Hi Custom Boxes Logo

Privacy Policy

At Hi Custom Boxes, we are committed to protecting your privacy and ensuring the security of your personal information. This privacy policy explains how we collect, use, and safeguard your data when you use our services.

Last Updated: June 24, 2025  |  Effective Date: June 24, 2025

Quick Navigation

Overview
Information We Collect
How We Use Your Information
Information Sharing
Cookies & Tracking
Data Security
Your Rights
Data Retention
International Transfers
Children's Privacy
Policy Updates
Contact Us

Have Questions?

If you have any questions about our privacy practices, please don't hesitate to contact us.

Contact Us

1. Overview

Hi Custom Boxes ("we," "our," or "us") respects your privacy and is committed to protecting your personal information. This Privacy Policy describes how we collect, use, disclose, and safeguard your information when you visit our website, use our services, or interact with us.

Key Principles

  • We only collect information necessary to provide our services
  • We never sell your personal information to third parties
  • We use industry-standard security measures to protect your data
  • You have control over your personal information
  • We are transparent about our data practices

This policy applies to all users of our website and services, including customers, potential customers, suppliers, and website visitors. By using our services, you consent to the collection and use of your information as described in this policy.

Important: If you do not agree with the terms of this privacy policy, please do not access or use our services.

2. Information We Collect

We collect different types of information to provide and improve our packaging services. Here's what we collect and how:

Personal Information You Provide

Information Type Examples How We Collect It
Contact Information Name, email address, phone number, mailing address Quote forms, account registration, order placement
Business Information Company name, business type, industry, VAT number B2B account setup, custom quotes
Payment Information Billing address, payment method details Order checkout, payment processing
Project Details Box specifications, design files, quantity requirements Custom quote requests, order placement
Communication Data Messages, feedback, support inquiries Contact forms, emails, phone calls, live chat

Information We Collect Automatically

  • Website Usage Data: Pages visited, time spent on pages, click patterns, navigation paths
  • Device Information: IP address, browser type, operating system, device type, screen resolution
  • Location Data: General geographic location based on IP address (country/region level)
  • Referral Information: Website or source that referred you to our site
  • Session Data: Login times, session duration, feature usage patterns

Information from Third Parties

We may receive information about you from:

  • Social media platforms (if you choose to connect your accounts)
  • Analytics services and advertising networks
  • Business partners and referral sources
  • Public databases and business directories
  • Credit reporting agencies (for business accounts)

Optional Information

Much of the information we collect is optional. However, certain information is required to provide our services effectively. We'll always indicate which fields are required when collecting information from you.

3. How We Use Your Information

We use your personal information for various purposes related to providing our packaging services and improving your experience. Here's how we use your information:

Service Delivery

  • Processing and fulfilling your custom packaging orders
  • Providing quotes and estimates for packaging projects
  • Creating and managing your customer account
  • Coordinating design consultations and approvals
  • Managing production schedules and delivery logistics
  • Processing payments and handling billing

Communication

  • Sending order confirmations, updates, and delivery notifications
  • Responding to your inquiries and providing customer support
  • Sharing important account or service information
  • Conducting customer satisfaction surveys (with your consent)
  • Providing technical support and troubleshooting assistance

Marketing and Personalization (With Your Consent)

  • Sending newsletters with packaging tips and industry insights
  • Sharing promotional offers and new product announcements
  • Personalizing website content and product recommendations
  • Retargeting advertising on other websites and platforms
  • Inviting you to participate in case studies or testimonials

Business Operations

  • Analyzing website usage to improve user experience
  • Monitoring and improving our services and processes
  • Conducting market research and trend analysis
  • Managing inventory and production planning
  • Training staff and improving customer service

Legal and Security

  • Complying with legal obligations and regulations
  • Protecting against fraud, spam, and security threats
  • Enforcing our terms of service and policies
  • Responding to legal requests and court orders
  • Protecting our intellectual property and business interests

Legal Basis for Processing (GDPR)

For users in the EU/UK, we process your personal information based on:

  • Contract: To fulfill our services and agreements with you
  • Legitimate Interest: To improve our services and business operations
  • Consent: For marketing communications and optional features
  • Legal Obligation: To comply with applicable laws and regulations

4. Information Sharing and Disclosure

We do not sell, rent, or trade your personal information to third parties. However, we may share your information in certain limited circumstances:

Service Providers

We work with trusted third-party service providers who help us deliver our services. These providers have access to your information only to perform specific tasks on our behalf and are contractually obligated to keep your information confidential.

Service Type Purpose Information Shared
Payment Processors Process payments and handle billing Payment information, billing address
Shipping Companies Deliver your orders Name, delivery address, phone number
Cloud Hosting Store and process data securely All data as necessary for service operation
Email Services Send communications and newsletters Email address, name, communication preferences
Analytics Providers Analyze website usage and performance Usage data, anonymized user behavior
Customer Support Provide technical and customer support Contact information, support inquiries

Business Transfers

If Hi Custom Boxes is involved in a merger, acquisition, or sale of assets, your personal information may be transferred as part of that transaction. We will notify you via email and/or a prominent notice on our website of any change in ownership or use of your personal information.

Legal Requirements

We may disclose your personal information when required by law or when we believe in good faith that such action is necessary to:

  • Comply with legal processes, court orders, or government requests
  • Enforce our terms of service or other agreements
  • Protect the rights, property, or safety of Hi Custom Boxes, our users, or others
  • Investigate or prevent fraud, security breaches, or illegal activities
  • Respond to claims that content violates third-party rights

With Your Consent

We may share your information for any other purpose with your explicit consent. For example:

  • Featuring your company in case studies or testimonials (with permission)
  • Sharing success stories or project showcases (with approval)
  • Connecting you with partners or suppliers (upon request)

We Never Sell Your Data

Hi Custom Boxes does not sell, rent, or lease your personal information to third parties for their marketing purposes. Any sharing is limited to the specific purposes outlined above and is done with appropriate safeguards in place.

5. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to enhance your browsing experience, analyze site usage, and assist in our marketing efforts. Here's what you need to know:

What Are Cookies?

Cookies are small text files stored on your device when you visit our website. They help us recognize your browser and remember certain information about your preferences or past actions.

Types of Cookies We Use

Essential Cookies

These cookies are necessary for the website to function properly.

  • Authentication and security cookies
  • Shopping cart and session management
  • Load balancing and technical functionality
  • GDPR consent management

Analytics Cookies

Help us understand how visitors interact with our website.

  • Google Analytics (anonymized data)
  • Page view tracking and user behavior
  • Website performance monitoring
  • Error tracking and debugging

Functional Cookies

Enable enhanced functionality and personalization.

  • Language and region preferences
  • Design tool settings and preferences
  • Chat widget functionality
  • Form auto-fill assistance

Marketing Cookies

Used to track visitors across websites for advertising purposes.

  • Google Ads and remarketing campaigns
  • Facebook Pixel for social media advertising
  • LinkedIn tracking for B2B marketing
  • Email marketing tracking pixels

Managing Your Cookie Preferences

You have several options for managing cookies:

  • Cookie Banner: When you first visit our site, you can choose which types of cookies to accept
  • Browser Settings: Configure your browser to block or delete cookies
  • Opt-out Tools: Use industry opt-out tools for advertising cookies
  • Account Settings: Adjust marketing preferences in your account dashboard

Third-Party Tracking

Our website may include third-party tracking technologies from:

  • Google Analytics and Google Ads
  • Facebook and Instagram tracking pixels
  • LinkedIn Campaign Manager
  • Email service providers (Mailchimp, SendGrid)
  • Customer support platforms (Intercom, Zendesk)

Important Notes

  • Disabling essential cookies may affect website functionality
  • Analytics data is aggregated and anonymized where possible
  • Marketing cookies help us show you relevant advertisements
  • You can update your cookie preferences at any time

6. Data Security

We take the security of your personal information seriously and implement a variety of security measures to protect your data against unauthorized access, alteration, disclosure, or destruction.

Technical Safeguards

  • Encryption: All data transmission is protected using SSL/TLS encryption (minimum 256-bit)
  • Secure Hosting: Data is stored on secure, ISO 27001 certified cloud infrastructure
  • Access Controls: Multi-factor authentication and role-based access for all systems
  • Network Security: Firewalls, intrusion detection, and regular security monitoring
  • Data Backup: Regular automated backups with encryption and secure storage
  • Database Security: Encrypted databases with restricted access and audit logging

Administrative Safeguards

  • Staff Training: Regular privacy and security training for all employees
  • Background Checks: Security clearance for employees with data access
  • Confidentiality Agreements: All staff sign comprehensive confidentiality agreements
  • Access Monitoring: Logging and monitoring of all data access activities
  • Incident Response: Established procedures for security breach response

Physical Safeguards

  • Secure Facilities: Data centers with 24/7 security and restricted access
  • Environmental Controls: Climate control and disaster recovery systems
  • Equipment Security: Secure disposal of hardware and storage devices

Payment Security

We use industry-standard payment processing with additional security measures:

  • PCI DSS compliance for all payment processing
  • Tokenization of payment card information
  • Fraud detection and prevention systems
  • Secure payment gateways (Stripe, PayPal, etc.)
  • No storage of complete payment card numbers

Regular Security Assessments

  • Annual third-party security audits and penetration testing
  • Regular vulnerability assessments and security updates
  • Continuous monitoring for emerging security threats
  • Compliance reviews for data protection regulations

Your Role in Security

While we implement strong security measures, you also play a role in protecting your information:

  • Use strong, unique passwords for your account
  • Keep your login credentials confidential
  • Log out of your account when using shared devices
  • Report any suspected unauthorized access immediately
  • Keep your contact information updated

Data Breach Response

In the unlikely event of a data breach, we have established procedures to:

  • Immediately contain and assess the breach
  • Notify affected users within 72 hours where required
  • Report to relevant authorities as legally mandated
  • Implement additional security measures to prevent future incidents
  • Provide support and guidance to affected users

7. Your Rights and Choices

You have various rights regarding your personal information. The specific rights available to you may depend on your location and applicable laws.

Universal Rights

Regardless of your location, you have the following rights:

Access Your Data

Request a copy of the personal information we hold about you.

  • Account dashboard for basic information
  • Contact us for comprehensive data export
  • Response within 30 days of request

Correct Your Data

Update or correct inaccurate personal information.

  • Update contact information in your account
  • Request corrections via customer support
  • We'll verify and update information promptly

Delete Your Data

Request deletion of your personal information.

  • Account closure and data deletion
  • Subject to legal retention requirements
  • Some data may be anonymized instead of deleted

Control Marketing Communications

Manage your communication preferences.

  • Unsubscribe from email newsletters
  • Opt-out of promotional communications
  • Continue receiving essential service communications

Enhanced Rights (GDPR - EU/UK Users)

If you're located in the EU or UK, you have additional rights under GDPR:

Data Portability

Receive your personal data in a structured, machine-readable format for transfer to another service.

Restrict Processing

Limit how we process your personal data while maintaining your account.

Object to Processing

Object to processing based on legitimate interests, including direct marketing.

Withdraw Consent

Withdraw consent for processing where consent is the legal basis.

How to Exercise Your Rights

To exercise any of these rights:

  • Account Dashboard: Update basic information directly in your account
  • Email Request: Send requests to Sales@hicustomboxes.co.uk
  • Contact Form: Use our privacy contact form (link below)
  • Phone: Call our customer support team
  • Mail: Send written requests to our physical address

Response Times and Verification

  • We respond to most requests within 30 days
  • Complex requests may take up to 90 days
  • We may require identity verification for security
  • Some requests may incur reasonable administrative fees
  • We'll explain any delays or fees in advance

Filing Complaints

If you're not satisfied with how we handle your privacy rights:

  • Contact our Data Protection Officer first
  • File a complaint with your local data protection authority
  • UK users: Information Commissioner's Office (ICO)
  • EU users: Your national data protection authority

8. Data Retention

We retain your personal information only for as long as necessary to fulfill the purposes for which it was collected, comply with legal obligations, and protect our legitimate business interests.

Retention Periods by Data Type

Data Type Retention Period Reason for Retention
Account Information Duration of account + 7 years Business records, tax compliance
Order and Transaction Data 7 years after last transaction Financial reporting, warranty claims
Design Files and Project Data 3 years after project completion Reorders, quality issues, IP protection
Marketing Communications Until unsubscribe + 2 years Compliance with unsubscribe requests
Website Analytics 26 months (Google Analytics) Business analytics and optimization
Customer Support Records 3 years after resolution Quality improvement, training
Security Logs 1 year Security monitoring, incident response
CCTV Footage 30 days Security and safety

Factors Determining Retention

  • Legal Requirements: Tax laws, consumer protection regulations, commercial law
  • Legitimate Business Interests: Providing ongoing services, preventing fraud
  • Contractual Obligations: Terms of service, warranty periods
  • User Relationship: Active vs. inactive accounts, ongoing projects
  • Data Sensitivity: More sensitive data may be deleted sooner

Automated Deletion Process

We have implemented automated systems to ensure data is deleted according to our retention schedule:

  • Regular automated reviews of data retention periods
  • Systematic deletion of data that has reached retention limits
  • Secure deletion methods that make data unrecoverable
  • Logging and monitoring of all deletion activities
  • Annual reviews of retention policies and procedures

Early Deletion Requests

You can request early deletion of your data in certain circumstances:

  • Account Closure: Request deletion when closing your account
  • Consent Withdrawal: Data collected based on consent
  • No Longer Necessary: When data is no longer needed for its original purpose
  • Legal Right: Under applicable data protection laws

Exceptions to Deletion

Some data may be retained longer if:

  • Required by law (tax records, legal compliance)
  • Needed for legal proceedings or disputes
  • Essential for protecting rights and safety
  • Necessary for legitimate business interests
  • Anonymized data for research or analytics

Backup and Archive Data

Data in backup systems and archives may take additional time to be completely removed due to technical limitations. We ensure backup data is also subject to our retention policies and is eventually purged from all systems.

9. International Data Transfers

As a global business, we may transfer your personal information to countries outside your home country. We ensure all transfers are conducted with appropriate safeguards to protect your privacy rights.

Where Your Data May Be Transferred

Your personal information may be transferred to and processed in:

  • United Kingdom: Our primary data processing location
  • European Union: EU-based service providers and cloud hosting
  • United States: Cloud services, analytics, and customer support tools
  • Canada: Backup and disaster recovery services
  • Other Countries: As needed for service delivery and support

Legal Basis for Transfers

We rely on various legal mechanisms to ensure lawful international transfers:

Adequacy Decisions

Countries recognized by the UK/EU as providing adequate data protection (e.g., Canada, Switzerland).

Standard Contractual Clauses (SCCs)

EU-approved contract terms that ensure adequate protection for data transfers to third countries.

Certification Programs

Service providers certified under recognized privacy frameworks (e.g., Privacy Shield successors).

Necessary for Service Delivery

Transfers necessary to fulfill contracts with you or provide services you've requested.

Safeguards We Implement

  • Contractual Protections: All service providers sign data processing agreements with strict privacy requirements
  • Technical Safeguards: Encryption in transit and at rest for all international transfers
  • Access Controls: Limiting access to personal data on a need-to-know basis
  • Regular Audits: Monitoring compliance with transfer requirements and safeguards
  • Data Minimization: Transferring only the minimum data necessary for the specific purpose

Specific Transfer Scenarios

Purpose Destination Safeguards
Cloud Hosting and Storage EU, US, Canada SCCs, encryption, certified providers
Customer Support US, Canada Limited access, encryption, SCCs
Payment Processing US, EU PCI DSS compliance, tokenization
Analytics and Marketing US, EU Anonymization, limited data sets
Shipping and Delivery Various (as needed) Minimal data, delivery purposes only

Your Rights Regarding International Transfers

  • Request information about where your data is processed
  • Object to transfers that don't have adequate safeguards
  • Request that we keep your data within certain geographic regions (where technically feasible)
  • Receive copies of the safeguards we use for international transfers

Monitoring Transfer Requirements

We continuously monitor legal developments affecting international data transfers and update our practices accordingly. This includes adapting to new adequacy decisions, updating contractual terms, and implementing additional safeguards as required by evolving privacy laws.

10. Children's Privacy

Hi Custom Boxes is committed to protecting the privacy of children and complying with applicable laws regarding children's personal information.

Age Restrictions

Our services are not intended for children, and we have different age requirements based on your location:

  • EU/UK Users: Our services are not available to anyone under 16 years of age
  • US Users: Our services are not available to anyone under 13 years of age
  • Other Regions: Our services are not available to anyone under the age of majority in their jurisdiction

No Intentional Collection

We do not knowingly collect, use, or disclose personal information from children under the applicable age limits. Our website and services are designed for businesses and adults making commercial purchasing decisions.

If We Discover Children's Information

If we become aware that we have collected personal information from a child under the applicable age without proper consent:

  • We will delete the information as quickly as possible
  • We will not use the information for any purpose
  • We will not disclose the information to third parties
  • We will notify the child or parents if required by law

Parental Rights

If you are a parent or guardian and believe your child has provided us with personal information:

  • Contact us immediately using the information provided in this policy
  • We will investigate and respond within 30 days
  • We will delete any verified children's information from our systems
  • We will provide confirmation of deletion upon request

School and Educational Use

While our primary services target businesses, if educational institutions wish to use our services for educational purposes:

  • The educational institution must provide appropriate consent
  • Only authorized adult representatives should create accounts
  • Student information should not be shared with us
  • Special privacy terms may apply for educational use

Important Notice for Parents

We encourage parents to monitor their children's internet usage and teach them about online privacy. If you have concerns about your child's online activity or believe they may have shared personal information with us, please contact us immediately.

Compliance with Children's Privacy Laws

We comply with applicable children's privacy laws including:

  • Children's Online Privacy Protection Act (COPPA) in the United States
  • General Data Protection Regulation (GDPR) provisions for children in the EU/UK
  • Similar children's privacy laws in other jurisdictions where we operate

11. Privacy Policy Updates

We may update this privacy policy from time to time to reflect changes in our practices, services, legal requirements, or for other operational, legal, or regulatory reasons.

When We Update This Policy

We may update this privacy policy in the following situations:

  • Changes to our business practices or services
  • New legal or regulatory requirements
  • Introduction of new technologies or features
  • Changes to our data processing activities
  • User feedback or requests for clarification
  • Regular policy reviews and improvements

Types of Updates

Minor Updates

Clarifications, formatting improvements, or administrative changes that don't affect your rights.

  • Contact information updates
  • Grammatical corrections
  • Formatting improvements
  • Addition of helpful examples

Material Updates

Significant changes that may affect your privacy rights or how we handle your data.

  • Changes to data collection practices
  • New purposes for data processing
  • Changes to data sharing arrangements
  • New legal bases for processing

How We Notify You of Changes

Our notification method depends on the significance of the changes:

For Minor Updates:

  • Update the "Last Modified" date at the top of this policy
  • Post the updated policy on our website
  • No additional notification required

For Material Updates:

  • Email notification to registered users at least 30 days before changes take effect
  • Prominent notice on our website homepage
  • In-app notifications for active users
  • Clear summary of key changes provided
  • Opportunity to review and ask questions about changes

Your Options When We Update

When we make material changes to this privacy policy, you have several options:

  • Continue Using Our Services: By continuing to use our services after the effective date, you accept the updated policy
  • Contact Us with Questions: Reach out if you need clarification about any changes
  • Update Your Preferences: Adjust your privacy settings or communication preferences
  • Exercise Your Rights: Request data deletion, restriction, or other rights under applicable law
  • Discontinue Service: If you disagree with changes, you may stop using our services

Version History and Archive

We maintain records of our privacy policy updates:

  • Previous versions are archived and can be requested
  • Effective dates for all versions are documented
  • Summary of changes between versions available upon request
  • Legal retention of policy versions as required

Staying Informed

To stay updated on privacy policy changes:

  • Check the "Last Updated" date periodically
  • Subscribe to our newsletter for important updates
  • Follow us on social media for announcements
  • Contact us if you have questions about changes

Emergency Updates

In rare circumstances (such as security breaches or urgent legal requirements), we may need to update this policy immediately. In such cases:

  • We will implement necessary changes immediately
  • Notification will be provided as soon as reasonably possible
  • Detailed explanation of the urgent circumstances will be provided
  • Additional measures may be taken to protect user privacy

12. Contact Us

If you have any questions, concerns, or requests regarding this privacy policy or our data practices, we encourage you to contact us. We're committed to addressing your privacy concerns promptly and thoroughly.

Primary Contact Information

General Privacy Inquiries

Email: sales@hicustomboxes.co.uk

Phone: +44 20 3290 3203

Hours: Monday-Friday, 9:00 AM - 6:00 PM GMT

Response Time: Within 48 hours

Data Protection Officer

Email: [email protected]

Role: GDPR compliance and data protection matters

Languages: English, French, German

Response Time: Within 30 days

Postal Address

Hi Custom Boxes Ltd.

Privacy Officer

123 Packaging Street

London EC1A 1BB

United Kingdom

Types of Privacy Requests

We can help you with various privacy-related requests:

Data Access Requests

Request a copy of your personal data

Data Correction

Update or correct your information

Data Deletion

Request removal of your data

Marketing Opt-out

Unsubscribe from communications

Data Portability

Export your data to another service

Privacy Questions

General privacy policy inquiries

When Contacting Us, Please Include:

  • Your full name and the email address associated with your account
  • A clear description of your request or concern
  • Any relevant account information or order numbers
  • Your preferred method of response
  • Proof of identity for data requests (we may request additional verification)

Response Times

Request Type Response Time Notes
General Inquiries 48 hours Business days only
Data Subject Requests 30 days May extend to 90 days for complex requests
Urgent Privacy Concerns 24 hours Security issues, data breaches
Marketing Opt-out 72 hours Immediate for email unsubscribe links

Regulatory Contact Information

If you're not satisfied with our response to your privacy concerns, you can contact the relevant data protection authority:

UK Users

Information Commissioner's Office (ICO)

Website: ico.org.uk

Phone: 0303 123 1113

EU Users

Your National Data Protection Authority

Find your local authority at:

edpb.europa.eu

Have a Privacy Question?

Contact our privacy team directly for any questions about our data practices or to exercise your privacy rights.

For urgent privacy matters, please call us directly at +44 20 3290 3203

WhatsApp