Privacy Policy

Your Privacy

25. November 2018

This privacy policy notice is for this website is served by The Hebridean Mustard Company and governs the privacy of those who use it. The purpose of this policy is to explain to you how we control, process, handle and protect your personal information while browsing or using this website, including your rights under current laws and regulations. If you do not agree to the following policy you may wish to cease viewing / using this website.


At The Hebridean Mustard Company, we are committed to your privacy and the protection of your personal data. In this privacy notice, we will inform you about the information about you we collect, how we use this information and how we do so lawfully. If you have any further questions about our privacy practices, please do not hesitate to contact us.

Heike Winter
10 Glen Kyles
Isle of Harris

What information do we collect?

We collect your name, address and e-mail address when you place an order with us or when you set up an account in our webshop. We also collect usage data from session cookies and log files. Log files allow us to record visitors' use of our website. Hosting UK, our technology provider for the website, collects log file information from all our visitors, with which we continuously check to optimize our website and make it as user-friendly as possible. Log files do not contain personally identifiable information.

How do we use personal information?

When you place an order with us, we use your personal information to set up and manage your account with us, process your order, notify you of the status of your order and ship the goods to you, and to contact you in case of any questions we have.

The legal basis we have for processing your personal data

When you place an order with us, we use your personal data because you have entered into a contract with us for the sale of goods.

When you have set up an account in our webshop we use your personal data because you have provided your consent.

When do we share personal data?

We pass on your personal data exclusively to third parties in connection with the processing of your order (e.g. forwarding agent and tax consultant) - all within the framework of the statutory provisions.

Processing of your personal data

We will store your personal data securely on our computer systems with strict access controls.

Under the GDPR (General Data Protection Regulation) we control and/or process any personal information about you electronically using the following lawful bases.

  • We are exempt from registration in the ICO Data Protection Register because we are only processing personal data for core business purposes.
  • Lawful basis: Consent
    The reason we use this basis: to offer you an account for easy ordering, managing orders and questions and enquiries.
    We process your information in the following ways: stored in our database on the server and using it for sending e-mails while answering questions and enquiries.
    Data retention period: We will continue to process your information under this basis until you withdraw consent or it is determined your consent no longer exists.
    Sharing your information: We do not share your information with third parties.
  • Lawful basis: Contract
    The reason we use this basis: to process your orders, deliveries and payments or refunds
    We process your information in the following ways: stored in the database on the server and in our local database
    Data retention period: We shall continue to process your information until the contract between us ends or is terminated under any contract terms
    Sharing your information: We do share your personal information with third parties and they include; Royal Mail, DPD, Parcel Force, PayPal, Stripe, Bank of Scotland
  • Lawful basis: Legal obligation
    The reason we use this basis: to process your orders and payments and provide access data in case of legal authorities interests
    We process your information in the following ways: printed on invoices and kept as PDF and access data on our server
    Data retention period: 7 years
    Sharing your information: We do share your personal information with third parties and they include; accountants, HMRC and tax authorities and legal authorities on special demand
  • Lawful basis: Vital interests
    The reason we use this basis: to keep you informed about Privacy Policy changes, calculate the demands of our clients and offer the best possible service
    We process your information in the following ways: collecting statistics about our client's behaviour and storing them in the database on our server
    Data retention period: 3 years
    Sharing your information: We do not share your information with third parties

If, as determined by us, the lawful basis upon which we process your personal information changes, we will notify you about the change and any new lawful basis to be used if required. We shall stop processing your personal information if the lawful basis used is no longer relevant.

Your individual rights

Under the GDPR your rights are as follows. You can read more about your rights in detail here;

  • the right to be informed;
  • the right of access;
  • the right to rectification;
  • the right to erasure;
  • the right to restrict processing;
  • the right to data portability (in some cases);
  • the right to object; and
  • the right not to be subject to automated decision-making including profiling.

You can always access your data, download a copy and demand for sending you a copy through your shop account. If you haven't set up a password just go for "forgot password" at the login and provide your e-mail address and you will be sent an e-mail to set/reset your password.

You also have the right to complain to the ICO [] if you feel there is a problem with the way we are handling your data.

We handle subject access requests in accordance with the GDPR.

Internet cookies

We use cookies on this website to provide you with a better user experience. We do this by placing a small text file on your device/computer hard drive to track how you use the website, to record or log whether you have seen particular messages that we display, to keep you logged into the website where applicable, to display relevant adverts or content, referred you to a third party website.

Some cookies are required to enjoy and use the full functionality of this website.

We use a cookie control system which allows you to accept the use of cookies, and control which cookies are saved to your device / computer. Some cookies will be saved for specific time periods, where others may last indefinitely. Your web browser should provide you with the controls to manage and delete cookies from your device, please see your web browser options.

Cookies that we use are;


Necessary cookies and modules are vital for the functionality of this shop like e.g. the shopping cart. You won't be able to disable them.

"Concrete5" (shopping cart)
This provides and keeps the products inside your shopping cart. Deactivating this cookie would stop permitting the orders. This cookie doesn't save any personal Data about any shop client.

Cookies make sure to enable/disable cookies of your choice.


Preferences cookies are used for the shop's functionality like the shopping cart or login status. By disabling them you may not be able to order and/or login into your account!

Enables you to pay by credit/debit card. Disabling this cookie will mean you would be able to pay by bank transfer only.
Stripe Privacy Policy Page


The data is kept save inside the back-office, and serve solely as statistical data for improving our services and products.

"Stats Data"
A Shop Cookie, which saves data about orders, carts, locations, OS or e.g. browser type of our clients.

Use of automated decision-making and profiling

We do not use profiling or automated decision-making processes.

Google Analytics

We use Google Analytics for aggregated, anonymized website traffic analysis. In order to track your session usage, Google drops a cookie (_ga) with a randomly-generated ClientID in your browser. This ID is anonymized and contains no identifiable information like email, phone number, name, etc. We also send Google your IP Address. We use GA to track aggregated website behaviour, such as what pages you looked at, for how long, and so on. This information is important to us for improving the user experience and determining site effectiveness. If you would like to access what browsing information we have - or ask us to delete any GA data - please delete your _ga cookies, reach out to us via this form, and/or install the Google Analytics Opt-Out Browser Add-On."

Social Media Platforms

All communication and engagement we undertake through external social media platforms will adhere to the terms and conditions as well as the privacy policies held with those social media platforms.

Please check the following data protection statements prior to following our Social Media links:
Facebook privacy policy
Instagram privacy policy

Data security and protection

We ensure the security of any personal information we hold by using secure data storage technologies and precise procedures in how we store, access and manage that information. Our methods meet the GDPR compliance requirement.

Transparent Privacy Explanations

We have provided some further explanations about user privacy and the way we use this website to help promote a transparent and honest user privacy methodology.

Resources & further information