Introduction
He-Man Dual Controls Ltd understands that your privacy is important to you and that you care about how your personal data is used and shared online. We respect and value the privacy of everyone who visits www.he-mandualcontrols.co.uk (“the Site”) and will only collect and use your personal information in ways that are described here and in a manner consistent with our obligations and your rights under the law.
Please read this Policy carefully and ensure that you understand it. Your acceptance of the Policy is deemed to occur upon your first use of the Site. If you do not accept and agree with the Policy then you should stop using the Site immediately.
Collecting Personal Information
When you visit the Site, we collect certain information about your device, your interaction with the Site, and information necessary to process your purchases. We may also collect additional information if you contact us for support. In this Policy, we refer to any information about an identifiable individual (including the information below) as “Personal Information”. See the list below for more information about what Personal Information we collect and why.
Device information
- Purpose of collection: to load the Site accurately for you, and to perform analytics on Site usage to optimize our Site.
- Source of collection: collected automatically when you access our Site using cookies, log files, web beacons, tags, or pixels.
- Disclosure for a business purpose: shared with our processors Shopify, Tawk and Google Analytics.
- Personal Information collected: version of web browser, IP address, time zone, cookie information, what sites or products you view, search terms, and how you interact with the Site.
Order information
- Purpose of collection: to provide products or services to you to fulfill our contract, to process your payment information, arrange for shipping, and provide you with invoices and/or order confirmations, communicate with you and screen our orders for potential risk or fraud.
- Source of collection: collected from you.
- Disclosure for a business purpose: shared with our processors Shopify and Pareto, fulfilment providers FedEx and relevant financial institutions such as banks or third party creditors.
- Personal Information collected: name, billing address, shipping address, payment information (including debit/credit card information, email address, and telephone number.
Customer support information
- Purpose of collection: to provide assistance to you whilst using the Site.
- Source of collection: collected from you.
- Disclosure for a business purpose: shared with our processors Shopify, Pareto and Tawk, fulfilment providers FedEx and website developers DesignersCartel.
Sharing Personal Information
We share your Personal Information with service providers to help us provide our services and fulfill our contracts with you, as described above. For example:
- We use Shopify to power our online store. You can read more about how Shopify uses your Personal Information here: https://www.shopify.com/legal/privacy.
- We use Tawk to provide our live chat services. You can read more about how Tawk uses your Personal Information here: https://www.tawk.to/data-protection/gdpr-2.
- We use Pareto to help manage our stock levels. You can read more about how their parent company OmegaTheme use your Personal Information here: https://www.omegatheme.com/privacy-policy#pp-info-collection-use.
- We use Google Analytics to collate information on your use of the Site. You can read more about how Google uses your Personal Information here: https://policies.google.com/technologies/partner-sites.
- We use FedEx to fulfill our orders placed both online and through other channels. You can read more about FedEx uses your Personal Information here: https://www.fedex.com/en-gb/privacy-policy.html.
- We may share your Personal Information with third parties necessary to our business operations, for example financial institutions such as banks or creditors. If you require any further information regarding these parties then please contact our Data Protection Officer using the details in the Contact section below.
- We may share your Personal Information to comply with applicable laws and regulations, to respond to a subpoena, search warrant or other lawful request for information we receive, or to otherwise protect our rights.
Using Personal Information
We use your personal Information to provide our services to you, which includes: offering products for sale, processing payments, shipping and fulfillment of your order, and keeping you up to date on new products, services, and offers.
Lawful Basis
Pursuant to the General Data Protection Regulation (“GDPR”), if you are a resident of the United Kingdom of Great Britain and Northern Ireland (“UK”), or European Economic Area (“EEA”), we process your personal information under the following lawful bases:
- Your consent;
- The performance of the contract between you and the Site;
- Compliance with our legal obligations;
- To protect your vital interests;
- For our legitimate interests, which do not override your fundamental rights and freedoms.
Retention
When you place an order through the Site, we will retain your Personal Information for our records unless and until you ask us to erase this information. For more information on your right of erasure, please see the ‘Your rights’ section below.
Automatic Decision-Making
If you are a resident of the UK or EEA, you have the right to object to processing based solely on automated decision-making (which includes profiling), when that decision-making has a legal effect on you or otherwise significantly affects you.
We do not engage in fully automated decision-making that has a legal or otherwise significant effect using customer data. We may process personal data using software that incorporates automated-decision making, such as:
- Sage Accounting software applications
- 123insight software applications
- Other applications necessary to support key business operations.
Our processor Shopify uses limited automated decision-making to prevent fraud that does not have a legal or otherwise significant effect on you.
Services that include elements of automated decision-making include:
- Temporary blacklist of IP addresses associated with repeated failed transactions. This blacklist persists for a small number of hours.
- Temporary blacklist of credit cards associated with blacklisted IP addresses. This blacklist persists for a small number of days.
Your Rights
GDPR
If you are a resident of the UK EEA, you have the right to access the Personal Information we hold about you, to port it to a new service, and to ask that your Personal Information be corrected, updated, or erased. If you would like to exercise these rights, please contact us through the contact information above.
Your Personal Information will be initially processed in Ireland and then will be transferred outside of Europe for storage and further processing, including to Canada and the United States. For more information on how data transfers comply with the GDPR, see Shopify’s GDPR Whitepaper: https://help.shopify.com/en/manual/your-account/privacy/GDPR.
Cookies
A cookie is a small amount of information that’s downloaded to your computer or device when you visit our Site. We use a number of different cookies, including functional, performance, advertising, and social media or content cookies. Cookies make your browsing experience better by allowing the website to remember your actions and preferences (such as login and region selection). This means you don’t have to re-enter this information each time you return to the site or browse from one page to another. Cookies also provide information on how people use the website, for instance whether it’s their first time visiting or if they are a frequent visitor.
We use the following cookies to optimize your experience on our Site and to provide our services:
Cookies Necessary for the Functioning of the Store
|
Name |
Description |
Duration |
|
_ab |
Used to control when the admin bar is shown on the storefront. |
1y |
|
_abv |
Persist the collapsed state of the admin bar. |
1y |
|
_checkout_queue_token |
Used when there is a queue during the checkout process. |
1y |
|
_cmp_a |
Used for managing customer privacy settings. |
1d |
|
_identity_session |
Contains the identity session identifier of the user. |
2y |
|
_master_udr |
Permanent device identifier. |
session |
|
_pay_session |
The Rails session cookie for Shopify Pay |
session |
|
|
|
|
|
Name |
Description |
Duration |
|
_secure_account_session_id |
Used to track a customer's session for new customer accounts. |
30d |
|
_session_id |
Used for providing reporting and analytics. |
2y |
|
_shopify_country |
Used for Plus shops where pricing currency/country is set from GeoIP by helping avoid GeoIP lookups after the first request. |
30min |
|
_shopify_essential |
Contains essential information for the correct functionality of a store such as session and checkout information and anti-tampering data. |
1y |
|
_storefront_u |
Used to facilitate updating customer account information. |
1min |
|
_tracking_consent |
Used to store a user's preferences if a merchant has set up privacy rules in the visitor's region. |
1y |
|
auth_state_<<id>> |
Stores authentication state before redirecting customers to third party for authentication. |
25min |
|
card_update_verification_id |
Used to support verification when a buyer is redirected back to Shopify after completing 3D Secure during checkout. |
20min |
|
cart |
Contains information related to the user's cart. |
2w |
|
cart_currency |
Used after a checkout is completed to initialize a new empty cart with the same currency as the one just used. |
2w |
|
cart_sig |
A hash of the contents of a cart. This is used to verify the integrity of the cart and to ensure performance of some cart operations. |
2w |
|
cart_ts |
Used in connection with checkout. |
2w |
|
checkout |
Used in connection with checkout. |
21d |
|
checkout_prefill |
Encrypts and stores URL parameters containing PII which are used in cart permalink URLs. |
5min |
|
checkout_session_lookup |
Used in connection with checkout. |
3w |
|
checkout_session_token_<<id>> |
Used when a checkout session is established on the server. |
3w |
|
checkout_token |
Captures the landing page of the visitor when they come from other sites. |
session |
|
customer_account_locale |
Used to keep track of a customer account locale when a redirection occurs from checkout or the storefront to customer accounts. |
1y |
|
customer_payment_method |
Stores what payment method is being updated for subscriptions. |
1h |
|
customer_shop_pay_agreement |
Used to help verify a new Shop Pay payment instrument. |
20min |
|
device_fp_id |
Device fingerprint identifier to help prevent fraud. |
session |
|
device_id |
Session device identifier to help prevent fraud. |
session |
|
Name |
Description |
Duration |
|
discount_code |
Stores a discount code (received from an online store visit with a URL parameter) in order to the next checkout. |
session |
|
dynamic_checkout_shown_on_cart |
Adjusts checkout experience for buyers that proceed with regular checkout versus dynamic checkout. |
30min |
|
hide_shopify_pay_for_checkout |
Set when a buyer dismisses the Shop Pay login modal during checkout, informing display to buyer. |
session |
|
identity_customer_account_number |
Stores an identifier used to facilitate login across the customer's account and storefront domains. |
12w |
|
identity-state |
Stores state before redirecting customers to identity authentication. |
1d |
|
identity-state-<<id>> |
Stores state before redirecting customers to identity authentication. |
1d |
|
keep_alive |
Used when international domain redirection is enabled to determine if a request is the first one of a session. |
session |
|
locale_bar_accepted |
Preserves if the modal from the geolocation app was accepted. |
session |
|
locale_bar_dismissed |
Preserves if the modal from the geolocation app was dismissed. |
1d |
|
localization |
Used to localize the cart to the correct country. |
2w |
|
logged_in |
Identity logged-in hint. |
12w |
|
login_with_shop_finalize |
Used to facilitate login with Shop. |
5min |
|
master_device_id |
Permanent device identifier. |
1y |
|
order |
Used to allow access to the data of the order details page of the buyer. |
3w |
|
pay_update_intent_id |
Stores an ID of a Shop Pay billing agreement update intent, required for a callback after verifying a new Shop Pay payment instrument. |
20min |
|
preview_theme |
Used to indicate whether the theme is being previewed. |
session |
|
previous_checkout_token |
Used to prefill checkout with the details from the previous checkout. |
1y |
|
previous_step |
Used in connection with checkout. |
1y |
|
profile_preview_token |
Used for previewing checkout extensibility. |
5min |
|
receive-cookie-deprecation |
A cookie specified by Google to identify certain Chrome browsers affected by the third-party cookie deprecation. More information about this cookie can be found here. |
session |
|
remember_me |
Used to prefill checkout with the details from the previous checkout. |
1y |
|
Name |
Description |
Duration |
|
secure_customer_sig |
Used to identify a user after they sign into a shop as a customer so they do not need to log in again. |
1y |
|
shop_pay_accelerated |
Indicates if a buyer is eligible for Shop Pay accelerated checkout. |
1y |
|
shopify_pay |
Used to log in a buyer into Shop Pay when they come back to checkout on the same store. |
1y |
|
shopify_pay_redirect |
Used to accelerate the checkout process when the buyer has a Shop Pay account. |
1y |
|
shopify-editor-unconfirmed-settings |
Stores changes merchant does in the editor to update the preview. |
16h |
|
storefront_digest |
Stores a digest of the storefront password, allowing merchants to preview their storefront while it's password protected. |
1y |
|
tracked_start_checkout |
Used in connection with checkout. |
1y |
|
user |
Used in connection with Shop login. |
1y |
|
user_cross_site |
Used in connection with Shop login. |
1y |
|
wpm-domain-test |
Used to test Shopify's Web Pixel Manager with the domain to make sure everything is working correctly. |
session |
Reporting & Analytics
|
Name |
Description |
Duration |
|
_landing_page |
Capture the landing page of visitor when they come from other sites. |
2w |
|
_orig_referrer |
Allows merchant to identify where people are visiting them from. |
2w |
|
_shopify_ga |
Contains Google Analytics parameters that enable cross-domain analytics measurement to work. |
session |
|
_shopify_s |
Used to identify a given browser session/shop combination. Duration is 30 minute rolling expiry of last use. |
30min |
|
_shopify_sa_p |
Capture the landing page of visitor when they come from other sites to support marketing analytics. |
30min |
|
_shopify_sa_t |
Capture the landing page of visitor when they come from other sites to support marketing analytics. |
30min |
|
Name |
Description |
Duration |
|
_shopify_y |
Shopify analytics. |
1y |
|
checkout_one_experiment |
Used when a checkout is eligible to Checkout One and has been assigned to an experiment (control group or test group). |
session |
|
shop_analytics |
Contains the required buyer information for analytics in Shop. |
1y |
|
unique_interaction_id |
Used for checkout metrics. |
10min |
The length of time that a cookie remains on your computer or mobile device depends on whether it is a “persistent” or “session” cookie. Session cookies last until you stop browsing and persistent cookies last until they expire or are deleted. Most of the cookies we use are persistent and will expire between 30 minutes and two years from the date they are downloaded to your device.
You can control and manage cookies in various ways. Please keep in mind that removing or blocking cookies can negatively impact your user experience and parts of our website may no longer be fully accessible.
Most browsers automatically accept cookies, but you can choose whether or not to accept cookies through your browser controls, often found in your browser’s “Tools” or “Preferences” menu. For more information on how to modify your browser settings or how to block, manage or filter cookies can be found in your browser’s help file or through such sites as: www.allaboutcookies.org.
Do Not Track
Please note that because there is no consistent industry understanding of how to respond to “Do Not Track” signals, we do not alter our data collection and usage practices when we detect such a signal from your browser.
Changes
We may update this Policy from time to time in order to reflect, for example, changes to our practices or for other operational or regulatory reasons. You will be deemed to have accepted the revised terms of the Policy on your first use of the Site following the update being made. We recommend that you check this page regularly to keep up to date.
Contact
Data Protection Officer
If, after reviewing this Policy you have any additional questions, want more information about our privacy practices, or would like to exercise further rights in regards to your personal data, please contact our Data Protection Officer, Rosie Geddes, using the means below:
Post
He-Man Dual Controls Ltd
Unit J, Centurion Business Park
Bitterne Park Road
Southampton
SO18 1UB
United Kingdom
Telephone
+44 2380 226952
rosiegeddes@he-mandualcontrols.co.uk
Complaints
Information Commissioner’s Office (ICO)
If you are not happy with our response to any concerns raised regarding how we handle and process your data, you can make a complaint to the Information Commissioner’s Office. The ICO is the independent data protection authority covering the United Kingdom and Northern Ireland.
Our ICO Registration Number is ZA393096.
Last updated: 18 February 2025