Privacy Policy

Trust Us with Your Information

When you make a purchase from our website, we do collect certain personal information from you (e.g. your name, address, contact information).  

We will only collect and process personal information about you in order to provide you with the goods and services you request and to enhance your shopping experience with LeHi James.  This may involve the sharing of your personal information with third parties (for example reputable third-party banking – including PayPal and courier companies).

We will never pass your personal details to anyone outside of our organisation for them to use for their own marketing purposes.

We only use your personal information in accordance with the Data Protection Act 2018 (based upon the General Data Protection Regulation (GDPR) (EU) 2016/679) and any other applicable data protection and privacy laws and regulations.

For the purposes of the DPA, we are the data controller in respect of your personal information that we collect and process as described in this Privacy Policy.

What information do we collect?

We may collect and process information about you, including your name, address, contact details (including email address and mobile phone number), payment card details, product selections and details of your purchases and purchasing habits. This information is referred to in this Privacy Policy as "personal information".

This information is collected directly, e.g. when you set up an on-line account with us or place an order, and indirectly, for example your browsing or shopping activity on our website.

Purpose of processing your personal data?

The lawful primary basis for the processing of your personal data is under a "Performace of Contract" with you.

How do we use your personal information?

Lehi James only uses your personal information to enhance your shopping experience with us.  We may use your personal information for the following purposes:

  • To provide goods and services to you

  • To make a tailored website available to you

  • To manage any registered account(s) that you hold with us

  • To verify your identity

  • For crime and fraud prevention, detection and related purposes

  • To enable LeHi James to manage customer service interactions with you, e.g. respond to queries you submit to us

  • Where we have a legal right or duty to use or disclose your information (for example in relation to an investigation by a public authority or in a legal dispute).

How long do we keep hold information?

We will not retain your data for longer than necessary for the purposes set out in this policy.  Different retention periods apply for different types of data, however, the longest we will normally hold any personal data is 6 years.

At the end of that retention period, your data will either be deleted completely or anonymised, for example by aggregation with other data so that it can be used in a non-identifiable way for statistical analysis and business planning.

How can I access the information you hold about me?

The right of access, commonly referred to as a ‘subject access request’, gives you the right to obtain a copy of your personal data (not others) as well as other supplementary information. 

A request may be made verbally or in writing. Although the GDPR does not specify how to make a valid request we would ask that you make it clear that you are requesting a copy of your own personal data.

In most cases we cannot charge a fee to comply however, where the request is manifestly unfounded or excessive we may charge a “reasonable fee” for the administrative costs of complying with the request.  We can also charge a reasonable fee if you request further copies of the data following a request. 

We will comply with your request within 1 month.

Rights of individuals.

As an Individual you have a number of rights in relation to the information that we hold about you. These rights include: 

  1. “The right to be informed…as per this Privacy notice”

  2. “The right of access…we will provide a copy of the data within 30 days”

  3. “The right to rectification…of any inaccuracies or omissions in your data”

  4. “The right to erasure and to be forgotten…personal data is no longer necessary for the purpose it was originally collected, but subject to the basis of processing”

  5. “The right to restrict processing…to request restriction or suppression although not an absolute right”

  6. “The right to data portability…you obtain and reuse your personal data for your own purpose however, it is your responsibility to check the receiving controller complies with the GDPR”

  7. “The right to object…right to object to the processing or personal data in certain circumstances”

  8. “Rights in relation to automated decision making and profiling… where decisions may be taken without human intervention”.

What can you do if you are unhappy with how your personal data is processed?

You also have a right to lodge a complaint with the supervisory authority for data protection. In the UK this is:

Information Commissioner's Office
Wycliffe House
Water Lane
SK9 5AF 

T: 0303 123 1113 (local rate) or

Policy changes.

If we decide to change this Security &Privacy Policy, we will post the updated Policy on our Website so that you are always aware of what personal information we collect, how we use it and under what circumstances we disclose it. The updated Security & Privacy Policy will take effect as soon as it is posted on our Website.