PRIVACY POLICY.

 

Introduction.

The Company – NEXT GENERATION HEADWEAR® a brand of THE EXCEEDING HUB LIMITED – is established under the laws of Malta (“We”/”Us”/”Our”).
We are committed to respecting your privacy. If you wish to contact Us about Our privacy practices please feel free to do so by post at the above registered address or by email at hello@nextgenerationheadwear.com.
Our Data Protection Officer may be contacted by email at hello@nextgenerationheadwear.com. Kindly address any communication to ‘The Data Protection Officer’.
By accessing, browsing or otherwise using Our website you confirm that you have read and understood this Privacy Notice. Please read this Privacy Notice carefully to understand Our practices with respect to your Personal Data.
References to “Data Controller”, “Data Subject”, “Personal Data”, “Process”, “Processed”, “Processing”, “Data Protection Officer” and “Data Processor” in this policy have the meanings set out in, and will be interpreted in accordance with the applicable laws. “Applicable Laws” shall mean the relevant data protection and privacy laws, including but not limited to, the Data Protection Regulation (EU) 2016/679 (the “GDPR”), and the Data Protection Act, Chapter 586 of the Laws of Malta and subsidiary legislation thereto, as may be amended from time to time.

 

Updates.

We may update this Privacy Notice in Our sole discretion including as result of a change in Applicable Law or processing activities. Any such changes will be communicated to you prior to the commencement of the relevant processing activity.

 

What Amounts to Personal Data?

The term “Personal Data” refers to all personally identifiable information about you and includes all personal information which may be processed and that can be identified with you personally.  The Personal Data that We collect from you will depend upon the services that you are using via Our website but may include:

  • Name and surname;
  • Home, billing and delivery address(es);
  • Email Address(es) (home, mobile, work – customer dependant);
  • Phone Number(s) (home, mobile, work – customer dependant);
  • Purchase information;
  • Payment card information;
  • Account Password and Login details, when requested;
  • Date of Birth;
  • Gender;
  • Name and surname through social media;
  • Name, surname and email address where you contact us through the ‘Contact Form’ found on Our website;
  • Your comments, product reviews and responses on surveys you complete;
  • Any shopping preferences or details to help Us suggest items for you;
  • Details of your interactions with Our Customer Contact Centre;
  • IP Address;
  • Device information;
  • Website / Browsing History, including location data; and
  • Cookie information (please see Our Cookie Policy for details).

       

      Personal Information of Children:

      We do not knowingly or intentionally process Personal Data of persons under the age of 16 based on their consent.  If, following a notification by a parent or guardian, or discovery by other means, We become aware of a child under 16 having provided Us with their consent and We are not in a position to process the child’s Personal Data in reliance on any other basis under article 6 of the GDPR, We will immediately cancel the child's account and delete the child's Personal Data from Our records. 

      In the event that a parent or guardian becomes aware of a person below the age of 16 using Our website, it shall be the responsibility of the parent or guardian to bring this privacy notice to the child’s attention.  Should the parent, guardian or child have any questions on the way in which We shall process the child’s Personal Data, please feel free to contact Us on the email address indicated above.

       

      How do We collect Personal Data?

      We are Data Controllers of your Personal Data; generally, you would have provided your Personal Data to Us. However, in some instances, We may collect Personal Data about you from third party sources, such as online searches or from public registers. Third parties such as Our clients and business partners, may also have provided your Personal Data to Us.

      We typically collect Personal Data and process it for the following purposes:

      • to provide goods and services to you;
      • to verify your identity;
      • to manage any accounts or loyalty schemes that you have with Us;
      • to manage Our relationship with you or your company, including for billing and debt collection purposes;
      • to fulfil your order and to manage any issues or deal with any queries during the fulfilment of your order;
      • to sign you up to receive Our Newsletter;
      • to provide you with an receipt for your purchase;
      • to communicate with you regarding any items you may abandoned in your basket and, or any items which you were interested in purchasing;
      • to engage with you on social media;
      • for internal assessments and analysis (including credit behaviour scoring, market surveys, research market and product analysis);
      • for the detection and prevention of fraud and other criminal activity which We are legally bound to report;
      • for the development and improvement of our systems, products and services;
      • when you or your company refer Data Subjects to Us;
      • any Personal Data lawfully generated by Us in the course of executing your instructions;
      • any Personal Data which you may voluntarily provide to Us;
      • to enable Us to manage customer service interactions with you;
      • for safety and security purpose, including (amongst others) safety of Our premises, property and employees (such as calls to Our customer care for quality assurance purposes), and the establishment, exercise or defence of legal claims;
      • for direct marketing and to contact you about promotional offers and products and services which We think may interest you;
      • where We have a legal right or duty to use or disclose your information (for example in relation to an investigation by a public authority or in a legal dispute);
      • for purposes of a legitimate interest pursued by Us or by a third party, provided such interest is not overridden by your interests, fundamental rights and freedoms; and
      • other purposes you would have requested when providing your Personal Data to Us.

          Irrespective of the manner that We have collected your Personal Data, We will only process such data for the purposes indicated above or for purposes which are inherently related thereto, including the fulfilment of any legal or regulatory obligation imposed on Us.

           

          Legal Bases of Processing Personal Data.

          The legal bases of processing your Personal Data are the following:

          • Entering into and performing Our obligations, in particular to provide you with goods or services or any loyalty scheme that you may benefit from. The consequence for not doing such processing would be that We would be unable to provide you with the goods or service requested.
          • Our or a third party’s legitimate interests – in particular legitimate interests which may arise directly or indirectly in relation to your instructions and in keeping you updated with information in relation to the Services, including marketing of similar products or services. If you are not a new customer, We may contact you to provide you with information about goods or services We feel may interest you. In such a scenario, We will only contact you by electronic means (e-mail) with information about goods and services similar to those which were the subject of a previous sale or negotiations of a sale to you.

                We also have a legitimate interest to process your Personal Data for safety and security, such as the recording of telephone conversations or electronic communications which result or may result in transactions where recording will take place.

                When We process your Personal Data on the basis of Our or a third party’s legitimate interests, We shall ensure that the legitimate interests pursued by Us or such third party are not overridden by your interests, rights and freedoms;

                • Your consent – in which case, Our processing shall be limited to the purposes specifically indicated when your consent was requested. If you are a new customer We shall use your Personal Data for marketing purposes with your consent. We may update you about Our products and services which are of interest and relevance to you. You have the right to opt-out of receiving the promotional communications at any time as provided in this Policy; and
                • Compliance with legal obligations imposed on Us – in particular as a result of money-laundering detection or other reporting obligations.

                    On the basis of Our legitimate interests or compliance with legal obligations, as applicable, We may also process your Personal Data for the purposes of establishing, exercising or defending legal proceedings.

                    We will ensure that We have additional grounds for processing your Personal Data if processing of Special Categories of Personal Data is envisaged.

                    Newsletter subscription.

                    When you subscribe to Our newsletter, you provide Us with personal information such as your name and email address.  We use the personal information submitted in the form only to send you the newsletter you subscribed to.We use a third-party service provider called Klaviyo to send newsletters to users who subscribe to receive them and Klaviyo provides Us with support statistics to help Us improve Our services to you. For more information on how Klaviyo manages your data please visit their Klaviyo Privacy Policy. Klaviyo is a data processor for Us and only processes Personal Data in line with Our instructions.

                    You will need to provide Us with your consent as a legal basis for Us to process your Personal Data to receive the newsletter. Personal Data is deleted upon withdrawal of such consent by you, or, at the point where the purpose for holding that data is no longer valid.

                    Payment gateway services.

                    To complete a purchase, you will need to provide your credit/debit card information to and authorise payments using payment gateway services such as Paysera and PayPal, as applicable.  For more information on how Paypal and Paysera manages your data please visit their respective Paypal Privacy Policy. Paysera privacy notice can be found here: Paysera Privacy Policy.

                    We will not see any of your financial information held by such payment gateway service providers, nor will We ever see the username, email or password that you use to authenticate with such providers.  We will only be notified that the transaction has been completed successfully or that it has failed, and We may be given a reason explaining why the transaction failed (e.g. “insufficient funds”, or “card reported as stolen”).

                    Software Provider.

                    We use Shopify to provide Us with software to run our online business. This allows Us to complete transactions, screen orders for fraud and risk, fulfil orders, to contact You with new products or offers, and to place cookies on your device, amongst others. Shopify is a data processor to Us and only processes Personal Data in line with Our instructions. For more information on how Shopify manages your data please visit their Privacy Notices on:  Shopify Privacy Policy

                     

                    Recipients of Your Personal Data.


                    We may share your Personal Data with third party recipients who are:

                    • selected individuals within Our Company, on a need-to-know basis;
                    • members of Our group of companies;
                    • any service providers that may have access to your Personal Data in rendering Us with their support services, including IT, delivery, marketing, payment and accounting service providers;
                    • third parties to whom disclosure may be required as a result of the provision of goods and services to you, such as Shopify;
                    • credit reference agencies;
                    • governmental bodies, regulators, law enforcement agencies, courts/tribunals and insurers where We are required to do so;
                    • any business partners to whom you may have requested that We transfer your Personal Data;
                    • third parties to whom disclosure may be required as a result of legal obligations imposed on Us;
                    • appointed Data Processors engaged for the collection, storage and processing of Personal Data relating to you or Our prospective investors, subscribers and shareholders, such as Klaviyo, Paypal and Paysera.

                        If We sell or buy any business or assets or transfer an area of the business to a new provider, We will disclose your Personal Data to the prospective seller or buyer of such business or assets or any third party who acquires Our assets or who the business is transferred to.

                        We shall only allow such third parties to handle your Personal Data when We have confirmed that they apply appropriate data protection and security controls. We will never sell or rent Our customer data to other organisations for marketing purposes.

                        We may be required to transfer your Personal Data to countries located outside of the EU or the EEA (including the United Kingdom).  Where this is the case, We shall only transfer such Personal Data in compliance with chapter V of the GDPR, ensuring that either the country to which your Personal Data is transferred is subject to an adequacy decision pursuant to article 45 of the GDPR, or that at least one of the transfer safeguards (set out under article 46 of the GDPR) or one of the derogations (set out under article 49 of the GDPR) is satisfied. For more information on the mechanisms that We implement when transferring Personal Data to particular countries, kindly contact Us at the email indicated above.  

                         

                        Automated Decision-Making and Profiling.

                        Your Personal Data will not be used for any decision solely taken on the basis of automated decision-making processes, including profiling, without human intervention.

                         

                        Data Retention.

                        We will not retain your data for longer than necessary for the purposes set out in this Policy. Different retention periods apply for different types of data, for instance, the longest We will hold any Personal Data related to marketing will be for as long as you provide Us with your consent.
                        Thereafter, your Personal Data shall be immediately and irrevocably destroyed, unless We have a statutory obligation imposed on Us, a business need to retain the Personal Data, and/or require the Personal Data to exercise or defend legal claims.
                        Any Personal Data which We may hold on the basis of your consent shall be retained exclusively until when you withdraw your consent.

                         

                        Your Rights.

                        For as long as We retain your Personal Data, you have certain rights in relation to your Personal Data including:

                        • Right of access – you have the right to ascertain the Personal Data We hold about you and to receive a copy of such Personal Data;
                        • Right to complain – you have the right to lodge a complaint regarding the processing of your Personal Data with the supervisory authority for data protection matters. In Malta this is the Information and Data Protection Commissioner (contact details provided below);
                        • Right to Erasure – in certain circumstances you may request that We delete the Personal Data that We hold about you;
                        • Right to Object – you have a right to object and request that We cease the processing of your Personal Data where We rely on Our, or a third party’s legitimate interest for processing your Personal Data;
                        • Right to Portability – you may request that We provide you with certain Personal Data which you have provided to Us in a structured, commonly used and machine-readable format (except where such Personal Data is provided to Us in hand-written format, in which case such Personal Data will be provided to you, upon your request, in such hand-written form). Where technically feasible, you may also request that We transmit such Personal Data to a third party controller indicated by you;
                        • Right to Rectification – you have the right to update or correct any inaccurate Personal Data which We hold about you;
                        • Right to Restriction – you have the right to request that We stop using your Personal Data in certain circumstances, including if you believe that We are unlawfully processing your Personal Data or the Personal Data that We hold about you is inaccurate;
                        • Right to withdraw your consent – where Our processing is based on your consent. Withdrawal of your consent shall not affect the lawfulness of the processing based on your consent prior to the withdrawal of your consent; and,
                        • Right to be informed of the source – where the Personal Data We hold about you was not provided to Us directly by you, you may also have the right to be informed of the source from which your Personal Data originates.

                            Please note that your rights in relation to your Personal Data are not absolute and We may not be able to entertain such a request if We are prevented from doing so in term of an applicable law.

                            Note that We may contact you about Our updates, newsletters and events on the basis of Our legitimate interests and to keep you informed of such matters. In this respect, you have a right to opt-out and to object to receiving any further such communications from Us.

                            You may exercise the rights indicated in this section by contacting Us or Our Data Protection Officer at the details indicated above.

                             

                            Keeping your data secure.

                            We shall implement and maintain appropriate and sufficient technical and organisational security measures, taking into account the nature, scope, context and purposes of the processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons, to protect your Personal Data against any unauthorised accidental or unlawful destruction or loss, damage, alteration, disclosure or access to Personal Data transmitted, stored or otherwise processed and shall be solely responsible to implement such measures.
                            We shall ensure that Our staff who process your data are aware of such technical and organisational security measures and We shall ensure that such staff are bound by a duty to keep your Personal Data confidential.
                            The technical and organisational security measures in this clause shall mean the particular security measures intended to protect your Personal Data in accordance with any privacy and data protection laws.

                             

                            Complaints.

                            If you have any complaints regarding Our processing of your Personal Data, please note that you may contact Us or Our Data Protection Officer on any of the details indicated above. You also have a right to lodge a complaint with the Office of the Information and data Protection Commissioner in Malta (www.idpc.gov.mt).

                             

                            Personal Data Related to Third Party Subjects.

                            If you are a trader, a company, or other corporate entity, and you supply to Us Personal Data of third party Data Subjects such as your employees, affiliates, service providers, customers or any other individuals connected to your business, you shall be solely responsible to ensure that:

                            • you immediately bring this Privacy Notice to the attention of such Data Subjects and direct them to it;
                            • the collection, transfer, provision and any Processing of such Personal Data by You fully complies any applicable laws;
                            • as Data Controller You remain fully liable towards such Data Subjects and shall adhere to the Applicable Law;
                            • you collect any information notices, approval, consents or other requirements that may be required from such Data Subject before providing Us with their Personal Data;
                            • you remain responsible for making sure the information you give Us is accurate and up to date, and you must tell Us if anything changes as soon as possible.

                                You hereby fully indemnify Us and shall render Us completely harmless against all costs, damages or liability of whatsoever nature resulting from any claims or litigation (instituted or threatened) against Us as a result of your provision of said Personal Data to Us.

                                 

                                Our Cookies.

                                No, these aren’t Oreos. Cookies are small encrypted text files that are stored on your device by a website. Our Websites use cookies to analyse Our traffic to improve Our website and deliver a better more personalised service. 
                                For further information visit Shopify Cookie Policy - please note that We're not responsible for the content of external websites.
                                You can set your browser not to accept cookies and the above website tells you how to remove cookies from your browser. However in a few cases some of Our Website features may not function as a result.  You can find a guide on how to block cookies in the main browsers below:


                                What are cookies on our Website NOT used for?
                                We do not store sensitive personal identification information such as your address, password, etc. in the cookies we use.
                                 
                                What type of cookies do we use?
                                Below we indicate the types of cookies used in our Web/App according to their use and the organisation that manages them (first and third-party cookies).

                                Performance Cookies

                                These allow us to count the visits to the Web/App and traffic sources, quantify the number of users, and therefore measure and conduct statistical analysis on the use made by users.

                                 

                                Functional Cookies

                                These allow you to access the service with predefined characteristics in accordance with a series of criteria, for example, the language, the type of browser used to access the service, the regional configuration where the service is being accessed from, etc.

                                Strictly Necessary Cookies

                                These are necessary for the browsing and the optimal performance of our Web/App. For example, they make it possible to monitor the traffic and communication of data, access restricted areas, perform the purchasing procedure for an order, use security elements, store content in order to broadcast videos or share content via social networks.

                                Targeted Cookies

                                These cookies store information on the behaviour of users obtained through their browsing on the Web/App so that we can show you advertising related to your browsing profile.

                                Social Media Cookies

                                These consist of a series of social media services we have added to the webpage to allow you to share our content with your friends and networks.

                                 

                                Other websites.

                                Our Website contains links to other websites that are not owned or controlled by Us or Our affiliated companies. This Privacy Notice only applies to Our websites so when you link to another website, We advise you to read that website’s privacy notice as We have no control over, and assume no responsibility for, the content, privacy policies, or practices of any third party web sites or services.

                                You further acknowledge and agree that We shall not be held responsible or liable, directly or indirectly, for any damage or loss caused or alleged to be caused by or in connection with use of or reliance on any such content, goods or services available on or through any such web sites or services.

                                We strongly advise you to read the terms and conditions and privacy policies of any third-party web sites or services that you visit.

                                 

                                 

                                Intellectual and industrial property.

                                All intellectual and industrial property rights over the Website and its content, including, by way of example, the images, sound, audio, video, designs, texts, graphics, logos, icons, colour combinations, structure, buttons, in addition to the software, commercial names, trademarks, works, illustrations, photographs and industrial drawings and any other symbols for industrial and commercial use are our property or the property of third party owners of the same who have duly authorised their inclusion on the Website.
                                The reproduction, distribution and public communication, including making part or all of the content of the Website available for commercial purposes, in any medium and by any technical means, is strictly prohibited without our authorisation.
                                Users agree to respect our intellectual and industrial property rights. Users may use the Website and its content for their own personal and private use. Any other use is prohibited and shall require the user to obtain the prior, express and written consent from us. Users shall refrain from deleting, altering, eluding or tampering with any protective device or security system installed on the Website.

                                 

                                Liability.

                                We, under any circumstances, are not liable for any damages of any nature they may occur, by way of example, as a result of: errors or omissions in the content, unavailability of the website or the transmission of viruses or malware in the content, in spite of having adopted all the technological measures required to prevent this. Users may be redirected from the website to the content of third-party websites. Given that the provider cannot control the content introduced by third parties on its website at all times, the same cannot assume any liability in relation to said content.

                                In all cases, the provider declares that it shall withdraw any content that may contravene national and international legislation, morality or public order with immediate effect, through the immediate withdrawal of the redirection to said website, reporting said content to the competent authorities.

                                We are not liable for stored information and content, including but not limited to, on forums, chats, blog generators, comments, social networks or any other medium that allows third parties to publish content independent from the Website. However, we should make itself available to all users, authorities and security forces and actively collaborate in the withdrawal or blocking of any content that may affect or contravene national or international legislation, third party rights, morality or public order. In cases where users consider that content which may be classified as such exists on the Website, they are asked to report this without delay to the Website Administrator.

                                The Website has been checked and tested to ensure it works correctly. In principle, the correct operation of the same can be guaranteed 24 hours a day, 7 days a week, all year round. However, we cannot rule out the possibility that certain programming errors exist, or that access to the Website may be impeded owing to force majeure, natural disasters, industrial action or other circumstances.

                                The introduction of hyperlinks for commercial purposes on third-party websites that allow access to the Website is forbidden without our prior written consent. We are not liable for the use or content of third-party websites which may be linked to our Website.

                                Sunday,Monday,Tuesday,Wednesday,Thursday,Friday,Saturday
                                January,February,March,April,May,June,July,August,September,October,November,December
                                Not enough items available. Only [max] left.
                                Shopping cart

                                Your cart is empty.