PRIVACY POLICY
Last Update Date:
December 29, 2023
1. Introduction
We value privacy and protection of your personal data. This Privacy Policy ("Policy") describes how Hiccup collects, uses, and shares your personal information when you visit or make a purchase from our website (the“Website”) and our mobile applications (the“App”) .
This Policy applies to Hiccup products and services, including the Website, the App and other associated services (collectively, the“Service(s)”). Hiccup may also link to third parties on our Services. This Policy applies only to our Services, thus we highly recommend you read their Privacy Policy and know how third parties define personal data or how they use it before interacting with them.
We will process your personal data and information in compliance with the applicable data protection laws in each case, including, but not limited to, Turkish Law on the Protection of Personal Data No 6698 (“Turkish Data Protection Act”), the General Data Protection Regulation (“GDPR”), the UK GDPR (the GDPR as it applies under UK law), and Data Protection Act 2018 (“DPA 2018”).
All personal shall be processed in accordance with the following principles
- Lawfully and fairly,
- Accurately and by keeping up to date where necessary,
- For specified, explicit and legitimate purposes,
- Adequately, relevant and limited to what is necessary in relation to the processing purposes as mentioned herein,
- By keeping within the scope of the relative legislation or under necessary conditions of data processing and aims for the purposes of processing.
2. Identity of data controllers
HICCUP E-Ticaret Anonim Şirketi (with respect to sale of retail products and services) and Lykiafashion Limited (with respect to operation of the Website) are jointly the data controllers.
Data Controllers Details
HICCUP E-Ticaret Anonim Sirketi
Registered office address: Maslak Mah. AOS 55. Sk. 42 Maslak B Blok Sitesi No: 4/542 Sariyer / Istanbul, Turkey
Trade Registry / Company Registration Number: Istanbul Trade Registry / 476737-5
Central Registry System Number (MERSIS): 0462102584600001
Lykiafashion Limited
Registered office address: 46-54 High Street, Ingatestone, Essex, United Kingdom, CM4 9DW
Company Registration Number: England & Wales -14816361
3. What personal data about you is being processed by us?
When you use our Services or interact with us through some other means we collect data either directly from you or through you. This information is divided into three main categories: (1) information you provide to us directly, (2) information we automatically collect from you and (3) information we collect from third parties.
3.1 Data Provided by you
We may collect the following types of personal intormation:
a) Account information: We collect your information when you create an account on our Website or App. This may include your name, email, phone number, date of birth, gender information, your IP, and social media profile information if you choose to log-in this way.
b) Purchase and return information: We collect information about you when you purchase goods or potentially return them. This may include the items that you bought including the information about those items such as sizes, styles, and colours and whether you kept or returned those items and the reason for those returns.
c) Marketing and Communication Information: We collect and use your information such as your e-mail and name when you sign up for e-newsletter on our Website or opt to receive news and offers from us by entering your name and e-mail address and clicking subscribe or ticking the opt-in box at checkout indicating that you would like to receive your e-newsletter or marketing communications.
d) Direct interest Information: We collect and use your information when you choose to provide it, such as when you like a product, add them to your favourites or interact with our social media posts. This might include the number of interactions and the items in your favourites.
e) Shipping information: We collect your information to be able to send you the goods you order. This may include your address details, country that you live in, and preferred delivery times.
f) Payment Information: When you purchase a product on our Website or App, we'll ask you to provide our payment processor (Adyen) with your payment method information like a credit card or your Paypal account and your billing address. Our payment processor, acting on our behalf, gathers this so we can bill you for your use of our products and services. Our payment processor will share your billing address with us. We'll also use your billing address for tax calculation and audit purposes.
g) Reviews or other user provided content: We collect and use your information when you provide reviews on our website, social media pages, reach out to us through our customer support channels or through surveys we send out. This may include any pictures or video content that you provide us with, your public social media information if you choose to reach out to us through social media channels.
3.2 Information we collect from you automatically
We will directly collect or generate certain information about your use of the Service (such as user activity data, analytics event data, and clickstream data) for data analytics and machine learning, and to help us measure traffic and usage trends for the Service. We may also use third-party analytics tools that automatically collect information sent by your browser or mobile device, including the pages you visit and other information that assists us in improving the Service. For more information, please see the paragraphs below on cookies information, log file information, clear gifs, device identifiers, and location data.
a) Cookies information and information taken from similar technologies: When you visit the Service, we (and our third-party partners) will send cookies — small text files containing a string of alphanumeric characters — to your computer that uniquely identifies your browser and lets Hiccup do things like help you log in faster, enhance your navigation through the site, remember your preferences and generally improve the user experience. Cookies also convey information to us about how you use the Service (e.g., the pages you view, the links you click and other actions you take on the Service), and allow us or our business partners to track your usage of the Service over time. They also allow us to measure traffic and usage trends for the Service, deliver personalised advertisements that may be of interest to you and measure their effectiveness, and find potential new users of the Service.
You can control or reset your cookies and similar technologies through your web browser, which will allow you to customise your cookie preferences and refuse all cookies or to indicate when a cookie is being sent. However, some features of the Service may not function properly if the ability to accept cookies is disabled. For more information on how we use cookies and other technologies and how you can control them, please read our Cookie Policy
b) Log file information: Log file information is automatically reported by your browser or mobile device each time you access the Service. When you use our Service, our servers automatically record certain log file information. These server logs may include anonymous information such as your web request, browser type, referring / exit pages and URLs, number of clicks and how you interact with links on the Service, domain names, landing pages, pages viewed, and other such information.
c) Clear gifs/web beacons information: When you use the Service, we may employ clear GIFs (also known as web beacons) which are used to anonymously track the online usage patterns of our users. In addition, we may also use clear GIFs in HTML-based emails sent to our users to track which emails are opened and which links are clicked by recipients. This information allows for more accurate reporting and improvement of the Service.
d) Device identifiers: When you access the Service on a device (including smartphones or tablets), we may access, collect and/or monitor one or more “device identifiers,” such as a universally unique identifier (“UUID”). Device identifiers are small data files that uniquely identify your mobile device. A device identifier may convey information to us about how you use the Service. A device identifier may remain persistently on your device, to help you log in and navigate the Service better. Some features of the Service may not function properly if use of device identifiers is impaired. Device Identifiers used by us include the Android Advertising ID and iOS Advertising Identifier.
e) Location data: Such as precise or approximate location determined from your IP address, mobile or other device's GPS, or other information you share with us, depending on your device settings. We may also collect this information when you're not using the app if you enable this through your settings or device permissions. We collect information to understand where its users are located for several reasons. It helps us to localize and personalize content, comply with local laws, undertake aggregated analytics, improve advertising efficiency and estimate the tax liability of us.
We may collect your precise or approximate location:
- from you, when you provide, correct or confirm your location (e.g., when you purchase products from us);
- by inferring your location from your IP address; and
- from our partners or your payment provider.
3.3 Information we collect from third parties
In some exceptional cases we might receive information about you through other channels other than directly from you. These sources might include from our shipping service providers, customs, regulatory or law enforcement authorities. The types of data obtained from these sources differ depending on the source of the data and may include your contact details and ancillary information.
• Enabling the delivery of purchased items by logistics/delivery service providers including notifications in connection with the delivery (such as tracking information), the latter to the extent permitted by applicable law without your consent.
• Provision of our Services, including but not limited to displaying your transaction and Feedback history to you, providing and enhancing features such as payment processing, ratings, authentication services, providing you with a personalized shopping experience. We may for example present you with personalized suggestions based on your past shopping and website interactions to make navigating our products easier and account management, and ensuring the functionality of our Services.
• Processing of general location data (such as IP address or postal code) in order to provide you with location-based services (such as radius search and other content that is personalized on the basis of your general location data).
If you do not provide the data that is required for the above purposes, we are unable to deliver you the service that you requested and it will therefore not be possible for you to shop and purchase goods at our Website or App.
• we may collect your e-mail address and any other information you provide in that e-mail (such as your name, telephone, the information contained in any signature block) when you send us an e-mail to the e-mail address displayed on our website/App;
• we may collect name, e-mail address and IP address and also any other information you provide to us when you complete the contact form, including any optional information, such as: phone number, reason for enquiry and your comments, when you contact us using our contact form.
• When you contact us by post, we will collect any information you provide to us in any postal communications you send us.
and
our legitimate interests (Article 6(1)(f) of the GDPR and Article 5(2)(c) of the Turkish Data Protection Law)
We and our third party hosting provider (please check section 5 for detailed information regarding our third-party service providers) collect and store server logs to ensure network and IT security and so that the server and website remain uncompromised.
This includes analysing log files to help identify and prevent unauthorised access to our network, the distribution of malicious code, denial of services attacks and other cyber-attacks, by detecting unusual or suspicious activity and to provide a secure and safe browsing experience
Unless we are investigating suspicious or potential criminal activity, we do not make, nor do we allow our hosting provider to make, any attempt to identify you from the information collected via server logs.
Analyse Website use and improve our Website Purposes:
We use the information collected by our Website server logs to analyse how our Website users interact with our Website and its features and improve our Website for our Website users and getting know our Website user's preferences so our Website can better meet their needs and desires.
• Send you non-marketing related communication, for example to inform you about the status of your goods or ask your feedback about Hiccup or the goods you have purchased.
• Send you tailored promotional messages, such as notifications of new products on our platform or suggestions for items that complement your past purchases. We may use email or in-app notifications to communicate with you. These notifications can also be sent through our own app or on popular messaging services.
• To develop, run, and improve our online and offline advertisements. For example when you click on one of our advertisements on another website that you are visiting, we would know that you reached us through one of our advertisements. In most cases, we rely on the use of cookies and similar technologies for our advertisements. If you would like to learn or adjust your preferences, please visit our consent banner.
• To run, maintain, and improve our social media pages, for example when you communicate with us through our social media pages or if you tag Hiccup in a message.
In the event you visit us on Facebook and Instagram, we are the data controller of all the information you place on those pages or when you communicate with us.
and
our legitimate interests (Article 6(1)(f) of the GDPR and Article 5(2)(c) of the Turkish Data Protection Law)
or
your consent ((Article 6(1)(a) of the GDPR, Article 5(1) of the Turkish Data Protection Law), in which case you are always easily able to revoke such a consent.
• Accounting and financial reporting
• Legal proceedings with you or others
• Law enforcement inquiries and other criminal investigations
• Mergers & Acquisitions
• Compliance requirements to which we are subject. For example product compliance to ensure we know where our goods have been shipped to or customs obligations.
In other cases we use the information based on our legitimate interest to ensure the continuity of our business
5. Disclosure of your information
We may disclose your personal data to our service providers or third parties.
5.1 Disclosure of your information to third-part service providers
These third-party vendors collect, store, use, process and transfer information about your activity regarding our Service in accordance with their Privacy Policies. These include the following:
Analytics
We may use third-party service providers to monitor and analyse the use of our Service.
• Google Analytics
Google Analytics is a web analytics service offered by Google that tracks and reports website traffic. Google uses the data collected to track and monitor the use of our Service. This data is shared with other Google services. Google may use the collected data to contextualize and personalize the ads of its own advertising network.
You can opt-out of having made your activity on the Service available to Google Analytics by installing the Google Analytics opt-out browser add-on. The add-on prevents the Google Analytics JavaScript (ga.js, analytics.js and dc.js) from sharing information with Google Analytics about visits activity.
For more information on the privacy practices of Google, please visit the Google Privacy & Terms web page: https://policies.google.com/privacy
Payments
We may provide paid products and/or services within the Service. In that case, we may use third-party services for payment processing (e.g. payment processors).
We will not store or collect your payment card details. That information is provided directly to our third-party payment processors whose use of your personal information is governed by their Privacy Policy. These payment processors adhere to the standards set by PCI-DSS as managed by the PCI Security Standards Council, which is a joint effort of brands like Visa, Mastercard, American Express and Discover. PCI-DSS requirements help ensure the secure handling of payment information.
• Paypal
Their Privacy Policy can be viewed at https://www.paypal.com/webapps/mpp/ua/privacy-full
• Adyen
Their Privacy Policy can be viewed at https://www.adyen.com/policies-and-disclaimer/privacy-policy
Hosting and Backend Infrastructure
This type of service has the purpose of hosting data and files that enable this Website/App to run and be distributed as well as to provide a ready-made infrastructure to run specific features or parts of this Website/App.
Some services among those listed below, if any, may work through geographically distributed servers, making it difficult to determine the actual location where the Personal Data are stored.
• MongoDB Cloud (MongoDB, Inc.)
Their Privacy Policy can be viewed at https://www.mongodb.com/legal/privacy-policy
• Amazon Web Services (AWS) (Amazon Web Services, Inc.)
Their Privacy Policy can be viewed at https://aws.amazon.com/privacy/
Managing Contracts and Sending Messages
This type of service makes it possible to manage a database of email contacts, phone contacts or any other contact information to communicate with our users.
Their Privacy Policy can be viewed at: https://www.twilio.com/en-us/legal/privacy
Accounting software services
We use Parasut to generate e-archive invoices for micro exports in Turkey
Their Privacy Policy can be viewed at: https://www.parasut.com/kisisel-verilerin-korunmasi-ve-islenmesine-iliskin-aydinlatma-metni
Shipping service providers
We may disclose your information with shipping service providers to deliver your orders.
Logistic services:
We use Navlungo for overseas cargo for shipping from Turkey. Their Privacy Policy can be viewed at: https://navlungo.com/en/personal-data-protection.
5.2 Other Third Parties
We share your information with third parties, which are either related to or associated with the running of our business, where it is necessary for us to do so. These third parties include our accountants, advisors, lawyers, independent contractors.
6. Transfer of your information outside of the European Economic Area
Some recipients of your personal data are located outside your country or have offices in countries where data protection laws may provide a different level of protection than the laws in your country.
With respect to provide sale of retail products and services on our Website or App, your personal data is transferred to Turkey. In addition, some of our service providers that we use to provide you with our services are located in countries that do not provide a level of data protection that is the same or similar to that of the European Union (see section 5). When we do so this is either necessary in order to provide you with the services you requested, with your explicit consent, or other transfer mechanisms that may be available under the law such as Standard Contractual Clauses
7. How long we retain your information
Server log information: we retain information on our server logs for 120 days.
Order information: when you place an order for goods and services, we retain that information for 10 (ten) years following the end of the financial year in which you place your order, in accordance with our legal obligation to keep records for tax purposes.
Correspondence and enquiries: when you make an enquiry or correspond with us for any reason, whether by email or via our contact form or by phone, we will retain your information for as long as it takes to respond to and resolve your enquiry, and for 6 further months, after which point we will delete your information.
E-Newsletter or e-mail marketing: we retain the information you used to sign up for our e-newsletter for as long as you remain subscribed (i.e. you do not “unsubscribe”) or if we decide to cancel our e-newsletter service, whichever comes earlier.
Criteria for determining retention periods
In any other circumstances, we will retain your information for no longer than necessary, taking into account the following:
the purpose(s) and use of your information both now and in the future (such as whether it is necessary to continue to store that information in order to continue to perform our obligations under a contract with you or to contact you in the future);whether we have any legal obligation to continue to process your information (such as any record-keeping obligations imposed by relevant law or regulation);whether we have any legal basis to continue to process your information (such as your consent);how valuable your information is (both now and in the future);any relevant agreed industry practices on how long information should be retained; the levels of risk, cost and liability involved with us continuing to hold the information; how hard it is to ensure that the information can be kept up to date and accurate; and any relevant surrounding circumstances (such as the nature and status of our relationship with you).
8. How we secure your information
We take appropriate technical and organisational measures to secure your information and to protect it against unauthorised or unlawful use and accidental loss or destruction, including:
• only sharing and providing access to your information to the minimum extent necessary, subject to confidentiality restrictions where appropriate, and on an anonymised basis wherever possible;
• using secure servers to store your information; verifying the identity of any individual who requests access to information prior to granting them access to information;
• using Secure Sockets Layer (SSL) software to encrypt any information you submit to us via any forms on our website and any payment transactions you make on or via our website; and
• pseudonymisation of stored data and passwords
Transmission of information to us by email
Transmission of information over the internet is not entirely secure, and if you submit any information to us over the internet (whether by email, via our website or any other means), you do so entirely at your own risk.
We cannot be responsible for any costs, expenses, loss of profits, harm to reputation, damages, liabilities or any other form of loss or damage suffered by you as a result of your decision to transmit information to us by such means.
9. Children's Privacy
Our Website and App were not developed or intended for individuals under the age of 18 and we do not knowingly collect information from children under the age of 18 years old. If you provide your information to us through a request form or any part of our platform you represent to us that you are at least 18 years old. If you learn that your child has provided us with personal information without your consent, you may alert us at [email protected] , and we will promptly take steps to delete such information.
10. Your Rights
We provide you with various ways to take control of the way we use your personal data. In most cases you can control our use of your personal data directly on the website.
• Right to access: You have the right to request a copy of your personal data which you can obtain by sending a message to [email protected] or making application on our Website here. When doing so we will provide you with a copy in a machine readable format that you can easily transmit to another controller ( Right to data portability).
• Right to rectification: You can update most of your personal data that we hold on you directly in your account settings. If you feel that we hold other inaccurate information about you, you can contact us directly via [email protected] or in the privacy centre on our website here.
• Right to deletion: You can delete your account and/or request the deletion of your personal data directly in the privacy centre on our Website here.
• Right to object to the processing of your personal data: In the event that we process your personal data based on our, or someone else's, legitimate interest you can object to us using your personal data for that purpose. Please provide us with any information that you can based on which you believe your interest overrides ours. If you do, we shall reassess our legitimate interest based on the new facts that you have provided and if granted will stop using your personal data for this purpose. When objecting to our use of your personal data for direct marketing purposes we shall stop using your data for such purposes.
• Right to restrict the processing of your personal data: You can request us to restrict our use of your personal data in the event that you don't believe your data is accurate, you believe the data processing is unlawful but you don't want us to delete the data, we no longer need the data for its intended purpose but you require it for the establishment, exercise or defence of a legal claim, or you have objected to our use of your personal data and want us to restrict its use until we have made a decision regarding your objection.
• Withdrawal of Consent: Whenever you have given your consent to the processing of your personal data, you can withdraw that consent at any time, doing so is free of charge. You can withdraw your consent directly in your account settings or otherwise at the bottom of any marketing communication that we send you. Please note that you can also withdraw consent for each communication channel separately, including email, text messages (SMS), and in-app notifications, allowing you to manage your preferences with precision.
In accordance with Article 77 of the GDPR, you also have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or of an alleged infringement of the GDPR.
For the purposes of the UK, the supervisory authority is the Information Commissioner's Office (ICO), the contact details of which are available here: https://ico.org.uk/global/contact-us/
Further information on your rights in relation to your personal data as an individual
The above rights are provided in summary form only and certain limitations apply to many of these rights. For further information about your rights in relation to your information, including any limitations which apply, please visit the following pages on the ICO's website:
https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/individual-rights/ and https://ico.org.uk/for-the-public/is-my-information-being-handled-correctly/
You can also find out further information about your rights, as well as information on any limitations which apply to those rights, by reading the underlying legislation contained in Articles 12 to 22 and 34 of the GDPR, which is available here: http://ec.europa.eu/justice/data-protection/reform/files/regulation_oj_en.pdf
11. Contact Details
If you have any questions about how we use your personal information, wish to exercise any of your data subject rights, make a suggestion or make a complaint, you can contact us directly via [email protected].
12. Changes to our privacy policy
We update and amend our Privacy Policy from time to time.
Minor changes to our Privacy Policy
Where we make minor changes to our Policy, we will update our Policy with a new effective date stated at the end of it. Our processing of your information will be governed by the practices set out in that new version of the Privacy Policy from its effective date onwards.
Major changes to our Privacy Policy or the purposes for which we process your information
Where we make major changes to our Policy or intend to use your information for a new purpose or a different purpose than the purposes for which we originally collected it, we will notify you by email (where possible).
We will provide you with the information about the change in question and the purpose and any other relevant information before we use your information for that new purpose.
Wherever required, we will obtain your prior consent before using your information for a purpose that is different from the purposes for which we originally collected it.