Section 1: General Statement of Principles and Scope
1.1 General Data Protection Regulation
We know that your privacy is important. We have to process some personal
data as part of our jewellery business and we will take all reasonable steps
to work in accordance with the General Data Protection Regulation (GDPR) as
1.2 Personal Data and the Data Subject
Personal Data is any information related to a data subject that can be used
to directly or indirectly identify the person.
A Data Subject is an individual person who is the subject of the personal
data. In the normal course of business we may collect personal data that
includes your name, home and/or work address, email address and telephone
1.3 Data Protection Controller
As a small business we take responsibility as the Data Protection Controller
(DPC) and will endeavour to ensure that all personal data is processed in
compliance with this Policy and the law. The DPC may be contacted by on any
matters relating to this policy: firstname.lastname@example.org
1.4 The Principles
1.4.1 We will take all reasonable actions to comply with the principles of
the GDPR to ensure your personal data is:
- Processed lawfully, fairly and in a transparent manner;
- Collected for specified, explicit and legitimate purpose;
- Adequate, relevant and limited to what is necessary;
- Accurate and, where necessary, kept up to date;
- Kept in a form which permits identification of data subjects for no longer
than is necessary;
- Processed in a manner that ensures appropriate security of the personal
1.4.2 Personal data will be processed in accordance with the data subject's
rights under the GDPR:
- The right to be informed;
- The right of access;
- The right to rectification;
- The right to erasure;
- The right to restrict processing;
- The right to data portability;
- The right to object;
- Rights in relation to automated decision making and profiling.
Section 2: Collecting and Using Your Data
2.1 Retention of Non-Customer Details
When you contact us to request, for example, a sample or sizers, a bespoke
design, or a private appointment, you will need to provide some personal
data. This is provided by you and will be used solely to fulfill your
specific request(s) and, as appropriate, for the purposes explained below.
To enable continuity of discussion over the wedding planning process we will
retain your details for 18 months from the date of the last communication.
After that time all of your personal data will be securely destroyed.
2.2 Retention of Customer Details
When you place an order the personal data we obtain is provided by you and
will be used solely to fulfill the contract and, as appropriate, for the
purposes explained below. In order to provide service continuity we will
retain your personal data for up to 18 months from the date of the last
communication. After that time, to honour our warranty and for formal record
keeping, we will retain only a copy of the Order/Invoice for a further 5
2.3 Third Party Disclosure
We will never disclose your personal data to a third party for marketing
purposes. To supply goods you have purchased, and in the normal conduct of
business, it may be necessary to pass on to a third party some of your
personal data in the following circumstances:
2.3.1 Delivery Companies
For the purpose of delivery some personal data will be made available to the
Royal Mail or other courier company:
- UK customers - your name and address only.
- Overseas customers - your name and address, email address and telephone
number. Due to the official nature of importation all of your delivery
details and description of goods may be accessed by the relevant Customs
authority and related agencies.
2.3.2 Fraud Prevention & Debt Recovery
- To detect and prevent fraud we may need to check the validity of your
- To comply with law and regulations.
- To trace and recover money owed to us we may share your information with
third parties such as law enforcement agencies, relevant financial
organisations, and other affected third parties.
2.4 External Processors
2.4.1 PayPal - Online payments are made using PayPal's state-of-the-art
secure payments system. We do not collect, store or have any access to your
credit or debit card details. Following payment, PayPal provide us with your
contact details so we can complete your order. For full details see the PayPal
2.4.2 Website & Email - The hosting facilities for our website and email
services are located in the United Kingdom. We regularly check that our
provider confirms their compliance with best practice data protection and
2.4.3 Google Analytics - We use this service on our website to track clicks
from Google sponsored links and to provide site usage data. This helps us to
2.4.4 Google Ads - To help couples find us we run ads using Google services.
We do not share any personal data with Google. Google takes privacy and
compliance very seriously, for more detail see the How Google Ads Work.
Section 3: Managing Your Data
3.1 Rights of Access to Information
You have the right of access to any of your personal information held by us.
Such a request should be made in writing and sent to our address given on
the Contact Us page of this
website. We will endeavour to respond quickly but in any event within one
We will endeavour to ensure that all personal data held in relation to all
data subjects is accurate. You have the right in some circumstances to
request that inaccurate information about them is erased.
3.3 Data Security
We will take appropriate technical and organisational steps to ensure the
security of personal data. We will ensure that appropriate protection and
security measures are taken against unlawful or unauthorised processing, or
loss, of personal data. An appropriate level of data security will be
deployed for the type of data and the data processing being performed. Our
website uses SSL encryption.
3.4 Secure Destruction
When data held in accordance with this policy is destroyed, it will be
destroyed securely in accordance with best practice.
4.1 A cookie is a piece of information in the form of a very small text file
that is placed on an internet user's hard drive. It is generated by a web
page server, which is the computer that operates a website.
help us to show relevant content and notices. Our cookies contain nothing
about you and they collect no data from your web browser. They are session
cookies and expire as soon as you close your browser.
4.3 If you would like to delete any cookies that are already on your
computer you can locate them via your browser or file management system. Our
session cookies are named "modalpromo" and "hhbag". Information on deleting
or controlling cookies is available at www.aboutcookies.org. Please note
that by deleting our cookies, or disabling future cookies, you may not be
able to access certain features of our site.
Last updated: 23 May 2018