Legal

Privacy Policy

Last updated: 01 May 2026

Who We Are

Origins by Hawwa is an online retailer of premium modest fashion hijabs, operating under the brand name Origins by Hawwa. Our website address is: https://originsbyhawwa.com. We are based in the United Kingdom.

For the purposes of UK GDPR and the Data Protection Act 2018, Origins by Hawwa is the data controller of personal data collected through this website.

What Personal Data We Collect and Why

Orders and Purchases

When you place an order we collect your name, billing address, shipping address, email address, phone number, and payment details. Your payment card details are processed securely by our payment provider (Stripe or PayPal) and are never stored on our servers. We retain order information to fulfil your order, manage returns and refunds, and to comply with our legal obligations under UK tax law.

Legal basis: Contractual necessity (Article 6(1)(b) UK GDPR) and legal obligation (Article 6(1)(c) UK GDPR).

Account Registration

If you create an account on our website, we store your name, email address, and a hashed password. We also store your order history and any addresses you save for convenience. You may delete your account at any time by contacting us.

Legal basis: Contractual necessity (Article 6(1)(b) UK GDPR).

Contact Forms

When you submit a message via our contact form, we collect your name, email address, and the content of your message. We use this data solely to respond to your enquiry.

Legal basis: Legitimate interests (Article 6(1)(f) UK GDPR).

Newsletter Subscription

If you subscribe to our newsletter, we collect your email address and, optionally, your first name. We send marketing communications only with your explicit consent. You may unsubscribe at any time via the link in any email or by contacting us.

Legal basis: Consent (Article 6(1)(a) UK GDPR).

Cookies and Analytics

We use cookies and similar technologies to operate our website, remember your preferences, and understand how visitors use our site. Please see our Cookie Policy for full details.

Legal basis: Legitimate interests for essential cookies; Consent for analytics and marketing cookies (Article 6(1)(a) and (f) UK GDPR).

How Long We Keep Your Data

  • Order records: 7 years (required by UK HMRC for tax purposes)
  • Account data: Until you delete your account, or 3 years of inactivity
  • Contact form submissions: 12 months
  • Marketing subscriptions: Until you unsubscribe
  • Analytics data: 26 months (Google Analytics default)

Who We Share Your Data With

We do not sell, trade, or rent your personal information. We share data only with trusted third-party service providers who help us operate our business:

  • Payment processing: Stripe / PayPal — for secure payment handling
  • Delivery: Royal Mail, Evri, DPD — for shipping your orders
  • Email marketing: Mailchimp / Klaviyo — for newsletter delivery
  • Analytics: Google Analytics — for website performance insights
  • Website hosting: Hostinger — for website and data hosting (EU-based servers)

All third-party processors are bound by data processing agreements and are required to handle your data in compliance with UK GDPR.

International Transfers

Some of our third-party providers are based outside the UK. Where data is transferred internationally, we ensure appropriate safeguards are in place, such as UK adequacy decisions or Standard Contractual Clauses, in accordance with UK GDPR requirements.

Your Rights Under UK GDPR

You have the following rights regarding your personal data:

  • Right of access: You can request a copy of the personal data we hold about you.
  • Right to rectification: You can ask us to correct inaccurate or incomplete data.
  • Right to erasure: You can ask us to delete your data in certain circumstances.
  • Right to restrict processing: You can ask us to pause processing of your data.
  • Right to data portability: You can request your data in a structured, machine-readable format.
  • Right to object: You can object to processing based on legitimate interests or for direct marketing.
  • Right to withdraw consent: Where processing is based on consent, you may withdraw it at any time.

To exercise any of these rights, please contact us at contact@originsbyhawwa.com. We will respond within one calendar month.

Right to Complain

If you believe we have not handled your data correctly, you have the right to lodge a complaint with the UK’s data protection supervisory authority:

Information Commissioner’s Office (ICO)
Website: ico.org.uk
Helpline: 0303 123 1113

Data Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, accidental loss, destruction, or damage. Our website uses HTTPS encryption for all data in transit. Access to personal data is restricted to staff who need it to perform their job functions.

Children’s Privacy

Our services are not directed at children under the age of 16. We do not knowingly collect personal data from children. If you believe we have inadvertently collected data from a child, please contact us immediately.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. The “Last updated” date at the top of this page will be revised accordingly. We encourage you to review this policy periodically.

Contact Us

If you have any questions about this Privacy Policy or how we handle your data, please contact us:

Origins by Hawwa
Email: contact@originsbyhawwa.com
Website: Contact Form

Stay Connected

New arrivals, styling guides & early access

Join our community of women who carry their modesty as a crown.