Privacy & Cookies
As of 18th June 2018
For the purposes of the General Data Protection Regulation, Blacklock Jewellery (‘we’ or ‘us’) is the ‘data controller’ (i.e the company who is responsible for, and controls the processing of, your personal data).
Who we are and how you can contact us
We are Blacklock Jewellery, a fine jewellery retailer since 1832.
Our registered office is 86-90 Paul Street, London, EC2A 4NE
If you wish to contact us, please send an email to firstname.lastname@example.org.
Personal data we may collect about you
We may collect personal information about you in the following ways:
Data you give to us:
- Data you give to us when you place an order with us
- When you talk to us on the phone or in person
- When you message us using message applications such as Whats’App
- When you use our website
- In emails or letters to us
- If you sign up to our promotions, events or newsletter
- When you give us feedback
Data we collect when you use our services:
- Payment and transaction data
- Profile and usage data, including data we gather from the devices you use to connect to those services such as computers and mobile phones, using cookies (please see our cookies policy below) and other internet tracking software
Data from third parties we work with:
- Social networks
- Agents or contractors working on our behalf (such as our CRM Partner, Newsletter Distributor, Mailing House, online payment gateway provider)
- A friend of yours
Data we collect about you
We may collect, use, store and transfer different kinds of personal data about you which we have grouped together as follows:
- Identity data – name, username, title, and date of birth
- Contact data – billing address, delivery address, email address or telephone numbers
- Financial data – payment card details
- Transaction data – details about payments to and from you and other details of products and services you have purchased from us
- Technical data – internet protocol (IP) address, originating domain, your login data, browser type and version, time zone setting and location data, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access our website
- Profile data – your purchases or orders made by you, your interests, preferences, feedback and survey responses
- Usage data – information about how you use our website, products and services
- Marketing and communications data – your preferences in receiving marketing from us and our third parties and your communication preferences
We do not routinely collect any “special categories” of personal data about you (this includes details about your religion, race or ethnicity, sexual orientation, political opinions, information about your health and genetic and biometric data), nor do we collect any information about criminal convictions and offences.
How we use your personal data
Your personal data and privacy is protected by law.
We are only allowed to use personal information about you if we have a legal basis to do so, and we are required to tell you what that legal basis is.
In some circumstances we can use your personal information if it is in our legitimate interest to do so. As a business we need to provide details of what that legitimate interest is. A legitimate interest is when we have a business or commercial reason to use your information which, when balanced against your rights, is justifiable. Legitimate interests are detailed in the table below.
We have set out in the table below: the personal information which we collect from you, how we use it, and the legal ground on which we rely when we use the personal information.
|What we use your personal information for||What personal information we collect||Our legal grounds for processing||Our legitimate interests (if applicable)|
|To provide you with information, products or services that you request from us||Identity data Contact data||Performance of our contract with you||To provide requested information in a timely manner|
|To process and deliver (if applicable) your order||Identity data Contact data||Performance of our contract with you||To ensure processing and delivery of goods|
|To manage payments||Financial Data||Performance of our contract with you||To ensure secure payment for goods|
|To manage our relationship with you – notify you about changes to our service||Identity data Contact data Profile data||Legitimate interest||To keep your records up-to-date and ensure that we run our business efficiently and supply the services that are requested|
|To enable you to receive our exclusive offers and special events (including when you sign up to receive our newsletter)||Identity data Contact data Marketing and communications data||Consent Legitimate interest||To grow our business and keep you informed of offers and events that may interest you|
|To use data analytics to improve our website, products, marketing, customer relationships and experiences||Technical data Profile data Usage data||Legitimate interest||To define types of customers for our services, to keep our website updated and relevant, to develop our business and to inform our marketing strategy|
|To make suggestions and recommendations to you about goods that may be of interest to you||Identity data Contact data Marketing and communications data||Legitimate interest||To keep you informed of new products or similar products to the ones you showed an interest in|
Who we share your personal information with
We may share your personal information with any of the following organisations, for the purposes of providing the goods or services which you have requested from us:
- Our business partners in accordance with the ‘Marketing and opting out’ section below
- Our credit card processors (Payment Gateway Provider)
- Our customer relationship management provider (CRM System)
- Our marketing automation platform provider (Newsletter Distributor)
- External service providers (acting as data processors) that provide applications/functionality, data processing or IT services to us (for example, we use third parties to support us in storing processed data)
- Law enforcement agencies in connection with any investigation to help prevent unlawful activity
We will not share your personal data with any third party for its marketing purposes.
We sometimes share your personal data with trusted third parties. Examples detailed below:
- IT companies to help support our website and other business systems.
- Operational companies such as delivery couriers.
- Direct marketing companies who help us manage our electronic communications with you.
- Google/Facebook to show you products that might interest you while you’re browsing the internet. This is based on either your marketing consent or your acceptance of cookies on our websites. See our Cookies Notice below for details.
Marketing and opting out
We will only contact you by email about our products, if you have asked us to do so.
We may use your data to provide you with information about goods, services, upcoming offers or events which may be of interest to you.
We can only use your personal information to send you marketing messages if we have either your consent or a legitimate interest to do so.
We will not share your personal data with any third party for its marketing purposes.
If you have changed your mind and would prefer us not to contact you for any of the above, then you can opt out at any time – you just need to contact us on email@example.com, or use the ‘Unsubscribe’ link on any marketing message sent to you. See further ‘Your rights’, below.
Where you opt out of receiving marketing messages from us, this will not apply to personal data provided to us as a result of purchasing our goods or services or any other transaction between you and us.
If you are a new customer, or where we permit named third parties to use your data, we (or they) will contact you by electronic means only if you have consented to this.
If you do not want us to use your data in this way, please tick the relevant box on the form.
Where we process your data
All information you provide to us is stored on our secure servers or, where purchases are made face to face, in hard copy until electronic records can be made (when hard copies will then be securely destroyed). Any online payment transactions will be encrypted and carried out through our appointed agent through a secure site. Where we have given you (or where you have chosen) a password which enables you to access certain parts of our site on a secure basis, you are responsible for keeping this password confidential. We ask you not to share your password with anyone.
When we use your information as described in this policy, this may involve sending your information outside the European Economic Area (EEA) to countries such as the USA.
If we do this, we have procedures in place to ensure your data receives the same protection as if it were being processed inside the EEA. For example, our contracts with third parties stipulate the standards they must follow at all times.
By providing us with your personal information, you agree that we may transfer, store and process your information outside the EEA. Governments in certain countries such as the USA have broad powers to access data for security, crime prevention and detection and law enforcement purposes.
Please contact us if you want further information on the specific mechanism used by us when transferring your personal data out of the EEA firstname.lastname@example.org .
Keeping your data secure
We know how much data security matters to all our customers. We have put in place appropriate security measures intended to prevent your personal data from being lost or from being altered, disclosed, used or accessed in an unauthorised way.
We secure access to all transactional areas of our websites and apps using ‘https’ technology.
Your personal data and sensitive data such as payment card information is secured and tokenised to ensure it is protected.
In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know.
While we will use all reasonable efforts to safeguard your personal data, you acknowledge that the use of the internet is not entirely secure and for this reason we cannot guarantee the security or integrity of any personal data that are transferred from you or to you via the internet.
We regularly monitor our system for possible vulnerabilities and attacks, and we have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator (including the ICO) of a breach where we are legally required to do so.
How long will we keep your personal data
We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements. We will also keep a record of your name and email address on our suppression list if you request that we do not send you direct marketing.
To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
We may monitor and record communications with you (such as telephone conversations and emails) for the purpose of quality assurance, training, fraud prevention and compliance.
You have the right to request:
- Access to the personal data we hold about you, free of charge in most cases.
- The correction of your personal data when incorrect, out of date or incomplete.
- The deletion of the data we hold about you, in specific circumstances; for example, when you withdraw consent or object, and we have no legitimate interest.
- A computer file in a common format (CSV or similar) containing the personal data that you have previously provided to us, and the right to have your information transferred to another entity where this is technically possible.
- Restriction of the use of your personal data, in specific circumstances, generally while we are deciding on an objection you have made.
- That we stop processing your personal data, in specific circumstances; for example, when you have withdrawn consent, or object for reasons related to your individual circumstances.
- That we stop using your personal data for direct marketing (either through specific channels, or all channels).
- That we stop any consent-based processing of your personal data after you withdraw that consent.
- You can contact us to request to exercise these rights at any time by putting your request in writing to email@example.com. Please provide us with enough information to identify you (eg order number(s)); and specify the information that is incorrect and what it should be replaced with.
- You also have the right to ask us to stop processing your personal data for direct marketing purposes by putting your request in writing to firstname.lastname@example.org. Please provide us with enough information to identify you (eg order name); and specify in the header ‘Unsubscribe’.
- If your objection is not to direct marketing in general, but to direct marketing by a particular channel (e.g. email or telephone), please specify the channel you are objecting to
- If we choose not to action your request, we will explain the reasons for our refusal.
Your right to withdraw consent
- Whenever you have given us your consent to use your personal data, you have the right to change your mind at any time and withdraw that consent. If you withdraw your consent, we may not be able to provide you with certain products or services.
Where we rely on our legitimate interest
- In cases where we are processing your personal data on the basis of our legitimate interest, you can ask us to stop for reasons connected to your individual situation. We must then do so unless we believe we have a legitimate overriding reason to continue processing your personal data, such as administration.
- You have the right to stop the use of your personal data for direct marketing activity through all channels, or selected channels. We must always comply with your request.
Checking your identity
- To protect the confidentiality of your information, we will ask you to verify your identity before proceeding with any request you make under this Privacy Notice.
- If you have authorised a third party to submit a request on your behalf, we will ask them to prove they have your permission to act.
Access to personal data
- You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive – alternatively, we may refuse to comply with your request in these circumstances.
Making a Complaint
Please let us know if you are unhappy with how we have used your personal information by contacting us at email@example.com
You also have a right to complain to the Information Commissioner’s Office. You can find their contact details at www.ico.org.uk.
We would be grateful for the chance to deal with your concerns before you approach the ICO so please contact us in the first instance.