Website Security
The WOOLTON & HEWITT website is protected by DigiCert, a leading
provider of online security. Combined with PayPal's state-of-the-art
checkout and payment system, you can use our online services with
confidence.
Click the padlock
To confirm our website is genuine click on the small padlock and make
sure it says "wooltonandhewitt.co.uk"
Encryption
Also look for the words "connection is secure". This means that you
have a secure encrypted connection to our website.
Section 1: General Statement of Principles and Scope
1.1 Introduction
We know that your privacy is important. We have to process some of your
personal information as part of our jewellery business and we will take all
reasonable steps to keep it secure and confidential at least to the extent
required by law.
1.2 Personal Data and the Data Subject
Personal Data is any information related to a data subject that can be used
to directly or indirectly identify the person. And a Data Subject is an
individual person who is the subject of the personal data. In the normal
course of business we may collect personal data that includes your name,
home and/or work address, email address and telephone numbers.
1.3 Data Protection Controller
As a small business we take responsibility as the Data Protection Controller
(DPC) and will endeavour to ensure that all personal data is processed in
compliance with this policy and the law. The DPC may be contacted by on any
matters relating to this privacy and information management: info@wooltonandhewitt.co.uk
1.4 The Principles
1.4.1 We will take all reasonable actions to comply with the principles of
the GDPR / DPA to ensure your personal data is:
- Processed lawfully, fairly and in a transparent manner;
- Collected for specified, explicit and legitimate purpose;
- Adequate, relevant and limited to what is necessary;
- Accurate and, where necessary, kept up to date;
- Kept in a form which permits identification of data subjects for no longer
than is necessary;
- Processed in a manner that ensures appropriate security of the personal
data.
1.4.2 In relation to your personal data, you have:
- The right to be informed;
- The right of access;
- The right to rectification;
- The right to erasure;
- The right to restrict processing;
- The right to data portability;
- The right to object;
- Rights in relation to automated decision making and profiling.
Section 2: Collecting and Using Your Data
2.1 Retention of Non-Customer Details
When you contact us to request, for example, a sample or sizers, a bespoke
design, or a private appointment, you will need to provide some personal
data. This is provided by you and will be used solely to fulfill your
specific request(s) and, as appropriate, for the purposes explained below.
To facilitate continuity over the wedding planning process personal data
that we hold will be retained for 18 months from the date of the last
communication. If, at that point, you not made a purchase all of your
personal data will be securely destroyed.
2.2 Retention of Customer Details
When you place an order the personal data provided by you and will be used
solely to fulfill the contract and, as appropriate, for the purposes
explained below. In order to honour our warranty, and for formal record
keeping, we will retain your personal data and order details for 10 years.
2.3 Third Party Disclosure
We will never disclose your personal data to a third party for marketing
purposes. To supply goods you have purchased, and in the normal conduct of
business, it may be necessary to pass on to a third party some of your
personal data in the following circumstances:
2.3.1 Delivery Companies
For the purpose of delivery some personal data will be made available to the
Royal Mail or other delivery company:
- UK customers - your name and address only.
- Overseas customers - your name and address, email address and telephone
number. Due to the official nature of importation all of your delivery
details and description of goods may be accessed by the relevant Customs
authority and related agencies.
2.3.2 Fraud Prevention & Debt Recovery
On rare occasions it may be necessary to share your information with
organisations such as law enforcement agencies, financial institutions, and
law firms. This is out of the ordinary and would only happen:
- To detect and prevent fraud.
- To comply with law and regulations.
- To trace and recover money owed to us.
2.4 External Processors
2.4.1 PayPal - Online payments are made using PayPal's state-of-the-art
secure payments system. We do not collect, store nor have any access to your
credit or debit card details. Following payment, PayPal provide us with your
contact details so we can complete your order. For full details see the PayPal
Privacy Policy.
2.4.2 Banks - You may choose to make a payment to us via your bank which
results in the minimum of personal data being shared with us. These
transnational details are kept secure by the banks' own systems and
policies.
2.4.3 Website & Email - The hosting facilities for our website and email
services are located in the United Kingdom. We regularly check that our
provider confirms their compliance with best practice data protection and
the law.
2.4.4 Google Analytics - We use this service on our website to track clicks
from Google sponsored links and to provide site usage data. This helps us to
measure the performance of the site. For more details see the Google Privacy Policy.
2.4.5 Google Ads - To help couples find us we run ads using Google services.
We do not share any personal data with Google. Google takes privacy and
compliance very seriously, for more detail see the How Google Ads Work.
2.4.6 Courier Companies - We may use a courier company such as FedEx to
delivery your rings to you. To perform their function they will require your
name and address, email address and telephone number, along with a
description of the items purchased and their value. The courier company will
use robust systems to manage and secure your personal data. Where items are
exported these details will be, as required by law, shared with the UK
Customs Authority and the Customs agency of your country. For more
information, as an example, please see the FedEx Privacy Notice.
Section 3: Managing Your Data
3.1 Rights of Access to Information
You have the right of access to any of your personal information held by us.
Such a request should be made in writing and sent to our address given on
the Contact Us page of this
website. We will endeavour to respond quickly but in any event within one
month.
3.2 Accuracy
We will endeavour to ensure that all personal data held in relation to all
data subjects is accurate. You have the right in some circumstances to
request that inaccurate information about them is erased.
3.3 Data Security
We will take appropriate technical and organisational steps to ensure the
security of personal data. We will ensure that appropriate protection and
security measures are taken against unlawful or unauthorised processing, or
loss, of personal data. An appropriate level of data security will be
deployed for the type of data and the data processing being performed. Our
website uses strong SSL encryption via DigiCert.
3.4 Secure Destruction
When data held in accordance with this policy is destroyed, it will be
destroyed securely in accordance with best practice.
Section 4: Cookies
4.1 A cookie is a piece of information in the form of a very small text file
that is placed on an internet user's hard drive. It is generated by a web
page server, which is the computer that operates a website.
4.2 We use cookies to enhance your experience of using our website. They
help us to show relevant content and notices. Our cookies contain nothing
about you and they collect no data from your web browser. They are session
cookies and expire as soon as you close your browser.
4.3 Our session cookies are named "modalpromo" and "hhbag". For Google
originated cookies please see 2.4.4 and 2.4.5.
4.4 Web browsers provide the option to control cookie preferences, to turn
them off or to disallow/reject their use altogether. Please check the "Help"
section of your particular browser for instructions. You can delete cookies
from your device however, unless they are disallowed, they will be reapplied
when you next visit our website. To manage your browser's cookies:
For Chrome go to "Menu" > "Settings" > "Privacy and security" >
"Site Settings" > "Cookies and site data"
For Safari go to "Menu" > "Preferences" > "Privacy"
For Firefox go to "Menu" > "Options" > "Privacy & Security" >
"Cookies and Site Data"
For Microsoft Edge go to "Menu" > "Settings" > "Privacy and security"
> "Cookies"
For Opera go to "Menu" > "Settings" > "Advanced" > "Privacy &
security"
4.5 Further information on deleting or controlling cookies is available at www.aboutcookies.org.
Please note that by deleting our cookies, or disabling future cookies, you
may not be able to access certain features of our website.
Section 5: Feedback
We really do respect the privacy of your personal details and hope that this
policy meets with your approval. If you have any questions or thoughts about
our approach to data protection please feel free to contact us: info@wooltonandhewitt.co.uk
Last updated: 20 November 2021