Privacy policy
Last Updated: 20th January 2025
The data controller for the processing of personal data is:
Hardman Design Furniture Limited
Kemp House 152-160, City Road, London EC1V 2NX
Email: hello@hardmandesigns.com
Thank you for your interest in our online shop. Protecting your privacy is very important to us. Below, we will inform you in detail about how we handle your data.
1. Access Data and Hosting
You can visit our website without providing any personal information. When you access a website, the web server automatically stores what is known as a server log file, which includes details such as the name of the requested file, your IP address, the date and time of the request, the amount of data transmitted, and the requesting provider (access data). These access data are only evaluated to ensure the smooth operation of the website and to improve our services. This serves to protect our legitimate interests, which prevail in the context of a balancing of interests, in a proper representation of our offer in accordance with Art. 6 para. 1 sentence 1 lit. f GDPR.
Hosting
The services for hosting and presenting the website are provided in part by our service providers within the framework of processing on our behalf. Unless otherwise stated in this privacy policy, all access data and all data collected via forms on this website are processed on their servers. If you have any questions about our service providers and the basis for our collaboration with them, please contact us via the contact options provided in this privacy policy.
Our service providers are located and/or use servers in the following countries where the European Commission has determined an adequate level of data protection: United Kingdom, Canada, United States.
A decision by the European Commission on an adequate level of data protection for the US is the basis for transferring data to third countries as long as the respective service provider is certified. Until certification by our service providers, data transfer continues to be based on these: Standard Contractual Clauses (SCCs) of the European Commission.
Our service providers are located and/or use servers in these countries: Australia. No adequacy decision from the European Commission is available for these countries. Our cooperation with you is based on these guarantees: Standard Contractual Clauses (SCCs) of the European Commission.
2. Data Processing for Contract Performance and Communication
2.1 Data Processing for Contract Performance
To process the contract (including inquiries and handling of any warranty and performance claims, as well as legal update obligations), we collect personal data when you provide it voluntarily during your order. Mandatory fields are marked as such, as we need the data for the contract performance, and without this information, we cannot process your order. The data collected is visible in the respective input forms.
Further information about how your data is processed, especially about sharing it with our service providers for order, payment, and shipping processing, can be found in the following sections of this privacy policy. After the contract is fully processed, your data will be restricted for further processing and deleted after the retention periods for tax and commercial law purposes in accordance with Art. 6 para. 1 sentence 1 lit. c GDPR, unless you have expressly consented to further use of your data according to Art. 6 para. 1 sentence 1 lit. a GDPR, or we reserve the right to further data use that is legally permitted and disclosed in this policy.
2.2 Customer Account
If you have consented in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR by choosing to create a customer account, we use your data to create the account and store your information for future orders on our website. You can delete your customer account at any time, either by sending a message to the contact options described in this privacy policy or via a feature in your customer account. After deleting your account, your data will be deleted unless you have expressly consented to further use of your data according to Art. 6 para. 1 sentence 1 lit. a GDPR, or we reserve the right to further data use that is legally permitted and disclosed in this policy.
2.3 Communication
When communicating with us, we collect personal data to process your inquiries in accordance with Art. 6 para. 1 sentence 1 lit. b GDPR when you provide it voluntarily via contact forms, live chat tools, or email. Mandatory fields are marked as such, as we need the data to process your request. The data collected is visible in the respective input forms. After the request is fully processed, your data will be deleted unless you have expressly consented to further use of your data according to Art. 6 para. 1 sentence 1 lit. a GDPR, or we reserve the right to further data use that is legally permitted and disclosed in this policy.
3. Data Processing for Shipping
To fulfill the contract in accordance with Art. 6 para. 1 sentence 1 lit. b GDPR, we share your data with the delivery service provider responsible for the delivery, to the extent necessary for the delivery of the goods ordered. For questions about our service providers and the basis for our collaboration with them, please contact us using the contact options described in this privacy policy.
4. Data Processing for Payment Processing
For payment processing in our online store, we collaborate with these partners: technical service providers, credit institutions, payment service providers.
4.1 Data Processing for Transaction Processing
Depending on the selected payment method, we forward the data required for processing the payment transaction to our technical service providers, who act on our behalf in processing, or to the appointed credit institutions or the selected payment service provider, to the extent necessary to process the payment. This is done for the performance of the contract in accordance with Art. 6 para. 1 sentence 1 lit. b GDPR. In some cases, payment service providers collect the necessary data for processing the payment themselves, e.g., on their own website or via technical integration in the order process. In this case, the privacy policy of the respective payment service provider applies.
For questions about our partners for payment processing and the basis for our collaboration with them, please contact us via the contact options described in this privacy policy.
4.2 Data Processing for Fraud Prevention and Optimization of Payment Processes
We may provide our service providers with additional data that they use, together with the data necessary for payment processing, as our data processors for fraud prevention and the optimization of payment processes (e.g., invoicing, processing contested payments, supporting accounting). This serves to protect our legitimate interests in fraud prevention and efficient payment management in accordance with Art. 6 para. 1 sentence 1 lit. f GDPR.
5. Advertising via Email, Phone
5.1 Email Newsletter Subscription
If you subscribe to our newsletter, we will use the required or separately provided data to send you our email newsletter based on your consent in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR. You can unsubscribe from the newsletter at any time, either by sending a message to the contact options described below or via an unsubscribe link in the newsletter. After unsubscribing, we will delete your email address from the recipient list unless you have expressly consented to further use of your data according to Art. 6 para. 1 sentence 1 lit. a GDPR, or we reserve the right to further data use that is legally permitted and disclosed in this policy.
5.3 SMS Marketing
If you have provided your consent in accordance with Article 6(1)(a) of the UK GDPR, we use the contact details you provided, particularly your phone number, to send you information about interesting offers, products, or services via SMS.
Personalized SMS messages using cookies
To determine when sending an SMS message may be relevant (e.g., for abandoned shopping carts), we use cookies or similar technologies. These technologies collect information about your visit to our website, such as the status of your shopping cart or relevant interactions, which form the basis for sending personalized messages.
Withdrawing your consent
You can withdraw your consent at any time by contacting us using the contact details provided in this privacy policy or by responding directly to a received SMS, for example, by texting "STOP." Once your consent has been withdrawn, we will delete your phone number from our SMS marketing list unless you have expressly consented to further use of your data or further use is legally permitted.
Data sharing with service providers
For sending SMS messages, we work with specialized service providers who act on our behalf. Your data is shared with these providers to ensure the delivery of SMS services. Our service providers are located and/or use servers in countries where an adequate level of data protection has been recognized by the European Commission. For service providers in the United States, the EU-U.S. Data Privacy Framework (DPF) applies, provided these providers are certified.
If you have any questions about our service providers and the basis of our collaboration, please contact us using the contact details provided in this privacy policy.
6. Cookies and Other Technologies
6.1 General Information
To make visiting our website attractive and to enable certain functions, we use technologies including cookies. Cookies are small text files that are automatically stored on your device. Some of the cookies we use are deleted after the browser session ends (session cookies), while others remain on your device and allow us to recognize your browser on the next visit (persistent cookies).
Protection of Privacy on End Devices
When using our online services, we use essential technologies to provide the requested telemedia service. Storing information on your device or accessing information already stored on your device does not require your consent in this case.
For non-essential features, storing information on your device or accessing information requires your consent. Please note that if you do not give consent, some parts of the website may not be fully usable. Any consents given remain valid until you adjust or reset the settings on your device.
Subsequent Data Processing by Cookies and Other Technologies
We use such technologies that are essential for the use of certain functions on our website (e.g., the shopping cart feature). These technologies collect and process IP address, time of visit, device and browser information, and details about your use of our website (e.g., shopping cart content). This serves our legitimate interests in optimizing the presentation of our offer in accordance with Art. 6 para. 1 sentence 1 lit. f GDPR.
Additionally, we use technologies to comply with legal obligations (e.g., to document consents to process your personal data) and for web analysis and online marketing. For further details on the legal basis for data processing, please refer to the following sections of this privacy policy.
Cookie Settings
You can adjust your browser's cookie settings via these links:
Microsoft Edge™ / Safari™ / Chrome™ / Firefox™ / Opera™.
If you have consented to the use of technologies according to Art. 6 para. 1 sentence 1 lit. a GDPR, you can withdraw your consent at any time by sending a message to the contact options described in the privacy policy or by visiting this link: https://www.hardmandesigns.com/policies/privacy-policy. Not accepting cookies may restrict the functionality of our website.
6.2 Consent Manager Platform (CMP)
On our website, we use a service for consent management ("Consent Manager Platform (CMP)") to inform you about the cookies and other technologies we use and to obtain, manage, and document your consent for processing your personal data via these technologies. This is necessary according to Art. 6 para. 1 sentence 1 lit. c GDPR to fulfill our legal obligation to prove consent as per Art. 7 para. 1 GDPR. The CMP service is provided by Pandectes GDPR Compliance, Männimäe/1, 74626 Harju maakond, Estonia, who processes your data on our behalf.
After you submit your cookie declaration on our website, the web server stores the following data: IP address, device information, browser information, language settings, accessed website and URL, date and time of your consent declaration, and information about your consent behavior.
Additionally, cookies are used to store information about your consent behavior. Your data is deleted after one year, unless you have expressly consented to further use of your data according to Art. 6 para. 1 sentence 1 lit. a GDPR, or we reserve the right to further data use that is legally permitted and disclosed in this policy.
7. Use of Cookies and Other Technologies
We use the following cookies and other technologies from third parties on our website. Unless stated otherwise for individual technologies, this is based on your consent under Article 6(1)(a) of the UK GDPR. After the purpose for which a specific technology was used has ended, the data collected in connection with it will be deleted. You can withdraw your consent at any time with effect for the future. Further information on how to withdraw your consent can be found in the section "Cookies and Other Technologies". More information, including the basis of our cooperation with individual providers, can be found with each technology. If you have questions about the providers and the basis of our cooperation with them, please contact the method described in this privacy policy.
7.1 Use of Google Services
We use the following technologies from Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland ("Google"). Information about your use of our website that is automatically collected by Google technologies is generally transmitted to a Google LLC server, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, and stored there. Unless stated otherwise for individual technologies, data processing is based on an agreement between joint controllers under Article 26 of the UK GDPR. Further information about data processing by Google can be found in Google’s privacy policy.
Our service providers are located and/or use servers outside the UK and the EEA, for which the European Commission has determined an adequate level of data protection.
Our service providers are located and/or use servers outside the UK and the EEA. For these countries, no adequacy decision by the European Commission has been made. Our collaboration with them is based on standard contractual clauses issued by the European Commission.
Google Analytics
For the purpose of website analysis, data (IP address, time of visit, device and browser information, as well as information about your use of our website) is automatically collected and stored via Google Analytics, from which usage profiles are created using pseudonyms. Cookies may be used for this. If you visit our website from the UK, your IP address is stored on a server located in the UK to derive location data and is then immediately deleted before traffic is forwarded for further processing on Google’s servers. Data processing is based on a processing agreement with Google.
For optimising the marketing of our website, we have enabled the data-sharing settings for "Google Products and Services." This allows Google to access the data collected and processed by Google Analytics and use it to improve Google services. Data sharing with Google within the framework of these data-sharing settings is based on an additional agreement between controllers. We have no influence over the subsequent data processing by Google.
For the purpose of optimising the marketing of our website, we use the so-called User-ID feature. With this feature, we can assign a unique, permanent ID to your interaction data from one or more sessions on our online platforms and thus analyse your user behaviour across devices and sessions.
If you do not give us consent under Article 6(1)(a) of the UK GDPR for the use of Google Analytics, no cookies will be stored or read on your device. The data processing described in the previous paragraphs will not take place. In order to close gaps in web analysis through behavioural and conversion modelling, pings with data (user-agent, information about your consent behaviour, screen resolution, IP address) are sent to Google.
Google Ads
For advertising purposes in Google search results and on third-party websites, the so-called Google Remarketing Cookie is set when you visit our website. This automatically collects and processes data (IP address, time of visit, device and browser information, as well as information about your use of our website) and enables interest-based advertising through a pseudonymous cookie ID and based on the pages you visited. Further data processing takes place only if you have enabled "personalised ads" in your Google account. If you are logged into Google during your visit to our website, Google uses your data, along with Google Analytics data, to create and define audience lists for cross-device remarketing.
For website analysis and event tracking, we measure your subsequent behaviour through Google Ads Conversion Tracking when you have accessed our website via a Google Ads advertisement. Cookies may be used, and data (IP address, time of visit, device and browser information, as well as information about your use of our website based on events we define, such as visiting a webpage or subscribing to a newsletter) is collected, from which usage profiles are created using pseudonyms.
If you do not give us consent under Article 6(1)(a) of the UK GDPR for the use of Google Ads, no cookies will be stored or read on your device. The data processing described in the previous paragraphs will not take place. In order to close gaps in web analysis through behavioural and conversion modelling, pings with data (user-agent, information about your consent behaviour, screen resolution, IP address, page URL, information about ad clicks in URL parameters) are sent to Google. Your IP address is used to derive the IP country.
7.2 Use of Facebook Services
Facebook Ads (Ads Manager)
Through Facebook Ads, we advertise this website on Facebook (by Meta) and other platforms. We define the parameters of the respective advertising campaign. Facebook (by Meta) is responsible for the exact implementation, especially the decision regarding the placement of ads for individual users. Unless stated otherwise for individual technologies, data processing is based on an agreement between joint controllers under Article 26 of the UK GDPR. The joint responsibility is limited to data collection and its transmission to Meta Platforms Ireland. The subsequent data processing by Meta Platforms Ireland is not included.
8. Integration of Trusted Shops Trustbadge / Other Widgets
To display Trusted Shops services (e.g., quality seals, collected reviews) and offer Trusted Shops products to buyers after an order, Trusted Shops widgets are integrated on this website.
This serves to safeguard our legitimate interests in optimal marketing by enabling a secure shopping experience under Article 6(1)(f) of the UK GDPR. The Trustbadge and the associated services are an offering of Trusted Shops SE, Subbelrather Str. 15C, 50823 Cologne ("Trusted Shops"), with which we are jointly responsible under Article 26 of the UK GDPR. We inform you below, within the framework of this privacy notice, about the essential contract contents under Article 26(2) of the UK GDPR.
As part of the joint responsibility between us and Trusted Shops SE, for any questions regarding data protection and the exercise of your rights, please contact Trusted Shops using the contact details provided in their data protection information. Regardless of this, you can always contact the responsible party of your choice. Your request will then, if necessary, be forwarded to the other responsible party for a response.
8.1 Data Processing when Integrating the Trustbadge / Other Widgets
The Trustbadge is provided by a US-based CDN (Content Delivery Network) provider. An adequate level of data protection is ensured by an adequacy decision of the EU Commission, which can be accessed for the USA here. Service providers used in the US are generally certified under the EU-U.S. Data Privacy Framework (DPF). For more information, please refer here. If the service providers used are not certified under the DPF, standard contractual clauses have been concluded as appropriate safeguards.
When the Trustbadge is called up, the web server automatically stores a so-called server log file, which also contains your IP address, the date and time of the retrieval, the amount of data transferred, and the requesting provider (access data), and documents the retrieval. The IP address is anonymised immediately after collection, so that the stored data cannot be attributed to you. The anonymised data is primarily used for statistical purposes and error analysis.
8.2 Data Processing after Order Completion
After the order is completed, order information (order amount, order number, purchased products, if applicable) and your cryptographically hashed email address are transmitted to Trusted Shops. The legal basis is Article 6(1)(f) of the UK GDPR. This is to verify whether you are already registered for Trusted Shops services and is necessary to fulfil our and Trusted Shops’ legitimate interests in providing buyer protection linked to the specific order and transaction review services under Article 6(1)(f) of the UK GDPR. If this is the case, further processing will take place in accordance with the contract between you and Trusted Shops. If you are not yet registered for the services, you will be given the option to do so. Further processing after registration will also be governed by the contract with Trusted Shops. If you do not register, all transmitted data will be automatically deleted by Trusted Shops, and no personal reference will be possible.
Trusted Shops uses service providers in hosting, monitoring, and logging. The legal basis is Article 6(1)(f) of the UK GDPR to ensure the uninterrupted operation of the service. Processing may take place in third countries (USA and Israel). An adequate level of data protection is ensured by an adequacy decision of the EU Commission, which can be accessed for the USA here and for Israel here. Service providers used in the US are generally certified under the EU-U.S. Data Privacy Framework (DPF). For more information, please refer here. If the service providers used are not certified under the DPF, standard contractual clauses have been concluded as appropriate safeguards.
9. Contact Options and Your Rights
9.1 Your Rights
As a data subject, you have the following rights: Under Article 15 of the UK GDPR, the right to request information about the personal data we process, to the extent specified in that article; Under Article 16 of the UK GDPR, the right to request the immediate correction of inaccurate or incomplete personal data stored by us; Under Article 17 of the UK GDPR, the right to request the deletion of your personal data stored with us, unless further processing is required for the exercise of the right to freedom of expression and information; to comply with a legal obligation; for reasons of public interest or to assert, exercise, or defend legal claims; Under Article 18 of the UK GDPR, the right to request the restriction of processing of your personal data, to the extent that: the accuracy of the data is disputed by you; the processing is unlawful, but you object to its deletion; we no longer need the data, but you need it to assert, exercise or defend legal claims, or you have lodged an objection to the processing under Article 21 of the UK GDPR; Under Article 20 of the UK GDPR, the right to receive the personal data you have provided to us in a structured, commonly used and machine-readable format or to request the transmission to another controller; Under Article 77 of the UK GDPR, the right to lodge a complaint with a supervisory authority. In general, you can contact the supervisory authority in your place of residence, place of work, or our registered office.
Right to Object
If we process personal data for the purpose of safeguarding our legitimate interests as explained above, you can object to this processing with effect for the future. If the processing is for direct marketing purposes, you can object at any time as described above. If the processing is for other purposes, you have the right to object only for reasons arising from your particular situation.
After exercising your right to object, we will no longer process your personal data for these purposes unless we can demonstrate compelling legitimate grounds for processing that override your interests, rights, and freedoms, or if the processing is necessary for the establishment, exercise, or defence of legal claims.
This does not apply if the processing is for direct marketing purposes. In this case, we will no longer process your personal data for this purpose.
9.2 Contact Options
For any questions regarding the collection, processing, or use of your personal data, to request information, correction, limitation, or deletion of data, or to revoke consents given or object to the use of data, please contact us directly using the contact details provided in our legal notice.
Klarna
In order to be able to offer you Klarna’s payment options, we will pass to Klarna certain aspects of your personal information, such as contact and order details, in order for Klarna to assess whether you qualify for their payment options and to tailor the payment options for you.
General information on Klarna you can find here. Your personal data is handled in accordance with applicable data protection law and in accordance with the information in Klarna’s privacy policy.