top of page
AdobeStock_195409018.jpeg

Privacy Policy

With this Privacy Policy Heavensent as data controller, wants to be transparent about processing your personal data. We are committed to protecting privacy and security of our customers and site visitors. We, therefore, have a policy setting out the purpose for which your personal data will be collected, as well as how it will be processed and protected. This Privacy Policy is related to the following websites heavensent.co.uk
 

1. LEGAL BASIS FOR PROCESSING PERSONAL DATA

We shall process your personal data for the following reasons:
- The execution of contracts or precontractual obligation, which you are party to.
- Complying with our legal obligations.
- Marketing and other business legitimate interests.
 

2. LEGITIMATE INTERESTS

Legitimate interests include the following:
- Sending our newsletter to our customers from whom we have obtained the contact details in the course of a sale (or negotiations for a sale) of a product or service.
- Collection of personal data to provide you with best possible customer experience.
- Operational requirements necessary for internal processes.
- Fulfilling your requirements or requests regarding our services and products.
- Fraud prevention.
- Protecting our rights, employees, and property.
 

3. PURPOSES OF PERSONAL DATA PROCESSING

- Online purchases (when you place an order or ask for a refund).
- Direct marketing (when we send our newsletters).
- Administration of user accounts.
- Enforcing our Terms and Conditions.
- Communication through our email, contact forms, social networks, or Customer Care.
- Managing subscriptions 
Your personal data may also be automatically collected during visits to our website, these include information about your devices and browsing. This information is collected using cookies and similar technologies. For more information about cookies and other similar technologies, please read Cookie Policy.
This means that we want to provide you the most optimal and personalized service possible. Of course, we keep your privacy in mind. We will retain your shopping history and use details of the products you have previously purchased to make suggestions to you for other products which we believe you will also be interested in. We will retain and evaluate information on your recent visits to our website and how you move around different sections of our website for analytics purposes to understand how people use our website so that we can make it more intuitive.
 

4. Why we use your personal data

- Processing, analysing and delivering your purchases.
- Taking payments and making refunds.
- Sending you service messages by SMS, email or otherwise.
- Providing customer care services and support, handling returns, warranty claims.
- All forms of fraud detection and prevention.
- Security and Protecting our website/IT systems.
- Showing you our advertisements while you browse the web.
- Providing you with information about our products and services, promotions, discounts and news regarding your preferences and wishes.
- Improving our website.
 

5. MARKETING ACTIVITIES

We process personal data when you subscribe to our newsletter, event, or you purchase our products. For this purpose, we process data, such as, name, surname, country, email address. If you give us your consent for receiving our newsletter, we use Mailchimp services. We process data regarding opening e-mails, bounce rate, clicks, subscription, news segments. We segment buyers according to previously bought products, gender, country.
Based on our legitimate interest (so called, soft opt-in), we send our newsletter to our customers who made a purchase of our product using wix services.
If you contact us through webforms on our website, through an e-mail, phone, or social network profile we will process data from contact form and a message based on our legitimate interest to connect and communicate with potential customers.
In any case you can object to direct marketing activities, and you may unsubscribe from our newsletter by clicking the link in our email or responding to us with your claim. In such case we will stop with marketing activities and store your data in an unsubscribed list for 5 years from the day of unsubscribing, based on our legitimate interest to prove facts on compliance steps we need to take.
We use certain online marketing tools, cookies, and similar technologies, and for this reason we process personal data of our website visitors or people who clicked on our online ads with our business associates. These technologies may provide us with some identifiers, information about devices you utilize to access our website, and other information regarding your interactions with our website. For detailed information about the use of cookies and advertising tools that we use please read our Cookie Policy.
The Facebook pixel is a small piece of JavaScript that an administrator of a Facebook Ads account adds to the website to optimize the ads, report on conversions across devices, and create custom audiences of website visitors for use in Facebook ads. To use this product, the website does not need to collect or send names, email addresses or other contact information to Facebook. All information is aggregated with millions of other signals before being read by our optimization systems. Facebook, as a joint controller, uses information obtained from websites that install Pixels to improve its ads (as noted in the terms and Privacy Policy). This data is aggregated before it's used.
 

6. SECURITY

Based on our legitimate interest to protect our employees, customers, business associates, and our property we process personal data, such as log files, IP address, traffic data, metadata, incident reports, data from data breaches.
In case of personal data breach, we perform risk assessment and based on this assessment we will inform supervisory authority and data subjects.
Since no means of security, transmission or storage is 100% secure, we cannot guarantee absolute security, but we do use applicable technical and organizational security measures. We use access control, encryption and hashing of passwords, including industry standards authentication practices SSL and 2-factor authentication. We protect our IT systems from brute-force attacks by limiting the number of log-in attempts from a single IP address. We track logs and we make regular backups.
 

7. TYPES OF PERSONAL DATA

- Identity and contact information (email address, first name, last name, address, phone number, password).
- Financial and transaction information (cardholder data, details about payments provided by 3rd party payment processors, shipping, and billing address, order ID, payment method, order details, tracking ID, tax ID – if required by law, IP address).
- Profile information (user profile ID, first name, last name, email address, password, gender, time zone, date of birth, orders, reviews).
- Facebook account contact details if you choose this type of log in.
- Shipping information and billing information (country, first name, last name, address, house/apartment No., postal code, city, phone number, tax ID – if required by law, IP address).
- Warranty claims (proof of purchase, invoice number, image, or video of the product, tracking ID number, user address, shipping data).
- Technical information (IP address, your login data, browser info, time zone, language, browser plug-in types and versions, operating system, and other technology on the devices you use to access the LELO website).
- Marketing and communications information (email address, first name, last name, gender, time zone, region, country, purchase date, IP address, order date, product purchased, subscription source, language, order ID, user ID, cookie ID, website visits, subscription date, last change date).
 

8. DATA ABOUT MINORS

We do not knowingly collect or solicit personal data from anyone under the age of 13. Do not use our sites if you are under age of 13. If we learn that we have collected information from a child under the age of 13, we will delete this information as soon as possible.
If you believe that we might have any information from or about a child under 13, please contact us by sending an e-mail to the email address, or contact forms, as communicated to you on our sites.
Minors may not make purchases through our sites unless they have appropriate permission and are under the direct supervision of their parent or legal guardian who owns the account. All financial information on the account, such as a credit card or PayPal account, must be that of the parent or legal guardian.
In accordance with the UK General Data Protection Regulation (UK GDPR), in relation to the offer of information society services directly to a child, the processing of the personal data of a child shall be lawful where the child is at least 13 years old. Where the child is below the age of 13 years, such processing shall be lawful only if and to the extent that consent is given or authorised by the holder of parental responsibility over the child.
 

9. HOW LONG WE KEEP YOUR PERSONAL DATA

We will keep your personal data for as long as you have your account, or if it is needed to be able to provide services to you, including product warranty lasting, or (in the case of any contact you may have with our Customer Care) for as long as is necessary to provide support-related reporting.
We may keep some of your personal data, if required so by law, even after your account has been closed and we no longer need to provide any services to you. For the general business activities, we keep the data for 6 years, and we keep accounting and financial records for 6 years from the end of the last company financial year for which data relates to. In some cases, where the law does not define maximum data retention period, we keep some personal data based on legitimate interest, in case we need to defend our claim at court or some other public authority, in accordance with statutory limitations periods. If you wish to close your registered profile, please contact our customer support.
 

10. SHARING YOUR DATA WITH THIRD PARTIES

We share your data with the following categories of companies as an essential part of being able to provide our services to you, as set out in this statement:
- Affiliated companies and processors - based on fulfilment of the purchase agreement or to perform internal processes and procedures.
- Companies issuing credit cards, providers of payment services to process payments and banks, based on your order to fulfil a purchase agreement.
- Carriers to deliver your order or services. We use logistics services from DPD and Parcelforce etc.
- Third parties, such as law enforcement agencies, other governmental agencies, and related parties, if we are required by law to do so.
- Data processors - we share personal data with authorised data processors for providing IT support, accounting, legal, HR, marketing and sales services. For this type of activities, we also engage affiliated Lelo and Foreo companies.
- Network operators and/or other communications service providers - when necessary for the set-up of proper routing and connectivity.
- Third-party service providers - to the extent strictly necessary for them to perform specific actions on our behalf. We may share personal data with our trusted and verified third-party service providers for example to enable them to process payments for us or to prevent fraud.
- Relevant legislation - in case we are presented with a legal obligation, we will share the data from users with such third parties that are legally entitled and authorized to request the same, such as within criminal procedures or threats to the public security.
- Online marketing - we use certain online marketing tools and for this reason we share some personal data of our website visitors or people who clicked on our online ads with our business associates. We and our authorized partners use cookies and other information gathering technologies for a variety of purposes. These technologies may provide us with some identifiers, information about devices you utilize to access our website, and other information regarding your interactions with our website. For detailed information about the use of cookies and advertising tools that we use please read our Cookie Policy.
- Social networks – we use social networks (Facebook, Twitter, Instagram) to communicate with our customers and advertise our products. For detailed information about the use of cookies and advertising tools that we use please read our Cookie Policy.
- Reviews – through Baaazarvoice services consumers can submit reviews, and to comment on or rate goods, products, and services. You should be aware that any information you provide in the area that is intended to collect may be published on a publicly facing website or mobile application and may be read, collected, and used by Bazaarvoice, its affiliates, subsidiaries, vendors, and clients. Therefore, please do not include any information within these areas that you do not want to share with the public, including personally identifiable information, such as your name, email address or financial information. You may be required to create an account with the Bazaarvoice Client. During account creation, you may be asked to submit information, such as but not limited to, your name, email address, mailing address or phone number, and other data. The consumer account info may be collected by both Bazaarvoice and Heavensent.
- Mergers and acquisitions – in accordance with the applicable law, personal data may be transferred to data recipients who are in the process of buying our company (for example, in case of due diligence process), or personal data can be transferred to a company which merged with our company or to company who bought partially or in whole our company in case of business acquisitions or resolution/bankruptcy proceeding.
- reCAPTCHA – for security reasons and avoiding spam and bots making enquiry, we use Google reCAPTCHA. More information is available in Google’s Privacy Policy.
We transfer personal data of EU customers to the USA, based on standard contractual clauses and additional technical and organisational measures. We use Amazon AWS hosting services for our sites. For transfer of personal data regarding cookies and similar technologies, please read our Cookie Policy.

​

11. PAYMENT METHODS

If a customer chooses payment via PayPal, the customer agrees to personal data transfer to PayPal. PayPal is a data controller for this type of payment, so please read their Privacy Policy. Heavensent cannot access consumer’s data about this payment, such as data about credit cards. Personal data transferred to PayPal are name, surname, e-mail address, IP address, phone number, shipping address, purchase data. PayPal uses personal data to perform transactions, check the identity, for anti-fraud measures and exchange of data with credit agency.
Customers that use Klarna, in order to provide the service, such as our checkout and customer portal, Klarna collects certain personal data to complete the purchase and help us handle your order, but also to prevent fraud and meet legal requirements, such as, IP address, email address, name, surname, user profile ID, shipping data, order ID, transaction ID, payment method, language, items, credit card partial data – last 4 digits).
Stripe is also an available payment method for our customers. Stripe uses data (email address, name, surname, amount spent, credit card data, shipping address, IP address) to verify the identity to comply with fraud monitoring, prevention and detection obligations, laws associated with the identification and reporting of illegal and illicit activity, such as AML (Anti-Money Laundering) and KYC (Know-Your-Customer) obligations, and financial reporting obligations.
Google Payments is offered to Google Account holders, and your use of it is subject to the Google Privacy Policy. For users (except those selling on a Google marketplace) based in the European Economic Area (excluding the UK), the data controller responsible for your information is Google Ireland Limited. For users (except those selling on a Google marketplace) based in the UK, the data controller responsible for your information is Google LLC. If you are based in the European Economic Area, excluding the UK, and are selling on a Google marketplace, the data controller responsible for your information is Google Payment Ireland Limited. If you are based in the UK and are selling on a Google marketplace, the data controller responsible for your information is Google Payment Limited. For users based in Brazil, the data controller responsible for your information is Google LLC and, to the extent required under Brazilian law, it may be Google Brasil Pagamentos Ltda.
For purchases via Amazon services, we process data, such as, name, surname, email address, ID number, items, price, date.
When you add a card to Apple Pay, card-related information, location, and information about device settings and use patterns may be sent to Apple to determine eligibility. Some of the above information, account-related information, and paired-device details may be shared with your card issuer or bank to determine eligibility and for anti-fraud purposes. When you use Apple Pay in apps and on the web, information necessary to process the payment is shared with the app or website. Your actual card number isn’t shared with the Heavensent.
 

12. WHAT ARE YOUR RIGHTS

- The right to access personal data we hold about you. You have the right to request information about personal data we hold about you.
- The right to portability. You have the right to get a copy of your data in a structured, commonly used, and machine-readable format transferred to you or to another data controller.
- The right to rectification. You have the right to request rectification of your personal data if it is incorrect, including the right to have incomplete personal data completed.
- The right to erase. You have the right to request that we delete, stop processing or collecting any personal data in accordance with the relevant law.
- The right to object to processing of personal data that is based on legitimate interest.
- The right to object personal data processing.
You have the right to object to direct marketing, including profiling analysis made for direct marketing purposes.
In case we use your personal data based on your consent, you are entitled to withdraw that consent at any time subject to applicable law. We rely on you to ensure that your personal data is complete, accurate and current. Please inform us of any changes to or inaccuracies of your personal data by contacting us immediately.
If you would like to exercise your rights, require assistance, file a complaint, or just have any questions, please do not hesitate to contact us on support@heavensent.co.uk.

You have right to file a complaint to data protection supervisory authority:

UK
Information Commissioner's Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF
Telephone: 0303 123 1113
 

13. BREXIT NOTICE

From 1 January 2021, the UK is no longer considered as an EU Member State and UK GDPR started to apply. Based on the agreement between the UK and the EU, until 2025 all the personal data transfers from the EU to the UK are not considered as transfers to a third country. For the transfer from the UK to the EU, UK finds this transfer as transfer with adequate protection, so currently there are no additional requirements needed for such personal data transfers.

 

14. UPDATES TO OUR PRIVACY POLICY

We may need to update our Privacy Policy. The latest version of this Privacy Policy will always be available on our website, so you can access it and be informed of any updates or changes at any time.
We inform registered customers about the new version of Privacy Policy, if the changes are substantial and are not only connected with the grammar, style, corrections etc. Your continued use of any portion of our sites following the updated Privacy Policy will constitute your acceptance of the changes.

bottom of page