Last updated: 15th September 2025
This Privacy Policy explains how Hats World (MCR) Ltd (“we”, “our”, “us”) collects, uses, and protects your personal data when you use our website or interact with us.
We are committed to ensuring that your privacy is protected and that we comply with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
1. Who We Are
Hats World (MCR) Ltd is a wholesale supplier of fashion and household goods, registered in the United Kingdom. For the purposes of data protection law, we are the Data Controller of your personal information.
If you have any questions about this policy or your data, you can contact us at:
Email: help@hatsworld.uk
Address: 49 Broughton Street, Manchester, M8 8AN
2. What Information We Collect
We may collect and process the following personal and business information:
Identity information (name, business name, position, company registration details)
Contact details (address, phone number, email address)
Payment information (bank details, card details if applicable, VAT number)
Account information (login credentials, wholesale account records, order history)
Demographic information (postcode, preferences, interests)
Website usage information (IP address, browser type, device information, cookies, browsing patterns)
Marketing preferences (consent to receive promotional communications)
3. How We Use Your Information
We use your information for the following purposes:
To process and fulfil your orders
To manage wholesale accounts and verify trade status
For payment processing and fraud prevention
To comply with legal and tax obligations
To improve our products, services, and website
To send you service communications (e.g., order confirmations, account updates)
To send marketing communications where you have consented or where we have a legitimate interest (B2B marketing)
To conduct market research and customer feedback surveys
For website analytics, advertising, and personalisation
To protect our website from spam, bots, and abuse using security tools such as Google reCAPTCHA
4. Lawful Basis for Processing
We only process your personal data where we have a lawful basis under UK GDPR:
Contract – processing your orders and managing your account
Legal obligation – record keeping, VAT, tax, and compliance purposes
Legitimate interests – improving services, B2B marketing, fraud prevention, website security
Consent – where you opt-in for marketing or cookies
5. Data Retention
We keep your personal data only for as long as necessary:
Order and account records: up to 7 years (for legal and tax purposes)
Marketing data: until you withdraw consent or unsubscribe
Website analytics: in accordance with our cookie policy
6. Sharing Your Information
We do not sell or lease your information. We may share it with:
Service providers and partners (e.g., payment processors, couriers, IT support, website hosting, CRM providers)
Professional advisers (e.g., accountants, lawyers, auditors)
Regulators and legal authorities (if required by law)
If we transfer data outside the UK (e.g., to cloud service providers), we ensure appropriate safeguards (such as UK-approved standard contractual clauses).
7. Cookies, Tracking & Security Tools
Our website uses cookies and similar technologies to:
Analyse traffic and website performance
Remember your preferences
Deliver relevant advertising
Protect against spam and abuse
Google reCAPTCHA
We use Google reCAPTCHA v2 on our website to detect and prevent spam, bots, and abusive activity. reCAPTCHA analyses interactions with the site (such as mouse movements and browsing patterns) to determine whether the visitor is a human.
The use of reCAPTCHA is subject to the Google Privacy Policy and Google Terms of Service:
By using our forms or interacting with our site, you acknowledge that reCAPTCHA may process certain technical information about your activity for security purposes.
You can manage or disable cookies via your browser settings. For full details, see our Cookie Policy.
8. Your Data Protection Rights
Under UK GDPR, you have the right to:
Access – request a copy of the personal data we hold
Rectification – correct inaccurate or incomplete data
Erasure (“Right to be Forgotten”) – request deletion of your data
Restriction – limit how we process your data
Data portability – request transfer of your data to another provider
Object – to processing for direct marketing or certain legitimate interests
Withdraw consent – where processing is based on consent
To exercise your rights, contact us at [Insert email]. We aim to respond within one month.
If you are unhappy with how we handle your data, you can complain to the Information Commissioner’s Office (ICO) at www.ico.org.uk
9. Security
We are committed to keeping your data secure. We use appropriate technical, organisational, and physical measures to protect against unauthorised access, alteration, disclosure, or destruction of your personal data.
10. Links to Other Websites
Our website may contain links to external websites. We are not responsible for their privacy practices. Please check their privacy policies when visiting third-party sites.
11. Changes to This Privacy Policy
We may update this Privacy Policy from time to time. Any updates will be published on this page with a new "Last updated" date.