We store your data in secure systems and use it only for sales order processing purposes.
- We do not share any of your data with anyone.
- We do not do any marketing mailshots.
- We store no card details.
- We store your order data in our ecommerce site and Xero accounts system on hosted secure servers.
What personal data we collect and why
Who we are
Our website address is: https://www.henleyfan.com. It is owned and operated by The Henley Fan Company Ltd, a private company registered in England and Wales registration no 07401225.
The only data we collect is that necessary to process customer orders along with the accompanying pre and post sales communications. In our website database and accounting system we store the customer name, address, email and order product details. No payment card details are retained by us as these are processed separately by the payment processor and both they and us have annual PCIDSS audits designed to protect the payment process. Any card numbers taken when making a phone order payments are entered into the merchant gateway’s secure site directly and immediately encrypted. We retain the transaction information (but not the card data) in order to satisfy HMRC requirements and other government record keeping requirements. We further use this for reference in the event of a warranty issue/claim or support issue. We use your email to send a request to review our performance on the TrustPilot independent site and will alert you or any important product safety issues in the future. The customer data is stored on a secure hosted web server and also in our accounting system hosted by Xero.
To avoid the risk of malicious software being planted on our site no comments or content of any kind is permitted to be placed on any of our blog or web pages.
No media or any other form of file upload is permitted on our site as a security precaution.
We have no contact forms – if you wish to get in touch please send an email.
If you leave a comment on our site you may opt-in to saving your name, email address and website in cookies. These are for your convenience so that you do not have to fill in your details again when you leave another comment. These cookies will last for one year. If you have an account and you log in to this site, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser.
When you log in, we will also set up several cookies to save your login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If you select “Remember Me”, your login will persist for two weeks. If you log out of your account, the login cookies will be removed.
Embedded content from other websites
We use Google analytics to monitor webpage usage and provide aggregate metadata about how many visitors view each page. Google captures and collects data from your visit to our site and your cookies and we are the Controller of that data in allowing it to be passed to them. Google will automatically delete all data when it reaches the retention period that we have set at one month. Apart from this no data at customer level granularity is retained.
How long we retain your data
For users that register on our website (if any), we also store the personal information they provide in their user profile. All users can see, edit, or delete their personal information at any time (except they cannot change their username). Website administrators can also see and edit that information.
What rights you have over your data
If you have an account on this site, or have left comments, you can request to receive an exported file of the personal data we hold about you, including any data you have provided to us. You can also request that we erase any personal data we hold about you. This does not include any data we are obliged to keep for administrative, legal, or security purposes.
Where we send your data
Your name, address and order data is passed from our website to the Xero online accounting system that we use for creating invoices, VAT and other accounting, using OAuth2a protocol encrypted communications.
Your contact information
How we protect your data
Our website is hosted on servers by one of the UK’s best hosting services Havenswift. They have an excellent reputation for service and security. We have very strong security on our server with multiple security measures including a strong firewall, additional server password protection, hidden login screen, no uploads or comments and DDOS attack prevention measures that will be triggered by any suspicious activity. We also have various live anti-hacking and anti-spam software modules.
To avoid the risk of malicious software being planted on our site no comments or content of any kind is permitted to be placed on any of our blog or web pages. Multiple attempts to load any data or click on any page too quickly will trigger our firewall blocking which is set to a high and sensitive level. Multiple customer login attempts with wrong passwords will also result in blocking. Any admin login attempt requires multiple passwords and hardware authentication keys. No admin access has been granted to any third parties and we are alerted any time someone logs in as an administrator. In addition we do full daily scans for malware and viruses. Regular alerts are provided to us of the health and state of the website as well as security logs that provide us with full details of any attempted attacks or issues.
Our email communications are handled by a corporate gmail system with 2FA password protection. Our telephone system is Vonage and this only stores numbers as a log of calls made with no name or other details.
What data breach procedures we have in place
We have full offsite server backups of our sites. We also have a list of registered customers in a separate system so that we can notify them in the event of a security breach. All passwords will be reset.
What third parties we receive data from
We do not receive data from any third parties.
What automated decision making and/or profiling we do with user data
Industry regulatory disclosure requirements
We comply with all regulatory requirements on disclosure.