Privacy policy

Last Updated: 12-11-2025

ONDERWERP	DETAIL
Data Controller	HH ECOM LTD (United Kingdom - Co. No. 16133586)
Applicable Laws	UK-GDPR (Entity) & U.S. State Laws (CPRA/CCPA)
Target Market	Residents of the United States exclusively
Data Selling	We do not sell your personal information
Payment Security	PCI-compliant processing (SSL/TLS Encrypted)
Price Transparency	Final price at checkout. No hidden fees or taxes
Contact Method	info@evicross.com

Note: Evi Cross is not a U.S.-based business. We operate as a foreign entity selling exclusively to U.S. customers.

This Privacy Policy explains how we collect, use, disclose, and protect your personal information when you visit or make a purchase from evicross.com (the “Website”). It applies to all users located in the United States.

We aim to comply with applicable U.S. privacy laws, including the California Privacy Rights Act (CPRA) and similar state privacy laws where they apply, and with Google Shopping Ads requirements regarding clear, honest, and secure data handling.

By using the Website, you agree to the practices described in this Policy.

1. Who We Are and Scope of This Policy

Evi Cross is an online-only retail brand operated by HH ECOM LTD, a company registered in the United Kingdom (Company Number: 16133586). For the purposes of the UK General Data Protection Regulation (UK-GDPR) and the Data Protection Act 2018, HH ECOM LTD is the Data Controller responsible for your personal information. While we sell and ship products exclusively to customers within the United States, our data processing activities are governed by both UK and applicable U.S. state privacy laws.

2. Categories of Personal Information We Collect

In the past 12 months, we may have collected the following categories of personal information:

2.1 Identifiers

• Name
• Email address
• Phone number
• Billing and shipping address
• IP address
• Account username (if you create an account)

2.2 Commercial Information

• Products viewed or added to cart
• Products purchased and order history
• Return and refund history
• Transaction amounts and dates

2.3 Internet / Device Information

• IP address and general location (city/state-level)
• Browser type and version
• Device type and operating system
• Referring URL (the site you came from)
• Pages visited, clicks, scroll behavior, and time spent on pages
• Cookie identifiers and similar tracking IDs

2.4 Payment-Related Information

• Payment method details (e.g., card type, last 4 digits)
• Transaction tokens and authorization results
• Note: Full card numbers and full payment details are processed by PCI-compliant payment processors (such as Shopify Payments or PayPal). We do not store full credit or debit card numbers on our own servers.

2.5 Communication and Support Information

• Contact details (name, email, phone number)
• Content of messages, emails, and support requests
• Attachments you provide (e.g., photos for returns or defect claims)

2.6 Marketing and Preference Information

• Email address and/or phone number for marketing (if you opt in)
• Subscription, opt-in and consent status
• Information about whether you open marketing emails or click on links

2.7 User-Generated Content

• Product reviews or ratings you submit
• Name or display name attached to a review
• Review content and submission date

2.8 Sensitive Personal Information We do not knowingly collect or use “sensitive personal information” as defined under U.S. state privacy laws (for example, social security numbers, precise geolocation, health information, or biometric identifiers). We do not request government ID numbers, social security numbers, or similar data, and we do not collect payment information over non-secure (non-HTTPS) connections.

3. Sources of Personal Information

We collect personal information from the following sources:

• Directly from you: when you place an order, create an account, contact customer service, subscribe to marketing, or leave a review.
• Automatically: when you browse the Website, through cookies, log files, and pixels.
• Service providers: payment processors, analytics providers, advertising platforms, logistics and shipping partners, email/SMS providers.
• Derived data: we may infer preferences based on what pages you visit or what you purchase.

4. How We Use Personal Information (Purposes)

We use personal information only for clearly defined purposes:

4.1 To Provide and Manage Our Services

• Processing and fulfilling orders
• Arranging delivery and returns
• Sending order confirmations, updates, and receipts
• Handling cancellations, refunds, and customer service requests

4.2 To Maintain and Improve the Website

• Operating and securing the Website
• Fixing bugs and technical issues
• Measuring performance and loading speeds
• Understanding how visitors use the Website so we can improve navigation and content

4.3 To Prevent Fraud and Misuse

• Screening orders for fraud or suspicious activity
• Protecting accounts from unauthorized access
• Detecting behavior that may violate our terms or Google policies

4.4 For Marketing and Advertising (Where Permitted by Law)

• Sending promotional emails to users who have opted in
• Sending SMS notifications and offers (with explicit consent)
• Showing relevant ads on platforms such as Google, Meta, TikTok, and others
• Measuring the effectiveness of campaigns and promotions

4.5 To Comply With Legal Obligations

• Maintaining records for tax and accounting
• Responding to lawful requests from authorities
• Meeting consumer protection and ecommerce regulations

We do not use personal information to make fully automated decisions that produce legal or similarly significant effects for you, other than limited automated fraud screening and order risk assessment.

5. Cookies and Similar Technologies

We use cookies and similar technologies to support the proper functioning of the Website and to understand how it is used. Cookies may be used for:

• Essential functions: such as keeping items in your cart and enabling secure checkout
• Analytics: understanding how many people visit, which pages are popular, and where we can improve
• Advertising: helping us show relevant ads to you and avoid irrelevant or repetitive ads

You can control or delete cookies through your browser settings. If you block essential cookies, some parts of the Website may not work correctly (for example, you may not be able to complete a purchase).

6. Selling or Sharing Personal Information and Targeted Advertising

Under some U.S. state laws, using cookies and third-party tools for cross-site targeted advertising can be considered a “sale” or “sharing” of personal information, even if no money changes hands.

In the last 12 months, we may have “sold” or “shared” the following categories of personal information for targeted advertising or analytics:

• Identifiers (such as IP address, cookie ID, or online identifiers)
• Internet / Device Information (such as pages visited, products viewed, and interactions with ads)

We do not sell your name, full postal address, phone number, email address, or full payment details to third parties for their own independent marketing.

You may opt out of the “sale” or “sharing” of Personal Information used for targeted advertising by:

• Adjusting cookie and privacy settings in your browser
• Using platform-specific tools such as Google Ads settings or Facebook Ad Preferences
• Contacting us at info@evicross.com with the subject line “Opt-Out of Sale/Sharing”

In states where Global Privacy Control (GPC) is legally recognized, we treat valid GPC signals as an opt-out request for sale/sharing where required by law. We do not sell or share the personal information of users we know are under 16 years old.

7. How We Disclose Personal Information (Third Parties)

We share personal information with carefully selected service providers that help us run our business. They process personal information on our behalf and are not allowed to use it for their own unrelated purposes.

Examples include:

• Shopify – hosts our online store, powers the checkout, and provides analytics tools
• Payment processors – such as Shopify Payments or PayPal, to securely handle your transactions
• Logistics and shipping partners – to manage delivery and process returns
• Customer service platforms – to manage and respond to emails and support requests
• Analytics providers – such as Google Analytics, to analyze Website usage and performance
• Advertising platforms – such as Google Ads, Meta (Facebook/Instagram), TikTok, and Microsoft Ads, to show relevant ads and measure campaigns
• Email and SMS providers – such as Klaviyo or similar tools, to send order updates and marketing messages where permitted

We may also disclose personal information:

• To comply with applicable laws, regulations, or legal processes
• To respond to lawful requests from public authorities
• To protect our rights, property, or safety, or those of our customers or others

We do not disclose information to third parties for purposes that conflict with Google Shopping Ads policies (such as promoting dangerous or illegal content).

8. International Data Transfers

Some of our service providers may process data outside the United States (for example, in Canada or the European Union). Where data is transferred internationally, we use reasonable safeguards such as:

• Contractual obligations requiring service providers to protect personal data
• Encryption and secure transmission
• Access controls and limited retention

9. Behavioral Advertising and Your Choices

We may use Device Information and browsing data to provide advertising that is more relevant to your interests and to measure how effective our ads are.

You can control or limit targeted advertising by:

• Visiting Google Ads Settings: https://adssettings.google.com
• Adjusting Facebook Ad Preferences: https://www.facebook.com/settings/?tab=ads
• Using the Digital Advertising Alliance opt-out tool: https://optout.aboutads.info
• Using Global Privacy Control (GPC) signals in supported browsers
• Contacting us to request an opt-out of sale/sharing where applicable

We do not target ads to children and do not advertise restricted or dangerous product categories that are prohibited under Google Shopping Ads policies.

10. Do Not Track Signals

Some browsers offer a “Do Not Track” (DNT) feature. At this time, there is no widely accepted industry standard for responding to DNT signals, so we do not change our practices solely because of a DNT header. Where required by law, we do honor legally recognized browser-based opt-out signals such as Global Privacy Control (GPC).

11. Your Privacy Rights

Depending on where you live, you may have some or all of the following rights under applicable U.S. state privacy laws:

• Right to know / access: You can request information about the personal data we have collected about you.
• Right to deletion: You can ask us to delete your personal information, subject to certain exceptions (e.g., legal record-keeping).
• Right to correction: You can request that we correct inaccurate personal information.
• Right to opt out of sale or sharing: You can ask us not to sell or share your personal information for targeted advertising.
• Right to data portability: You can request a copy of your personal information in a portable format.
• Right to limit certain uses of data (where applicable): In some states, you can limit how sensitive data is used. We do not knowingly process sensitive personal information.
• Right to appeal: If we deny your request, you may have the right to ask us to review that decision.

To exercise your rights, email us at info@evicross.com with the subject “Privacy Request” and describe your request and state of residence. We may ask for information to verify your identity before we can respond.

If we deny your request, you may send a follow-up email with the subject “Privacy Appeal,” and we will review the decision as required by law. We will not unlawfully discriminate against you for exercising your privacy rights.

11.1 Additional Rights for UK/EEA Residents Although we target the U.S. market, as a UK-based entity, we acknowledge the rights provided under the UK-GDPR. If you have questions regarding our compliance with UK data protection standards, you may contact our compliance team at info@evicross.com.

12. Authorized Agents

In some states, you may authorize another person (an “authorized agent”) to submit privacy requests on your behalf. If you use an authorized agent, we may:

• Require written permission from you granting the agent authority
• Require the agent to verify their own identity
• Require you to confirm your identity directly with us This is to prevent unauthorized access to or deletion of your personal information.

13. Non-Discrimination

We will not treat you differently for exercising any of your privacy rights. This means:

• No denying goods or services
• No charging different prices or imposing penalties
• No providing different levels or quality of service based solely on a privacy request

14. Data Retention

We keep personal information only as long as needed for the purposes described in this Policy or as required by law. Typical retention periods are:

• Order and transaction records: up to 7 years for tax, accounting, and legal compliance
• Customer support messages: up to 3 years after resolution
• Marketing subscription data: until you unsubscribe or request deletion
• Analytics and cookie data: typically between 1 and 26 months, depending on the provider
• Account data: until you close your account or ask us to delete it (subject to legal limits)

When data is no longer needed, we delete it or convert it to a form that no longer identifies you.

15. Security and Responsible Data Collection

We take reasonable technical and organizational measures to protect your personal information and to comply with Google’s requirements against irresponsible data collection and use.

These measures include:

• HTTPS (SSL/TLS) encryption for all pages where personal information is entered or transmitted
• Secure hosting infrastructure provided by Shopify
• PCI-compliant payment processing through third-party providers
• Role-based access controls so only authorized staff can access necessary data
• Logging and monitoring for suspicious activity and fraud
• Data minimization practices to collect only what is necessary

We do not collect or transmit sensitive identifiers (such as full payment card numbers or government ID numbers) over unencrypted or insecure connections. No method of transmission or storage is completely secure, but we work to reduce risks and respond promptly to potential issues.

16. Email and SMS Marketing

If you opt in to receive email updates, we will use your email address to send:

• Order-related communications (these are transactional and do not require marketing consent)
• Marketing messages such as offers, product news, or recommendations (only where you have given consent or where permitted by law)

You can unsubscribe from marketing emails at any time by clicking the “unsubscribe” link in the email or contacting us.

If you opt in to SMS messages:

• You may receive order updates, reminders, or promotional messages
• You can reply STOP at any time to opt out
• Message and data rates may apply depending on your carrier
• Consent to receive SMS is not required to make a purchase

17. Children’s Privacy

The Website is not directed to individuals under the age of 13. We do not knowingly collect, sell, or share personal information from children under 13, and we do not sell or share the personal information of users we know are under 16. If you believe that we may have collected personal information from a child, please contact us, and we will take appropriate steps to delete it.

18. Financial Incentives

We do not offer financial incentives, loyalty programs, or discounts in exchange for personal information in a way that would require additional disclosures under U.S. privacy laws. If this changes in the future, we will provide a separate notice explaining the terms and your choices.

19. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, or legal requirements. When we do, we will update the “Last Updated” date at the top of this page. We encourage you to review this Policy periodically.

20. Law

Governing Law This Privacy Policy is governed by applicable U.S. Federal law regarding consumer interactions within the United States. Furthermore, as HH ECOM LTD is a United Kingdom entity, our internal data handling practices are maintained in accordance with the laws of the United Kingdom (UK-GDPR).

21. Contact Information

Company information

Company Name: Evi Cross
Legal Entity: HH ECOM LTD
Company number: 16133586

Return Address (for returns):
Returns are handled via our US fulfillment facility: 
3450 NW 115th Ave, Miami, FL 33178, United States
(This is the address to which returned products should be sent.)

Registered business address:
Local Blackfriars 1204 Block A, Bury Street, Salford, Manchester, M3 7FL
(This is our company’s official registered address for legal and corporate correspondence.)

Please note: Evi Cross is an online-only store with no physical visitor location. Returns can only be sent to the return address listed above.

Contact information:
Preferred contact method: You can reach us best via email or contact form. We aim to respond within 24 hours.

Email: info@evicross.com
Phone: +1 (239) 507-9043 (Customer Service Line, Eastern Time)

Customer Service Hours (Eastern Time, ET):
Monday to Friday: 9:00 AM – 5:00 PM
Saturday to Sunday: 9:00 AM – 1:00 PM

For privacy-related questions, you may contact us directly at info@evicross.com. We do not appoint a separate U.S. data protection representative because such appointment is not required under U.S. law.