top of page

Hafan > Polisi Preifatrwydd a Cwcis 

Ymddiheurwn nad yw'r dudalen hon wedi cael ei chyfieithu i'r Gymraeg.

Privacy Policy


We understand that you want to keep your personal information private, and we will do our best to ensure this happens.

This privacy policy sets out how Hedyn Cyf uses and protects any personal information that you provide us. We always aim to comply with the General Data Protection Regulation (GDPR) and the Data Protection Act 2018.

This policy applies to all our dealings with you, including when you interact with our website (


Our site is hosted by ( whose servers are in Europe and the US. provides us with an online platform that allows us to sell our products and services to you. Your data may be stored through’s data storage, databases and the general applications. They store your data on secure servers behind a firewall.

All direct payment gateways offered by and used by our company adhere to the standards set by PCI-DSS as managed by the PCI Security Standards Council, which is a joint effort of brands like Visa, MasterCard, American Express and Discover. PCI-DSS requirements help ensure the secure handling of credit card information by our store and its service providers.


This privacy policy is effective from 08/05/2020 and is regularly reviewed and updated.


Information about us

Our nominated data protection contact is Gruffudd Tudur who can be contacted at


Please note:

By giving your consent, you are accepting and consenting to the practices described in this policy. You may withdraw your consent at any time. An explanation of your rights is set out below.

If you are not satisfied with any action taken by us or by our response, you have the right to complain to the Information Commissioner at, or helpline telephone number: 0303 1231113.

Should we ask you to provide Personal Data (as defined below), you can be assured that it will only be used in accordance with this privacy policy.




In this policy, the following terms shall have the following meanings:

  • Cookie: a small file placed on your computer or device by our website when you visit certain parts of it or use certain features.

  • Cookie Law: means the relevant parts of the Privacy and Electronic Communications (EC Directive) Regulations 2003.

  • Data Subject: a natural identifiable person.

  • Personal Data: has the meaning set out in the Data Protection Legislation, being as at the data of this policy, any data which identifies a natural person (by way of example, name, address, phone number e.t.c).


When do we collect your personal data

Personal data is collected when you:

  • make a purchase and checkout on our website;

  • place an order by phone, post or e-mail;

  • create an account with us;

  • subscribe to our service or publications;

  • sign up to our newsletter or request marketing to be sent to you;

  • submit a contact / order form;

  • give us feedback;

  • engage with us on social media;

  • take part in a competition, promotion or survey;


 What data do we collect

We may collect the following information:

  • Full name, occupation, gender, marital status.

  • Contact information and personal details – billing / delivery address(es), email, contact telephone numbers.

  • Details of any comments/communication made by email, contact forms or social media.

  • Technical information including internet protocol (IP) address, login information, browser type, the type of device you used, operating system and your preferred language.


What we do with the data we gather

We will use the data collected about you in the following ways:

  • To provide services to you.

  • To process orders that you make on our website, by e-mail, post or phone.

  • To be passed to a third-party to supply or deliver a product you have ordered. 

  • To deal with your enquiry if you complete any of our contact/order forms.

  • To provide you with ongoing customer assistance and technical support.

  • With your consent, to be able to contact you with general or personalised service-related notices and promotional messages.

  • To create aggregated statistical data and other aggregated and/or inferred Non-personal Information, which our business partners or we may use to provide and improve our respective services;

  • To process payments and to prevent fraudulent transactions.

  • To administer any of our prize draws or competitions which you enter.

  • To comply with any applicable laws and regulations.


Where and how we store your personal data

We are committed to ensuring that your information is secure to prevent unauthorised access or disclosure. We have put in place appropriate technical, organisational and security measures to safeguard and secure the information we collect:


  • as referred to above, the direct payment gateways used by our company adhere to the; standards set by PCI-DSS as managed by the PCI Security Standards Council. PCI-DSS requirements help ensure the secure handling of credit card information by our store and its service providers.

  • as our website is hosted by Contact data is stored on their secure servers;

  • our laptops are password protected;

  • our documents are password protected;

  • we only use electronic GDPR compliant systems for storing electronic records.


We will only keep your data for as long as is necessary for the purpose for which it was collected. No personal data will ever be sold to third-parties. However, personal data will be shared with necessary companies such as delivery companies and payment service providers so that we can provide our services to you.


How we communicate with site visitors

We may contact you to notify you regarding:

  • your account;

  • to troubleshoot problems with your account;

  • to resolve a dispute;

  • to collect fees or monies owed;

  • to poll your opinions through surveys or questionnaires;

  • to send updates about our company;

  • to enforce our User Agreement, applicable national laws, and any agreement we may have with you.


For these purposes, we may contact you via email, telephone, text messages, and postal mail.

Your rights

As a Data Subject under the Data Protection legislation referred to above, you have the following rights:

  • We will not share your information with third-party marketing agencies without your consent, nor will we contact you for marketing purposes unless you give your consent. If you consent to us contacting you for marketing purposes at any stage, you can change your mind at any time by exercising your right to ask us not to contact you by emailing us at

  • Our website may, from time to time, contain links to and from other websites. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any Personal Data to these websites.

  • You have the right to ask us to supply to you the information we hold; this is known as a data subject access request. For further details, please contact us at

  • You have the right to ask us to rectify the data we hold if it contains inaccuracies or is incomplete. To discuss this, please contact us at

  • You have the right to ask us to erase the Personal Data we hold if: (i) it is no longer necessary for us to hold the data; (ii) you wish to withdraw your consent to us holding the data; (iii) you object to us holding or processing the data; (iv) you believe that we have processed the data unlawfully; or (v) the data needs to be erased for us to comply with a particular legal obligation. To make a request, please contact us at


Disclosure of your information

You agree that we have the right to share your Personal Data:

  • In exceptional circumstances, information about a client may be disclosed without consent if it is in the public interest to do so. This might be in situations where disclosing the information is necessary to prevent a serious crime or serious harm to other people.

  • To a prospective buyer or seller if we sell or buy any business, shares or assets.

  • If we are under a duty to disclose or share your Personal Data to comply with any legal obligation or to enforce or apply our terms of business or terms of use, and other agreements; or to protect the rights, property, or safety of our business, our clients, or others.



All Cookies used by our business are used in accordance with the current Cookie Law. We may use some or all of the following types of Cookie on our website in accordance with the Privacy Policy (

  • Strictly Necessary Cookies - a Cookie falls into this category if it is essential to the operation of our website, supporting functions such as logging in.

  • Analytics and Flash Cookies - it is important for us to understand how you use our website. For example, how efficiently you are able to navigate around it, and what features you use. Analytics Cookies enable us to gather this information and help us to improve our website.

  • Functionality Cookies - enable us to provide additional functions to you.

  • Persistent Cookies - Any of the above types of Cookie may be a persistent Cookie. Persistent Cookies are those which remain on your computer or device for a predetermined period and are activated each time you visit our website.

  • Session Cookies - Any of the above types of Cookie may be a session Cookie. Session Cookies are temporary and only remain on your computer or device from the point at which you visit our website. To delete these cookies, you will need to clear your browser history.


Before Cookies are placed on your computer or device, you will be shown a cookie compliance statement, requesting your consent to set those Cookies. By giving your consent to the placing of Cookies, you are enabling us to provide you with the best possible experiences and services to you. You may wish to deny consent to the placing of the Cookies at which point we request you cease using our website.

List of cookies we collect

Type: Strictly Necessary

Cookie name
Persistent (Two days or two weeks)
Identifies logged in site members
Identifies logged in site members
When viewing a mobile site (old mobile under it will force the server to display the non-mobile version and avoid redirecting to the mobile site

Type: Functionality

Cookie name
Persistent (Two days or two weeks)
Identifies logged in site members.
Indicates how a site was rendered.
Persistent (Two years)
Identifies unique visitors and tracks a visitor’s sessions on a site

Third-Party Cookies

Type: Functionality

Cookie name

External Web Services and Links

We may use external web services on our website, mostly to display content within our web pages. We cannot prevent these third-party sites, or external domains, from collecting information on your usage of this embedded content. If you are not logged in to these external services, they will not know who you are, but they are likely to gather anonymous usage information, e.g. number of views, plays, loads and so on.


Suppliers and Other Service Providers

From time to time, we use third-party suppliers and service providers to facilitate our services. We may use social media (e.g. Facebook, Twitter and Instagram) subject to their terms of use.



We reserve the right to modify this privacy policy at any time, so please review it frequently. Changes and clarifications will take effect immediately upon their posting on the website. If we make material changes to this policy, we will notify you here that it has been updated.

bottom of page