1. Who we are (data controller)
Hey Soul Hugs is a UK-based online store specialising in curated Japanese tableware, including plates, bowls, mugs and cups. For the purposes of the UK GDPR and the Data Protection Act 2018, we are the “data controller” for personal data processed through this website.
Controller
Hey Soul Hugs
Website: heysoulhugs.com
Registered address
124-128 City Road, London, England, EC1V 2NX
Online store only, no showroom visits
2. Personal data we collect
The personal data we collect depends on how you interact with our site. We aim to collect only what we need to run an online store, respond to requests, and understand how people use our pages such as Shop, Plates, and Trends 2026.
2.1 Data you provide directly
- Full name (for enquiries and customer support).
- Email address (to reply to messages, order-related updates where applicable, and marketing if you choose to opt in).
- Phone number (only where needed for delivery coordination or support, if provided).
- Message content you send us (for example questions about Japanese tableware UK delivery, materials, glaze finish, or care).
2.2 Data collected automatically
- IP address and approximate location derived from it (for security, fraud prevention, and analytics).
- Device and browser information (device type, operating system, browser version, language settings).
- Usage and behavioural data (pages viewed, clicks, scroll depth, time on page, referral source, and interactions with site features such as cookie choices).
- Cookies and similar technologies (see the Cookies section for categories and durations).
- Server logs that may include request timestamps, requested URLs, and error codes.
We do not intentionally collect special category data (such as health information) through this site. Please avoid including sensitive personal information in messages to us.
3. How we collect personal data
We collect information in a few straightforward ways. This helps us keep the site functional, answer questions, and understand which content is most useful for people searching for authentic Japanese dinnerware and ceramics in the UK.
3.1 Web forms
When you submit information to us (for example via a contact form on another page), we collect what you enter, such as your name, email, phone number, and message.
3.2 Cookies and local storage
We use cookies and similar storage methods to remember preferences, measure site usage, and, only if you allow, support marketing measurement.
3.3 Analytics tools
We may use Google Analytics 4 to understand which pages people find helpful and how the site performs. Analytics is enabled only where lawful and aligned with your cookie choices.
3.4 Advertising measurement
Where enabled, we may use Meta Pixel to measure campaign performance (for example, whether visitors reached our Shop page). This is treated as marketing cookies and requires your consent where applicable.
3.5 Server logs
Like most websites, our hosting infrastructure keeps basic logs of requests to help maintain security and reliability. These logs can include IP address, time of request, and requested page.
4. Legal basis for processing (GDPR Article 6)
We process personal data only when we have a lawful basis to do so. Depending on the context, our lawful bases include consent, performance of a contract, and legitimate interests. If you have questions about a specific activity, contact us at [email protected].
| Data / activity | Lawful basis | Why we need it |
|---|---|---|
| Enquiries (name, email, phone, message) | Legitimate interests (Art. 6(1)(f)) and/or Contract steps (Art. 6(1)(b)) | To respond, provide support, and help you choose tableware. |
| Order-related communications (if applicable) | Contract (Art. 6(1)(b)) | To process and manage transactions and delivery. |
| Site security and fraud prevention (IP, logs) | Legitimate interests (Art. 6(1)(f)) | To keep the website secure and reliable. |
| Analytics (GA4: usage, device, cookies) | Consent (Art. 6(1)(a)) where required | To improve usability and content quality. |
| Marketing measurement (Meta Pixel, marketing cookies) | Consent (Art. 6(1)(a)) | To understand campaign performance and reduce irrelevant ads. |
| Legal compliance | Legal obligation (Art. 6(1)(c)) | To meet statutory obligations where they apply. |
5. Purposes of processing (how we use your data)
We use personal data in ways that align with an online retail experience and educational content. The goal is to help customers across the UK find Japanese ceramics that suit their homes and routines, while keeping the website stable and secure.
- Customer support and communication: replying to questions about pieces, care, sizing, and delivery from London.
- Service delivery: administering site features and, where applicable, processing transactions, dispatch, and delivery updates.
- Site performance and improvement: understanding which pages are useful and improving navigation, clarity, and accessibility.
- Security and fraud prevention: protecting the site, detecting suspicious behaviour, and maintaining reliable access.
- Marketing (consent-based only where required): measuring ad performance and building audiences for relevant ads, subject to your cookie choices.
- Legal and compliance: maintaining records where required by law.
Marketing preferences
We do not sell personal data. If we offer marketing communications, we aim to keep them gentle and practical, such as care tips for handmade ceramics or a seasonal edit of new arrivals. Where consent is required, we only send marketing if you have opted in, and you can unsubscribe at any time by contacting us.
6. Retention periods
We keep personal data only as long as necessary for the purposes described in this policy, unless a longer retention period is required by law. Retention is reviewed periodically.
Retention schedule
- Form submissions and enquiries: up to 2 years from the date of last contact.
- Customer support correspondence: up to 2 years, unless needed longer to resolve a dispute.
- Analytics data (Google Analytics 4): 14 months (configured retention where available), then aggregated or deleted.
- Cookie consent record: stored in your browser local storage until you clear it or change device/browser.
- Server logs: typically up to 90 days, unless required longer for security investigation.
- Email list (if you subscribe): until you unsubscribe, then up to 30 days to complete removal and suppression to prevent re-adding by mistake.
8. International data transfers
Some of our service providers may be located outside the UK or European Economic Area (EEA), or may process data in those locations, for example for hosting, analytics, or email delivery. Where personal data is transferred internationally, we use appropriate safeguards as required by law.
- Adequacy decisions: where applicable, we rely on jurisdictions recognised as providing an adequate level of protection.
- Standard Contractual Clauses: where applicable, we use approved contractual clauses to protect data when transferred internationally.
- Additional measures: where appropriate, we consider technical and organisational measures to support confidentiality and integrity.
You may request further information about safeguards for a specific transfer by contacting [email protected].
9. Your rights under GDPR
If you are in the UK or EEA, you have rights relating to your personal data. These rights are not absolute and may be subject to legal limitations, but we treat requests with care and respond within required timeframes.
Your rights
- Right of access: request a copy of the personal data we hold about you.
- Right to rectification: ask us to correct inaccurate or incomplete data.
- Right to erasure: ask us to delete personal data in certain circumstances.
- Right to restriction: ask us to limit processing in certain cases.
- Right to data portability: receive certain data in a structured, commonly used format, and transmit it to another controller where applicable.
- Right to object: object to processing based on legitimate interests, including certain profiling activities.
- Right to withdraw consent: where we rely on consent (for example marketing cookies), you can withdraw it at any time.
How to exercise your rights
Email [email protected] with:
- Your full name and the email address used to contact us.
- The specific right you want to exercise.
- Any helpful context (for example which page you used, such as /shop/).
To protect your information, we may request additional verification before completing a request.
Right to complain
If you are unhappy with how we handle your data, you have the right to lodge a complaint with the UK supervisory authority:
Information Commissioner’s Office (ICO)
Website: ico.org.uk
We would appreciate the chance to address your concerns first. Please contact us at [email protected].
11. Children’s privacy
Our website is not directed to children under 16. We do not knowingly collect personal data from children under 16. If you believe a child has provided personal data to us, please contact [email protected], and we will take reasonable steps to delete it.
12. Policy updates
We may update this Privacy Policy to reflect changes in our practices, technology, or legal requirements. When we make changes, we will update the “Last Updated” date at the top of this page. If the changes are significant, we may also provide an additional notice on the website.
Last Updated: January 15, 2026.
13. Contact details and Data Protection contact
For questions about this Privacy Policy, or to exercise your data rights, contact our privacy mailbox. We do not currently appoint a formal Data Protection Officer (DPO) as a statutory role. However, we provide a dedicated privacy contact for handling requests.
Mailing address
Hey Soul Hugs
124-128 City Road
London, England, EC1V 2NX
Privacy FAQs
Concise answers for common questions. These are written to be schema-ready.
Do you sell my personal data?
No. Hey Soul Hugs does not sell personal data.
What personal data do you collect?
We may collect full name, email, phone (if provided), message content, IP address, device/browser information, cookies, usage data, and server logs.
Do you use Google Analytics 4?
We may use Google Analytics 4 for analytics. Where consent is required, analytics cookies are enabled only if you accept them.
Do you use Meta Pixel?
We may use Meta Pixel for advertising measurement. This is treated as marketing technology and is used only where lawful and consistent with your cookie choices.
How long do you keep enquiry messages?
We typically keep enquiry submissions for up to 2 years from the date of last contact, unless a longer period is needed to resolve an issue.
How can I request deletion of my data?
Email [email protected] with your request and the email address you used. We may ask for verification before completing the request.
Where are you based?
We are a London-based online store. Our registered address is 124-128 City Road, London, EC1V 2NX (no showroom visits).
How do I manage cookie preferences?
Use the cookie banner to accept or reject non-essential cookies. You can also manage cookies via your browser settings and clear local storage to reset choices.