We at Brand Access LLC (“we”, “us”, “our” or “Brand Access”) value your privacy and are committed to taking care of your Personal Data, which is a responsibility that we take very seriously.
This Privacy Policy explains how we may use the Personal Data we collect when you visit our website https://hexclad.co.uk/ (“Website”), inquire about our products, purchase a product through our Website or subscribe to our marketing communications. It also explains how we comply with EU legislation related to data protection (EU General Data Protection “GDPR”) and the UK data protection law (Data Protection Act 2018 (“Data Protection Act”) and what your rights are under these legal frameworks.
Brand Access is the seller of all HexClad UK Cookware and is solely responsible for all aspects of your purchase. Brand Access is the data controller of the services offered through this website. Our registered office is at 900 High Street, Palo Alto, California 94301, United States.
1. What type of Personal Data do we collect from you?
Personal Data means any information relating to you which allows us to identify you, either directly from that data or because we combine that information with other data about you.
When you use our Website, including to create an account with us and purchase products from our Website, subscribe to our marketing communications or we interact with you in relation to our products, you may provide us with your Personal Data, or we may obtain Personal Data about you.
We may process the following Personal Data:
2. Where do we collect your Personal Data from?
We will collect Personal Data from several sources. These include the following:
If you are providing information regarding other individuals to us, it is your responsibility to ensure that you have the right to provide the information to us.
CookieSettings
3. Why do we collect your Personal Data and on what legal basis?
The table below describes the main purposes for which we process your personal data, the categories of your information involved and our lawful basis for being able to do this.
Purpose |
Personal Data used |
Lawful basis |
So that we can provide our website to you |
IP address, browser type, device ID, geolocation |
We have a legitimate interest in our website working properly |
To improve our website security, offer IT support and troubleshooting |
IP address, date and time of your visit or use of our website, device information |
We have a legitimate interest in ensuring our systems are secure |
To manage your purchases and provide products to you |
Name, email address, telephone number, address, shipping address, billing address, date of birth |
This is necessary to fulfil our contract with you. |
To create an account with us |
Name, date of birth, email address, telephone number, address, payment data, purchase history and customer number |
This is necessary to fulfil our contract with you |
To invoice you and receive payments from you |
Name, email address, billing address, shipping address, telephone number, date of birth, customer number, invoice number, tax identification number, and other payment data |
This is necessary to fulfil our contract with you |
Marketing products which may be of potential interest to you and offering promotions |
Name, email address, telephone number and marketing preferences |
We have a legitimate interest to provide you with information about or products including those that are the same or similar to the ones you have inquired about If we cannot rely on legitimate interest as our lawful basis for processing, then we will obtain consent from you |
Provide you with our newsletter |
Name, email address, marketing preferences |
We only send you newsletters if you gave us your consent |
To deal with inquiries, and other communications from you |
Name, shipping address, billing address, email address, telephone number and customer number |
This is necessary to fulfil our contract with you |
To perform credit checks |
Contact details and payment information |
We have a legitimate interest in ensuring we are likely to be paid for our products or services |
For the purpose of complying with any legal and regulatory requirements |
Contact details, invoice number and tax identification number |
We have a legal obligation to comply with any legal or regulatory requirements |
Storage of records relating to you and also records relating to our business |
All the personal information we collect about you |
To be able to manage and fulfil our contract with you, we may have a legal and/or regulatory obligation to do so and we also have a legitimate interest to keep proper records |
Some of your Personal Data may be required due to legal, contractual, or other obligations. Failure to provide this data may impact our ability to fulfil our contract with you or comply with relevant legal obligations. For other Personal Data, whilst you may not be under an obligation to provide it to us, if you do not provide it, we may not be able to properly perform our services for you. Without your Personal Data, you may be unable to complete purchases or register an account on our Website.
Providing Personal Data for marketing and newsletters is optional. Refusal to provide this data has no negative consequences but means that we cannot offer personalised marketing messages or promotional offers. If you gave us your consent for marketing purposes, you can revoke your consent or object the processing at any time by utilizing the following website: https://prighter.com/q/19550884 or by following the information in section “Contact Information”.
4. Who we share your Personal Data with?
In order to operate our Website and provide you with the products you have ordered we may need to share your Personal Data with third parties. This includes sharing your Personal Data with the company whose products you are purchasing (our “Clients”) and companies engaged by us to manage our relationship with you and provide you the services described above.
We may share your personal data with the following recipients:
We do not disclose Personal Data to anyone else except as set out above unless we have your consent, or we are legally obliged to do so. These recipients will only process your Personal Data to perform tasks and duties on our behalf and in compliance with this Privacy Policy and governing data protection laws.
5. Direct Marketing
From time to time, our Clients may contact you by email and/or SMS with information about products they believe you may be interested in.
Marketing emails and newsletters will only be sent to you based on the preferences you set when you create your account, tell us that you wish to receive marketing related messages or when you have purchased similar products from our Website previously.
You can opt out any time if you do not wish to receive any marketing messages by clicking on the unsubscribe link in any marketing email you receive to unsubscribe from future marketing communications.
6. International data transfers
In the course of our operations, it may be necessary to transfer your Personal Data to recipients located outside the European Union (EU), European Economic Area (EEA), or the United Kingdom (UK). These transfers may be to our Clients, partners or service providers who are located in regions with differing data protection laws than those in your country. When transferring your Personal Data internationally we implement appropriate safeguards to ensure the security and confidentiality of your data. These safeguards may include for example Standard Contractual Clauses (SCCs) approved by the European Commission or applicable supervisory authority.
In addition, Brand Access, LLC, as the seller of all HexClad UK Cookware, complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF) and the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) as set forth by the U.S. Department of Commerce. Brand Access has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of Personal Data received from the EU and the UK in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF. Brand Access has certified to the U.S. Department of Commerce that it adheres to the Swiss-U.S. Data Privacy Framework Principles (Swiss-U.S. DPF Principles) with regard to the processing of Personal Data received from Switzerland in reliance on the Swiss-U.S. DPF. If there is any conflict between the terms in this Privacy Policy and the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles, the Principles shall govern. To learn more about the Data Privacy Framework (DPF) program, and to view our certification, please visit https://www.dataprivacyframework.gov/
An individual has the possibility, under certain conditions, to invoke binding arbitration for complaints regarding DPF compliance not resolved by any of the other DPF mechanisms. For additional information: https://www.dataprivacyframework.gov/s/article/ANNEX-I-introduction-dpf?tabset-35584=2
In compliance with the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF, Brand Access, LLC commits to refer unresolved complaints concerning our handling of personal data received in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF to the ICDR-AAA DPF IRM Service, an alternative dispute resolution provider based in the United States. If you do not receive timely acknowledgment of your DPF Principles-related complaint from us, or if we have not addressed your DPF Principles-related complaint to your satisfaction, please visit https://go.adr.org/dpf_irm.html for more information or to file a complaint. The services of ICDR-AAA DPF IRM are provided at no cost to you.
Further, Brand Access, LLC is subject to the investigatory and enforcement powers of the Federal Trade Commission (FTC), and is liable in cases of onward transfers to third parties.
If you have an unresolved complaint in connection with our certification, you may contact our independent dispute resolution provider based in the United States, ICDR. Please visit https://www.icdr.org/ for more information or to file a complaint. These services are provided to you free of charge.
7. How long do we keep Personal Data for?
Generally, we will retain your Personal Data for as long as we need it for the purposes for which it was collected. The duration for which we retain your Personal Data will differ depending on the type of information and the reason why we collected it from you. However, in some cases Personal Data may be retained on a long term basis: for example, Personal Data that we need to retain for legal purposes will normally be retained in accordance with usual commercial practice and regulatory requirements.
In addition, we may be allowed to retain Personal Data whenever you have given consent to such processing (e.g. subscription to our newsletter), as long as such consent is not withdrawn.
8. Data security
We take the security of your information very seriously and only handle Personal Data as permitted by data protection regulations. We use a variety of technical and organizational measures to help protect your Personal Data from unauthorized access, disclosure, modification, loss or destruction in accordance with applicable data protection laws. When handling Personal Data, our employees are obliged to comply with the regulations of the EU GDPR and the Data Protection Act 2018.
9. Links to other websites
Our Website may contain links to other websites or services that are not owned or controlled by us, including links to social media platforms such as YouTube, Instagram, or X (formerly Twitter), or may redirect you off our Website.
This Privacy Policy only applies to information collected by our Website and services. We are not responsible for the privacy and security practices of those other websites or social media platforms or the information they may collect (which may include IP address). You should contact such third parties directly to determine their respective privacy policies. Links to any other websites or content do not constitute or imply an endorsement or recommendation by us of the linked website, social media platform, and/or content.
10. Your rights in relation to your Personal Data
You have the following rights in relation to your Personal Data:
Right of Access - you have the right to be informed about how we are using your Personal Data and the right to access that data that we hold about you.
Right to Erasure or "Right to be Forgotten" – you have the right to ask us to delete your Personal Data provided that there are no valid grounds for us to keep it, for example we may have to keep some or all of the Personal Data to comply with legal obligation or in respect of any legal claims.
Right to Data Portability – you have the right to receive the Personal Data you have provided to us in a digital format or in certain circumstances and where technically feasible the right to ask us to transmit the data to another organization.
Right of Rectification – you have the right to ask us to amend the Personal Data that we hold about you where you believe it is inaccurate or incomplete.
Right to Object - in certain circumstances, you have the right to object to the processing of your Personal Data and to ask us to block, erase and restrict our use of your personal data.
Automated Decision Making – we may process your Personal Data by solely automated means (without human intervention), including for profiling. Where such processing may have a legal or similarly significant effect on you, you have the right not to remain subject to any decisions based on such automatic processing, except as otherwise provided by law. You have the right to understand when and how automated decisions are made about you, and the factors involved and you have the right to challenge these decisions, request human intervention, express your point of view, and seek a review of the decision.
Right to Withdraw Consent or Right of Opposition – if you have provided your consent to the collection, processing and transfer of your personal data, you have the right to fully or partly withdraw your consent. Once we have received notification that you have withdrawn your consent, we will no longer process your information for the purpose(s) to which you originally consented unless there is another legal ground for the processing.
Right of Limitation - you have the right to request the limitation of the Processing of your Personal Data, in the form of: (i) suspension of Processing or (ii) limitation of the scope of Processing to certain categories of Personal Data or purposes of Processing.
Right to complain – you have the right to complain to the supervisory authority, in addition to us.
The period for handling a request is 30 days unless it is a particularly complex request.
Once our specified retention period has expired we shall delete the relevant Personal Data. Therefore, the right to access, the right to erasure, the right to rectification and the right to data portability cannot be enforced after the expiration of such retention period.
11. Processing data in relation to children
Our services are not intended for and shall not be used by individuals under the age of 16. Brand Access does not knowingly collect Personal Data from persons under 16 or allow them to register. If it comes to our attention that we have collected or processed Personal Data from such a person, we may delete this information without notice. If you have reason to believe that this has occurred, please contact us using the following link: https://prighter.com/q/19550884
12. Changes to our data protection provisions
We may need to make changes to this Privacy Policy to ensure that it complies with current legal requirements or to implement changes to the services detailed in the Privacy Policy, e.g., when introducing new services and products. In this case, your future visits to our Website will be subject to the updated Privacy Policy.
13. Difficulty accessing our Privacy Policy
Individuals with disabilities who are unable to usefully access our Privacy Policy online may contact us to inquire how they can obtain a copy of our policy in another, more easily readable format.
14. Contact Information
If you have any questions or comments about this Privacy Policy, the ways in which we collect and use your Personal Data, or your choices and rights regarding such use please do not hesitate to contact us by:
Email at: [email protected]
Post to: 900 High Street, Palo Alto, CA 94301, United States
Data Subject Requests from EU Data Subjects according to the GDPR
We value your Data Subject Rights under EU GDPR and have therefore appointed Prighter as representative according to Art 27 EU GDPR. We provide you with an easy way to submit a privacy related request like a request to access or erase your personal data by visiting: https://prighter.com/q/19550884
Data Subject Requests from UK Data Subjects according to the Data Protection Act
We value your Data Subject Rights under the UK GDPR and have therefore appointed Prighter as representative according to Art 27 UK GDPR. We provide you with an easy way to submit a privacy related request like a request to access or erase your personal data by visiting: https://prighter.com/q/19550884
This Policy was last updated: July 22, 2024