PAY IN 6 MONTHLY INSTALMENTS, INTEREST FREE! Find out more.

Privacy Policy

Haygain: who we are and what we do

At Haygain we take pride in delivering scientifically backed equine health solutions to improve the quality of life for your horse.  

We are a privately held limited company, with company number 06607461.  We are also a Data Controller, registered with the Information Commissioner’s Office, Registration Number ZA374577.

Information on this policy

Your personal information (such as your name and contact details, known as ‘personal data’) is protected by specific legislation:

The laws in this area continue to develop quickly. We take our responsibilities around data very seriously, and it’s important to us that you understand how and why we ask for and work with your details. Your privacy is important to us and we have policies to ensure that we collect only the data that we need to carry out our business, and that we don’t keep it any longer than we need to. 

At Haygain, everything we do is geared towards delivering scientifically backed equine health solutions to improve the quality of life for you and your horse.

This policy explains how we collect, manage, use and protect your personal data, including how we work with third parties. We never sell or swap your details with any other organisation for their marketing purposes.

If you would like more information on anything in this policy, please do get in touch with us.

Our Data Officer is Matthew Brown, Director of Marketing. 

Understanding your rights

It is important that you understand your legal rights around your personal data and how we may use it. If you would like to discuss or exercise any of these rights, please do get in touch with us at the address listed above.

Right to be informed

This Privacy Policy ensures that you are informed about how we will process your personal data. You might also see messages on some of our forms (or otherwise when we collect personal data from you) that explain why we ask for specific pieces of information from you.

Right of access

You have the right to access a copy of your personal data and receive certain information about what the data is and how and why we are processing it. Please note that we will require you to prove your identity before we disclose any information. 

Right to rectification

If you feel that any of the information that we hold about you is incorrect, do let us know so that we can look into it.

Right to object

You have the right to object to the processing that we have outlined in this policy.

Right to erasure / to be forgotten

You have the right to request that we delete your information and can discuss this with us at any time.

You should know that there are some circumstances where we may need to keep your details, for example, if it is necessary to comply with a legal obligation on us. If this situation occurs, then we will explain and discuss these circumstances with you.

Right to restrict processing

You can request that we restrict processing of your data, as an alternative to deleting it – this means that we will keep the data but stop processing for most purposes. You may want to exercise this right if you feel that the data is inaccurate, that our processing of it is unlawful, whilst we progress a request from you to object to processing, or if we have no further need of the data, but you require us to keep it in relation to the establishment, exercise or defence of a legal claim.

Rights related to automated decision making

You have rights to avoid being subject to decisions based solely on automated processing (including profiling) which has a significant effect on you. At Haygain we do not carry out any such processing. 

Right to data portability

You have the right to request a copy of certain personal data to have it transferred to another organisation in certain circumstances.

You should know that there are some circumstances where these rights may not apply, but where this is the case we will always explain this to you. Please do contact us if you have any questions or concerns on how we collect and use your personal data, or on your rights, as we are always happy to speak to you. You also have the right to make a complaint direct to the UK’s data protection authority, the Information Commissioner’s Office (ICO). The ICO can be contacted at: https://ico.org.uk/global/contact-us/and concerns can be also logged via the ICO website. 

Why we collect and use personal data

We collect personal data to help us to process your requests, keep in touch with you and to help us to interact with you in the most effective way.

Examples of why we process your personal data include:

The information that we collect

The personal data that we collect about you will be based on how you interact with us, but we collect the following information from many of our customers:

There is also other information that we may collect and hold in specific circumstances. For example:

Sensitive data

Some personal data is legally considered to be sensitive, and so is subject to additional safeguards – in data protection law this is known as ”special category” data. Data on the following matters is classed in this way:

Similar protections apply to personal data relating to criminal convictions and offences.

NB: We do not collect this data. 

How and when we collect information about you

There are a number of ways that we collect information; most often this will be directly from you, for example, if you fill out a form on our website, or directly with one of team when you place an order. Whenever we ask for information from you we will explain why we are asking for it (including by reference to this policy), and you will always be given a choice about how we communicate with you.

In some very specific circumstances we will gather data from publicly available sources, to help understand the market.  

We do not share data with other bodies for them to use in their marketing purposes.

Cookies and IP addresses

In addition to asking you to submit personal information, we may collect information about you automatically when you visit the Website. This information is not normally personally identifiable. Such information includes general information about your computer settings, your connection to the internet (i.e. your Internet Service Provider), your IP address (this is the number assigned to your computer by a web server when you are on the internet), your geographical location, your operating system, your browsing patterns, the pages you visit and documents downloaded. We analyse such information in the aggregate and will not use it for the purpose of identifying you (except that we may use such information to identify a visitor if we consider that there are or may be safety or security issues or to comply with relevant laws and regulations).

We may collect this information through the use of software technology called “cookies”. Cookies are small bits of information which are sent to your computer’s hard drive when you first visit the Website, and which allow us to identify your computer (but not you) the next time you visit the Website. We may use the information collected in this way to (i) identify what technologies and internet services are being used by our visitors and (ii) track usage of the Website so that we can adapt the Website to ensure that it better suits your needs and interests.

Most internet browsers give you the option to reject all cookies, accept all cookies, erase cookies stored on your computer or be notified before a cookie is stored on your computer. Your ease of use of the Website may be reduced if you reject all cookies. You will need to refer to your internet browser instructions to find out more about these options and how to use them.

Please note that any advertiser may also use cookies in the advertisements which they place on the Website. We have no control over this.

Our legal basis for processing your information

We will always make sure that we consider why we are processing your personal data and identify our legal basis for doing so. Often this will be because you have given us your consent. We may also process your data where we are furthering our legitimate aims and have assessed that the processing is not likely to be too intrusive, or to unduly infringe on your rights and freedoms. In legal terms, this is called the “legitimate interests” basis. 

In some cases, we have a legal or statutory duty to process information, and we will always comply with any legal requirement. 

We may also process your personal data where it is necessary to carry out the terms of a contract which we have with you (or when we are in the process of forming that contract with you). 

Marketing communications

We want to make sure that we keep in touch with you when, and how you want. Every marketing communication that we send will outline how you can update us on your preferences, and all of our emails have an Unsubscribe link.

You are also always welcome to get in touch with our Supporter Contact Team in any of the following ways:

Processing your data on the basis of your consent

There are a number of circumstances where we only process your data on the basis of your consent. Examples of this are:

When you give your consent for us to contact you, we do not treat this as valid indefinitely. However, we understand that our customers want to continue to hear from us whilst they have an active relationship with us, and for a period afterwards. 

Here are some examples of what we mean by an active relationship:

We will consider your consent to be valid whilst you take these actions, and then for 24 months afterwards, to enable us to keep you up to date with our work and to offer you other ways you might choose to support us. At the end of this time period then we will get in touch with you to re-confirm that you are happy to continue to hear from us.

You can withdraw your consent at any time. If you wish to do so, or have any questions on this, please do just get in touch with us at any time and we will be happy to help.

The Legitimate Interests basis

We have a commercial interest in knowing what products are customers own and use, so that we can provide the best possible service. We always pursue these interests in a respectful manner, with our customers at the heart of what we do.

We might further our legitimate interests in the following ways:

To communicate with you about marketing, new products and payments due:

To ensure that we understand our customers and so can contact them in a way that is relevant for them, and to make sure that we are using our marketing budgets effectively:

To manage our everyday business needs

You have the right to object to us processing your data on the grounds of our legitimate interests. If you would like us to stop using your data on this basis, please do get in touch with us. 

Administrative messages

There are some administrative messages that we legally must share with you, which are not affected by how you have told us you would like us to contact you for marketing purposes.

Examples of these include:

How we work with third parties in processing personal data

At Haygain, we sometimes work with third parties. It’s important that you understand the circumstances where this might happen, and who we work with. 

We never sell or swap your details with any other organisation for their marketing purposes.

These are some examples of how we work with third parties:

Third party suppliers

We may use companies to provide services and process your personal data on our behalf, where they have a specific expertise or can offer the most cost-effective solution for us. Some of the activities that third-party companies carry out for us are:

Whenever we work with a company in this way, we will always have a contract with them, to be certain that they treat your data with the same level of care and respect as we do. We will only send them the data that they need to carry out their specific service, and they are required to delete it or return it to us once they have completed this. Your data will only ever be passed to them for the services that they carry out on our behalf, it is never shared for their marketing purposes.

Third Parties who send us data

Some third-party organisations collect data on our behalf, and share it with us, in accordance with their policies and procedures for data protection compliance. Some of these organisations are Data Management companies, which we use to ensure that data you have provided us with is up to date. We do not use this to add new contact data; so if we already have your address, we may update this, but if we do not have your telephone number we will not use one of these companies to find and record it. Whenever you give your data to any organisation, you should always make yourself aware of their Data Protection and Privacy Policies.

Companies who provide us with additional information

Understanding our customers helps us to provide them with a really personalised experience and makes sure that we use our marketing budgets in the most efficient way. We may collect the following additional information about our customers:

Social media

Using social media is a great way for us to update you on our work, and let you know the difference your support is making. When we use your data in this way we upload a file to Facebook which is ‘locally hashed’; a highly secure encryption method. This file is used to find our customers on Facebook and Instagram by matching email or phone number data to Facebook and Instagram accounts.

In addition to this, we may use your data to create ‘lookalike’ audiences on Facebook and Instagram. This means that Facebook and Instagram will match interests, behaviour and demographics to create a new audience which closely matches our existing customers. Using this method is the most efficient way for us to reach more people who are likely to take an interest in our work, meaning we use our funds most effectively.

If you don’t want us to use your data in this way, please get in touch with us.

Where we have a legal requirement

We will always share data where we have a legal requirement to do so. Examples of this include providing audit information to HMRC or if we are required to do so by law enforcement officials. If we were to merge or restructure, we may also share your personal details with other entities involved in the merger/restructure for that purpose.

How long we keep your data for

We want to make sure that we have up to date records for as long as you are actively using Haygain, so for as long as you engage with us, such as participate in our campaigns or correspond with us. Once you are no longer an active user/follower, we will keep your data for a set period of time, which we calculate depending on the information that you originally provided, and why you gave it to us. At the end of this time period, we will remove any personal details from our records of you, to ensure that any information is entirely anonymous.

In general, we will keep customer records for at least seven years, to meet our requirements from HMRC. If we have asked for sensitive personal data specific to an event, we will dispose of this data within a month after the event. 

In most cases we will keep records for seven years after your last purchase.  This ensures that we keep the information we need for any financial audit.

The seven-year time period applies to most people, but you should be aware of the exceptions below:

If you run a business that uses Haygain.

If you buy and sell Haygain.

If none of these circumstances apply to you then we will keep your data for seven years.  We want to make sure that we have appropriate records of any conversations or enquiries, in case you ask us to come back to them later.

What happens at the end of this time period?

At the end of this time period, we will keep only those financial records we are required to hold by law and those that we deem to have a commercial interest in retaining.  We currently deem that we a legitimate commercial interest to hold the customer’s name on record with their purchase details so we can correctly answer any query they might have on a product that might have been bought more than seven years ago.

Your right to be forgotten

You have a right to be forgotten, which means that you can ask us to delete your personal details before the end of the time limits we’ve listed in the table above. You should know that there are some circumstances where we may need to keep your details, for example, in order to comply with a legal obligation. If this situation occurs then we will explain and discuss these circumstances with you.

If you would like to discuss or exercise this right, please do get in touch with us. 

How we keep your information secure

Haygain takes the care of your data very seriously and we use a combination of organisational and technological security measures to protect your personal information to the highest possible standards. This includes the use of secure servers, firewalls, virus & malware protection, secure socket layer (SSL) encryption and secure file transfer protocol for our work with third parties. We follow payment card industry (PCI) security compliance guidelines when processing credit card payments.

Access to all Haygain data is protected by complex passwords, including letters, numbers and characters: in some cases more than one method of authentication is used. We make sure that only staff who need to access your personal data can do so. Any member of our staff who has access to your personal data is given training to make sure that they understand the importance of keeping your information safe and secure at all times.

Whilst we take all of the measures that we’ve outlined above, unfortunately, the transmission of information using the internet is not completely secure. Although we will do our best to protect your personal data sent to us this way, we cannot guarantee the security of data transmitted to our site.

In the extremely unlikely event that we experience a data breach, our Data Officer would immediately work with our Information Security Officer and the Information Commissioner’s Office if necessary. 

Where we keep your information and when it might be transferred outside of Europe

Haygain is aware that countries outside of the European Economic Area (EEA) have differing standards of data privacy. Much of our data is kept within Haygain systems within the EEA. 

Some countries (but not every country in which we work) have been determined by the European Commission to have “adequate” standards of data protection compliance. Organisations we work with who process data in the USA have verified that their data processing standards meet the standards in the EU-US Privacy Shield, which sets out clear safeguards and transparency responsibilities for US-based organisations processing data from EU citizens, or that they otherwise have proper safeguards in place.

How to control the marketing that we send you

We want to make sure that we keep in touch with you when, and how you want. Every marketing communication that we send will outline how you can update us on your preferences, and all of our emails have an Unsubscribe link.

You are also always welcome to get in touch with us.

We will ensure that our records are updated as soon as possible once we receive your instructions.

Administrative messages

There are some administrative messages that we legally must share with you, which are not affected by how you have told us you would like us to contact you for marketing materials. 

Examples of these are:

If we send you one of these messages, we will only use it to share the detail that we have to legally provide you with and will not use it for marketing.

Information on profiling

We undertake a number of different activities that can be known as “profiling”. We use these to help us to understand how best to manage our resources, so that we can understand your interests or your capacity to give, and give you a truly tailored experience.

The most common form of profiling that we undertake is to segment and analyse our customer data. In practice this means sorting our data to build reports to understand the characteristics of our customers, and how they choose to interact with us. We also use segmentation to identify particular audiences for some of our communications: for example, to send information on different products to customers who have previously enquired about these in the past. One part of segmentation is propensity modelling, where we look at different aspects of the data that we hold to determine how likely a supporter is to respond to communications that we send. Based on what you’ve done before, we will tailor any ask we make to you.

We also use profiling to help us to understand potential new customers.

If you do not wish us to use your details in this way, please contact us.

How we use your information if you apply for a role at Haygain

We collect information from anyone who applies to work at Haygain. We only use this information for our recruitment or employment purposes and it is entirely separate to our customer data. As an applicant or employee, you are entitled to the same rights as our customers.

Applicants

When you apply to work or volunteer at Haygain we will ask for information about you and your work history to understand how your skills and past experience matches the requirements of a role. 

We might disclose details outside of Haygain as we process your application:

When we ask for details of referees, and contact them to verify the information that you have given us – when we contact them, we will share your name and the role that you have applied for. We contact referees on the basis of our legitimate interests as an organisation to understand applicants and their suitability for the roles they apply for.

All candidates applying to work at Haygain will automatically have their application details saved and retained for 12 months. We do this so that should a suitable opening become available we can recontact the candidate.

If you would like for us to remove your personal details from our system at any time before that, please write to us.

You should know that we always keep anonymous statistical information about applicants to develop our recruitment processes and for equality and diversity monitoring, but this does not contain any information that could be used to identify individual job applicants.

Employees

If you begin employment with us, we will put together a staff file, which will contain your information. We keep this information in this file secure and will only use it for matters that apply directly to your employment with Haygain.

We provide all of our employees with an internal privacy notice, which explains exactly how we process their data as an employee, including how we use their personal data in case of emergency, and how long we retain all of this information for.

Changes to this Policy

This policy was last updated in May 2018.

From time to time, we may make changes to this Policy and you will always be able to see here when it was last updated. If we make significant changes, such as in how or why we process your personal data, we will also publicise these changes on our website or may contact you directly with more information. 

Please do revisit this policy each time you consider giving your personal data to Haygain. 

Shopify

Our store is hosted on Shopify Inc. They provide us with the online e-commerce platform that allows us to sell our products and services to you. Your data is stored through Shopify’s data storage, databases and the general Shopify application. They store your data on a secure server behind a firewall. Payment: If you choose a direct payment gateway to complete your purchase, then Shopify stores your credit card data. It is encrypted through the Payment Card Industry Data Security Standard (PCI-DSS). Your purchase transaction data is stored only as long as is necessary to complete your purchase transaction. After that is complete, your purchase transaction information is deleted. All direct payment gateways adhere to the standards set by PCI-DSS as managed by the PCI Security Standards Council, which is a joint effort of brands like Visa, MasterCard, American Express and Discover. PCI-DSS requirements help ensure the secure handling of credit card information by our store and its service providers. For more insight, you may also want to read Shopify’s Terms of Service or Privacy Statement.