Section 1: General Statement of Principles and Scope
We know that your privacy is important. We have to process some of your
personal information as part of our jewellery business and we will take all
reasonable steps to keep it secure and confidential at least to the extent
required by law.
1.2 Personal Data and the Data Subject
Personal Data is any information related to a data subject that can be used
to directly or indirectly identify the person. And a Data Subject is an
individual person who is the subject of the personal data. In the normal
course of business we may collect personal data that includes your name,
home and/or work address, email address and telephone numbers.
1.3 Data Protection Controller
As a small business we take responsibility as the Data Protection Controller
(DPC) and will endeavour to ensure that all personal data is processed in
compliance with this policy and the law. The DPC may be contacted by on any
matters relating to this privacy and information management: email@example.com
1.4 The Principles
1.4.1 We will take all reasonable actions to comply with the principles of
the GDPR / DPA to ensure your personal data is:
- Processed lawfully, fairly and in a transparent manner;
- Collected for specified, explicit and legitimate purpose;
- Adequate, relevant and limited to what is necessary;
- Accurate and, where necessary, kept up to date;
- Kept in a form which permits identification of data subjects for no longer
than is necessary;
- Processed in a manner that ensures appropriate security of the personal
1.4.2 In relation to your personal data, you have:
- The right to be informed;
- The right of access;
- The right to rectification;
- The right to erasure;
- The right to restrict processing;
- The right to data portability;
- The right to object;
- Rights in relation to automated decision making and profiling.
Section 2: Collecting and Using Your Data
2.1 Retention of Non-Customer Details
When you contact us to request, for example, a sample or sizers, a bespoke
design, or a private appointment, you will need to provide some personal
data. This is provided by you and will be used solely to fulfill your
specific request(s) and, as appropriate, for the purposes explained below.
To facilitate continuity over the wedding planning process personal data
that we hold will be retained for 18 months from the date of the last
communication. After that time all of your personal data will be securely
2.2 Retention of Customer Details
When you place an order the personal data we obtain is provided by you and
will be used solely to fulfill the contract and, as appropriate, for the
purposes explained below. In order to provide service continuity personal
data that we hold will be retained for up to 18 months from the date of the
last communication. After that time, to honour our warranty and for formal
record keeping, we will retain only a copy of the Order/Invoice for a
further 5 years.
2.3 Third Party Disclosure
We will never disclose your personal data to a third party for marketing
purposes. To supply goods you have purchased, and in the normal conduct of
business, it may be necessary to pass on to a third party some of your
personal data in the following circumstances:
2.3.1 Delivery Companies
For the purpose of delivery some personal data will be made available to the
Royal Mail or other delivery company:
- UK customers - your name and address only.
- Overseas customers - your name and address, email address and telephone
number. Due to the official nature of importation all of your delivery
details and description of goods may be accessed by the relevant Customs
authority and related agencies.
2.3.2 Fraud Prevention & Debt Recovery
On rare occasions it may be necessary to share your information with
organisations such as law enforcement agencies, financial institutions, and
law firms. This is out of the ordinary and would only happen:
- To detect and prevent fraud.
- To comply with law and regulations.
- To trace and recover money owed to us.
2.4 External Processors
2.4.1 PayPal - Online payments are made using PayPal's state-of-the-art
secure payments system. We do not collect, store nor have any access to your
credit or debit card details. Following payment, PayPal provide us with your
contact details so we can complete your order. For full details see the PayPal
2.4.2 Banks - You may choose to make a payment to us via your bank which
results in the minimum of personal data being shared with us. These
transnational details are kept secure by the banks' own systems and
2.4.3 Website & Email - The hosting facilities for our website and email
services are located in the United Kingdom. We regularly check that our
provider confirms their compliance with best practice data protection and
2.4.4 Google Analytics - We use this service on our website to track clicks
from Google sponsored links and to provide site usage data. This helps us to
2.4.5 Google Ads - To help couples find us we run ads using Google services.
We do not share any personal data with Google. Google takes privacy and
compliance very seriously, for more detail see the How Google Ads Work.
Section 3: Managing Your Data
3.1 Rights of Access to Information
You have the right of access to any of your personal information held by us.
Such a request should be made in writing and sent to our address given on
the Contact Us page of this
website. We will endeavour to respond quickly but in any event within one
We will endeavour to ensure that all personal data held in relation to all
data subjects is accurate. You have the right in some circumstances to
request that inaccurate information about them is erased.
3.3 Data Security
We will take appropriate technical and organisational steps to ensure the
security of personal data. We will ensure that appropriate protection and
security measures are taken against unlawful or unauthorised processing, or
loss, of personal data. An appropriate level of data security will be
deployed for the type of data and the data processing being performed. Our
website uses strong SSL encryption.
3.4 Secure Destruction
When data held in accordance with this policy is destroyed, it will be
destroyed securely in accordance with best practice.
4.1 A cookie is a piece of information in the form of a very small text file
that is placed on an internet user's hard drive. It is generated by a web
page server, which is the computer that operates a website.
help us to show relevant content and notices. Our cookies contain nothing
about you and they collect no data from your web browser. They are session
cookies and expire as soon as you close your browser.
4.3 If you would like to delete any cookies that are already on your
computer you can locate them via your browser or file management system. Our
session cookies are named "modalpromo" and "hhbag". Information on deleting
or controlling cookies is available at www.aboutcookies.org. Please note
that by deleting our cookies, or disabling future cookies, you may not be
able to access certain features of our site.
Section 5: Feedback
We really do respect the privacy of your personal details and hope that this
policy meets with your approval. If you have any questions or thoughts about
our approach to data protection please feel free to contact us: firstname.lastname@example.org
Last updated: 25 May 2018