Privacy Policy

Your privacy is important to us. When we process your personal data, we comply with the UK GDPR and the Data Protection Act 2018, together with any other applicable data protection and privacy legislation.

Your personal data includes all the information we hold that identifies you or is about you. More information about the types of personal data we process about you is set out below.

Everything we do with your personal data counts as processing it, including collecting, storing, amending, transferring and deleting it.

This privacy policy provides information about the personal data we process about you, why we process it and how we process it. It applies to customers, visitors to our website, suppliers and business contacts.

Our Responsibilities

Hulcan Ltd (referred to throughout this privacy policy as "Hulcan", "we", "us" and "our") is registered in England and Wales with registered company number 12290896 and address at Unit 12a 31 East Business Park, Kingfisher Way, Dinnington, Rotherham, United Kingdom, S25 3AF. Hulcan is the controller of the personal data you provide.

If you have any questions about the ways in which we process your personal data, please contact us at dataprotection@hulcan.com.

What Data Do We Process About You?

Customers

If you place an order for our products or services (whether through our website, by phone or by other means) we process the following information about you:

• Identity data such as your full name, marital status, title, date of birth, and where you register an account with us, your user name and account password;
• Contact data such as your delivery address, billing address, email address and telephone numbers; and
• Shopping preferences such as your favourite designer or products.

We do not process any of your payment information. When you provide your credit or debit card details to us, it is encrypted so that Hulcan is unable to access the data, and passed to third-party payment gateway providers.

We process most of your information on the grounds of fulfilment of our contract with you, namely to confirm your order, contact you about delivery, arrange for your payment to be processed and provide you with the products you have purchased. We may also use your personal data for our legitimate interests, including for the purposes of fraud protection and for training and quality.

From time to time, we may use the personal data detailed above to send you marketing communications about products, offers, and promotions from other clothing brands we operate (such as MILE and RAEY). We will only use your data to market similar products and all marketing communications will clearly identify the brand on whose behalf they are sent. Please see the section below headed "Marketing" for an explanation as to how you can opt-out of receiving future marketing.

Website Visitors

To help us improve our website and the products and services we offer, we collect data about the ways in which you use our website. This includes, for example, technical data such as your IP address, which is collected through our use of cookies. More information (including the retention period for each cookie) can be found in our cookie policy.

Suppliers, Business Contacts and Visitors to our Premises

If you work for one of our suppliers or are one of our business contacts, we usually process your name and business contact details, such as your business email address and phone number and the address of your organisation. We process the information on the grounds of our legitimate interests in maintaining our relationship with you.

We use CCTV in and around our premises for the purposes of ensuring health and safety and for crime prevention, detection and security. We retain CCTV images for 2 years.

Our Collection of Your Personal Data

We use different methods to collect data from and about you including through:

Direct interactions

You may give us your personal data by filling in forms on our website or by corresponding with us by post, phone, email or otherwise. This includes personal data you provide when you place an order for our products or services; submit a query about our products or service whether on our website or by email or phone; request for marketing to be sent to you; or give us feedback or otherwise contact us.

Third parties

In certain situations, we may obtain your personal data from third parties either in the ordinary course of our business or as part of a merger or asset transfer. Where we obtain your personal data as part of an asset transfer, we will provide you with all relevant details of this as per our obligations in the applicable data protection legislation.

Automated technologies or interactions

As you interact with our website, we may automatically collect personal data about you. You can find out more information in our cookie policy.

Who Will Receive Your Personal Data?

Your personal data is only transferred to the extent that this is necessary. Recipients of your personal data may include:

• third party payment processors;
• third party delivery companies that deliver the products you have purchased to you;
• other companies within our group where necessary and where we have a lawful basis to do so;
• credit reference agencies, law enforcement and fraud prevention agencies to assist us in preventing fraudulent activity;
• third party providers of software/platforms that we use to assist with product/service delivery (e.g. our CRM system);
• governmental bodies and regulators to comply with our legal obligations;
• third parties that help us to process applications for finance and warranty claims;
• third parties that assist us in the provision of repairs to our products;
• third parties that assist us with fulfilment of your order, including by providing name and address verification services;
• third party email distribution providers and market research companies. Please note your personal data will only be processed for marketing purposes in accordance with the section below headed "Marketing";
• third parties that assist with our customer satisfaction surveys and reviews;
• legal advisors and accountants to the extent they need to see your personal data to provide us with legal advice or accounting services; and
• third parties to whom we may choose to sell, transfer or merge parts of our business or our assets. Alternatively, we may seek to acquire other businesses or merge with them. If a change happens to our business, then the new owners may use your personal data in the same way as set out in this privacy policy.

We require all third parties to respect the security of your personal data and to treat it in accordance with the law. As such, we minimise the amount of personal information we disclose to what is necessary to fulfil the purposes detailed in this privacy policy. Additionally, all third party service providers that assist with the delivery of our goods and services are engaged on contracts containing obligations to ensure the security of your personal data and to ensure compliance with any obligations imposed upon them and us under the applicable data protection laws.

If we are required to transfer your personal data outside of the United Kingdom, for example because one of the third parties detailed above is located abroad, we will ensure that a similar degree of protection is afforded to it by ensuring that the following safeguards are in place:

• we will only transfer your personal data to countries that have been deemed by the UK government to provide an adequate level of protection for personal data;
• we may use specific standard contractual terms approved for use in the UK which give the transferred personal data the same protection as it has in the UK, namely the International Data Transfer Addendum to the European Commission's standard contractual clauses for international data transfers. For more information on this please contact us; or
• the transfer will be made subject to another approved safeguard provided in the applicable data protection legislation. In this instance, we will inform you of the relevant safeguard prior to making the transfer.

How Long Will We Keep Your Personal Data?

Customers

Your personal data is retained for no more than 7 years from the date you place your order. This enables us to deal with returns, repairs and warranties. After that date your personal data will be deleted or anonymised so that it is no longer personally identifiable. Your information will be kept securely at all times.

Suppliers and Business Contacts

Your personal data is retained for the duration of our relationship with you or the organisation for which you work. Please let us know if you leave the organisation or if your details change. If we receive notification from you or your organisation that you no longer work at that organisation, or if we no longer maintain a working relationship with your organisation, we will delete your information from our system.

If we are corresponding with you as a potential supplier, we will retain your details until we receive notification from you or your organisation that you no longer work at that organisation or until we no longer correspond with the organisation for which you work.

Marketing

We only send you marketing if we are entitled to do so under data protection and privacy legislation, which usually means we either have your consent to send you marketing or we send it to you because you are one of our existing customers. You can unsubscribe to our marketing communications at any time via the unsubscribe links contained in any marketing email you receive from us.

Where you have opted out of receiving future marketing, we will be required to keep a copy of your name and email address to ensure that you are removed from future marketing lists. Opting out will not affect the price or availability of any products or services you purchase from us.

Security

We take all appropriate technical and organisational measures to ensure that your personal information is protected, in compliance with our legal obligations. We protect your information using measures that reduce the risks of loss, misuse, unauthorised access, disclosure and alteration. We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.

What Are Your Rights?

You benefit from a number of rights in respect of the personal data we hold about you. We have summarised your rights below, and more information is available from the Information Commissioner's Office website. These rights apply for the period in which we process your data. There are certain caveats and exemptions to those rights which mean that in some circumstances you may not be entitled to exercise them; if we believe that is the case upon receipt of a request from you we will let you know.

Access to your data

You have the right to ask us to confirm that we process your personal data, as well as access to and copies of your personal data. You can also ask us to provide a range of information, although most of that information corresponds to the information set out in this fair processing notice.

Rectification of your data

If you believe personal data we hold about you is inaccurate or incomplete, you can ask us to rectify that information.

Right to be forgotten

In some circumstances, you have the right to ask us to delete personal data we hold about you.

Right to restrict processing

In some circumstances you are entitled to ask us to suppress processing of your personal data. This means we will stop actively processing your personal data, but we do not have to delete it.

Data portability

You have the right to ask us to provide your personal data in a structured, commonly used and machine-readable format so that you are able to transmit the personal data to another data controller.

Right to object

You are entitled to object to us processing your personal data:

• if the processing is based on legitimate interests or performance of a task in the public interest or exercise of official authority;
• for direct marketing purposes (including profiling); and/or
• for the purposes of scientific or historical research and statistics.

We do not intend to use your personal data for scientific or historical research and statistics.

Automated decision-making and profiling

Automated decision-making means making a decision solely by automated means without any human involvement.

Where we have the required consents, we may use profiling to make relevant and tailored recommendations to you. Profiling is the automated processing of personal data to ascertain and assess certain things about an individual, for example, people who are interested in particular designers or products. We do not use automated decision-making processes that would have a potentially damaging effect on you. But if we did, you have the right to obtain human intervention, express your point of view, obtain an explanation of the decision and challenge it by contacting us.

Updates to This Privacy Notice and Your Duty to Inform Us of Changes

We keep our privacy policy under regular review. This version was last updated on 05 June 2026.

It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us, for example a new address or email address.

Third Party Links

This website may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our website, we encourage you to read the privacy policy of every website you visit.

Questions or Concerns

If you think we have processed your personal data unlawfully or that we have not complied with GDPR, please get in touch with us so we can help. You can report your concerns to the supervisory authority in your jurisdiction. The supervisory authority in the UK is the Information Commissioner's Office ("ICO"). You can call the ICO on 0303 123 1113 or get in touch via other means, as set out on the ICO website.

Contact Information