Privacy Policy

Last updated: 23/11/2025

1) Who we are

HALO Chesterfield Ltd, registered in England & Wales (Company No 15482353) at Unit 1 Fan Road, Chesterfield, Derbyshire, S43 3PT, is the “data controller” of your personal data when you interact with our website, purchase our products, or contact us.

  • Company name: HALO Chesterfield Ltd
  • Trading name: HALO Performance
  • Registered address: Unit 1 Fan Road, Chesterfield, Derbyshire S43 3PT
  • Email: [email protected]
  • Phone: 01246 281543
  • Website: haloperformance.co.uk

2) What data we collect

We collect and process personal data to run our e‑commerce operations and provide services:

  • Identity data: name, username, title, date of birth (optional).
  • Contact data: billing/delivery address, email, phone.
  • Account data: login details, passwords (hashed), preferences, saved items.
  • Order & transaction data: products purchased, order history, invoices, returns, refunds.
  • Payment data: payment method, masked card details/token. (We don’t store full card details—these are handled securely by our payment processors.)
  • Marketing & communications data: your preferences and consents.
  • Technical & usage data: IP address, device/browser, pages viewed, referring pages, time on site, interaction data (via cookies and similar technologies).
  • Marketplace data (if applicable): orders and messages from eBay/Amazon [adjust if you use these].
  • Support data: communication history, notes, attachments.

3) How we collect data

  • Direct: when you create an account, place an order, subscribe to emails, contact support, or complete forms.
  • Automatic: via cookies, analytics, and similar technologies when you browse our site.
  • Third‑party sources: payment providers, delivery partners, marketplaces (e.g., eBay, Amazon), fraud‑prevention services.

4) Why we use your data (purposes) & lawful bases

We process personal data under the UK GDPR/EU GDPR on these bases:

  • To process orders and deliver products (contract).
  • To manage your account (contract; legitimate interests).
  • To provide customer support (contract; legitimate interests).
  • To take payment and prevent fraud (contract; legitimate interests; legal obligation).
  • To send service messages (order confirmations, delivery updates) (contract; legal obligation).
  • To improve our website and products (legitimate interests—analytics & performance).
  • To send marketing emails/SMS (consent or legitimate interests, respecting PECR rules; you can opt out anytime).
  • To meet tax and accounting obligations (legal obligation).
  • To handle returns, warranties, and disputes (contract; legal obligation; legitimate interests).

5) Marketing & preferences

  • We’ll only send email/SMS marketing if you’ve opted in or if permitted under legitimate interests (for existing customers), and you can opt out at any time via the unsubscribe link or by contacting us.
  • We do not sell your personal data.

6) Cookies & similar technologies

Cookies help us run the site and understand how it’s used. We use:

  • Strictly necessary cookies (e.g., cart, checkout, security).
  • Performance/analytics cookies (e.g., understanding usage, improving UX).
  • Functional cookies (remembering preferences).
  • Advertising/remarketing cookies (showing relevant ads).

You can manage cookies via our Cookie Banner/Preferences and your browser settings. See our Cookie Policy for details on types, providers, durations, and how to opt out.

7) Sharing your data

We share data only with trusted parties to operate our business:

  • Payment processors (e.g., Square)—to take payments and prevent fraud.
  • Delivery & logistics partners (e.g., Royal Mail, DHL)—to deliver orders.
  • E‑commerce platforms/IT providers (hosting, CRM, email, analytics, security).
  • Marketplaces (eBay, Amazon)—if you order via those channels.
  • Professional advisers (accountants, auditors, legal counsel).
  • Authorities (HMRC, law enforcement) where required by law.

We require all third parties to respect your data and process it per our instructions and the law.

8) International transfers

If we transfer data outside the UK/EU/EEA, we ensure appropriate safeguards (e.g., UK International Data Transfer Agreement, EU Standard Contractual Clauses, or adequacy decisions). You can request details of current safeguards by contacting us.

9) Data retention

We keep your data only as long as necessary:

  • Orders & invoices: typically 6–7 years (tax/accounting).
  • Account data: as long as your account is active, then deleted or anonymised after [60] months of inactivity.
  • Marketing data: until you opt out or after [6] years of inactivity.
  • Support communications: [6] years.

We may retain data longer if needed for legal claims or compliance.

10) Security

We implement administrative, technical, and physical safeguards, including encryption in transit (TLS), secure access controls, regular updates/patching, and limited staff access on a need‑to‑know basis. No system is 100% secure; we continuously improve our controls.

11) Your rights

Subject to legal limits, you have the right to:

  • Access your personal data.
  • Rectify inaccuracies.
  • Erase your data (“right to be forgotten”).
  • Restrict processing.
  • Object to processing (including marketing).
  • Data portability (transfer your data).
  • Withdraw consent at any time (where consent is the lawful basis).

To exercise your rights, contact us at [email protected]. We’ll respond within one month (extensions may apply for complex requests).

12) Complaints

If you have concerns, please contact us first so we can resolve them. You also have the right to complain to the Information Commissioner’s Office (ICO):

  • ICO Website: https://ico.org.uk
  • ICO Helpline: 0303 123 1113
  • Address: Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF

13) Children

Our website is not intended for children under 16, and we do not knowingly collect data from them.

14) Changes to this policy

We may update this policy from time to time. We’ll post changes here and update the “Last updated” date. Significant changes may be communicated by email or site notice.

15) Contact us

Questions about this policy or your data?
Email: [email protected]
Address: Unit 1 Fan Road, Chesterfield, Derbyshire S43 3PT
Phone: 01246 281543