Cookie Policy

This site uses cookies - small text files that are placed on your machine to help the site provide a better user experience. In general, cookies are used to retain user preferences, store information for things like shopping baskets, and provide anonymised tracking data to third party applications like Google Analytics.

As a rule, cookies will make your browsing experience better. However, you may prefer to disable cookies on this site and on others. The most effective way to do this is to disable cookies in your browser.

We suggest consulting the Help section of your browser or taking a look at the About Cookies website which offers guidance for all modern browsers.


The following information has been put together to highlight areas of our trading that involve GDPR. Please note interpretation of GDPR and e-Privacy regulations vary and will continue to prompt discussion both before and after implementation on 25th May 2018.


What is GDPR

General Data Protection Regulation is an EU regulation that becomes law on the 25th of May 2018. GDPR applies to companies who do business in Europe.


Who does GDPR Protect?

GDPR is designed to protect the information of digital users. It is to ensure personal data is not misused. For example, a user cannot have their data sold to telemarketing companies or sales companies.

GDPR states that data misuse can also result in:

  • Fraud
  • Identity theft
  • Blackmail
  • Invasion of Privacy


What impact will GDPR have on businesses?

Any business that gather data on their customers must use the correct procedures and ensure this data is kept on a safe and secure system


What information does GDPR consider personal data?


  • Name
  • IP Address
  • MAC Address
  • Address
  • Mobile Device
  • Social Media Posts
  • Photographs
  • Date of Birth
  • Sexuality
  • Ethnicity
  • Health
  • Facial Recognition
  • Fingerprint Recognition


Personal Data Is Owned by the Individual

Personal data is owned by the citizen. Any information that personally identifies an individual is personal data and is entirely owned by the person themselves, not the company they provide the information too.


Collecting Data After GDPR is launched

A company that wishes to collect personal data must inform the person why the data is collected and what is the purpose of collecting it. this must be clearly reflected within the onsite cookie policy. The company must also show in an easily accessible location (eg: privacy policy) why the data is collected and what is the purpose of collecting it


Individuals right of access to data?

GDPR states that people have the right to request the data held by the company. The company must supply this information free of charge. GDPR also states that if the demand of the individual is excessive and / or repetitive the company can charge a reasonable fee.

An individual has free access to data but does not have a right to burden the company with unreasonable requests. An individual can also request that the company erase their data.


CHASH Cookie & Privacy Policy

In compliance with GDPR, CHASH is committed to explain in our Cookie Policy and Privacy Policy what Cookies we use and what data we collect.

  • what information is being collected
  • who is collecting it and how is it collected
  • why is it being collected
  • how will it be used
  • who will it be shared with
  • what will be the effect of this on the individuals concerned
  • is the intended use likely to cause individuals to object or complain


 CHASH Cookie & Privacy Policy

GDPR-compliant cookie consent

 (30): “Natural persons may be associated with online identifiers […] such as internet protocol addresses, cookie identifiers

or other identifiers […]. This may leave traces which, in particular when combined with unique identifiers and other

information received by the servers, may be used to create profiles of the natural persons and identify them.”

In other words: when cookies can identify an individual, it is considered personal data.


What features should be present in a GDPR-compliant cookie consent?

One of the most tangible requirements of the GDPR is in the definition of what constitutes a proper cookie consent,

meaning, that the consent has to be:

  • Informed: Why, how and where is the personal data used? It must be clear for the user, what the consent is given to, and it must be possible to opt-in and opt-out of the various types of cookies.
  • Based on a true choice: This means, for example, that the user must have access to the website and its functions even though all but the strictly necessary cookies have been rejected.
  • Given by means of an affirmative, positive action that can not be misinterpreted.
  • Given prior to the initial processing of the personal data.
  • Withdrawable. It must be easy for the user to change his or her mind and withdraw the consent.