Section 1: General Statement of Principles and Scope
1.1 General Data Protection Regulation
We know that your privacy is important. We have to process some personal
data as part of our jewellery business and we will take all reasonable steps
to work in accordance with the General Data Protection Regulation (GDPR) as
1.2 Personal Data and the Data Subject
Personal Data is any information related to a data subject that can be used
to directly or indirectly identify the person.
A Data Subject is an individual person who is the subject of the personal
data. In the normal course of business we may collect personal data that
includes your name, home and/or work address, email address and telephone
1.3 Data Protection Controller
As a small business our owner is the Data Protection Controller (DPC) who
will endeavour to ensure that all personal data is processed in compliance
with this Policy and the law. The DPC may be contacted by on any matters
relating to this policy: email@example.com
1.4 The Principles
1.4.1 We will take all reasonable actions to comply with the principles of
the GDPR to ensure your personal data is:
- Processed lawfully, fairly and in a transparent manner;
- Collected for specified, explicit and legitimate purpose;
- Adequate, relevant and limited to what is necessary;
- Accurate and, where necessary, kept up to date;
- Kept in a form which permits identification of data subjects for no longer
than is necessary;
- Processed in a manner that ensures appropriate security of the personal
1.4.2 Personal data will be processed in accordance with the data subject's
rights under the GDPR:
- The right to be informed;
- The right of access;
- The right to rectification;
- The right to erasure;
- The right to restrict processing;
- The right to data portability;
- The right to object;
- Rights in relation to automated decision making and profiling.
Section 2: Collecting and Using Your Data
2.1 Non-Customer Data
When you contact us to request, for example, a sample or sizers, a bespoke
design, or a private appointment, you will need to provide some personal
data. This is provided by you and will be used solely to fulfill your
specific request(s) and for no other purpose. To enable continuity of
discussion over the wedding planning process we will retain your details for
12 months from the date of the last communication. After that time all of
your personal data will be securely destroyed.
2.2 Customer Data
When you place an order the personal data we obtain is provided by you and
will be used solely to fulfil the contract and for no other purpose. In
order to provide service continuity we will retain your personal data for up
to 12 months from the date of the last communication. After that time, for
the purposes of honouring our warranty and for formal record keeping, we
will retain only a copy of the Order/Invoice for a further 5 years.
2.3 Email Newsletter
You may decide to opt-in to our email newsletter service by providing your
email address ("consent of the individual"). We will use it soley to send
you details of special offers, sale dates and other promotional information
but with a maximum of 4 messages per calendar year. Your subscription to our
newsletter will be for a fixed term of 2 years after which you will be
automatically unsubscribed and your email address will be securely
destroyed. Notwithstanding these arrangements you can withdraw your consent,
at any time, to receive our newsletter. To action such a request please
contact us at firstname.lastname@example.org
2.4 Third Party Disclosure
We will never disclose your personal data to a third party for marketing
purposes. For the purpose of delivery some personal data will be made
available to the Royal Mail or other courier company:
2.4.1 UK customers - your name and address only.
2.4.2 Overseas customers - your name and address, email address and
telephone number. Due to the official nature of importation your delivery
details may be accessed by the relevant Customs authority and related
2.5 External Processors
2.5.1 PayPal - Online payments are made using PayPal's state-of-the-art
secure payments system. We do not have access to your credit or debit card
details. Following payment, PayPal provide us with your contact details so
2.5.2 Email - We regularly check that our email provider confirms their
compliance with best practice data protection and the law.
2.5.3 Google Analytics - We use this service on our website to track clicks
from Google sponsored links and to provide site usage data. This helps us to
2.5.4 Google Ads - To help couples find us we run ads using Google services.
We do not share any personal data with Google. Google takes privacy and
compliance very seriously, for more detail see the How Google Ads Work.
Section 3: Managing Your Data
3.1 Rights of Access to Information
Data subjects have the right of access to information held by us. Such a
request should be made in writing and sent to our address given on the Contact Us page of this website. We will
endeavour to respond as quickly as possible but in any event within one
We will endeavour to ensure that all personal data held in relation to all
data subjects is accurate. Data subjects have the right in some
circumstances to request that inaccurate information about them is erased.
3.3 Data Security
We will take appropriate technical and organisational steps to ensure the
security of personal data. We shall respect the personal data and privacy of
your data and will ensure that appropriate protection and security measures
are taken against unlawful or unauthorised processing, or loss, of personal
data. An appropriate level of data security will be deployed for the type of
data and the data processing being performed. In most cases, personal data
must be stored in appropriate systems.
3.4 Secure Destruction
When data held in accordance with this policy is destroyed, it will be
destroyed securely in accordance with best practice.
4.1 A cookie is a piece of information in the form of a very small text file
that is placed on an internet user's hard drive. It is generated by a web
page server, which is the computer that operates a website.
4.2 Cookies on this website are used in two ways:
4.2.1 When you arrive at the site if you are presented with a "pop-up" style
message then a session cookie will have been generated. This cookie contain
nothing about you and collects no data from your web browser. Simply, its
presence is a sign to our website that you have already seen the promotion
and not to display it again. It's a session cookie and expires as soon as
you close your browser.
4.2.2 We use industry leading AddThis to provide social network share
buttons. This service requires a number of cookies to be created by AddThis
on your computer. For example: "The __atuvc cookie is created and read by
make sure the user sees the updated count if they share a page and return to
it before our share count cache is updated. No data from that cookie is sent
back to AddThis and removing it when disabling cookies would cause
unexpected behaviour for users."
4.3 If you would like to delete any cookies that are already on your
computer you can locate them via your browser or file management system. Our
session cookie is named "modalpromo". Information on deleting or controlling
cookies is available at www.aboutcookies.org.
Please note that by deleting our cookies, or disabling future cookies, you
may not be able to access certain features of our site.
Last updated: 22 March 2018