PUGLIA PASSION
DATA PROTECTION AND PRIVACY POLICY
What this document is about
This Privacy and Data Protection Policy applies to Puglia Passion, in particular to its website, newsletters and information services.
Puglia Passion is a trading name and business component of Hooleigans Ltd, a company registered in England and Wales (until March 2026 registered as Puglia Passion Ltd). Other trading names of Hooleigans Ltd are Hooleigans Delicatessen and Bottle Shop and Boccadoro Olive Oil.
In every aspect of our business operation, we rely on the collection and processing of information, much of which is personal information about our customers, potential customers, subscribers, suppliers, employees and many others. Puglia Passion no longer manages holiday property, but continues to operate as the Italian component of Hooeligans Ltd; and functions as a promotional and advisory service for people interested in Puglia, principally via its website, occasional newsletters to subscribers and previous customers, and responses to queries submitted by people who see the website.
We do this in strict compliance with applicable UK data protection laws and regulations – in particular the UK General Data Protection Regulations (UK), the data Protection Act 2018, the Data (Use and Access) Act 2026 and the Privacy and Electronic Communications Regulations (PECR). The UK provisions effectively incorporate those which apply throughout the European Union. An up to date version of the key provisions can be found at: https://www.legislation.gov.uk/eur/2016/679/contents.
Compliance includes proper publicity for our policies in this respect, in accordance with a specified format. The Policyrelates to any business activity where personal information is involved and applies as appropriate to the Company’s Directors, Officers, employees, customers, suppliers, online contacts, and any other contacts. covers all personal data collected, processed, stored, or shared by the Company, whether in electronic or physical form.
The purposes for which we collect and process your personal data
Personal data is processed lawfully, fairly, and transparently in accordance with applicable laws. We ensure that the data collected is relevant, accurate, and limited to what is necessary for the intended purpose. It must be based on one or more of the following lawful grounds: consent from the data subjec; contractual necessit; legal obligation; legitimate business interests; protection of vital interests.
These lawful purposes underpin the reasons we are collecting your data. The main justification is the effective conduct of our business operation and furthering our legitimate business interests in this respect.
What information is collected and processed
We collect personal information of a variety of sorts.
Contacts and subscribers – commercial activity Contacts signing up online or otherwise to receive various emails and newsletters provide names, email addresses and specific interests. It is used to circulate information of various sorts, to support marketing, to request information.
Customer details obtained when an order for goods, services or information is made online. Data consist of names, addresses, email addresses, telephone numbers, order details, payment and financial details. Data is used to fulfill orders, including sharing with third parties to allow fulfillment of orders; to record payment and other transaction details; to allow follow up and feedback; and to facilitate future marketing and commercial analaysis.
Contact and subscribers – behaviour and analysi In all cases, as well as the direct personal data, we record and analyse various aspects of customer and contact behaviour in order to improve the efficiency of marketing and the business operation generally.
Information about devices used by online contacts Personal information is collected about version of web browser, IP address, time zone, cookie information, what sites or products you view, search terms, and how you interact with our sites. This does not extend to names, addresses or email addresses.
How data is collected and used
Information is mainly collected from people themselves, usually by direct contact – from people making purchases online; from people signing up for our newsletters and emails; from people browsing our websites; from letters and emails; from people making inquiries etc. This data is used exclusively for helping promote and manage the business.
Sharing of personal information
We share your personal information with various agencies to help us provide our services and fulfill our contracts with you. This includes marketing and property letting platforms, couriers, payment platforms, government agencies etc. Sharing is in strict compliance with applicable laws and regulations. We only share information with trusted organisations with their own data protection measures in place.
Cookies
This applies to information collected via online contact.
A cookie is a small amount of information that is downloaded to your computer or device when you visit any of our websites. Some cookies improve the operation of the websites and to make them easier to use (for example cookies remember your actions and preferences such as login and selection preferences, so you don’t have to re-enter this information each time you return to the site or browse from one page to another). Cookies also provide information on how people use the website, for instance whether it’s their first time visiting or if they are a frequent visitor.
The length of time that a cookie remains on your computer or mobile device depends on whether it is a “persistent” or “session” cookie. Session cookies last until you stop browsing or are classified as “persistent”, lasting until they expire or are deleted. Most of the cookies we use will expire between 30 minutes and two years from the date they are downloaded to your device.
You can control and manage cookies in various ways. Please keep in mind that removing or blocking cookies can negatively impact your user experience and parts of our website may no longer be fully accessible.
Data storage, security and retention
Personal data is stored securely using appropriate technical and organizational measures.
Most information is stored using electronic means. We implement appropriate security measures to prevent unauthorised access, disclosure, alteration, or destruction of personal data. Access to personal data is restricted to authorised personnel only. Employees and other relevant people handling personal data receive training on data protection practices.
Data is retained only for as long as necessary to fulfill the purposes for which it was collected, unless otherwise required by law. We have a detailed set of procedures relating to how long data must be kept to comply with a range of legal frameworks.
When data is no longer needed, it is securely deleted or made anonymous.
Data subject rights
A “data subject” is the term used in data protection law to describe the individual whose personal information is being processed.
Data subjects have legal rights to have access to any personal data bout them we hold; and to ensure we correct it, delete it, limit how it is used or shared. Requests to exercise these rights should be submitted to the Data Protection Officer info@puglia passion.co.uk. We have established procedures for dealing with such requests. Unless there are special circumstances, any request of this nature must be dealt with and a response provided within a month.
Data breach management
A “data breach” is the term used when personal information is lost, accidentally destroyed, is revealed or used inappropriately, is used not for the purpose for which it was collected etc.
We have established procedures for handling a data breach if it occurs.
In the event of a data breach, the company will take immediate action to contain and assess the breach. If required by law, affected individuals and regulatory authorities will be notified within the prescribed timeframes. A detailed incident report will be prepared, and corrective measures will be implemented.
Compliance and review
Implementation of measures in support of the policy is required by Directors, Managers, Officers, employees and agents of the company. For employees, non-compliance may result in disciplinary action.
We have established a package of Data Protection Policy and related procedures so as to ensure compliance with applicable laws and best practices. Reviews take place whenever new legal/regulatory measures are introduced. Additionally, a general review of the relevant policies and procedures is undertaken annually.
Information Commissioner’s Office/Data Protection Registration
We are registered with the UK Information Commissioner’s Office registration reference ZC163477. The ICO is responsible for ensuring compliance with data protection law. More information about data protection can be obtained from the ICO, the link is ico.org,uk
Hooleigans, Puglia Passion and Boccadoro Olive Oil are trading names of Hooleigans Ltd
Hooleigans Ltd is registered in England and Wales Registration Number: 1411242436 36 Sumpter Pathway, Chester CH2 3JF, United Kingdom