top of page

Privacy Policy - Hydro Chill™

 
Effective Date: 28th September 2025 Last Updated: 28th Septemeber 2028

1. Introduction

Hydro Chill™ is committed to protecting your privacy and personal data. This Privacy Policy explains how we collect, use, store, and protect your personal information when you visit our website or purchase our products.

 

Data Controller:

 

  • Company: Hydro Chill™

  • Address: 56 London Road Alderley Edge SK9 7DZ United Kingdom

  • Email: info@hydrochill.com

  • Phone: 001625 838380

  • Data Protection Officer: Ralitsa Stoycheva

 

Legal Basis: This policy complies with:

 

  • UK General Data Protection Regulation (UK GDPR)

  • EU General Data Protection Regulation (EU GDPR)

  • Data Protection Act 2018 (UK)

  • Privacy and Electronic Communications Regulations

 

2. Information We Collect

2.1 Personal Information You Provide

Account and Order Information:

 

  • Name, email address, phone number

  • Billing and delivery addresses

  • Payment information (processed securely by third parties)

  • Order history and preferences

  • Communication preferences

 

Custom Product Information:

 

  • Specifications and customization requirements

  • Installation location details

  • Technical requirements and preferences

  • Photos or measurements for installation planning

 

Communication Data:

 

  • Customer service inquiries and correspondence

  • Feedback, reviews, and testimonials

  • Marketing communication preferences

  • Support ticket information

2.2 Information We Collect Automatically

Website Usage Data:

 

  • IP address and location data

  • Browser type and version

  • Device information and operating system

  • Pages visited and time spent on site

  • Referral sources and exit pages

 

Cookies and Tracking Technologies:

 

  • Essential cookies for website functionality

  • Analytics cookies to improve our services

  • Marketing cookies for advertising (with consent)

  • Preference cookies to remember your settings

 

Transaction Data:

 

  • Purchase history and order details

  • Payment processing information (tokenized)

  • Delivery and installation records

  • Warranty and service history

 

3. How We Use Your Information

3.1 Contract Performance

We use your data to:

 

  • Process and fulfill your orders

  • Manufacture your bespoke cold plunge system

  • Arrange delivery and installation services

  • Provide customer support and after-sales service

  • Manage warranties and service requests

3.2 Legitimate Interests

We may use your data for:

 

  • Improving our products and services

  • Website analytics and optimization

  • Fraud prevention and security

  • Business administration and record-keeping

  • Quality control and customer satisfaction surveys

3.3 Legal Obligations

We process data to comply with:

 

  • Tax and accounting requirements

  • Consumer protection regulations

  • Product safety and warranty obligations

  • Anti-money laundering requirements

3.4 Marketing (With Consent)

With your consent, we may use your data for:

 

  • Email marketing about new products and offers

  • Personalized product recommendations

  • Customer satisfaction surveys

  • Social media advertising and retargeting

 

4. Legal Basis for Processing

We process your personal data under the following legal bases:

 

Contract (Article 6(1)(b) GDPR):

 

  • Order processing and fulfillment

  • Customer service and support

  • Delivery and installation services

 

Legitimate Interests (Article 6(1)(f) GDPR):

 

  • Website analytics and improvement

  • Fraud prevention and security

  • Business administration

  • Customer relationship management

 

Legal Obligation (Article 6(1)(c) GDPR):

 

  • Tax and accounting records

  • Consumer protection compliance

  • Product safety requirements

 

Consent (Article 6(1)(a) GDPR):

 

  • Marketing communications

  • Non-essential cookies

  • Customer testimonials and reviews

 

5. Data Sharing and Disclosure

5.1 Service Providers

We share data with trusted third parties who help us operate our business:

 

Payment Processors:

 

  • Stripe, PayPal, or other payment gateways

  • Data shared: Payment information, transaction details

  • Purpose: Secure payment processing

 

Delivery and Installation Partners:

 

  • Professional delivery and installation teams

  • Data shared: Contact details, delivery address, product specifications

  • Purpose: Product delivery and installation

 

Technology Providers:

 

  • Website hosting (Wix), email services, analytics providers

  • Data shared: Website usage data, contact information

  • Purpose: Website operation and business communications

 

Manufacturing Partners:

 

  • Specialized component suppliers and craftsmen

  • Data shared: Product specifications and customization requirements

  • Purpose: Bespoke product manufacturing

5.2 Legal Disclosures

We may disclose your data when required by law:

 

  • Court orders or legal proceedings

  • Regulatory investigations

  • Tax authority requests

  • Law enforcement inquiries

5.3 Business Transfers

In the event of a merger, acquisition, or sale of assets, your data may be transferred to the new entity, subject to the same privacy protections.

 

6. International Data Transfers

6.1 Transfer Safeguards

When transferring data outside the UK/EU, we ensure adequate protection through:

 

  • Adequacy Decisions: Transfers to countries with adequate protection

  • Standard Contractual Clauses: EU-approved contract terms

  • Binding Corporate Rules: For transfers within corporate groups

  • Certification Schemes: Privacy Shield or equivalent protections

6.2 Third-Party Services

Some service providers may be located outside the UK/EU:

 

  • Payment Processors: May process data in multiple jurisdictions

  • Cloud Services: Data may be stored in secure international data centers

  • Analytics Providers: May process data globally with appropriate safeguards

 

7. Data Retention

7.1 Retention Periods

Customer Account Data:

 

  • Active Customers: Retained while account is active

  • Inactive Customers: Deleted after 3 years of inactivity

  • Marketing Data: Retained until consent is withdrawn

 

Order and Transaction Data:

 

  • Order Records: 7 years (legal requirement for tax/accounting)

  • Payment Data: Tokenized data retained for refund/dispute purposes

  • Delivery Records: 2 years for warranty and service purposes

 

Communication Data:

 

  • Customer Service: 3 years for quality and training purposes

  • Marketing Communications: Until consent withdrawn

  • Legal Correspondence: 7 years or as legally required

 

Website Data:

 

  • Analytics Data: 26 months (Google Analytics default)

  • Cookie Data: As specified in cookie preferences

  • Security Logs: 12 months for fraud prevention

7.2 Deletion Process

When retention periods expire:

 

  • Data is securely deleted or anonymized

  • Backups are purged according to schedule

  • Third parties are notified to delete shared data

  • Deletion is logged for compliance purposes

 

8. Your Rights Under GDPR

8.1 Access Rights (Article 15)

You have the right to:

 

  • Request a copy of your personal data

  • Receive information about how your data is processed

  • Obtain details about data sharing and retention

8.2 Rectification Rights (Article 16)

You can:

 

  • Correct inaccurate personal data

  • Complete incomplete information

  • Update your contact details and preferences

8.3 Erasure Rights (Article 17)

You may request deletion when:

 

  • Data is no longer necessary for the original purpose

  • You withdraw consent for marketing

  • Data has been unlawfully processed

  • Legal obligation requires deletion

 

Limitations: We may retain data when required for:

 

  • Legal obligations (tax records, warranties)

  • Legitimate interests (fraud prevention)

  • Contract performance (ongoing orders)

8.4 Restriction Rights (Article 18)

You can request processing restrictions when:

 

  • Accuracy of data is contested

  • Processing is unlawful but you prefer restriction to deletion

  • Data is needed for legal claims

8.5 Portability Rights (Article 20)

You can request:

 

  • Data in a structured, machine-readable format

  • Direct transfer to another service provider

  • Applies to data processed by automated means with consent or contract

8.6 Objection Rights (Article 21)

You can object to processing based on:

 

  • Legitimate interests (including profiling)

  • Direct marketing (absolute right)

  • Scientific or historical research purposes

 

9. Exercising Your Rights

9.1 How to Make Requests

To exercise your rights:

 

  • Email: info@hydrochill.com

  • Subject Line: Include "Data Subject Request"

  • Information Required: Full name, email address, specific request

  • Verification: We may request ID verification for security

9.2 Response Times

  • Standard Requests: 30 days from receipt

  • Complex Requests: May be extended by 60 days with notification

  • Urgent Requests: Prioritized where possible

  • Free of Charge: Unless requests are excessive or unfounded

9.3 Right to Complain

If you're unsatisfied with our response, you can complain to:

 

UK Customers:

 

  • Information Commissioner's Office (ICO)

  • Website: ico.org.uk

  • Phone: 0303 123 1113

 

EU Customers:

 

  • Your local Data Protection Authority

  • EU Data Protection Board: edpb.europa.eu

 

10. Cookies and Tracking

10.1 Cookie Types

Essential Cookies (Always Active):

 

  • Shopping cart functionality

  • User authentication

  • Security and fraud prevention

  • Website performance and stability

 

Analytics Cookies (With Consent):

 

  • Google Analytics for website usage statistics

  • Heatmap tools for user experience improvement

  • Performance monitoring and optimization

 

Marketing Cookies (With Consent):

 

  • Google Ads conversion tracking

  • Facebook Pixel for retargeting

  • Email marketing integration

  • Social media sharing functionality

10.2 Cookie Management

You can control cookies through:

 

  • Cookie Banner: Manage preferences on first visit

  • Cookie Settings: Update preferences anytime

  • Browser Settings: Block or delete cookies directly

  • Opt-out Tools: Industry-provided opt-out mechanisms

10.3 Third-Party Cookies

We use cookies from:

 

  • Google: Analytics, Ads, Tag Manager

  • Facebook: Pixel for advertising

  • Payment Providers: Fraud prevention and processing

  • Customer Service: Chat and support tools

 

11. Children's Privacy

11.1 Age Restrictions

  • Our services are not intended for children under 16

  • We do not knowingly collect data from children

  • Parental consent required for children under 16

  • We will delete children's data if discovered

11.2 Parental Rights

Parents can:

 

  • Request access to their child's data

  • Request correction or deletion

  • Withdraw consent for processing

  • Object to marketing communications

 

12. Security Measures

12.1 Technical Safeguards

  • Encryption: SSL/TLS for data transmission

  • Access Controls: Role-based access to personal data

  • Authentication: Multi-factor authentication for staff

  • Monitoring: Continuous security monitoring and logging

12.2 Organizational Measures

  • Staff Training: Regular privacy and security training

  • Data Minimization: Collect only necessary data

  • Privacy by Design: Built-in privacy protections

  • Incident Response: Procedures for data breaches

12.3 Data Breach Procedures

In case of a data breach:

 

  • Assessment: Immediate risk assessment

  • Containment: Steps to limit the breach

  • Notification: Authorities notified within 72 hours if required

  • Communication: Affected individuals notified if high risk

 

13. Updates to This Policy

13.1 Policy Changes

  • We may update this policy to reflect legal or business changes

  • Material changes will be prominently notified

  • Continued use constitutes acceptance of updates

  • Previous versions available upon request

13.2 Notification Methods

  • Email: Direct notification to registered users

  • Website: Prominent notice on homepage

  • Account Dashboard: Notification in user accounts

  • Version History: Available for review

 

14. Contact Information

14.1 Privacy Inquiries

Email: info@hydrochill.com Phone: 00441625838380 Address: 56 London Road Alderley Edge SK9 7DZ United Kingdom  Response Time: Within 48 hours for initial response

14.2 Data Protection Officer

Email: info@hydrochill.com (if applicable) Role: Independent oversight of data protection compliance Availability: For complex privacy matters and complaints

 

15. Specific Provisions

15.1 UK-Specific Provisions

  • Compliance with UK GDPR and Data Protection Act 2018

  • ICO registration and compliance

  • UK adequacy decisions for international transfers

  • English law governs privacy disputes

15.2 EU-Specific Provisions

  • Compliance with EU GDPR (Regulation 2016/679)

  • Local data protection authority jurisdiction

  • EU adequacy decisions and transfer mechanisms

  • Local consumer protection law integration

 

 

Last Review Date: [Insert Date] Next Scheduled Review: [Insert Date + 12 months]

 

Important Notice: This Privacy Policy is designed to comply with UK and EU data protection laws. However, laws may change, and specific circumstances may require legal advice. We recommend consulting with legal counsel for complex privacy matters.

bottom of page