Free Shipping Over $30.00
Log in

Cart

Your cart is currently empty.

Continue shopping
Total
$0.00 USD

Privacy Policy

HADLOW HIDEAWAYS Privacy Policy

Date: 2025/12/10 Applicable to: United Kingdom Last updated: 2026/3/10

1. Information on the collection of personal data

1.1 Personal data

In the following, we inform you about the processing of personal data when using our website. Personal data is all data that can be related to you personally, e.g. name, address, e-mail addresses, user behavior. In this way, we would like to inform you about our processing procedures and at the same time comply with our legal obligations under the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

1.2 Data controller

The data controller is:
HADLOW HIDEAWAYS LIMITED CRN: 11851207 Contact: +44 7351842328 Email: connor.adam@malayapparel26.com Address: Passalls Farm, Wilderness Lane, Hadlow Down, Uckfield, East Sussex, United Kingdom, TN22 4HB

2. Processing of personal data when visiting our website

When using the website for information purposes, i.e. simply viewing it without registering and without you providing us with any other information, we process the personal data that your browser transmits to our server. The data described below is technically necessary for us to display our website to you and to ensure stability and security and must therefore be processed by us:
(A) IP address (B) Date and time of the request (C) Content of the request (page visited) (D) Amount of data transmitted in each case (E) Browser type and version (F) Operating system (G) Referrer URL (the website you came from)
Legal basis: Article 6(1)(f) UK GDPR (legitimate interest) - processing is necessary for the purposes of the legitimate interests pursued by the controller in the operation and maintenance of our website.

3. Further functions and offers of our website

3.1 Overview over various offers

In addition to purely informational use of our website, we offer various services that you can use if you are interested (e.g. registering an account, purchasing goods) and we use other functions to facilitate sales (e.g. payment method selection) and to analyze or market our offers. Accordingly, you usually have to provide further personal data and/or we process such further data that we use to perform the respective services. The aforementioned data processing principles apply to all data processing purposes described here. Collection of personal data is not the main or sole purpose of our website.

3.2 Use of external service providers

In some cases, we use external service providers to process your data (e.g. payment service providers, shipping companies). These service providers are carefully selected by us, are bound by our instructions and are regularly monitored. All service providers process personal data on our behalf as processors and are contractually required to comply with UK GDPR requirements.

3.3 Further third party involvement

Furthermore, we may pass on your personal data to third parties not already mentioned in this privacy policy if we offer participation in promotions, competitions, conclusion of contracts or similar services together with partners. Depending on the service, your data may also be collected by the partners on their own responsibility. You will receive more detailed information when you provide your data or in the description of the respective offers.

3.4 Third parties outside of the EEA

If our service providers or partners are based in a country outside the European Economic Area (EEA), we will ensure that appropriate safeguards are in place to protect your personal data. This may include:
  • Using service providers that have received an adequacy decision from the UK government
  • Implementing standard contractual clauses approved by the UK Information Commissioner's Office
  • Using binding corporate rules for international transfers within group companies

4. Processing of personal data when you contact us or register an account with us

When you contact us by e-mail or via a contact form, the data you provide (your e-mail address, name and telephone number, if applicable) will be stored by us in order to answer your questions. When you register a customer account with us, we only collect the information that you voluntarily share with us.
This data may include, for example: (A) Your first and last names, as the case may be also your title or user name (B) Login data: your email address and a password you choose yourself (C) Your contact details, e.g. your name, postal addresses, telephone numbers, fax numbers, email addresses (D) Any further information on your person and your interests that you might share with us
Legal basis:
  • For contact requests: Article 6(1)(b) UK GDPR (performance of a contract or steps to enter into a contract) or Article 6(1)(f) UK GDPR (legitimate interest)
  • For account registration: Article 6(1)(b) UK GDPR (performance of a contract)
Retention period: We will retain your contact data until your request has been fully resolved and for a further 6 months thereafter for any follow-up questions. Account data will be retained for as long as your account remains active and for 7 years after account closure in accordance with legal retention requirements.

5. Processing of personal data when you make a purchase with us

5.1 Shopping information

If you order something from our online shop, we collect your shopping data. Depending on the type of purchase and processing status, shopping data may include the following information: (A) Purchased item details (name, price, model, etc.) (B) Order number (C) Delivery and billing addresses (D) Delivery and payment status, e.g. "completed" or "dispatched" (E) Messages and communication relating to purchases (e.g. complaints and messages to customer service) (F) Return status, e.g. "ongoing" (G) Information regarding service providers involved (e.g. shipment numbers of parcel services)

5.2 Payment details

We offer you various payment methods – in particular credit card (Visa, Mastercard) and PayPal. We collect the payment details shared by you in order to execute the payment. We receive further payment details from external payment service providers and credit agencies which we work with in executing payments and carrying out credit checks. We only forward information to our payment service providers which is necessary for processing payment.
Payment details include: (A) Billing addresses (B) Preferred payment method (C) Credit card details (card number, expiry date, CVV) – note: credit card details are processed directly by our payment service providers and are not stored on our servers (D) PayPal account information
Our payment service providers:
Legal basis: Article 6(1)(b) UK GDPR (performance of a contract)

6. Cookies and similar technologies

6.1 General information about cookies

We may use cookies, tags, web pixels, and similar technologies to automatically collect information on our Services. Cookies or tags are bits of code that allow our technology partners to collect information that usually does not directly identify you. If required by law, we will request your consent before using cookies or other tracking technologies.

6.2 Types of cookies we use

We use the following types of cookies on our Services:
Strictly Necessary Cookies: These cookies are essential because they enable you to use our Services. For example, strictly necessary cookies allow you to access secure areas on our Services, maintain shopping cart contents, and complete the checkout process. Without these cookies, some services cannot be provided. These cookies do not gather information about you for marketing purposes. This category of cookies is essential for our Services to work and they cannot be disabled.
Functional Cookies: We use functional cookies to remember your choices so we can tailor our Services to provide you with enhanced features and personalized content. For example, these cookies can be used to remember your name, language preferences, or region on our Services. We do not use functional cookies to target you with online marketing. While these cookies can be disabled, this may result in less functionality during your use of our Services.
Performance or Analytic Cookies: These cookies collect passive information about how you use our Services, including webpages you visit and links you click. We use the information collected by such cookies to improve and optimize our Services. We do not use these cookies to target you with online marketing.
Advertising or Targeting Cookies: These cookies are used to make advertising messages more relevant to you. They perform functions like preventing the same ad from continuously reappearing, ensuring that ads are properly displayed for advertisers, and in some cases selecting advertisements that are based on your interests.

6.3 Your choices

You can manage browser cookies through your browser settings. The 'Help' feature on most browsers will tell you how to prevent your browser from accepting new cookies, how to have the browser notify you when you receive a new cookie, how to block cookies, and when cookies will expire. If you block all cookies on your browser, neither we nor third parties will transfer cookies to your browser. If you do this, however, you may have to manually adjust some preferences every time you visit a site and some features and services may not work.
You may withdraw your consent or update your preferences at any time by clicking the "Manage Cookies" link within the website footer.

6.4 Web Pixels

To see how successfully our marketing campaigns or other goals of the Services are performing we sometimes use conversion pixels, which fire a short line of code to tell us when you have clicked on a particular button or reached a particular page (e.g. a thank you page once you have completed the procedure for subscribing to one of our services or have completed one of our forms). We also use web pixels to analyze usage patterns on our Services.

6.5 Analytics

We use Google Analytics to monitor and analyze the use of our Services. Google Analytics is a web analytics service that tracks and reports Site traffic. For more information on the privacy practices of Google, please visit the Google Privacy & Terms web page: https://policies.google.com/privacy?hl=en. Google Analytics Opt-out Browser Add-on provides visitors with the ability to prevent their data from being collected and used by Google Analytics, available at: https://tools.google.com/dlpage/gaoptout.
Legal basis: Article 6(1)(f) UK GDPR (legitimate interest)

6.6 Behavioral Remarketing

We also use remarketing services to advertise on third-party websites to you after you visited our Services. For this purpose, visitors are grouped by certain actions on our Services, e.g., by duration of a visit. This enables us to understand your preferences and to show you personalized advertising even if you are currently surfing on another website that also participates in the Google advertising network.
We use the following tools and services for these purposes:
  • Google Ads: Provided by Google. You can opt-out of this by visiting the Google Ads Settings page: https://www.google.com/settings/ads
  • Bing Ads: Operated by Microsoft Ireland Operations Limited. For more information, please read Microsoft's privacy statement: https://privacy.microsoft.com/en-US/
  • Facebook Ads: Using Facebook Business Tools. To modify your preferences or turn off personalization for ads served by Facebook, you can visit Facebook's Ad Preferences.

6.7 Do Not Track

Some Internet browsers, such as Internet Explorer, Firefox, and Safari, include the ability to transmit "Do Not Track" or "DNT" signals. Since uniform standards for "DNT" signals have not been adopted, our Site does not currently process or respond to "DNT" signals.

6.8 Location Information

You may be able to adjust the settings of your device so that information about your physical location is not sent to us or third-parties by (a) disabling location services within the device settings; or (b) denying certain websites or mobile applications permission to access location information by changing the relevant preferences and permissions in your mobile device or browser settings.

7. Transfer of data to third parties

7.1 Transfer only where allowed by law

We only forward your data if this is allowed by UK or European law. We work particularly closely with certain service providers, for example in the area of customer service (e.g. hotline service providers), with technical service providers (e.g. running computer centers) or with logistics companies (e.g. Royal Mail, DPD UK). These service providers may generally only process your data on our behalf under special conditions.

7.2 Technical service providers

We work with technical service providers in order to be able to provide our services. Our primary technical service provider is Shopify, which provides our e-commerce platform. Shopify's privacy policy can be found at: https://www.shopify.com/legal/privacy/consumers.
If they process your data outside the European Union, this may mean that your data is transmitted to a country with a lower data protection standard than the European Union. In such cases we will ensure that the relevant service providers contractually or otherwise guarantee an equivalent data protection level.

7.3 Payment service providers and credit agencies

We offer different payment options, such as advance payment, payment by credit card, payment by PayPal and payment on invoice. For this purpose, payment data can be transferred to payment service providers with whom we work with.
Our payment service providers:
We do not currently use credit agencies for credit checks.

7.4 Logistics companies

We work with external logistics companies to deliver orders:
These logistics companies receive the following data to execute the relevant order: (A) Your name (B) Your delivery address (C) Your postcode (D) Your email address (to inform you of delivery status) (E) Your telephone number (for delivery notifications)

7.5 Authorities and other third parties

If we are obliged by an official or court decision or it is for prosecution purposes, we will if necessary, forward your data to prosecution authorities or other third parties.
Legal basis: Article 6(1)(c) UK GDPR (legal obligation)

7.6 Group companies

Many systems and technologies are shared within MALAY APPAREL 26 group. Therefore, companies within MALAY APPAREL 26 group which require access to your data to fulfil our contractual and legal obligations, or to fulfil their respective functions within MALAY APPAREL 26 group, receive this access.

8. Retention and erasure of data

We will store your personal data as long as is necessary for the purposes named in this Privacy Policy, especially for the fulfilment of our contractual and legal obligations. We may also store your personal data for other purposes if or as long as the law allows us store it for particular purposes, including for defense against legal claims.
If you close your customer account, we will delete all the data we have stored regarding you. If it is not possible or necessary to completely delete your data for legal reasons, the relevant data will be blocked for further processing. If data is blocked, technical and organizational measures are used to ensure that only a few employees can access the relevant data, based on need to know and only for select purposes (e.g. in the event of a tax audit).
Blocking will occur, for example, in the following cases: (A) Your order and payment details and perhaps other details are generally subject to various legal retention obligations. The law obliges us to retain this data for tax audits and financial audits for up to six years from the end of the relevant tax year. Only then can we finally delete the relevant data. (B) Even if your data is not subject to any legal retention obligation, we may refrain in the cases allowed by the law from immediate deletion and instead carry out initial blocking. This applies especially in cases where we may need the relevant data for further contractual processing or prosecution or legal defense (e.g. in the event of complaints). The decisive criterion for the duration of the blocking is then the legal limitation periods. After the relevant limitation periods expire, the relevant data will finally be deleted.

9. How is my personal data protected?

We use technical and organizational measures to secure our systems. With regard to your order and your customer login, we transmit your personal data securely using SSL encryption (Secure Socket Layer). We regularly review our security measures to ensure they remain appropriate and effective.

10. Your rights

10.1 Your rights against us as data controller

Your personal information or image may not be used for advertising purposes without your consent. Accordingly, you have the following rights against us as a data controller in respect of personal data relating to you: (A) Right to information (B) Right of rectification or erasure (C) Right to restriction of processing (D) Right to object to processing (E) Right to data portability (F) Right to withdraw consent (in case consent is the basis for data processing)

10.2 Information requests

In order to ensure that your data is not disclosed to third parties in the course of requests for information, please attach sufficient proof of identity to your request. This may include a copy of your passport or driving license, along with a signed statement confirming your request.

10.3 Withdrawal of consent

If you have given your consent to the processing of your data, you may revoke this consent at any time. Such revocation affects the permissibility of the processing of your personal data after you have expressed it to us. The permissibility of the processing of your data up to the time of your revocation remains unaffected.

10.4 Objection in case of processing on the basis of balancing of interests

(A) Insofar as we base the processing of your personal data on a balancing of interests, you may object to the processing. This is the case if the processing is not necessary, in particular, for the fulfilment of a contract with you. When exercising such an objection, we ask you to explain the reasons why we should not process your personal data in the way we have done. In the event of your objection, we will review the situation and either cease or adjust the data processing or show you our compelling legitimate grounds for continuing the processing.
(B) Of course, you can object to the processing of your personal data for advertising and data analysis purposes at any time. The best way to exercise your advertising objection is to contact us using the contact details provided above.
You also have the right to complain to a data protection supervisory authority about our processing of your personal data. The relevant authority for UK-based companies is the Information Commissioner's Office (ICO), which can be contacted at: https://ico.org.uk/concerns/

11. Changes to this Privacy Policy

Further improvements to our website or changes in legal or regulatory requirements may require changes to this privacy policy. Thus, we encourage you to re-read this Privacy Policy from time to time. The latest version will always be available on our website.

12. Data Protection Officer

You can reach our data protection officer at connor.adam@malayapparel26.com or our postal address with attention to: "RABIA RIAZ".

13. Company Information

Our entity details are as follows: HADLOW HIDEAWAYS LIMITED CRN: 11851207 Contact: +44 7351842328 Email: connor.adam@malayapparel26.com Address: Passalls Farm, Wilderness Lane, Hadlow Down, Uckfield, East Sussex, United Kingdom, TN22 4HB
This privacy policy is compliant with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.