Heative LLC (“Heative LLC”, “we”, “us” or “our”) is a “data controller”. This means that we are responsible for deciding how we hold and use personal information about you. We are required under data protection legislation to notify you of the information contained in this privacy notice. This privacy notice describes how we collect and use personal information about you or that you provide: (i)           when you purchase goods from us either in-store or from our website at (the “Website”); (ii)          when you use any of the services that we provide (the “Services”); (iii)        when you visit the Website; (iv)       when you visit any of our stores; and (v)      when you contact us (by email or telephone or in-person). It is important that you read and retain this notice, together with any other privacy notice we may provide, so that you are aware of how and why we are using such information and what your rights are under the data protection legislation. Data protection principles Data protection law says that the personal information we hold about you must be: 1. Used lawfully, fairly, and in a transparent way. 2. Collected only for valid purposes that we have clearly explained to you and not used in any way that is incompatible with those purposes. 3. Relevant to the purposes we have told you about and limited only to those purposes. 4. Accurate and kept up to date. 5. Kept only as long as necessary for the purposes we have told you about. 6. Kept securely. The kind of information we hold about you Personal data, or personal information, means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data). The type of information we collect from you will depend upon the type of interaction you have with us. We have grouped the information together as follows:
  • Identity Data includes your first name, last name, username or similar identifier, title, date of birth, and gender;
  • Contact Data includes your delivery address, billing address, email address, and telephone number;
  • Financial Data includes your payment card and payment account details;
  • Transaction Data includes details about your orders and the products you have bought from us, the services you have used, and the payments to and from you;
  • Technical Data includes your internet protocol (IP) address, your login data, browser type, and version, time zone settings and location, browser plug-in types and versions, operating system and platform, and other technology on the devices you use, your unique device identifiers and other diagnostic data;
  • Profile Data includes your username and password, purchases and orders placed by you, your interests, preferences, requirements, feedback, and survey responses;
  • Usage Data includes information about how you use our Website, the pages you visit, the time and date of your visit, the time spent on the pages you visit, and information about how you use our products and services;
  • Marketing and Communications Data includes your preferences to receive marketing communications from us and information contained in communications you send to us; and
We also collect, use, and share Aggregated Data such as statistical or demographic data for any purpose. Aggregated Data could be derived from your personal data but is not considered personal data in law as this data will not directly or indirectly reveal your identity. For example, we may aggregate your Usage Data to calculate the percentage of users accessing a specific Website feature. However, if we combine or connect Aggregated Data with your personal data so that it can directly or indirectly identify you, we treat the combined data as personal data which will be used in accordance with this privacy notice.  How is your personal information collected? We collect personal information about you:
  • through your use of the Website such as when you place your order via the Website;
  • through visiting our stores such as when you purchase goods from us in-store;
  • through your use of the Services;
  • through you registering for and attending, our Events; and
  • when you otherwise provide us with your personal information.
How we will use information about you We will only use your personal information when the law allows us to. Most commonly, we will use your personal information in the following circumstances: 1. Where we have your consent. 2. Where we need to perform the contract we have with you. 3. Where we need to comply with a legal obligation. 4. Where it is necessary for legitimate interests pursued by us or a third party and your interests and fundamental rights do not override those interests. Our legitimate interests will include:
  • operating our business in a proper and compliant manner and improving our business;
  • improving the experience you receive from engaging with us through our sales and communications channels;
  • understanding your marketing preferences so we can deliver appropriate marketing content to you;
  • understanding customer behavior and high-level trends across our sales channels so we can better understand our business and customers;
  • defending legal claims and protecting our business from fraud. 
Situations in which we will use your personal information We need all the categories of information in the list above primarily to allow us to fulfill your orders and to enable us to provide our services to you. We may also use your personal information to pursue legitimate interests, provided your interests and fundamental rights do not override those interests and to comply with the law. The situations in which we will process your personal information are listed below. We may process personal data in the following ways:
  • To register you as a customer and set up your customer and user accounts with us and set your preferences.
  • To allow you to make purchases in-store and via the Website, to apply discounts and promotional offers, fulfill your orders, and process refunds due to you.
  • To store data within our data warehouse and use data analytics and analysis to review and better understand customer behavior and trends and to improve our Website, products/services, marketing, customer relationships, and experiences.
  • To ensure that content on the Website is presented in the most effective and relevant manner for you and for your device and to tailor the Website’s experience and content based on the way that you use the Website.
  • To manage our relationship with you which includes notifying you about changes to our terms of business and privacy notices and asking you to leave a review, participate in customer research or take a survey.
  • To enable you to take part in promotions and competitions.
  • To administer and protect our business, Website (including troubleshooting, data analysis, testing, system maintenance, security, support, reporting and hosting of data).
  • To deal with your inquiries, requests, complaints, and claims.
  • To prevent fraud and criminal activity.
  • To carry out product recalls.
  • To notify you about changes to our Website and Services.
  • To provide you with marketing content in line with your preferences and to measure the effectiveness of the marketing communications we send you.
  • To store cookies on your device.
  • To comply with legal or regulatory requirements.
  • For our business management and planning, including accounting and auditing.
If you want to learn more about what lawful bases we rely upon, or the types of data we collect, in respect of each situation in which we process your personal information, you may contact us at If you fail to provide personal information If you fail to provide certain information when requested, you may not be able to purchase goods from us, we may not be able to provide the Services to you, we may be prevented from carrying out the tasks above for your benefit, or we may be prevented from complying with our legal obligations. How we use particularly sensitive personal information “Special categories” of particularly sensitive personal information, such as information about your health, racial or ethnic origin, religious beliefs, sexual orientation, trade union membership, and genetic and biometric data require higher levels of protection. We need to have further justification for collecting, storing and using this type of personal information. We do not intend to process any special category data about you, and we will not request special category data from you. If you voluntarily provide any special category data to us, it is on the basis of your explicit consent. Change of purpose We will only use your personal information for the purposes for which we collected it unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If we need to use your personal information for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so. Please note that we may process your personal information without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law. Automated decision-making We do not envisage that any decisions will be taken about you using automated means under this Privacy Notice, however, we will notify you in writing if this position changes. Data sharing We will share your data with third parties, including other entities in our group and our service providers. We require third parties to respect the security of your data and to treat it in accordance with the law. Why might you share my personal information with third parties? We will share your personal information with third parties where required by law, where it is necessary to administer our relationship with you or in order for a third-party service provider to provide a service related to our relationship with you. Which third parties process my personal information? “Third parties” include our third-party service providers and other entities within our group. We will share your personal information with our service providers including couriers to deliver your orders, our payment processor to facilitate your payments (see below), marketing companies to run and fulfill our marketing campaigns, event organizers to arrange and organize our events, e-commerce providers to power our Website, e-commerce tools, and customer experiences, together with IT software and services providers, website hosting service providers, data analytics and analysis service providers, data warehouse providers, and administrative services providers. Our payment processor is Stripe. Please refer to its privacy notice for information on how Stripe will collect and handle your personal information when you make a payment to us. How secure is my information with third parties? All our service providers and other entities within our group are required to take appropriate security measures to protect your personal information. They must only process your personal information for specified permitted purposes and in accordance with data protection law. When might you share my personal information with other entities in the group? We may share your personal information with other entities in our group as part of our regular reporting activities on company performance, in the context of a business reorganization or group restructuring exercise, for system maintenance and support and hosting of data. What about other third parties? We may share your personal information with other third parties, for example in the context of the possible sale or restructuring of our business. In this situation we will, as far as possible, share anonymized data with the other parties before the transaction completes. Once the transaction is completed, we will share your personal data with the other parties if and to the extent required under the terms of the transaction. We may need to share your personal information with a regulator or to otherwise comply with the law. We may need to share our personal information with our professional advisors, the authorities, and the courts in certain situations (for example, to enforce our legal rights or to defend ourselves against allegations or claims made against us, to prevent or investigate wrongdoings or suspected wrongdoings or to protect and safeguard the users who use our Website and Services). Data security We have put in place appropriate security measures to prevent your personal information from being accidentally lost, used, or accessed in an unauthorized way, altered, or disclosed. In addition, we limit access to your personal information to those employees, agents, contractors and other third parties who have a business need to access your personal information. They will only process your personal information on our instructions, and they are subject to a duty of confidentiality. We have put in place procedures to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so. However, you should be aware that the transmission of information and data is never completely secure and there is a measure of risk associated with the use of any online service. Data retention How long will you use my information? We will only retain your personal information for as long as necessary to fulfill the purposes we collected it for, including the purposes of satisfying any legal, accounting, or reporting requirements. To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorized use or disclosure of your personal data, the purposes for which we process your personal data, and whether we can achieve those purposes through other means, and the applicable legal requirements. We undertake annual reviews of our retention periods and the data we are processing. Generally, we will retain your personal information for 3 years after our last interaction with you, after which we will anonymize it so that it can no longer be associated with you, in which case we may use such information without further notice to you. We will only retain your personal information for longer than 3 years (up to a maximum of 6 years) in situations where that information relates to a complaint or legal claim. We would of course keep your information for longer if the law required us to do so.     Rights of access, correction, erasure, and restriction Your duty to inform us of changes It is important that the personal information we hold about you is accurate and current. Please keep us informed if your personal information changes. You can contact us at the email address set out above. Your rights in connection with personal information Under certain circumstances, by law, you have the right to:
  • Request access to your personal information (commonly known as a “data subject access request”). This enables you to receive a copy of the personal information we hold about you and to check that we are lawfully processing it.
  • Request correction of the personal information that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected.
  • Request erasure of your personal information. This enables you to ask us to delete or remove personal information where there is no good reason for us to continue to process it. You also have the right to ask us to delete or remove your personal information where you have exercised your right to object to processing (see below).
  • Object to processing of your personal information where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground. You also have the right to object to where we are processing your personal information for direct marketing purposes.
  • Request the restriction of processing of your personal information. This enables you to ask us to suspend the processing of personal information about you, for example, if you want us to establish its accuracy or the reason for processing it.
  • Request the transfer of your personal information to another party.
If you want to review, verify, correct or request the erasure of your personal information, object to the processing of your personal data, or request that we transfer a copy of your personal information to another party, please contact us at the email address set out above. No fee is usually required You will not have to pay a fee to access your personal information (or to exercise any of the other rights). However, we may charge a reasonable fee if your request for access is clearly unfounded or excessive. Alternatively, we may refuse to comply with the request in such circumstances. What we may need from you We may need to request specific information from you to help us confirm your identity and ensure your right to access the information (or to exercise any of your other rights). This is another appropriate security measure to ensure that personal information is not disclosed to any person who has no right to receive it. Right to withdraw consent In the limited circumstances where you may have provided your consent to the collection, processing, and transfer of your personal information for a specific purpose, you have the right to withdraw your consent for that specific processing at any time. To withdraw your consent, please contact us at the postal or email address set out above. Once we have received notification that you have withdrawn your consent, we will no longer process your information for the purpose or purposes you originally agreed to, unless we have another legitimate basis for doing so in law. The withdrawal of your consent will not affect the lawfulness of any processing carried out before your consent was withdrawn. Use of cookies and similar technologies We use cookies and similar tracking technologies to track the activity on our Website and we hold certain information collected via cookies. Links to other sites The Website and our Social Media Pages may contain links to other sites that are not operated by us. If you click a third-party link, you will be directed to that third party’s site. We strongly advise you to review the Privacy Policy of every site you visit. We have no control over and assume no responsibility for, the content, privacy policies, or practices of any third-party sites or services. Age of consent By using this site, you represent that you are at least the age of majority in your state or province of residence, or that you are the age of majority in your state or province of residence and you have given us your consent to allow any of your minor dependents to use this site. Contacting us If you have any questions about this privacy notice or how we handle your personal information, please contact us at the email address set out above. You have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues. Changes to this privacy notice We may update this notice at any time. When we update this notice, we will post the updated version at the various data collection points so you can read and understand the new notice. If we make significant changes to the ways we use the personal information we have already collected from you, we will take separate steps to notify you of the change and we will seek your consent as appropriate. You should review this Privacy Policy periodically for any changes. Changes to this Privacy Policy are effective when they are posted on this page. If you have any questions about this privacy notice, please contact us at