Privacy Policy


At Edmund Hillary Brands Limited, we take the protection of the Personal Data that we have on file either on paper or electronically extremely seriously.

This policy explains the reasons for our needing Personal Data and how it is collected and used. In addition, it outlines how we manage Personal Data in respect of the data protection laws of England and Wales and the EU’s General Data Protection Regulation (GDPR) and it outlines the rights of an individual.

The policy covers Personal Data provided to us, both by the individual and by others for and on behalf of the individual.

Personal Data is defined as any information relating to an identified or identifiable living person. We only request and process Personal Data when we are required to so and we aim to be clear on why the Personal Data is needed and how it will be processed.

The reasons that would necessitate us to process Personal Data would be to perform contractual services requested by an organisation or an individual or to engage with an organisation or an individual to discuss the provision of such services. Personal Data would only be processed where there is a clear lawful basis to allow us to do so.

Personal Data is provided from one of three sources, from the individual, from a third party acting on behalf of an individual, or from sources in the public domain.

In the circumstances where we request Personal Data from a third party that relates to an individual, we ask that this third party inform the individual of requirements regarding the use of their data.

In no circumstances would your Personal Data be sold to or shared with any third party so that they may offer you their products and services.

Data would only be shared with third parties either where we are legally required to do so or to deliver the information and or services you have requested from us.



We take the security of all the data we hold extremely seriously. Our team are trained on data protection and security, and we maintain a culture of confidentiality.

We have a framework of policies and procedures which ensure that we keep the data we hold secure.

Our security measures include:

  • the regular and mandatory change to passwords both for devices and systems;
  • where available, two-step verification;
  • email verification;
  • information received electronically is held in a secure and protected environment;
  • information received on paper is held in secured and protected storage;
  • our Retention Policy ensures that Personal Data is held for no longer than legally required;
  • our IT Security Policy governs the use of laptops and removable drives, the protocol for passwords and encryption, the rules for home and mobile working, access controls, and firewalls and cyber security.
  • our Office Security Policy governs the measures taken to control access to premises and equipment, the use and storage of data in the premises and secure disposal of data.
  • a Risk Assessment of our third-party technology providers to verify that their policies and procedures are compatible with GDPR.
  • the implementation of a Breach Notification Plan to ensure that any breach is notified, reported, investigated and remedied effectively.
  • the appointment of a Security Committee to review and update our policies and a Data Protection lead to ensure that the policies articulated to our team and adhered to.

All information you provide to us is stored electronically on third-party hosted secure servers. Where we have given you access to certain parts of our systems, you are responsible for ensuring that this access it kept secure and are required to notify us immediately of any breach.

A full list of our third-providers is available on request from

The transmission of information via the internet, by email or by post is not completely secure. Any transmission of data is at your own risk. Once your data is received, we will do our utmost to prevent unauthorised access by adhering to the strict policies and security procedures outlined above.


Personal Data and How It Is Used

Personal Data is any information about an individual from which that person can be identified.

We collect information about you when:

  • you sign up for our newsletter;
  • you register on the website;
  • you place an order through our website;
  • you register by phone or by email;
  • you place an order by phone or by email;
  • you enter competitions or prize draws.

The main categories of Personal Data that we would request and hold are:

  • First, Middle and Last Names;
  • Full Postal Address;
  • Gender
  • Date of Birth
  • Contact Telephone Number;
  • Contact Email Address;
  • Credit or Debit Card Details;
  • Billing Address;
  • Shipping Address.

We would only request, hold and process Personal Data for the following purposes:

  • to carry out obligations arising from any contracts entered between you and us and to provide you with information, products and services that you request from us, such as administer and fulfil your orders and to process your payments;
  • to remind you of products you have placed in your basket on the Website, but have not purchased, subject to your consent;
  • to aid us identify you and accounts you hold with us;
  • to manage and improve the Website and the services we provide through the Website;
  • to manage the security of the Website and data collected via the Website;
  • to provide other services requested by you, as described when we collect the data;
  • to prevent, detect, and investigate fraud, security breaches, violations of law, and other misuse of the Website, and to enforce our General Terms and Conditions;
  • to address any enquiries, correspondence, concerns or complaints you have raised;
  • for our internal operations, including data analysis, testing, research, statistical purposes and troubleshooting;
  • to notify you about changes to any element of the Website;
  • to measure and understand the effectiveness of advertising we provide to you and others;
  • to deliver relevant advertising to you, for example, newsletters, subject to your consent to receive such advertising;
  • to make suggestions and recommendations to you about other products or services that may be of interest to you, subject to your consent.

For some of the uses of your personal data, there is a legal basis under GDPR for us to use such personal data without your consent. For example:

  • to fulfil a contract with you;
  • to take steps at your request prior to entering into a contract with you, such as to process your order;
  • to provide after care and support services to you; or
  • to manage the online account facility that we provide to you.

There are also circumstances where we have a legitimate interest to use your data, provided that proper care is taken in relation to your rights and interests:

  • to ensure that we organise our database efficiently and understand how our customers may make purchases in different parts of the world;
  • to carry out research and analysis of your data, including purchase information, as this helps us understand our customers better;
  • to improve and ensure the security of the Website; and
  • to ensure that you know about any changes to the Website or the terms of this Privacy Policy.

Where we have a legal basis to use your information without consent, this Privacy Policy fulfils our duty to process personal data fairly and lawfully and in a manner that you would expect given the nature of our relationship with you, by giving you appropriate notice and explanation of the way in which your personal data will be used.

Where consent is required for our use of your personal information, by ticking the appropriate consent box or otherwise communicating your consent, this consent is specific to the purposes specified, for example receiving our newsletter updates.

Third Parties

Edmund Hillary Brands Limited works with third parties that also manage some of your personal information and data in order to provide you with the requested service.  For a list of fulfilment partners please contact


Data Retention

We only retain Personal Data for as long as required to fulfil the purposes for which is has been collected.

For the provision of contractual services, to satisfy the legal and accounting requirements, this will be the lesser of:

  • Seven years; or
  • Three months after the termination of the contractual services by either party.

For our marketing purposes, we comply with GDPR by requiring explicit consent before sending any marketing materials such as newsletters or invitations to events and this consent can be withdrawn at any time. 

Data Controller 

Under GDPR, the Data Controller is defined as the person or organisation who determines the purposes for which and the way in which any Personal Data is processed.

The Data Controller for Edmund Hillary Brands Limited and associated businesses is Edmund Hillary Brands Limited, a company incorporated in England and Wales under Registration Number 10156394 and with the Registered Address of First Floor, 131 High Street, Teddington, TW11 8HH


Legal Rights

Under GDPR, you have rights in relation to your Personal Data. In summary, these rights are to:

  • Request access to your Personal Data. Otherwise called a ‘Subject Access Request’ under GDPR, this entitles you to receive a copy of the Personal Data we hold about you and to check that we are lawfully processing it.
  • Request the correction of your Personal Data. This entitles you to have any incomplete or inaccurate Personal Data that we hold corrected subject to the verification of the accuracy of the new data provided.
  • Request erasure of your Personal Data. This allows you to request us to delete or remove Personal Data where there is no good reason for us continuing to process it. In addition, you have the right to ask us to delete or remove your Personal Data where you have successfully exercised your right to object to processing (as outlined in the clause below), where we may have processed your information unlawfully or where we are required to delete your Personal Data to comply with local legislation. However, there may be legal restrictions that would prevent us from complying with your request. If this is the case, we would notify you accordingly.
  • Object to the processing of Personal Data. This allows you to object in the situation where the processing of your Personal Data is dependent on our legitimate interest, or that of a third party, on the basis that it impacts on your basic rights and freedoms. In this circumstance, we would need to prove that we have legitimate grounds that supersede these rights and freedoms. Moreover, you have the absolute right to object to the processing of your Personal Data for direct marketing purposes.
  • Request a restriction to the processing of your Personal Data. This allows you to ask us to suspend the processing of your Personal Data in the following scenarios:
    • if you want us to verify the accuracy of the data;
    • where you have objected to our use of your data but we are ascertaining whether we have paramount legitimate grounds to use it.
    • where our processing of the data is proven to be unlawful but you do want us to not erase it; or
    • where you require that we retain your data beyond the legal requirement to enable you to support or defend any legal proceedings.
  • Request transfer of your Personal Data. This entitles you to request that we transfer your data back to you or your nominated representative. On receiving such a request, we will provide your Personal Data in a systematized, well-known, machinereadable format within a reasonable timeframe.
  • Withdraw consent. This entitles you to withdraw consent at any time in the circumstances where we are dependent on such consent to process your Personal Data. However, this does not impact the legality of any processing carried out before the consent is withdrawn. If you withdraw your consent, this may prevent us providing certain services to you and we will notify you accordingly should this be the case.

These rights are subservient to any legal duty that obliges that the data be held. For more information on these rights, please contact us at


Transferring Your Information Outside Europe

As part of the services offered to you through this website, the information which you give to us may be transferred to countries outside the European Union. We have undertaken a thorough audit of third-party technology providers to verify that, where this is the case, their policies and procedures are compatible your privacy rights as outlined in this policy.

By submitting your Personal Data, you are agreeing to this transfer, storing or processing.



Whilst we are striving to meet our obligations under GDPR, if you feel that your Personal Data has been processed in a way that infringes your rights, please send an email with the details to We will look into and respond to any complaints we receive as a matter of urgency.

In addition, you have the right to lodge a complaint with the UK data protection regulator, the Information Commissioner’s Office (“ICO”). For further information on your rights and how to complain to the ICO, please refer to the ICO website


Data Controller

Under GDPR, the Data Controller is defined as the person or organisation who determines the purposes for which and the way in which any Personal Data is processed.

The Data Controller for Edmund Hillary Brands Limited and associated businesses is Edmund Hillary Brands Limited, a company incorporated in England and Wales under Registration Number and with the Registered Address of Front Suite, First Floor, 131 High Street, Teddington, TW11 8HH

If you have any questions about this privacy statement or how and why we process Personal Data, please contact us at:

Data Privacy Officer
Edmund Hillary Brands Limited
Front Suite, First Floor
131 High Street
TW11 8HH
Phone: +44 203 967 5498


Changes To Our Privacy Policy

We regularly review our Privacy Policy to ensure that it is fit for purpose and effectively reflects the rights of the individual. Any updates to the Privacy Policy will appear on this website and this Privacy Policy was last updated on 2nd July 2018.