Note: This is the main Privacy Policy for K.D Jewellery (taken from our website) and therefore applies to ALL of our online platforms.
INTRODUCTION
This Privacy Policy sets out how K.D Jewellery collects, uses and protects any information given by you.
K.D Jewellery is committed to safeguarding the privacy of all online visitors and customers. Any information given to/collected by K.D Jewellery will only be used in accordance with this Privacy Policy. This policy has been updated to reflect the new General Data Protection Regulations which come into force on 25th May 2018.
For the purpose of this Privacy Policy, the data controller is Kirsty Dimond (owner and operator of K.D Jewellery).
In this policy, the words “we”, “us” and “our” refer to K.D Jewellery.
WHAT DATA IS COLLECTED AND WHY?
Two main types of data are collected by K.D Jewellery, both of which are detailed below. The new General Data Protection Regulations requires a ‘lawful basis’ in order for data to be processed. The lawful basis for each type of data can also be found below.
Usage Data:
This site uses cookies to automatically collect anonymous information relating to the use of our website. Cookies are small text files stored by your browser to help the site provide a better user experience. In general, cookies are used to retain user preferences and store information for things like shopping baskets, and to provide anonymised tracking data to third party applications like Google Analytics. As a rule, cookies work to make your browsing experience better. However, you may prefer to disable cookies. The most effective way to do this is to disable cookies in your browser. We suggest consulting the Help section of your browser to properly explain how to do this. The lawful basis for this type of data processing is consent. You will have been asked to consent to the use of cookies in accordance with this policy when you first visit this website.
Personal Data:
Personal Data collected by K.D Jewellery will include your name and your email address. These are the only details required when subscribing to our mailing list or when making an enquiry via our contact form. The legal basis for processing the data given via our mailing list subscription is, again, consent. By opting to become a subscriber you are consenting to receive regular updates and promotions, as explained in our sign-up form. For data collected by submitting an enquiry via our contact form, you are consenting for us to use your details in order to respond to your request for information. We may also use your details to ‘follow up’ on any enquiries made. The lawful basis for this is legitimate interest.
When making a purchase from K.D Jewellery, the details of your order and your delivery address will be collected in additional to your name and email address. The lawful basis for processing this information is contractual. The information is required in order for us to complete your order and therefore complete our contractual obligations.
Any payments made to K.D Jewellery in respect of orders placed will be processed by a third-party data processor. Please see the Third-Party section below for full details of this.
IS DATA SHARED WITH ANYONE?
K.D Jewellery uses several third-party services in the running of our business. These third parties are Data Processors. Each third party used by K.D Jewellery is detailed below including a summary of why they are used and what information they collect, as well as the relevant links to their individual Privacy Policies. All Data Processors used by K.D Jewellery are compliant with the new General Data Protection Regulations, 25th May 2018. Some of our Data Processors are situated in the US. The European Commission has taken the decision that data transfers to the US are adequately protected by the EU-US Privacy Shield framework. All US providers used by K.D Jewellery adhere to Privacy Shield and any data shared with them is therefore safeguarded.
Data Storage:
All data held by K.D Jewellery is stored electronically, using cloud-based storage solution; Google Drive. Google Drive is safeguarded by EU-US Privacy Shield and so is adequately protected, as detailed above. View the Privacy Policy for Google here: https://cloud.google.com/security/gdpr/
Our website is hosted by GoDaddy which, again, is situated in the US. However, they also adhere to the EU-US Privacy Shield framework. View GoDaddy's Privacy Policy here: https://uk.godaddy.com/agreements/showdoc.aspx
Payments:
When you place an order, and make payment through this site, your financial account information will be collected by PayPal, our third-party payment processor. You can find PayPal's Privacy Policy here: https://www.paypal.com/uk/webapps/mpp/ua/privacy-prev. K.D Jewellery do not collect or store any financial information, but we may receive information from our payment processor regarding the payment, such as the date and time.
Selling Platforms:
The selling platforms used by K.D Jewellery are WooCommerce (here on this website) and Etsy, for our shop: www.kdjewellery1.etsy.com.
WooCommerce is owned and run by Automattic and is used to run the shop here at K.D Jewellery. Information such as: name, email address, billing address, delivery address (if different) and the order details are collected when the order is placed. You can find Automattic's Privacy Policy (covering WooCommerce) here: https://automattic.com/privacy/
Etsy is a multi-shop selling platform which hosts our Etsy store. Etsy collects similar information such as Name, Email Address and Delivery Address, along with the details of each order. If you choose to pay for your items using Etsy's in-house payment system, your payment details will also be collected by them. You can find Etsy's Privacy Policy here: https://www.etsy.com/legal/privacy. When using Etsy, you may also choose to pay using PayPal. Should you choose this option, PayPal's privacy policy (linked above) will apply in respect of the payment information.
Social Media Plug Ins & Platforms:
This website allows you to use social media plug-ins to access features from sites such as Facebook, Instagram and Twitter. These plug-ins collect information about you when you use them however, this privacy policy does not apply to that data. Data collected will be covered by the privacy policy of the relevant platform. You can find Facebook's Privacy Policy here: https://www.facebook.com/about/privacy/update, Instagram's policy here: https://help.instagram.com/519522125107875?helpref=page_content and the privacy policy for Twitter, here: https://twitter.com/en/privacy#update.
We may also collect information about you when you visit our social media pages. Each social media platform provides us with information from your profile such as your name, email address and other personal information. Again, please refer to the Privacy Policy of the relevant social media platform regarding this data.
Our Mailing List:
The mailing list here at K.D Jewellery is operated by MailChimp. MailChimp is a US-based marketing automation platform for sending out regular newsletters to email subscribers. Your information (your name and email address) will only be collected by MailChimp when you subscribe to the mailing list via one of our sign-up forms, or upon checkout IF you choose t opt-in when you make a purchase. You can find MailChimp's Privacy Policy here: https://mailchimp.com/legal/privacy/
HOW LONG IS DATA KEPT?
Personal Data processed by K.D Jewellery will not be kept for longer than is necessary for its purpose. Personal Data will be kept for a minimum of 1 year, from the date of which it was collected, and a maximum of 7 years. Personal Data will not be used or shared in any way other than what is described in this policy unless we first obtain your consent, or if we are required to do so by law.
IS MY DATA SECURE?
We are committed to ensuring that your information is secure, in accordance with the GDPR security principle.
In order to prevent unauthorised access or disclosure, we have put in place suitable procedures to safeguard the information we collect. Unfortunately, the internet can never be 100% secure, but rest assured that should any data ever be compromised, you will be contacted immediately, and steps will be taken to rectify the situation. All devices used by K.D Jewellery are secured using multi-factor authentication as well as fingerprint technology measures.
Please also note that emails are not encrypted; and email correspondence is not a secure means of submitting any sensitive information. K.D Jewellery will never ask for sensitive information via email.
External Links: Our website may contain links to other websites. However, once you have used these links to leave our site you should note that we do not have any control over that website. Always exercise caution and see the privacy statement applicable to the website in question.
YOUR LEGAL RIGHTS
As a Data Subject, you have several rights under the new General Data Protection Regulations (the GDPR) which come into force on 25th May 2018. These rights are as follows:
- The right to be informed. The intention of this privacy policy is to provide all the necessary information regarding what data is collected and how it is used/stored/shared/retained.
- The right of access. You have the right to request confirmation that data is being held and a copy of the data that is being held, along with any supplementary information.
- The right to rectification of incorrect data or the completion of incomplete data.
- The right to erasure, or the right to be forgotten, including the withdrawal of previously given consent.
- The right to restrict the way in which your data is processed.
- The right to data portability.
- The right to object to the processing of your data.
- Rights related to automatic decision making, if applicable. D Jewellery does not use any automated systems of this nature.
This is a summary of your basic rights under the GDPR. Not all of the rights are absolute; some apply under certain conditions. It is advised that you familiarise yourself with the full explanation of your legal rights from the appropriate legislation.
Requests to K.D Jewellery, in relation to the exercise of any of these rights, can be made either verbally or in writing. Contact: kirstydimond@kdjewellery.co.uk. All requests will be dealt with promptly, within one month of their receipt, in accordance with the GDPR.
Under the GDPR, you also have the right to lodge a complaint with a supervisory authority, should you think it necessary.
AMENDMENTS
We may, from time to time, update this policy by publishing a new version on our website and social media pages. We recommend that you check these pages every so often to ensure that you are still happy with our policies. If we hold your contact information, and we feel it absolutely necessary, we may contact you to advise of any particularly important changes to our policies.
OUR DETAILS
K.D Jewellery is owned and operated by Kirsty Dimond, a sole trader. The registered address for this business is: 14 Coronation Road, Newton Abbot, Devon TQ12 1TX, however this is a private address and all business is conducted online. K.D Jewellery can be contacted via the contact form on our website, by post at the above address, by telephone on 07793557235 and by direct email to: kirstydimond@kdjewellery.co.uk.