Next Day Delivery on 1000s of products

Privacy and Cookie Policy

Heamar Company Limited is committed to protecting your privacy and handling your personal data responsibly. This Privacy and Cookie Policy explains how we collect, use, store and share personal data when you visit our website, create an account, place an order, contact us, subscribe to marketing, or otherwise interact with us.

This policy applies to the website at www.heamar.co.uk and to personal data processed by Heamar Company Limited in connection with our website, sales, customer service, marketing and related business activities.

For the purposes of UK data protection law, Heamar Company Limited is the controller of the personal data described in this policy.

Heamar Company Limited
Beresford House
Foundry Bank
Congleton
Cheshire
CW12 1EE
United Kingdom

Telephone: +44 (0)1260 297500
Email: [email protected]

This policy should be read together with our Terms and Conditions and any other privacy information provided at the point where we collect personal data.

1. The laws that apply

We process personal data in accordance with the UK GDPR, the Data Protection Act 2018 and, where relevant, the Privacy and Electronic Communications Regulations 2003, commonly known as PECR.

2. Personal data we collect

We may collect and process the following types of personal data.

When you visit our website, we may collect technical and usage information such as your IP address, browser type, device type, pages viewed, referring pages, approximate location data, date and time of visits, and information about how you use the website.

When you create an account or request a company account, we may collect details such as your company name, company legal name, company email address, VAT or tax ID, reseller ID, legal address, delivery and billing address, country, county, postcode, phone number, job title, administrator name, first name, last name and email address.

When you place an order or request a quotation, we may collect contact details, billing and delivery details, order history, product details, payment-related information, VAT information and correspondence relating to the order.

When you contact us, we may collect your name, email address, telephone number, company details, message content and any other information you choose to provide.

When you sign up for marketing, we may collect your name, email address, marketing preferences, subscription status and records of consent or opt-out.

When you call us, calls may be recorded for training, quality assurance, dispute handling and customer service purposes.

When you leave a review or interact with a third-party review platform connected with Heamar, we may process information relating to your review, order, name, company, email address and feedback, depending on the service used.

We do not intentionally collect special category personal data, such as health information, biometric data, religious beliefs or political opinions, through our website. Please do not provide this type of information unless it is specifically requested and necessary.

3. How we use your personal data

We use personal data for the following purposes.

We use account and contact details to create and manage customer accounts, respond to enquiries, provide quotations, process orders, arrange delivery, provide customer support, manage returns, handle repairs, servicing and calibration enquiries, and maintain business records.

We use order, billing and transaction information to process purchases, issue invoices, take payment, manage credit or account facilities where applicable, prevent fraud, comply with tax and accounting obligations, and resolve disputes.

We use website and technical data to operate the website, maintain security, understand website performance, fix errors, improve the user experience and protect against misuse or fraud.

We use marketing preference data to send newsletters, product updates, offers and similar marketing communications where permitted by law. You can unsubscribe from marketing emails at any time by using the unsubscribe link in the email or by contacting us.

We use call recordings for training, quality assurance, customer service monitoring and dispute resolution.

We may use personal data to comply with legal obligations, enforce our terms, protect our rights, prevent fraud, manage business operations, or support a sale, merger or restructuring of all or part of our business.

4. Our lawful bases for using personal data

We only use personal data where we have a lawful basis to do so.

We rely on contract where processing is necessary to provide goods or services, process orders, manage accounts, arrange delivery, respond to order-related enquiries, or take steps before entering into a contract.

We rely on legal obligation where we need to keep records for tax, accounting, company law, product safety, regulatory, fraud prevention or legal compliance purposes.

We rely on legitimate interests where we use personal data to run and improve our business, respond to enquiries, manage customer relationships, prevent fraud, secure our website, record calls for training and quality, handle disputes, manage suppliers, improve our website and send business-to-business communications where permitted. Our legitimate interests do not override your rights and freedoms.

We rely on consent where required, including for certain marketing activities and for non-essential cookies or similar technologies. Where we rely on consent, you can withdraw it at any time.

For electronic marketing, we may also use the PECR “soft opt-in” where permitted. This may apply where we obtained your details during a sale or genuine negotiation for a sale, we are marketing our own similar products or services, and you were given a clear opportunity to opt out when your details were collected and in every subsequent message.

5. Marketing communications

We may send you marketing communications about Heamar products, services, offers, events, guides and related updates.

We will only send electronic marketing where we have a lawful basis and where PECR permits us to do so. This may be because you have consented, because you are an existing customer and the soft opt-in applies, or because we are sending business-to-business communications where permitted.

You can unsubscribe from marketing emails at any time by clicking the unsubscribe link in our emails or by contacting us at [email protected]. We may keep a limited suppression record to make sure we do not send marketing to people who have opted out.

We do not sell your personal data to third parties for their own marketing purposes.

6. Cookies and similar technologies

Our website uses cookies and similar technologies. Cookies are small files placed on your device that allow the website to function, remember preferences, improve performance and, where consent is given, help us understand website usage or deliver marketing.

Some cookies are strictly necessary for the website to work. These may include cookies used for shopping basket functionality, checkout, account login, security, load balancing and remembering cookie preferences. These cookies do not require consent, but we still provide information about them.

Non-essential cookies, such as analytics, personalisation or marketing cookies, will only be used where you have given consent through our cookie banner or cookie preference centre. You can change or withdraw your cookie preferences at any time using the link above.

We do not use non-essential cookies before you have consented to them.

7. Who we share personal data with

We may share personal data with trusted third parties where necessary for the purposes described in this policy.

These may include website hosting providers, ecommerce platform providers, IT support providers, payment service providers, delivery and courier companies, email marketing platforms, analytics providers, fraud prevention services, professional advisers, insurers, auditors, regulators, law enforcement bodies and other suppliers that help us operate our business.

Where a third party processes personal data on our behalf, we require them to process it only in accordance with our instructions and to apply appropriate security measures.

We may also share personal data where required by law, where necessary to enforce our terms, where needed to protect our rights or the rights of others, or in connection with a sale, merger, restructuring or transfer of all or part of our business.

We do not sell customer personal data to third parties.

8. Payment information

Payments made through our website are processed by Stripe and PayPal. We do not store full payment card details on our own systems. Payment information is handled securely by our payment providers in accordance with their own security and compliance requirements.

9. International transfers

Some of our suppliers may process personal data outside the UK. This may include providers based in, or using systems located in, countries such as the United States.

Where personal data is transferred outside the UK, we will only do so where there is a lawful transfer mechanism in place. This may include UK adequacy regulations, the UK Extension to the EU-US Data Privacy Framework, the UK International Data Transfer Agreement, the UK Addendum to EU Standard Contractual Clauses, or another lawful safeguard or exception.

Where we rely on the UK Extension to the EU-US Data Privacy Framework, we will check that the recipient has an active certification, that the certification covers the relevant type of personal data, and that the transfer complies with UK data protection requirements.

You can contact us for more information about the safeguards used for international transfers.

10. How long we keep personal data

We keep personal data only for as long as necessary for the purposes for which it was collected, including to meet legal, accounting, reporting, customer service and dispute resolution requirements.

Our retention periods vary depending on the type of data and the reason we hold it. In general, customer account data is kept for as long as the account remains active, then for a reasonable period afterwards for legal, accounting and customer service purposes.

Order, invoice and transaction records are usually kept for up to six years after the end of the relevant financial year, unless a longer period is required by law or needed to resolve a dispute.

Enquiry and customer service records are kept for as long as needed to respond to the enquiry and maintain appropriate business records.

Marketing consent and suppression records are kept for as long as needed to manage marketing preferences and honour opt-outs.

Call recordings are kept for 30 days, unless we need to keep them for longer to investigate a complaint, resolve a dispute, meet a legal obligation or protect our rights.

Cookie consent records are kept in accordance with the settings and retention period used by our cookie consent platform.

Website analytics data is kept in accordance with the retention settings used in our analytics tools.

Where we do not have a fixed retention period, we decide how long to keep personal data by considering the purpose for which it was collected, legal and regulatory requirements, limitation periods, the need to resolve disputes, and whether the data is still accurate and necessary.

11. Security

We use appropriate technical and organisational measures designed to protect personal data against unauthorised access, loss, misuse, alteration or disclosure.

These measures may include encryption, access controls, secure payment processing, supplier due diligence, staff training, secure systems, monitoring and procedures for handling data protection incidents.

No method of transmission over the internet is completely secure. We therefore cannot guarantee absolute security, but we take reasonable and appropriate steps to protect personal data.

12. Your rights

Depending on the circumstances, you may have the following rights under UK data protection law:

  • the right to access your personal data;
  • the right to correct inaccurate or incomplete personal data;
  • the right to request deletion of your personal data;
  • the right to restrict how we use your personal data;
  • the right to object to certain processing, including direct marketing;
  • the right to data portability in certain circumstances;
  • the right to withdraw consent where we rely on consent;
  • and rights relating to automated decision-making and profiling, where applicable.

You have an absolute right to object to direct marketing at any time.

To exercise your rights, please contact us at [email protected] or write to us at the address above.

We may need to verify your identity before responding to a request. Some rights are subject to conditions and exemptions, so we may not always be able to fulfil a request in full. If this applies, we will explain why.

13. Automated decision-making and profiling

We do not make decisions about you based solely on automated processing that produce legal or similarly significant effects.

If this changes, we will update this policy and provide meaningful information about the logic involved, the significance of the processing and the likely consequences.

14. Call recording

Calls to and from Heamar may be recorded for training, quality assurance, customer service, dispute handling and record-keeping purposes.

Access to call recordings is restricted to authorised personnel and, where applicable, our call recording or telephony service provider. Call recordings are kept for 30 days unless we need to keep them for longer to investigate a complaint, resolve a dispute, meet a legal obligation or protect our rights.

15. Links to other websites

Our website may include links to third-party websites, platforms or services. We are not responsible for the privacy practices, content or security of those third-party websites. You should read their privacy policies before providing personal data to them.

16. Complaints

If you have any concerns about how we use your personal data, please contact us first so that we can try to resolve the issue.

You also have the right to complain to the Information Commissioner’s Office, the UK regulator for data protection.

Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF
Website: ico.org.uk