Privacy Policy

Last updated: 10/02/2026

This Privacy Policy explains how we handle your personal data.

This Privacy Policy explains how HAYVO LIMITED ("we", "us", "our") collects, uses, discloses and protects your personal data when you use our website https://hayvolimited.com (the "Website") and when you purchase our products or otherwise interact with us.

We are committed to protecting your privacy and processing your personal data in accordance with the UK General Data Protection Regulation ("UK GDPR") and the Data Protection Act 2018.

Please read this Privacy Policy carefully. If you do not agree with this Policy, you should not use our Website or provide your personal data to us.

1. Definitions and terminology

In this Privacy Policy, the following terms have the meanings set out below:

  • "Controller" – the natural or legal person which determines the purposes and means of the processing of personal data. For the purposes of this Policy, the Controller is HAYVO LIMITED.
  • "Personal data" – any information relating to an identified or identifiable natural person ("data subject"); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, identification number, location data, online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
  • "Processing" / "to process" – any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
  • "UK GDPR" – the UK General Data Protection Regulation, being the retained EU law version of the General Data Protection Regulation (EU) 2016/679, as it forms part of the law of England and Wales, Scotland and Northern Ireland by virtue of section 3 of the European Union (Withdrawal) Act 2018, as amended.
  • "Data subject" / "you" / "your" – any identified or identifiable natural person whose personal data is processed by us, for example a Website visitor, customer or contact person.
  • "Third party" – a natural or legal person, public authority, agency or body other than the data subject, Controller, processor and persons who, under the direct authority of the Controller or processor, are authorised to process personal data.
  • "Website" – our website available at https://hayvolimited.com and any of its sub‑pages or online resources operated and controlled by us.

Any other terms used but not defined in this section shall have the meanings given to them in the UK GDPR.

2. Data controller and contact details

2.1. We are the data controller of your personal data.

2.2. The data controller ("Controller") responsible for your personal data is:
HAYVO LIMITED
Company Number: 16039279
VAT Number: 481236005
Registered office: 27 Old Gloucester Street, London, United Kingdom, WC1N 3AX

If you have any questions about this Privacy Policy or our data protection practices, you can contact us at: info@hayvoltd.com

3. Scope and who this Policy applies to

3.1. This Policy applies to your interactions with us in connection with our Website and products.

3.2. This Privacy Policy applies to:

  • visitors to our Website;
  • customers purchasing our products;
  • individuals contacting us (for example by email, via contact forms or through social media);
  • prospects receiving our marketing communications (where permitted).

3.3. This Policy does not apply to websites, apps or services operated by third parties, including carriers (such as DHL or any other delivery partners), payment providers, or social media platforms. Those services are governed by their own privacy notices.

4. Categories of personal data we collect

4.1. We collect different types of personal data depending on how you interact with us.

4.2. Depending on your interactions with us, we may collect and process the following categories of personal data:

4.2.1. Identity and contact data

  • name;
  • billing and delivery address;
  • email address;
  • telephone number (if provided).

4.2.2. Order and transaction data

  • products ordered;
  • order dates and values;
  • payment status;
  • delivery status and tracking information;
  • information relating to returns, reversals and chargebacks.

4.2.3. Payment data

Limited payment information such as payment method and transaction identifiers. We do not store full payment card details; these are processed by our third‑party payment processors on our behalf.

4.2.4. Technical and usage data

  • IP address;
  • browser type and version;
  • device identifiers;
  • time zone setting and approximate location;
  • information about how you use our Website (pages viewed, interactions on pages, referring URLs, session duration and similar usage statistics), collected by automated means such as server logs and similar technologies.

4.2.5. Marketing and communication data

  • your preferences in receiving marketing from us;
  • records of your communication preferences and any consent you have given;
  • information about your interaction with our marketing communications (for example, whether you open or click our emails).

4.2.6. Customer support and communication data

  • messages you send us (e.g. via email, contact form, webchat or social media);
  • information relating to complaints, returns, reversals and chargebacks;
  • any additional information you voluntarily provide in your communications with us.

4.2.7. Social media and online community data (where applicable)

If you interact with us via social media (for example, by following our page, commenting, sending a direct message, or participating in a promotion we run on a platform), we may receive:

  • your public profile information (name, username or handle, profile photo);
  • the content of your messages, comments or posts directed to us;
  • other information made available to us by the social media platform in accordance with your settings on such platform.

5. How we collect your personal data

5.1. We collect personal data directly from you and from certain third parties.

5.2. Data you provide directly

5.2.1. In particular, we collect personal data when you:

  • fill in forms on our Website (for example, during checkout or via a contact form);
  • create or update an account (where account functionality is available);
  • subscribe to our newsletters or other marketing communications;
  • communicate with us by email, phone, webchat, social media or other channels;
  • participate in promotions, surveys or similar activities that we organise.

5.2.2. By filling out the submission form and clicking the "send" / "checkout" button on our Website you agree to the terms of this Policy and provide the Controller with your informed consent to the processing of your personal data where consent is the applicable legal basis, and you acknowledge that we may process your data on other legal bases as set out in section 7 of this Policy.

5.2.2.1. At the same time, we proceed from the following:

  • you have provided completely reliable information. We do not verify its authenticity. All risks of providing false or insufficient information are yours;
  • you have the right to give appropriate consent. If for some reason you do not have such a right, consent to the processing of personal data is provided by your legal representative.

5.2.2.2. By giving consent to the processing of personal data and agreeing to the terms of this policy, you consent to the transfer of your data, including to third parties.

5.3. Data we collect automatically

5.3.1. When you use our Website, we automatically collect certain technical and usage data by means of our IT systems (for example, server logs and similar technologies). This information helps us to operate, secure and improve the Website and to understand how it is used.

5.4. Data we receive from third parties

5.4.1. We may receive personal data about you from third parties, including:

  • payment service providers (for example, confirmation of payment, limited payment details, information relating to chargebacks and reversals);
  • delivery and logistics partners (for example, status of shipment and delivery, proof of delivery, information about returns);
  • analytics and advertising providers (for example, aggregated or pseudonymised information about how you interact with our Website or adverts);
  • social media platforms when you interact with our content or communicate with us through those platforms;
  • fraud prevention and risk management providers, where applicable.

5.4.2. When we obtain your personal data from other sources, we will process it in accordance with this Privacy Policy and, where legally required, we will inform you within the applicable deadlines about such processing.

6. Purposes and legal bases for processing

6.1. We process your personal data only where we have a lawful basis to do so.

6.2. We process your personal data under the legal bases set out in the UK GDPR. Depending on the purpose, we rely on one or more of the following legal bases:

  • the processing is necessary for the performance of a contract with you or in order to take steps at your request prior to entering into a contract (Art. 6(1)(b) UK GDPR);
  • the processing is necessary for compliance with a legal obligation to which we are subject (Art. 6(1)(c) UK GDPR);
  • the processing is necessary for the purposes of our legitimate interests or those of a third party, except where such interests are overridden by your interests or fundamental rights and freedoms (Art. 6(1)(f) UK GDPR);
  • in some cases, you have given your consent to the processing (Art. 6(1)(a) UK GDPR).

6.3. Below we explain the purposes for which we process your personal data and the corresponding legal bases.

6.4. To process and fulfil your orders

6.4.1. Purposes:

  • to accept and process your orders;
  • to take payment and manage transactions;
  • to arrange shipping, delivery and returns;
  • to communicate with you about your order, including dispatch, delays or issues;
  • to manage reversals and chargebacks.

6.4.2. Legal basis:

  • performance of a contract or taking steps at your request before entering into a contract (Art. 6(1)(b));
  • our legitimate interest in ensuring the proper management of our business and preventing abuse (Art. 6(1)(f)).

6.5. Customer service and after‑sales support

6.5.1. Purposes:

  • to respond to your enquiries and support requests;
  • to handle complaints, reversals, chargebacks and disputes;
  • to administer our return and refund policy (including any statutory cooling‑off period or other consumer rights).

6.5.2. Legal basis:

  • performance of a contract (Art. 6(1)(b));
  • our legitimate interest in providing high‑quality customer service, protecting our rights and defending legal claims (Art. 6(1)(f)).

6.6. Website operation, security and fraud prevention

6.6.1. Purposes:

  • to operate and maintain the Website;
  • to monitor and protect the security and integrity of our systems;
  • to detect, investigate and prevent fraud, abuse or misuse (including potential theft of products, fraudulent use of payment methods, unusual patterns of orders, reversals and chargebacks);
  • to enforce our terms and conditions.

6.6.2. Legal basis:

  • our legitimate interest in ensuring the security and proper functioning of our services and protecting our business and customers from fraud and other unlawful activities (Art. 6(1)(f));
  • in some cases, compliance with legal obligations (for example, in relation to record‑keeping and cooperation with law‑enforcement) (Art. 6(1)(c)).

6.6.3. Where we use automated tools to help identify potentially fraudulent transactions (for example, based on technical indicators, history of chargebacks or other risk signals), these tools do not generally produce legal effects concerning you or similarly significantly affect you within the meaning of the UK GDPR. If we ever implement automated decision‑making that has such effects, we will provide you with specific information and explain your related rights (see section 13 below).

6.7. Marketing and analytics

6.7.1. Purposes:

  • to send you newsletters and other marketing communications about our products, services, offers and promotions, where permitted by law;
  • to tailor our marketing communications based on your purchase history and preferences, where permitted;
  • to understand how visitors use our Website, our products and our marketing campaigns;
  • to analyse and improve our services, user experience, Website performance and marketing effectiveness.

6.7.2. Legal basis:

  • your consent (Art. 6(1)(a)), for example where required by law for email or SMS marketing;
  • our legitimate interest in promoting and developing our business, understanding our customers and improving our services (Art. 6(1)(f)).

6.7.3. You can withdraw your consent to marketing at any time, or object to marketing based on our legitimate interests (see section 11).

6.8. Compliance with legal obligations and legal claims

6.8.1. Purposes:

  • to comply with legal obligations under applicable laws (for example, tax, accounting, consumer protection and data protection laws);
  • to establish, exercise or defend legal claims (for example, in the event of disputes, fraud investigations or regulatory enquiries);
  • to respond to requests from public authorities, regulators, law‑enforcement or courts where we are legally required or permitted to do so.

6.8.2. Legal basis:

  • compliance with legal obligations (Art. 6(1)(c));
  • our legitimate interest in protecting our rights, defending legal claims and cooperating with public authorities where necessary (Art. 6(1)(f)).

7. Who we share your personal data with

7.1. We share your data only when it is necessary and lawful to do so.

7.2. We may share your personal data with the following categories of recipients, only to the extent necessary for the purposes described in this Policy:

  • payment service providers that process your payments on our behalf;
  • delivery and logistics partners, including DHL and other carriers, to deliver your orders and manage returns;
  • IT and hosting providers, including providers of Website hosting, email, cloud storage and maintenance services;
  • analytics and marketing providers, where we use such services in accordance with applicable law;
  • customer support tools (for example, webchat or ticketing systems), where used;
  • fraud prevention, risk management and security providers, where applicable;
  • professional advisers, such as lawyers, accountants or auditors, where necessary to obtain advice or protect our legal rights;
  • public authorities, regulators, law‑enforcement or courts, where required by law or necessary to protect our rights or the rights of others.

7.3. In the event of a corporate transaction such as a merger, acquisition, restructuring, sale of assets or transfer of business, we may transfer your personal data to the prospective or actual buyer, investor or other successor entity, subject to appropriate confidentiality and data protection obligations. In such cases, we will ensure that any recipient continues to process your personal data in accordance with this Privacy Policy and applicable data protection laws.

8. International transfers

8.1. Your personal data may be transferred outside the UK.

8.2. Some of the third parties we use (for example, certain carriers, IT, analytics or payment providers) may process your personal data outside the United Kingdom.

8.3. Where your personal data is transferred outside the UK, we will ensure that appropriate safeguards are in place to protect your data, such as:

  • an adequacy decision by the UK Government for the destination country; or
  • standard contractual clauses or other appropriate contractual safeguards approved under the UK GDPR.

8.4. You can contact us for more information about the specific safeguards we use for international transfers.

9. How long we keep your personal data

9.1. We keep your personal data only as long as necessary for the purposes for which it was collected.

9.2. We retain your personal data only for as long as reasonably necessary for the purposes described in this Policy, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements.

9.3. In particular, and subject to applicable legal obligations:

  • data of Website visitors (technical and usage data) is typically kept for a period of up to 12 months from your last interaction with our Website, unless a longer period is required for security or legal purposes;
  • order and transaction data, including associated identity and contact data, are usually stored for the statutory retention period required under tax and accounting laws (generally up to 6 years from the end of the relevant financial year, or longer where necessary in connection with legal claims);
  • records of customer support communications are usually kept for as long as necessary to resolve your request or issue, and for a reasonable period thereafter (up to 3 years, depending on the nature of the matter);
  • marketing data (including your contact details and marketing preferences) is stored until you withdraw your consent or object to further marketing, or for a shorter period if required by applicable law, and in any case no longer than 3 years from your last interaction with us.

9.4. After the applicable retention periods expire, we will delete or anonymise your personal data in a secure manner. In some cases, we may retain certain information in an aggregated or anonymised form which no longer identifies you.

10. Security of your personal data

10.1. We take appropriate measures to protect your personal data.

10.2. We implement appropriate technical and organisational measures to protect your personal data against unauthorised or unlawful processing and against accidental loss, destruction or damage, having regard to the nature of the data and the risks involved.

10.3. These measures may include, among others:

  • access controls, authentication and role‑based permissions;
  • encryption or pseudonymisation of data where appropriate;
  • secure hosting environments and regular security updates;
  • internal policies and staff training on data protection and information security;
  • procedures to identify, assess and respond to data breaches.

10.4. However, no system is completely secure. We cannot guarantee absolute security of your data, but we aim to minimise risks and respond promptly to any incidents in accordance with our legal obligations.

11. Your rights as a data subject

11.1. You have rights in relation to your personal data.

11.2. Under the UK GDPR you have a number of rights in relation to your personal data, subject to certain conditions and limitations:

  • Right to be informed – to receive clear and transparent information about how we use your data (this Privacy Policy aims to provide that).
  • Right of access – to obtain confirmation as to whether we process your personal data and, if so, to receive a copy of it and certain related information.
  • Right to rectification – to have inaccurate or incomplete personal data corrected or completed.
  • Right to erasure – to request deletion of your personal data in certain circumstances (for example, where the data is no longer necessary for the purposes for which it was collected, or where you withdraw consent and there is no other legal basis).
  • Right to restriction of processing – to request that we restrict the processing of your data in certain situations (for example, while we verify its accuracy or consider an objection you have raised).
  • Right to data portability – to receive the personal data you have provided to us in a structured, commonly used, machine‑readable format and to transmit it to another controller where technically feasible and where the processing is based on consent or contract and carried out by automated means.
  • Right to object – to object, on grounds relating to your particular situation, to processing based on our legitimate interests (including profiling based on those interests). We will no longer process your personal data for such purposes unless we can demonstrate compelling legitimate grounds which override your interests, rights and freedoms or for the establishment, exercise or defence of legal claims.
  • Right to object to direct marketing – you have an absolute right to object at any time to the use of your personal data for direct marketing purposes, including profiling to the extent that it is related to such direct marketing. If you object, we will stop using your personal data for this purpose.
  • Rights in relation to automated decision‑making, including profiling – where applicable, to obtain meaningful information about the logic involved in automated decision‑making that produces legal effects concerning you or similarly significantly affects you, to request human intervention, to express your point of view and to contest the decision.

11.3. To exercise any of your rights, please contact us at info@hayvoltd.com. We may need to verify your identity before responding to your request.

11.4. You also have the right to lodge a complaint with a supervisory authority. In the United Kingdom, this is the Information Commissioner's Office (ICO). You can find information about how to contact the ICO on its website (ico.org.uk). We would, however, appreciate the chance to deal with your concerns before you approach the ICO, so please contact us in the first instance if possible.

12. Automated decision‑making and profiling

12.1. We do not normally use automated decision‑making with legal or similarly significant effects.

12.2. We may use certain automated tools (for example, fraud detection tools) to help us monitor transactions for potential fraudulent or abusive activity. These tools may take into account various factors such as technical information, transaction patterns or history of chargebacks.

12.3. However, at the date of this Policy, we do not make decisions based solely on automated processing (including profiling) that produce legal effects concerning you or similarly significantly affect you within the meaning of the UK GDPR. If in the future we implement such automated decision‑making, we will update this Policy and provide you with the information required by law, including about your related rights.

13. Children's data

13.1. Our services are not intended for children.

13.2. Our Website and products are not intended for children under 18 years of age, and we do not knowingly collect personal data from children. If we become aware that we have collected personal data from a child under 18, we will take steps to delete such information as soon as reasonably practicable. If you believe that a child has provided us with personal data, please contact us using the details in section 3.

14. Changes to this Privacy Policy

14.1. We may update this Policy from time to time.

14.2. We may update this Privacy Policy from time to time, for example to reflect changes in our processing activities, legal requirements or guidance. The latest version will always be available on our Website, and the "Last updated" date at the top will indicate when the Policy was last revised.

14.3. Your continued use of the Website after any changes have been posted will constitute your acceptance of the updated Policy. If we make material changes that significantly affect your rights, we will take reasonable steps to notify you in advance (for example, by email or via a prominent notice on the Website).