Privacy Policy

Last updated: 30 October 2025

This Privacy Policy explains how we collect, use, and protect your personal information when you use this website, including when you browse the site, place an order, or submit information via our newsletter or enquiry forms.

1. Who We Are

This website is operated by Hair Royal Highness (“we”, “us”, “our”), a UK-based luxury hair extension brand.

Data Controller: Hair Royal Highness.

If you have questions about this policy or how we process your data, please use our contact form at contact form.

2. What Information We Collect

We only collect personal data that you voluntarily submit or that is collected automatically when you browse the site.

When you sign up via our newsletter form, we may collect:

Your email address
Your name (if provided)

b) Enquiry / Contact Form

When you submit an enquiry via our contact form (contact form), we collect:

Your name (if entered)
Your email address
Your phone number (if provided)
Your message content
Any other fields you choose to provide (for example, whether you are a client or stylist)

c) Orders & Customer Details

When you place an order through our website, we may collect:

Your name
Billing and shipping address
Email address
Phone number
Order details (products purchased, quantities, prices)
Delivery preferences
Payment status (e.g. paid, refunded)
Limited payment-related data (e.g. last 4 digits of card, payment method type) as provided by our payment processor

We do not store full credit card numbers on our servers. Card processing is handled securely by third-party payment providers.

d) Automatically Collected Data

When you visit this site, we may collect standard log data including:

IP address
Browser type and version
Pages visited and time spent
Referral source
Device type
Timestamps

We do not use cookies for tracking or targeted advertising.

3. How We Use Your Data

We use the information you provide for the following purposes:

To process and fulfil your orders
To send order confirmations, delivery updates, and necessary service communications
To respond to your enquiries submitted via contact form
To send occasional updates or marketing emails (only if you have subscribed or consented)
To operate, secure, monitor, and improve the website and our services
To comply with legal, tax, and regulatory obligations (e.g. record-keeping)

We will never sell, rent, or trade your information to third parties.

4. Where Your Data Is Stored

Form submissions are securely processed using UseBasin.com, a privacy-conscious form backend service.

For newsletter sign-ups: Your email may be stored in UseBasin and/or a private mailing list service.
For contact form enquiries: Your message is transmitted securely to us and may be stored for a limited period for customer service and internal review.
For orders: Your order information may be stored in our website backend, e-commerce tools, and payment processor records as required for processing and accounting.

You can view UseBasin’s privacy policy here: https://usebasin.com/privacy

We may also use reputable hosting and content delivery providers (for example, static site hosting and CDN services) that process standard traffic logs, as well as third-party payment processors that handle your payment details securely.

If you are located in the UK or EU, you have the following rights:

Access: Request a copy of any personal data we hold about you
Rectification: Request correction of inaccurate or outdated information
Erasure: Request deletion of your data (“right to be forgotten”), subject to legal retention requirements (for example, order records for tax purposes)
Restriction/Objection: Object to or restrict processing under certain conditions
Portability: Request transfer of your data to another controller where technically feasible
Withdrawal of Consent: Withdraw consent at any time (e.g. unsubscribe from marketing emails)

To exercise any of the above rights, submit a request via contact form. We may need to verify your identity before fulfilling your request.

6. Data Retention

Newsletter data is stored until you unsubscribe or request deletion.
Enquiry data is retained only as long as necessary for customer service, internal review, or legal purposes.
Order and transaction data may be retained for a period required by law (for example, accounting and tax regulations).

We may retain anonymised or aggregated log data for security, analytics, and backup.

7. Data Security

We take reasonable steps to protect your personal information, including:

HTTPS encryption across the site
Spam protection using honeypots and UseBasin filtering
Access controls and principle of least privilege
Use of reputable payment processors for handling card details

No system is 100% secure. You use this website and submit information at your own risk.

8. Third-Party Services

This site may use or interact with the following categories of third-party services:

UseBasin – Form processing
Hosting & CDN providers – Website hosting, content delivery, and traffic logs
Payment processors – Secure processing of card and online payments
Email service providers – For sending order confirmations, responses to enquiries, and (where consent is given) newsletters or marketing emails
Font/CDN services (e.g. Google Fonts) – Styling and performance

These services have their own privacy policies and compliance measures. We endeavour to work only with providers that align with UK/EU data protection standards where applicable.

9. Children’s Privacy

This website is not intended for use by children under 13, and we do not knowingly collect data from minors. If you believe a child has provided us with personal information, please contact us so we can remove it where appropriate.

10. Changes to This Policy

We may update this Privacy Policy at any time. If significant changes are made, we will update the “Last updated” date above. Please review this page periodically to stay informed.

11. Contact Us

For any privacy-related questions, concerns, or requests, please use our contact form.