Privacy policy

Last Updated: 20th October, 2025

At HELLO BOO, we are committed to protecting your privacy and handling your personal data responsibly. This Privacy Policy explains how we collect, use, share, and protect your personal information when you visit our website at helloboo.uk or make a purchase through our e-commerce platform. We operate in compliance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

As a small startup company, this policy is tailored to our current operations. We will review and update it as the company grows or our practices change. If we make significant changes, we will notify you via email or a notice on our website.

1. Who We Are

We are HELLO BOO, a UK-based e-commerce business.

  • Registered Address: 35 Flint Lane, Barrow Upon Soar, Loughborough, LE12 8GS
  • Contact Details: For privacy inquiries, email us at info@helloboo.uk

We are the data controller for the personal data we process.

2. Personal Data We Collect

We collect personal data to operate our e-commerce site effectively. The data we collect includes:

  • Directly from you during checkout: Name, address, email address, phone number, and payment details (e.g., card information, but we do not store full card details—see Section 5 for sharing).
  • Automatically via our website (hosted by IONOS): IP addresses, device information (e.g., browser type, operating system), browsing history (e.g., pages viewed, time spent), and cookies or similar technologies for site functionality and analytics.

We do not collect any sensitive personal data (e.g., health, ethnicity, or political opinions). Our site is not targeted at children under 13, and we do not knowingly collect data from them. If we become aware of such data, we will delete it immediately.

3. How We Use Your Data (Purposes and Lawful Bases)

We only use your data for specific purposes, each with a lawful basis under UK GDPR:

  • Processing and fulfilling orders: To handle your purchases, including payment processing and shipping. Lawful basis: Contract (necessary to fulfill our agreement with you).
  • Sending order confirmations and updates: To email you about your order status, delivery, or any issues. Lawful basis: Contract.
  • Customer support: To respond to your inquiries, resolve problems, or provide assistance. Lawful basis: Contract.
  • Preventing fraud: To detect and prevent fraudulent transactions or unauthorized access. Lawful basis: Legitimate interests (we've assessed that our interest in protecting our business and customers outweighs any impact on your rights).
  • Site analytics and improvement: To analyze website usage (e.g., via aggregated data on visits and behavior) to enhance our site and services. Lawful basis: Legitimate interests (balanced against your rights; we use anonymized data where possible).
  • Marketing emails (if you opt-in): To send promotional offers or newsletters. Lawful basis: Consent (you can withdraw this anytime—see Section 7).

We do not use your data for automated decision-making or profiling that significantly affects you.

4. Cookies and Similar Technologies

Our website uses cookies to improve your experience:

  • Essential cookies: For core functions like maintaining your shopping cart and session. These do not require consent.
  • Analytics cookies: To track site performance (e.g., via IONOS tools or integrated analytics). These are optional and require your opt-in consent via our cookie banner.
  • Other: We may use session cookies that delete after your visit, and first-party cookies for data exchange during browsing.

You can manage cookies through your browser settings or our cookie banner. For more details, see our [Cookie Policy] (if separate; otherwise, contact us). Blocking cookies may affect site functionality.

5. Sharing Your Data

We share your data only when necessary and with trusted parties:

  • IONOS: Our website host, who processes data for site operation, storage, and security.
  • Payment processors: Such as Stripe, PayPal, or Square (integrated via IONOS), to handle payments securely. We do not store full payment details ourselves.
  • Shipping providers: Such as Royal Mail or DHL, to deliver your orders (sharing name, address, and contact details).

We do not share data for marketing purposes. All recipients are required to comply with UK GDPR through contracts. As per your information, there are no international data transfers outside the UK. If this changes, we will update this policy and notify you.

6. Data Retention

We keep your data only as long as needed:

  • Order and payment data: Up to 7 years to comply with UK tax and accounting laws.
  • Contact and account data: Until you request deletion or withdraw consent (for marketing).
  • Analytics and log data (e.g., IP addresses): Up to 2 years, or anonymized thereafter.
  • Cookies: Session cookies delete when you close your browser; others expire after 1-2 years or upon deletion.

After retention periods, we securely delete or anonymize data.

7. Your Rights

Under UK GDPR, you have rights over your data:

  • Access: Request a copy of your data.
  • Rectification: Correct inaccurate data.
  • Erasure: Delete your data (unless we have legal reasons to keep it).
  • Restriction: Limit processing in certain cases.
  • Objection: Object to processing based on legitimate interests (e.g., analytics).
  • Portability: Receive your data in a transferable format.
  • Withdraw consent: For marketing, via unsubscribe links or email.

To exercise rights, email info@helloboo.uk. We respond within one month (extendable if complex). There is no fee unless requests are excessive.

If unsatisfied, complain to the Information Commissioner's Office (ICO) at ico.org.uk or 0303 123 1113.

8. Data Security

We take security seriously:

  • SSL encryption for data transmission (via IONOS).
  • Secure payment gateways to protect financial details.
  • Access controls, firewalls, and regular backups.
  • Staff training on data protection.

While no system is 100% secure, we use appropriate measures to prevent unauthorized access, loss, or breaches. If a breach occurs, we notify you and the ICO as required.

9. Changes to This Policy

We may update this policy to reflect changes in our practices or laws. We will post updates here and notify you of material changes. Check back periodically.

10. Contact Us

For questions, email info@helloboo.uk.

This policy applies to our website and services. For linked sites, review their policies.

We need your consent to load the translations

We use a third-party service to translate the website content that may collect data about your activity. Please review the details in the privacy policy and accept the service to view the translations.