete your data from our website and remove your account.

Your rights

You have a lot of rights, including right to request access to and rectification or erasure of your personal data or restriction of processing of it. You also have the right to object to our processing of your data in some situations, as well as the right to data portability.

Notification of data breaches

Upon discovering any data breaches, we will notify any affected individuals as soon as its practical following our data breach notification policy. This policy dictates that in the event of a data breach concerning personal data, the affected parties will be notified by e-mail to the main e-mail address we store with your account.

Electronic storage of data

No method of electronic storage can be 100% secure, however, we have sophisticated and detailed security & development policies that govern our systems & applications to help ensure your data is as secure as it can be.

Use of our services by persons under the age of 16

We do not allow anyone under the age of 16 to signup, use or store any personal data with us on any of our services. If we discover or are notified about the presence of a user under this age, we will remove their data from our systems without notice.

Changes to this document

We may need to make changes to this privacy policy from time to time. All changes will be published to our website and we recommend reviewing it to stay up to date. If we make any changes that we feel may affect your privacy rights, we will notify you by e-mail or by displaying the information within the our website.

Our lawful basis for data processing

Under the General Data Protection Regulation, unless we have otherwise specified above, we will be processing your data as a legitimate interest. These interests include staff training, ensuring the security of our systems and to allow us to operate our business in an efficient manner.

Where our processing is based on consent, you may withdraw consent at any time.

Where our processing is necessary for us to perform our agreement with you, or to take steps to enter into a agreement with you, we will not be able to enter into a agreement with you or deliver our services to you if you do not give us the data in question.

Disclosure of information to law enforcement agencies

We may disclose your information if we are requested to by any law enforcement agency where we believe we are required to comply with the request under any applicable laws.

Data protection authority

You may have the right to lodge a complaint with your local data protection authority or the Information Commissioner’s Office (ICO) in the United Kingdom (our authority).

The ICO can be contacted at: Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF. Other information can be found on their website at ico.gov.uk.

Contact Us

If you have any questions about our privacy policy or any other aspects of our services, you may contact us by e-mail on hello@sewhayleyjane.com

Take me back to the boxes