Privacy Policy (GDPR/UK GDPR)
Last updated: October 3, 2025
1) Who we are
HEMCHAN LTD (“hemchanoffers”, “we”, “us”, “our”)
Address: 20, Wenlock Road, London, N1 7GU, UNITED KINGDOM
Email: contact@hemchanoffers.store
We are the data controller for personal data we collect and process via our website and when you purchase our digital products.
2) Scope
This Policy applies to visitors and customers of hemchanoffers, including users in the UK, EEA/EU, and other regions where we operate. By using our site or purchasing our products, you acknowledge this Policy.
3) The data we collect
a) Data you provide
- Contact details: name, email address, billing address
- Order details: products purchased, order ID, currency, price, timestamps
- Support messages: content of emails and forms you send us
- Marketing preferences: newsletter opt-in/opt-out, consent choices
b) Data collected automatically
- Device & usage data: IP address, browser type, operating system, pages viewed, referral URLs, timestamps
- Cookies and similar technologies for analytics, performance, and (where applicable) marketing
- Fraud-prevention signals (e.g., suspicious activity or repeated failed payments)
c) Data from third parties
- Payment confirmation and anti-fraud assessments from payment providers
- Email delivery status and engagement (e.g., bounced/blocked) from email services
- Attribution/analytics data from analytics or ad platforms (aggregated/ pseudonymous where possible)
We do not store full card numbers. Payments are processed securely by our payment providers.
4) Why we use your data & legal bases
- Process orders and deliver digital products (contract): take payment, send download links by email, provide invoices.
- Customer support (contract/legitimate interests): respond to questions, fix issues, resend links.
- Fraud prevention & security (legitimate interests/legal obligation): detect and prevent abuse and unauthorized access.
- Analytics and improvement (consent/legitimate interests): understand usage to improve content, UX, and performance.
- Marketing communications (consent/legitimate interests): send newsletters or offers when you opt in; you can unsubscribe anytime.
- Legal compliance (legal obligation): maintain tax/accounting records, comply with requests from authorities where required by law.
5) Sharing & recipients
We share data with trusted service providers (processors) strictly for the purposes above, under contracts that require appropriate safeguards:
- Payment processors (e.g., Stripe, PayPal): process payments and fraud checks.
- Email & CRM services (e.g., Brevo/Mailchimp): deliver purchase/download emails and newsletters.
- Hosting/CDN (e.g., Vercel/Netlify/Cloudflare): host our website and assets.
- Analytics/security (e.g., Google Analytics, anti-abuse tools): measure performance, detect anomalies.
- Customer support tools (if used): manage contact forms and helpdesk tickets.
We may also share information when legally required (e.g., to comply with law or respond to lawful requests) or in connection with a business transfer (e.g., merger or acquisition).
6) International transfers
Your data may be processed in countries outside your own. Where data is transferred outside the UK/EEA, we use appropriate safeguards such as Standard Contractual Clauses (SCCs) and/or UK IDTA and additional measures when required. Copies of relevant safeguards can be requested at our contact email.
7) Retention
- Orders, invoices & tax records: kept as required by law (typically 6–10 years).
- Support messages: up to 24 months after resolution (unless a longer period is necessary for legal reasons).
- Marketing data: until you unsubscribe or your consent is withdrawn, then we keep minimal suppression data to honor your choice.
- Analytics/cookies: per the cookie’s purpose and settings (see Cookie Policy).
8) Cookies & similar technologies
We use necessary cookies for core functions and, where applicable, optional cookies for analytics/marketing (only with consent where required). You can manage preferences via browser settings and our cookie banner (if available). See our Cookie Policy for details.
9) Security
We implement technical and organizational measures designed to protect your data (encryption in transit, access controls, least-privilege, monitoring). However, no method of transmission or storage is completely secure.
10) Your rights
If you are in the UK/EEA, you may have the right to access, rectify, erase, restrict processing, object to processing, and data portability. Where processing relies on consent, you can withdraw consent at any time (this won’t affect prior lawful processing).
To exercise your rights, email contact@hemchanoffers.store. We may need to verify your identity. You also have the right to lodge a complaint with your local data protection authority. In the UK, this is the ICO (Information Commissioner’s Office).
11) Marketing choices
You can unsubscribe from marketing emails using the link in each message or by contacting us. Transactional emails (e.g., order confirmations, file delivery) are not marketing and will still be sent when you make a purchase.
12) Children
Our services are not directed to children under 16, and we do not knowingly collect personal data from them. If you believe a child provided us data, contact us so we can delete it.
13) Automated decisions
We do not engage in automated decision-making that produces legal or similarly significant effects on you. Basic anti-fraud checks may be automated.
14) Digital-only delivery
All products are digital. We may keep download/access logs to fulfill your order, provide support, prevent abuse, and comply with legal obligations.
15) Changes to this Policy
We may update this Policy periodically. We will post the new version with a new “Last updated” date. Significant changes may be communicated by email or on our site.
16) Contact
For questions or requests about this Policy or your data, contact:
HEMCHAN LTD — Privacy Team
contact@hemchanoffers.store
This template is general information and not legal advice. Please consult your legal counsel to adapt it to your specific processing activities and jurisdictional requirements.