Free UK delivery on orders over £60  ·  Easy returns within 30 days

Privacy Policy

Last updated: 16 March 2026

1. Data Controller

The data controller responsible for your personal data is Hook & Flanker Ltd, a company registered in England & Wales (VAT No: 492 1721 88). We are registered with the Information Commissioner's Office (ICO) as a data controller.

If you have any questions about this Privacy Policy or how we handle your personal data, please contact us at hello@hookandflanker.com.

This policy applies to personal data collected through our website at hookandflanker.com, by email, and through any other means by which you interact with Hook & Flanker Ltd.

2. What Data We Collect

Depending on how you interact with us, we may collect and process the following categories of personal data:

  • Identity data: your full name.
  • Contact data: your email address, postal address, and telephone number.
  • Order data: your order history, items purchased, order values, and transaction records.
  • Technical data: your IP address, browser type and version, time zone, operating system, and device type, collected automatically when you visit our website.
  • Browsing data: pages viewed, time spent on pages, referring URLs, and click behaviour, collected via Google Analytics 4 (GA4) and Microsoft Clarity where you have consented to analytics cookies.
  • Communications data: any information you share with us when you contact us by email or through our contact form.

We do not collect or process special category data (such as health data, ethnicity, or biometric data).

3. Legal Basis for Processing

We process your personal data on the following legal bases under UK GDPR:

  • Contract (Article 6(1)(b)): processing is necessary to fulfil your order, process payment, arrange delivery, and handle returns and refunds.
  • Legitimate interests (Article 6(1)(f)): processing is necessary for our legitimate interests in operating and improving our business, including fraud prevention and responding to enquiries. We have carried out a balancing test and are satisfied that our interests are not overridden by your rights and interests.
  • Consent (Article 6(1)(a)): where you have given consent, for example to receive marketing communications or for the placing of non-essential analytics cookies on your device. You may withdraw consent at any time.
  • Legal obligation (Article 6(1)(c)): where we are required to process data to comply with our legal obligations, such as keeping records for VAT and tax purposes.

4. How We Use Your Data

We use your personal data for the following purposes:

  • Processing and fulfilling your orders, including arranging delivery and handling returns.
  • Sending you order confirmation, dispatch, and delivery notifications by email.
  • Responding to your enquiries and providing customer support.
  • Maintaining financial and transaction records as required by law.
  • Analysing website usage to improve the performance and content of our site (analytics data only where consent has been given).
  • Detecting and preventing fraudulent activity.
  • Sending marketing communications, where you have opted in to receive them. You can opt out at any time by clicking the unsubscribe link in any marketing email or by contacting us directly.

5. Data Retention

We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected, or as required by law.

  • Order and transaction data is retained for 7 years to comply with HMRC tax and accounting requirements.
  • Customer account and contact data is retained for 3 years from your last interaction with us, after which it is securely deleted unless there is a legal reason to retain it for longer.
  • Analytics data is subject to the retention settings of the relevant third-party platforms (Google Analytics 4 and Microsoft Clarity).
  • Marketing consent records are retained for as long as you remain subscribed, plus 3 years after unsubscription for evidence of consent.

6. Third Parties

We share your personal data with the following categories of third party where necessary:

  • Netlify: our website is hosted on Netlify's platform. Netlify may process your IP address and technical data as part of hosting and delivering our website. Netlify is a US-based company and data may be transferred outside the UK; such transfers are subject to appropriate safeguards including Standard Contractual Clauses.
  • Google Analytics 4 (GA4): we use GA4 to understand how visitors use our website. GA4 collects anonymised browsing and session data. Google LLC is a US-based company; data may be transferred to the US subject to appropriate safeguards. You can opt out of GA4 tracking via your cookie preferences.
  • Microsoft Clarity: we use Microsoft Clarity for session recording and heatmap analytics to understand user behaviour. Clarity may collect browsing data including mouse movements and clicks. Microsoft Corporation is a US-based company. You can opt out via your cookie preferences.
  • Payment processors: payment data is handled directly by our payment provider and is not stored by Hook & Flanker Ltd.
  • Delivery carriers: we share your name and delivery address with our carrier partners to fulfil your order.

We do not sell your personal data to third parties. We do not share your data with any third party for their own marketing purposes.

7. Your Rights Under UK GDPR

Under the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018, you have the following rights in relation to your personal data:

  • Right of access: you have the right to request a copy of the personal data we hold about you (a Subject Access Request).
  • Right to rectification: you have the right to request that we correct any inaccurate or incomplete personal data we hold about you.
  • Right to erasure: you have the right to request that we delete your personal data in certain circumstances, for example where we no longer need it for the purpose for which it was collected.
  • Right to data portability: where we process your data on the basis of consent or contract, you have the right to receive your personal data in a structured, commonly used, machine-readable format.
  • Right to restrict processing: you have the right to request that we restrict the processing of your personal data in certain circumstances.
  • Right to object: you have the right to object to processing based on legitimate interests. You can object to direct marketing at any time.
  • Right to withdraw consent: where processing is based on consent, you may withdraw that consent at any time without affecting the lawfulness of processing carried out before withdrawal.

To exercise any of these rights, please contact us at hello@hookandflanker.com. We will respond to your request within one calendar month.

8. ICO Registration & Right to Complain

Hook & Flanker Ltd is registered with the Information Commissioner's Office (ICO) as a data controller. Our VAT number is 492 1721 88.

If you are unhappy with how we have handled your personal data, you have the right to lodge a complaint with the ICO, the UK supervisory authority for data protection. You can contact the ICO at ico.org.uk/make-a-complaint or by calling 0303 123 1113.

We would, however, appreciate the chance to address your concerns before you contact the ICO, so please contact us first at hello@hookandflanker.com.

9. Contact

For any questions, requests, or concerns about this Privacy Policy or our data practices, please contact us:

Hook & Flanker Ltd
Email: hello@hookandflanker.com
VAT No: 492 1721 88