We are committed to protecting and respecting your privacy. This Privacy Notice sets out details of the information that we may collect from you and how we may use that information.  

Head Over Heels is the sister brand of Dune London, both of which sit under Dune Group Limited.

In this Privacy Notice, "we" or "us" refers to Dune Group Limited, a company incorporated in England and Wales (with registered number 02127866) whose registered office is at 9 Hatton Street, London, NW8 8PL, United Kingdom. We are part of The Dune Group which comprises us, Dune Holding Limited, Dune International Limited, Dune Switzerland AG and Dune Shoes Ireland Limited. Where you do provide information to another member of The Dune Group, this Privacy Notice will apply as if we or us refers to the relevant member of the group. Our website refers to www.headoverheels.co.uk. 

What information do we collect? 

We may collect the following information about you: 
  • your name, age/date of birth and gender 
  • your email address 
  • your billing, delivery address and telephone numbers (including mobile numbers) 
  • details of your purchases and orders  
  • your online browsing activity 
  • your password(s) 
  • your payment card details when you make a purchase or place an order with us 
  • your communication and marketing preferences 
  • your location 
  • your correspondence and communications with us including notes of telephone calls and live chat exchanges 
  • details of reviews which you post 
  • your attendance at events we run 
  • your competition answers or other competition submissions 
  • other publicly available personal data, including any which you have shared via a public platform (such as a public Twitter, Instagram or Facebook account). 

This list is not exhaustive and sometimes we may need to collect additional data for the purposes set out in this Notice. Some of your personal data is collected directly, for example, when you make a purchase on our websites or enter a competition. Other personal data is collected indirectly, for example, your browsing or shopping activity. Please see our Recruitment Privacy Notice if you are applying for a role at The Dune Group.

We work, from time to time, closely with third parties (including, for example, business partners, sub-contractors in technical, payment and delivery services, advertising networks, analytics providers, search information providers, credit reference agencies) who provide services to us and may receive information about you from them. In particular, all payments are provided through a trusted third party payment service provider.  We may also collect personal data from third parties who have your consent to pass your details to us. 

How your information is used 

Depending on how you are interacting with us, we (and trusted partners acting on our behalf) use your personal data: 
  • to fulfil contractual agreements between you and us (for example when you place an order for products through our website) 
  • to manage any registered account(s) that you hold with us 
  • to verify your identity 
  • to respond to a query and manage other customer service interactions with you 
  • to send you information about our products by post 
  • for market research purposes - to better understand your needs 
  • to provide you with a personalised browsing experience when using our website 
  • to send you details (by phone, e-mail or SMS) of promotional offers and products and services which we think may interest you, where you have consented to this (and have not withdrawn such consent) 
  • to let you know about and invite you to events 
  • to administer competitions we run from time to time.

We may also use your personal data: 
  • for crime and fraud prevention, detection and related purposes 
  • to comply with legal and regulatory requirements 
  • to assess, operate and improve our website, the services provided through it and customer services 
  • where we have a legal right or duty to use or disclose your information (for example in relation to an investigation by a public authority or in a legal dispute).

We may also use your information to create anonymous data (whereby you cannot be identified) for market profiling purposes which may be used by us and shared with other companies in The Dune Group or third parties. 

We will not share your information with third parties in order for that third party to provide direct marketing communications to you, unless you have provided your consent for such use. Such third parties will have their own policies relating to the way in which your information may be used. 

In order to make certain services available to you, we may need to share your personal data with some of our service partners. These include IT, delivery, marketing service providers and analytics and search engine providers that assist us in the improvement and optimisation of our website and customer service. 

We only allow our service providers to handle your personal data when we have confirmed that they apply appropriate data protection and security controls. We also impose contractual obligations on service providers relating to data protection and security, which mean they can only use your data to provide services to us and to you, and for no other purposes.  

Legal Basis for Using Your Information 

We are allowed to use personal information only if we have a proper reason to do so. This includes sharing it with third parties in certain circumstances. The law says we must have one or more of these reasons: 
  • To fulfil a contract we have with you 
  • When it is our legal duty 
  • When it is in our legitimate interest 
  • When we have your consent 
A legitimate interest is when we have a business or commercial reason to use your information, but even then, it must not unfairly go against what is right and best for you. For example, we will use your information to action an order you have placed online on our website on the basis that this is a legitimate interest and is necessary to fulfil the contract.  

In general, we only rely on consent as a legal basis for processing in relation to sending direct marketing communications to customers via email or text message. 

Customers have the right to withdraw consent at any time. Where consent is the only legal basis for processing, we will cease to process data as soon as we can after consent is withdrawn. Please see the Contact section below. 

We may share your personal information with any other companies in The Dune Group and other companies in the Dune Group may share your personal information with us in order to fulfil a contract we have with you or when it is in our legitimate interest. 

International Transfers 

The data that we collect from you may be transferred to, and stored at, a destination outside the European Economic Area (EEA) which may have lower standards of data protection. It may also be processed by staff operating outside the EEA who work for us or for one of our suppliers. Such staff may be engaged in, among other things, the fulfilment of your order, the processing of your payment details and the provision of support services. By submitting your personal information, you agree to this transfer, storing or processing. We will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this Privacy Notice. If we do transfer information to our agents or advisers outside of the EEA, we will make sure that it is protected in the same way as if it was being used in the EEA. We’ll use one of the safeguards below. 

Transfer it to a non-EEA country with privacy laws that give the same protection as the EEA. Our standard practice is to use ‘standard data protection clauses’ which have been approved by the European Commission for such transfers. Those clauses can be accessed here. 

Transfer it to organisations that are part of Privacy Shield. This is a framework that sets privacy standards for data sent between the US and EU countries. It makes sure those standards are similar to what is used within the EEA. 

How long do we keep your data? 

We will not retain your data for longer than necessary for the purposes set out in this Privacy Notice. Different retention periods apply for different types of data. 

Your Privacy Rights 

You have the right to contact us in order to find out what information we hold about you (please note that a small fee may be payable), or to access or correct any information we hold about you.  You can also request the erasure of the information that we hold about you.

To unsubscribe from marketing emails at any time, please click on the unsubscribe link at the bottom of any marketing email and update your account preferences. You may also contact us to inform us if you do not wish to receive any marketing materials from us. Please see the Contact section below. 
Our website may, from time to time, contain links to and from the websites of our partner networks, advertisers and affiliates. These websites have their own privacy policies and we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal information to these websites. 

You can find more information about the individual cookies we use and the purposes for which we use them in the table below: 
Name of Cookie Purpose of Cookie
_cs_id    Includes user ID- 13 months (according to the default value, but it can be administered on the account).
_cs_s    Includes number of pages viewed in the current session. Then, it is followed either by ".0" or by ".1" (the latter allowing to include a visitor to their complete session recording service: HTML background and all mouse movements). Duration- 30 minutes.
_cs_v  ? This cookie is used by ContentSquare to send errors to the system.
_dc_gtm_UA-6026178-1    This cookie collects information in an anonymous form.
_ga    This cookie is used to distinguish users.
_gali  This cookie is used to check how many unique visitors Dune has per page.
_gid    Used to distinguish users and stores session IDs.
_mibhv    This cookie is used for general purpose behaviour tracking, outside of the context of any specific campaign.
_uetsid    Universal event tracking, which enables Microsoft to identify end user visits to your site.
AKA_A2  Is an akamai cookie used by feature such as adaptive acceleration. Adaptive Acceleration(A2) is Akamai's intelligent platform that continuously applies performance optimizations with zero development effort.
ASPSESSIONIDxxxxxxxx    This cookie creates a non-identifiable id – which we use to track non personal information.
CurrentCustomerHOH1  This is a multi-purpose cookie that allows this Website to remember you next time you return. It will remember your login, and any items added to your basket. 
dmSessionID    Enables to track when email campaign recipients land on the target website. This enables the effectiveness of a campaign.
emsignupHOH1    This cookie is to stop the newsletter sign up pop-up from showing once the customer has either subscribed/clicked on the close icon in the newsletter popup.
msc6223  This cookie contains all first party cookies detailed here. 
recordID  This cookie is a unique user identifier, which enables persistent linking of behaviour on the site to a particular user and email campaign response.
session    This cookie is used to collect information about how visitors came to this Website. We use the information to compile reports and to help us improve the Website. The cookie collects information in an anonymous form, including the website where the visitor has come from.
_cs_ex    This cookie is used by ContentSquare to exclude a visitor from data collection. Duration - 30days.
BasketDetailsGBPHOH1  This is to store the previous currency. 
order    This is to store the listing page order.
recentlyViewed    This cookie is used to generate a history of the products you have browsed while on this Website. The information may be displayed in the recently viewed section of the product detail page but is not used for any other purpose.
securesession    This is to keep a session active while customers are logged in.
_gat_UA-6026178-1    This is a pattern type cookie, where the pattern element on the name contains the unique identity number of the account or website it relates to. It is a variation of the _gat cookie which is used to limit the amount of data recordered by Google on high traffic volume websites.
JSESSIONID    This is a cookie in J2EE web application which is used in session tracking. It manages website resources to improve performance and the user experience.?
stc114990    Third party cookie which is used to store all other cookie data. The cookie name includes the site ID.
Session%5Fsrc    This cookie is used to collect information about how visitors arrive on this Website after interacting with marketing campaigns. We use the information to compile reports and to help us improve the site. The cookies collect information in an anonymous form, including where the visitor came from before visiting this Website.
nqData Used to show product listings and preferences
nqPreviousSearches Used to store previous searches
sitevisitHOH1 Used to track how many site visits, so we can show popups
__olapicU Used to track interaction with social media content
analyticsId Used to track interaction with social media content
_gat_OlapicGoogleTracker Used for tracking user-uploaded social media content
Used for the Live Chat functionality.

How can you control the use of cookies? 

If you like, you can change your browser settings to block some or all cookies. Simply follow the instructions on your web browser. To make it a little easier, we’ve added links below that can talk you through the process. It’s worth noting that if you block cookies from the website, some functions might not perform the way they’re designed to. 

If you’re accessing the website on your mobile, you can refer to your handset manual for details on how to block cookies.

Online display advertising 

There are times when we might use our own cookies to provide you with online display advertising tailored to your interests. Our marketing partner, Conversant, helps us with this. Opt out.
For more information about online behavioral advertising cookies and opt-out controls, please go to http://www.youronlinechoices.eu/. More information about opting out of platform-based advertising can be found at http://appnexus.com/platform-policy#choices


Your security is important to us. We work in-line with data protection law, and have security procedures in place to help prevent unauthorised access to your details. 


Our website isn’t directed at children under the age of 13 and we don’t knowingly collect personal information about children. If you believe we’ve collected personal information about your child, you can contact us below. 

Changes to our Privacy Notice 

We might update or amend this Privacy Notice from time to time, either to comply with the law or to meet our changing business requirements without notice to you. Any updates or amendments will be posted on this page.  


If you have any questions about how we collect, store and use your information, or you wish us to action any of the requests detailed above, please contact our Customer Experience Team

How to complain 

You also have the right to complain to the Information Commissioner’s Office. Find out on their website how to report a concern.
Dated: 11th March 2019