Privacy and Data Protection




TERMS

  • We view your privacy and data protection as human rights.
  • We have a duty of care to our customers with their data.
  • Data is a liability and should only be collected and processed when absolutely necessary.
  • We dislike spam as much as you do.
  • We will never sell, rent or otherwise distribute or make public your personal information.

  1. Relevant legislation

  • Along with our business and internal computer systems, this website is designed to be used by UK residents only. It complies with the following national and EU legislation with regards to the data protection of our customers, partners and users privacy.
  • Data Protection Act 2018 (DPA)
  • Data Protection Bill 2017 (DPB)
  • EU General Data Protection Regulations 2018 (GDPR)
  • For more information, visit this Wikipedia page.

  • 02 .   Personal data that this website collects and why we collect it

This website collects and uses personal information for the following reasons:

2.1 Website Visitor Tracking

This website uses Google Analytics to track user interaction. We use this information to determine the number of people using our website, to better understand how you find and use our website, your journey to and from our site but also how you travel through it. Google Analytics records data that does not identify you as an individual such as geographical location, your type of device, your type of internet browser, operating system and age group.

Google Analytics is a third-party data processor as listed under section number 6. Google Analytics uses cookies at the heart of its application, details of which can be found on https://support.google.com/analytics/answer/6004245

Disabling cookies on your internet browser will stop Google Analytics from tracking any part of your visit to any area of our website. For further information on cookies please refer to section 4 below. Disabling cookies via our pop-up reminder may cause some areas of our website to operate in a way that was not intended.

2.2 Contact Forms

We use contact forms on this website. Should you choose to contact us by using our contact forms in any area of our website, the data that you supply will be stored by this website. See point 5 for further information about this website’s server, its back up and security arrangements.

The data submitted through our contact forms will be transmitted into our in-house database, Enquiries and purchases arranged in this way are processed by our in-house team.

Data collected with these forms are the basic building blocks required to provide you with our products and services. Not providing this information or asking us to stop using it, will prevent us from offering our products and services to you.

Information submitted through some of our contact forms is emailed to our in-house team directly using Simple Mail Transfer Protocol (SMTP). The email content is then decrypted by our local computer and electronic devices.

Our contact forms enable you to join our mailing list. We don’t like junk mail either so joining our list of contacts does not mean we will fill up your inbox with dozens of emails every day. Our mailing list service is provided by Mailchimp which is also built into our website. Mailchimp will receive your name and email address so that we can send you special offers once in a while. You can choose to leave this mailing list at any time by following the directions to unsubscribe or by contacting us directly.

2.3 Payment Details

PAYPAL

If you choose, purchases made on our website are processed through an integrated PayPal portal. PayPal is a third-party data processor as listed under section 6. For your information security, we ensure that our website does not process or store your payment information. Payment is processed by PayPal, following which this payment is processed in our accounting system.

STRIPE

We use Stripe Payment gateway to handle payments and they are a third-party provider. Stripe has certain data processing activities for which it acts as a data controller, and others for which it acts as a data processor. A good illustration of this dual role is when Stripe processes credit card transactions. Facilitating a transaction requires the processing of personal data, such as the cardholder’s name, credit card number, the credit card expiry date, and CVC code. The cardholder’s data is sent from the user to Stripe via the Stripe API (or by some other integration method, such as Stripe Elements). Stripe then uses the data to complete the transaction within the systems of the credit card networks, which is a function that Stripe performs as a data processor. However, Stripe also uses the data to comply with its regulatory obligations (such as Know Your Customer (“KYC”) and Anti Money Laundering (“AML”), and in this role Stripe is a data controller. All personal and financial data is stored on Stripe’s systems only, and falls within their guidelines.

2.4 Delivery

Purchases made on this website are processed for delivery by our in-house staff. Delivery of your purchase is arranged with Royal Mail who are a third party data processor as listed under section 6.

2.5 Email Links

We provide email links for your convenience on our website. Should you choose to contact us by using our email links, none of the data that you supply will be stored by this website. You will essentially transfer off of our website and into your own email system.

2.6 Other Websites

Our website may contain links to enable you to visit other sites of interest easily. Once you have used these links to leave our site you should note that we do not have any control of the other website. We cannot be responsible for the protection and privacy of any information which you provide whilst visiting such sites and such sites are not governed by this privacy statement. You should exercise caution and look at the privacy statement applicable to the website in question.
Data collected about your interaction with this website is not transferred to or otherwise shared with the website you are transferring to.

2.7 Other People’s data

You must not send us personal information about someone else without first getting his or her consent for it to be used and disclosed in the ways set out in this statement. This is because we will assume he or she has agreed, although we may still ask for confirmation from them. Where you do give us information about someone else, or someone else discloses a connection with you, that information may be used with your other personal information.

2.8 Customer Login

Our customer login section is padded with additional security for your protection. Passwords are hashed and salted where each salt is unique each time with up to 64 characters. We do not store your card or bank information on our servers, ever. In order to secure your login, our website supports multi-factor authentication with username and password.

2.9 Basket Tracking

We track basket behaviour on the website.
  1. Cookies

A cookie is a small text file containing information that our website transfers to your computer’s hard disk or other electronic devices for record-keeping purposes and allows us to analyse our site traffic patterns. We use cookies to make our website work, or to work more efficiently, as well as to collect information. They help us to understand how you use our website, and help us develop and improve its design, layout, content and function.

You can disable cookies by changing settings in the preferences or options menu in your browser. You can set your browser to reject or block cookies or tell you when a website tries to put a cookie on your electronic device. You can also delete cookies that are already stored on your device. Please be aware deleting and blocking all cookies from our website may stop parts of the site from working correctly.

To find out more about cookies, including seeing what cookies have been set and how to manage and delete them, visit www.allaboutcookies.org

If you do not wish to accept cookies from our website, please leave this site immediately and then delete and block all cookies from this site. Alternatively, you may opt out of receiving information from us by e-mail, telephone or post.

Sirocco Jewellery
66 Regent Drive
Skipton
North Yorkshire
BD23 1BB

04 .    How we store your personal information

As detailed under section 3 above, if you contact us by using our contact forms, the information you provide will be stored on the website’s database.

We endeavour to take all reasonable steps to protect your personal information. However, we cannot guarantee the security of any data that you disclose online and we will not be responsible for any breach of security unless this is due to our negligence or wilful default.

Once we receive your information into our systems, your data will be stored securely in line with legal and regulatory requirements.

05 .    About this website’s server

This website is hosted by Cargo, further information regarding their privacy policy and security can be found here: https://cargo.site/Privacy


06 .   Our Third-Party Data Processors

We use a number of third parties to process personal data on our behalf. These third parties have been carefully selected and all of them comply with the legislation set out in section 2.

Google Analytics is based in the U.S. and complies with the EU-US Privacy Shield. Google’s Privacy Policy is here.

Mailchimp is a trading style of The Rocket Science Group LLC based in the U.S and complies with the EU-US Privacy Shield. Mailchimp’s Privacy Policy is here.

PayPal (Europe) is a licenced as a credit institution in Luxembourg and complies with the prevailing UK legislation as outlined under 2. PayPal’s Privacy Policy is here.

HM Revenue & Customs are based in the UK and complies with the prevailing UK legislation as outlined under 2. HMRC’s Privacy Policy is here.


07 .     Marketing

We will specifically ask you if you would like to hear from us in the future. Enabling us to contact you in the future with offers of products and services does not prevent you from removing yourself from our distribution lists in the future. Contact us in writing by post or email and we will remove you. Alternatively you may remove yourself from our Mailchimp operated mailing lists. For further information on Mailchimp see section 6.

08 .    Data Breaches

We will report any unlawful data breach relevant to this website or the database of any of our third-party data processors to any and all relevant persons and authorities within 72 hours of the breach, if it is apparent that personal data stored in an identifiable manner has been lost, stolen or accidentally destroyed.

Our first point of contact in such cases is the Information Commissioners Office (ICO) as our regulatory authority in all aspects of privacy and data protection. The ICO can be contacted via www.ico.org.uk and our registration under Angel Champagne with them can be found on the public register.

09 .    Data Controller

The data controller of this website is Sirocco Jewellery.

Data Protection Officer

Kay Hammond

10 .     Your Rights under GDPR from May 2018

  1. The right to be informed. 
We meet your rights by providing you with this Privacy Statement.
  2. The right of access. 
You have the right to obtain confirmation that your data is being processed and access to your personal information, also known as Subject Access Rights.
  3. The right of rectification. You have the right to update us with any changes to your personal information if it is inaccurate or incomplete.
  4. The right of erasure.
The right to erasure is also known as ‘the right to be forgotten’. The broad principle underpinning this right is to enable you to request the deletion or removal of personal data whether there is no compelling reason for its continued processing.The right to restrict processing. When processing is restricted, you permit us to store your personal data, but do not allow us to further process it. We can retain just enough information about you to ensure that the restriction is respected in future.
  5. The right to data portability. It allows you to obtain and reuse your personal data for your own purposes across different services. It allows you to move, copy or transfer personal data easily from one IT environment to another in a safe and secure way, without hindrance to usability.
  6. The right to object. You have the right to object to processing on legitimate interests or the performance of a task in the public interest, direct marketing and processing for purposes of scientific or historical research and statistics.
  7. The right to lodge a complaint with a supervisory authority.
  8. The supervisory authority with regards to data protection and privacy is the Information Commissioners Office (ICO). Contact them on www.ico.org.uk.

11 .     Data Retention

The Data Protection Officer is responsible for all records.

This listing does not include external mailing lists which you may join and leave at your leisure.

12 .     Subject Access Request

You have the right to see your personal data as defined under the legislation that we keep about you. Any request should be sent to:

Kay Hammond
66 Regent Drive, Skipton, North Yorkshire BD23 1BB

We will ask you to verify your identity and will not provide such information until such time as we are satisfied that you have a right to this information.

Information will be provided to you within 30 days unless in exceptionally challenging situations where we may advise you of an extension of up to 60 days.

13 .     Changes to our privacy statement

This privacy statement may change from time to time in line with legislation, industry changes and internal company developments. We will not explicitly inform our customers, partners or website users of these changes.

Instead we recommend that you check this page occasionally for any changes to this statement. Specific statement changes and updates are mentioned in the change log below.

VERSIONDATEVERSION UPDATE DETAIL

1                                                              07/08/2024