Privacy Policy - gaitherhunter

Gaitherhunter ("we", "us", "our") is a women's casual clothing brand specializing in versatile everyday pieces, including coordinated sets, chic bottoms, elegant dresses and stylish tops—curated to blend comfort with modern casual aesthetics. We are committed to protecting the privacy and personal data of every individual ("you", "your") who interacts with our brand, whether through our online store, physical boutique in Brighton, customer service channels, or social media platforms. This Privacy Policy transparently details how we collect, process, store, disclose and safeguard your personal information, in full compliance with the General Data Protection Regulation (GDPR) and the Data Protection Act 2018 (DPA 2018) of the United Kingdom. By accessing our services, purchasing our clothing, or sharing your personal information with us, you confirm that you have read, understood and consented to all provisions herein.

1. What Personal Information Do We Collect?

We adhere strictly to the "data minimization" principle, only gathering personal information that is necessary to deliver a seamless shopping experience, fulfill your orders for sets, bottoms, dresses and tops, and continuously improve our products and services. The specific types of personal information and collection scenarios are outlined below:
  • Identity and Contact Details: Your full name, email address (for communications via gaitherhunter@outlook.com), telephone number, and delivery/billing addresses. We collect this information when you place an order, create a customer account, subscribe to our new collection alerts and exclusive offers, or contact our customer support team for assistance (such as set size guidance, top fabric care tips, or order tracking inquiries).
  • Order and Transaction Data: Details related to your purchases, including the specific clothing items selected (e.g., linen coordinate sets, high-waisted denim bottoms, midi casual dresses, cotton graphic tops), sizes, quantities, order reference numbers, transaction amounts, and payment method identifiers. We never store full payment card information; all payment processing is entrusted to PCI DSS-accredited third-party providers, ensuring the highest security for your payment data.
  • Account and Preference Information: If you register an account, we will store your size preferences (tailored to our sets, bottoms, dresses and tops), order history, saved delivery addresses, and communication preferences (e.g., preferred channel for order updates and casual styling inspiration).
  • Website Usage and Technical Data: When you visit our official website, we collect anonymized technical and browsing data to optimize site performance and enhance your shopping experience, including: This data is collected through cookies and similar tracking technologies (see Section 7 for management instructions).
    • Device information (e.g., smartphone, laptop, tablet), operating system version, and browser type.
    • Anonymized IP address (personal identifying information is permanently removed within 40 days to ensure non-identifiability).
    • Browsing behavior: Pages visited (e.g., coordinate set collection, bottoms section), products added to cart or wishlist, time spent on product detail pages (such as dress fit descriptions or top fabric specifications), and referral sources (e.g., search engines, social media posts featuring our clothing).
  • Voluntarily Shared Information: Details you actively provide, such as product reviews (e.g., feedback on the fit of our bottoms or the quality of our tops), style suggestions (e.g., set and top matching ideas), survey responses, or information exchanged during in-store interactions (e.g., fitting adjustments for dresses or set size consultations).

2. Why and How Do We Process Your Data?

We process your personal information solely for legitimate purposes permitted by UK and EU data protection laws, with each activity grounded in a valid legal basis. The specific purposes and corresponding legal bases are as follows:
  • Fulfilling Purchase Contracts: To meet our obligations under your purchase contract, including processing payments, arranging delivery of your sets, bottoms, dresses and tops via UK-based logistics partners, sending order confirmations and shipping tracking updates, and handling returns or exchanges (e.g., for ill-fitting tops or size adjustments for bottoms) in line with our after-sales policy.
  • Your Explicit Consent: To send you personalized marketing communications (e.g., new arrivals of sets and dresses, exclusive discounts on tops, in-store styling events in Brighton) and tailored product recommendations (e.g., suggesting a matching top for your purchased bottoms) based on your browsing and purchase history. You may withdraw your consent at any time without impacting existing order processing.
  • Legitimate Business Interests: To refine our clothing range (e.g., adjusting set proportions, optimizing bottom silhouettes, or improving top fit based on customer feedback), enhance website functionality, detect and prevent fraudulent transactions, and ensure the security and efficiency of our business operations. These interests are carefully balanced to avoid overriding your privacy rights.
  • Compliance with Legal Obligations: To retain transaction records for 7 years in accordance with UK tax and accounting regulations, and to respond to lawful requests from regulatory authorities (such as the Information Commissioner's Office/ICO) or court orders.

3. Do We Share Your Data with Third Parties?

We will never sell, rent, or lease your personal information to any third party for their own marketing activities. We only share your data with trusted third-party partners who support our service delivery, and all such partners are contractually obligated to protect your information and use it solely for authorized purposes:
  • Payment Service Providers: PCI DSS-compliant payment processors (e.g., Stripe, PayPal) that handle secure transactions. They receive only the minimum data needed to complete payments and are prohibited from using your data for other purposes.
  • Logistics Partners: UK-based courier services requiring your delivery address and contact details to ship your clothing orders. They do not store your data beyond delivery completion and adhere to strict data protection standards.
  • IT and Cybersecurity Providers: UK-hosted service providers responsible for website maintenance, customer database management, and cybersecurity. They access only anonymized or encrypted data and are bound by confidentiality agreements.
  • Legal and Regulatory Bodies: We may disclose your information if required by law, regulation, or legal process, or to protect our legitimate rights, property, or safety, as well as those of our customers or third parties.
  • Business Successors: In the event of a merger, acquisition, or asset sale, your personal information may be transferred to the new owner. The successor will be required to comply with this Privacy Policy to ensure continued data protection.

4. How Do We Protect Your Data?

We have implemented a comprehensive set of technical and organizational security measures to protect your personal information from unauthorized access, disclosure, alteration, or destruction. Our key security practices include:
  • End-to-end SSL/TLS encryption for all data transmitted between your device and our website, securing contact information and transaction data during transmission.
  • Secure, encrypted storage on UK-based servers, with multi-factor authentication and role-based access controls. Only authorized personnel with a legitimate business need (e.g., processing orders for sets and tops, providing customer support) can access personal data, and all access is logged and audited regularly.
  • Proactive security management, including regular vulnerability scans, security audits, and software updates to address emerging cyber threats. We conduct bi-annual penetration testing to verify the effectiveness of our security controls.
  • Regular data protection training for all employees, ensuring they fully understand GDPR and DPA 2018 obligations and handle your personal information securely—including in-store data collected during bottom fittings or set size adjustments.
While we strive for maximum security, no internet transmission or electronic storage method is entirely risk-free. We cannot guarantee absolute security but will take all reasonable steps to minimize breach risks. In the event of a breach posing high risk to your rights, we will notify you and the ICO promptly as required by law.

5. How Long Do We Keep Your Data?

We retain your personal information only for the duration necessary to fulfill collection purposes or as required by law. Post-retention, data is securely deleted or anonymized to prevent association with you. Specific periods are as follows:
  • Transaction and identity data: Retained for 7 years from transaction completion to comply with UK tax and accounting laws.
  • Account and preference data: Retained for the life of your account. Upon account deletion request, data is removed within 49 days (unless legal retention is required).
  • Marketing consent and communication data: Retained until consent is withdrawn. Post-withdrawal, marketing data is deleted within 34 days to cease promotional communications about our sets, bottoms, dresses and tops.
  • Website usage and technical data: Retained for 40 days before permanent anonymization for aggregate analytics (e.g., analyzing customer preferences for set styles, optimizing top product page layouts).

6. What Rights Do You Have Over Your Data?

Under GDPR and DPA 2018, you hold enforceable rights regarding your personal information held by us. We are committed to supporting you in exercising these rights:
  • Right of Access: Request a free, clear copy of your personal data and details of our processing activities.
  • Right to Rectification: Request correction of inaccurate or incomplete data (e.g., updating your delivery address or top size preference).
  • Right to Erasure (Right to be Forgotten): Request deletion of data if no longer necessary, consent is withdrawn, or processing is unlawful (subject to legal retention).
  • Right to Restriction of Processing: Request limited processing (e.g., while we verify the accuracy of your dress order history).
  • Right to Data Portability: Receive data in a structured, machine-readable format (e.g., CSV file of your clothing order history) for transfer to another controller.
  • Right to Object: Object to direct marketing at any time. Object to legitimate interest-based processing, with us ceasing processing if your interests prevail.
  • Right to Withdraw Consent: Withdraw marketing or other consent via email unsubscribe links or direct customer service contact.
To exercise these rights, contact us using details in Section 8. We may request ID verification to secure your data. Responses are provided within 30 days, with a possible 30-day extension for complex requests (we will notify you of extensions and reasons).
You may also lodge a complaint with the ICO if dissatisfied with our data handling. Contact the ICO via www.ico.org.uk or telephone 0303 123 1113.

7. Cookies and Tracking Tools

Our website uses cookies and similar tracking technologies (e.g., web beacons, pixel tags) to enhance your browsing experience, analyze traffic, and personalize content and offers related to our sets, bottoms, dresses and tops. Cookies are small text files stored on your device. We use three cookie categories:
  • Essential Cookies: Critical for website functionality, enabling you to browse our catalog, add sets, bottoms, dresses or tops to cart, and complete checkout. These cannot be disabled as they support core services.
  • Analytical Cookies: Collect anonymized, aggregated data on website interaction (e.g., popular set styles, bottom section navigation) to improve site performance and user experience.
  • Marketing Cookies: Deliver personalized marketing (e.g., new dress collection ads, exclusive discounts on sets) based on browsing history. Used only with explicit consent.
Non-essential cookies (analytical, marketing) can be managed/disabled via browser settings. Refer to your browser’s help center for instructions. Disabling non-essential cookies does not impact shopping capabilities but may limit content personalization.

8. Contact Us for Data Inquiries

For questions, concerns, or requests regarding this Privacy Policy or your personal data, contact our data protection team using the following details:
  • Brand Name: Gaitherhunter
  • Email: gaitherhunter@outlook.com
  • Phone: +44 (0) 1273 894 516 (Mon-Fri: 9:00 AM – 5:00 PM GMT; Sat: 10:00 AM – 3:00 PM GMT)
  • Address: 21 North Street, Brighton BN1 1ND, United Kingdom

9. Policy Updates

This Privacy Policy may be updated to reflect legal changes, business adjustments, or technological advancements (e.g., new security measures, expansions to our set or top ranges). Updated policies will have a revised "Last Updated" date. For significant changes, we will notify you via email (if contact details are held) or website notice at least 33 days before implementation.
We recommend regular reviews of this policy to stay informed about our data protection practices.