Privacy Policy

Version 1.0 

The policy was last updated on 12 Mar 2025.

1. Who We Are

  1. Haru is a trading name of Reform Clothing Limited, a company registered in Northern Ireland under company number NI674281.

  2. We are committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy, together with the Terms of Service for our Service (together, our “Terms of Use”) apply to your use of our Service.

  3. This Privacy Policy sets out the basis on which any personal data we collect from you, or that you provide to us, will be processed by us. Please read the following carefully to understand our practices regarding your personal data and how we will treat it.

2. What Information We Collect

  1. When you buy items from Haru, we collect the following information:

    1. Contact Details: Name, email address, phone number.

    2. Shipping Information: Collection and return address.

    3. Payment Information: Bank details for direct payment.

    4. Transaction Data: details about payments to and from you

    5. Marketing and Communications Data includes your preferences in receiving marketing from us and our third parties and your communication preferences

  2. We do not collect any Special Categories of Personal Data about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, criminal records, information about your health, and genetic and biometric data).

3. How We Use Your Information

  1. We will only use your personal data when the law allows us to do so. Most commonly we will use your personal data in the following circumstances:

    1. Where you have consented before the processing.

    2. Where we need to perform a contract, we are about to enter or have entered with you.

    3. Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests.

    4. Where we need to comply with a legal or regulatory obligation.

  2. We will only send you direct marketing communications by email or text if we have your consent. You have the right to withdraw that consent at any time by contacting us.

  3. We will get your express opt-in consent before we share your personal data with any third party for marketing purposes.

  4. If you would like more information about our legal basis for processing your data, feel free to contact us.

  5. The purpose for which we use your data is outlined below:

    1. Arrange delivery and return shipments.

    2. Process and confirm payments.

    3. Communicate with you about transactions.

    4. Comply with legal and financial regulations

4. How we collect your information

  1. Information you give us. This is information (including Identity, Contact, Financial, and Marketing and Communications Data) you consent to giving us about you by filling in forms on our Sites, or by corresponding with us (for example, by email or chat). It includes information you provide when you subscribe to any of our Services, search for or Service, complete a transaction, enter a competition, promotion or survey, and when you report a problem. If you contact us, we will keep a record of that correspondence.

  2. Information we collect about you and your device. Each time you visit one of our Sites or use our Service we will automatically collect personal data including Device, Content and Usage Data. We collect this data using cookies and other similar technologies

5. Disclosure of Information

  1. When you consent to providing us with your personal data, we will also ask you for your consent to share your personal data with the third parties set out below for the purposes set out below.

  2. The following third-party service providers assist us in providing the Services.

    1. Third Party Name: Stripe Services Provided: Payment Processing Acting As: Processor

    2. Third Party Name: Google Suite Services Provided: Form Submission Acting As: Processor

    3. Third Party Name: Meteor Services Provided: 3PL Acting As: Processor

    4. Third Party Name: Professional Advisors (e.g., lawyers, bankers, auditors & insurers) Services Provided: Advice in relation to the operation of our business and the provision of the Services Acting As: Processor Based in: UK

    5. Third Party Name: HM Revenue & Customers, Regulators, and other authorities Services Provided: Reporting of processing activities in accordance with applicable laws Acting As: Processor Based in: UK

  3. Where third party service providers are based outside the UK or EEA, their processing of your personal data will involve a transfer of data outside the UK and EEA.

  4. Whenever we transfer your personal data out of the UK and EEA, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:

    1. We will only transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data by the UK government and European Commission.

    2. Where we use certain service providers, we may use specific contracts approved by the UK Government and/or the European Commission (as applicable) which give personal data the same protection it has in the UK.

  5. Please contact us if you want further information on the specific mechanism used by us when transferring your personal data out of the UK.

6. Data Security

  1. All information you provide to us is stored on our secure servers. Any payment transactions carried out by our chosen third-party payment processor will be securely encrypted. 

  2.  Once we have received your information, we will use strict procedures and security features to try to prevent your personal data from being accidentally lost, used, or accessed in an unauthorised way. 

  3. We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator when we are legally required to do so.

7. Data Retention

  1. We will retain your personal data in accordance with our data retention policy (a copy of which is available from us on request). A summary is provided below for your convenience:

    1. Contractual Obligations: If customer data was collected as part of a contract (e.g., purchase records, service agreements), we retain the data for as long as the contract is in force and for a reasonable period afterward, up to 6 years.

    2. Legal and Regulatory Requirements: Certain types of data must be retained for specific periods due to legal or regulatory requirements. For example:

    3. Tax records: Must be kept for at least 6 years after the end of the tax year they relate to, according to HMRC requirements.

    4. Financial records: 6 years, for financial records to comply with UK tax and accounting laws.

    5. Consent-Based Data: If customer data is processed based on consent (e.g., marketing preferences), we retain it only as long as the consent is valid or until the customer withdraws their consent.

  2. In some circumstances we will anonymise your personal data for research or statistical purposes. We may use this anonymised information indefinitely without further notice to you.


8. Your Legal Rights

  1. You can control and manage the information you provide to us through the settings in the App.

  2. You also have the right to access personal information we hold about you and to ask that your personal information be corrected, updated, deleted, or transferred to you or a third party. If you would like to exercise these rights, please contact us as set out below.

  3. You may also choose to delete your account at any time, although please note that we may retain certain data as required by law or as otherwise permitted by law.

9. Children's Privacy

  1. Our Services and Sites are not intended for use by children (those under the age of 18), and we do not knowingly collect personal information from children. If you believe that we have inadvertently collected information from a child, please contact us immediately

10. Cookies

  1. We use cookies and/or other tracking technologies to distinguish you from other users on our Sites and to remember your preferences. This helps us to provide you with a good experience when you use the Service. For detailed information on the cookies we use, the purposes for which we use them and how you can exercise your choices regarding our use of your cookies, please contact us or see our cookie policy.

11. Changes To This Privacy Policy

  1. a. We keep our privacy policy under regular review. It may change and if it does, these changes will be posted on this page and, where appropriate, notified to you by email. You may be required to read and accept the changes to continue your use of the Services.

  2. b. It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during our relationship with you.

12. Unsubscribe

  1. If you’ve subscribed to our newsletters or asked to receive marketing material from us, you can always unsubscribe. In all these emails we include an unsubscribe link and you can always click the link and easily unsubscribe. You can also unsubscribe by sending us an email to the contact address below.

13. Contact Us

  1. If you have any questions or concerns about this Privacy Policy or our practices, please contact us at support@haru.co.uk.

14. Complaints

  1. Please contact us if you have any queries or concerns about our use of your personal data (see above ‘Contact Us’). We hope we will be able to resolve any issues you may have.

  2. You also have the right to lodge a complaint with:

    1. the Information Commissioner in the UK

    2. a relevant data protection supervisory authority in the EEA state of your habitual residence, place of work or of an alleged infringement of data protection laws in the EEA.

  3. The UK’s Information Commissioner may be contacted using the details at https://ico.org.uk/make-a-complaint or by telephone: 0303 123 1113.