- Our values
- Information we collect and how we use it
- Your Consent
- Information disclosure to Third Parties
- Our use of Shopify web hosting and e-commerce site
- Marketing communications
- Subject Access Requests
- Data storage
Trust is the foundation of Coleman Douglas Pearls’ client relationship and includes trusting us to do the right thing with your information. Two main values guide us as we develop our products and services. These values should help you better understand how we think about your information and privacy.
Your information belongs to you
1. We carefully analyse what types of information we need to provide our services, and we try to limit the information we collect to only what we really need. Where possible, we delete or anonymise this information when we no longer need it. Our guiding principle is that your information belongs to you, and we aim to only use your information to your benefit.
2. We protect your information from others
If a third party requests your personal information, we will refuse to share it unless you give us permission, or we are legally required. When we are legally required to share your personal information, we will tell you in advance, unless we are legally forbidden.
- This Website (“Website”) is owned and operated by CD Pearls Limited, a company registered in England and Wales with company registration number 12072923 and whose principal place of business is at V312 Vox Studios, 1-45 Durham Street, Vauxhall, London SE11 5JH, United Kingdom.
- This policy forms part of our Terms of Service; if there is a conflict between the terms of this policy and our Terms of Service, the terms of our Terms of Service shall prevail.
Information we collect and how we use it
- During the course of our activities, we will process personal data (which may be held on paper, electronically, or otherwise) about our clients; we recognise the need to treat it in an appropriate and lawful manner, in accordance with the General Data Protection Regulation (GDPR). The purpose of this policy is to make you aware of how we will handle your personal data.
- We will comply with the seven data protection principles in the GDPR (Article 5), which say that personal data must be:
- Processed fairly, lawfully and transparently;
- Processed for limited purposes;
- Only collected if it is necessary (data minimisation);
- Only retained as long as required (storage limitation);
- Be held in a secure and confidential manner and location; and
- That if personal data is not held to these standards, we are accountable for such non-compliance.
- “Personal data” means recorded information about you from which you can be identified. It may include your contact details, other personal information, photographs and IP addresses. It can also include expressions of opinion about you or indications as to our intentions about you.
- “Processing” means doing anything with the data, such as collecting, accessing, disclosing, destroying or using the data in any way.
- We collect the following information about you when you use our Website:
- Information that you provide. We may collect personal information (for example your name, e-mail address and postal address, date of birth) when you register for our marketing communications or purchase jewellery using our Website;
- Information collected by us as you use our Website;
- Information transmitted by your computer when you use our Website. This may include your IP address, browser data and information we receive from cookies.
- We may use this information in the following ways (together the “Purposes”) to:
- Provide appropriate services to you as a user of our Website, including enhancing your user experience;
- Provide you with communications about features of our Website which we think may be of interest to you and for related marketing purposes, if you have submitted your contact details to us for these purposes or otherwise provided your consent for us to do so;
- Ensure that content from our Website is presented in the most effective manner for you and your computer;
- Notify you about changes to our products and/or our Website;
- Help diagnose problems with and to administer our Website.
- We will usually only process your personal data where you have given us your explicit consent, for example, to receive our marketing materials, purchase jewellery or where the processing is necessary to comply with our legal obligations. In other cases, processing may be necessary for the protection of your vital interests, for our legitimate interests or the legitimate interests of others. The full list of conditions is set out in the GDPR.
- We will only process your personal data for the specific purpose or purposes notified to you or for any other purposes specifically permitted by the GDPR.
- Your personal data will only be processed to the extent that it is necessary for the specific purposes notified to you.
- We will seek to keep the personal data we store about you accurate and up to date. Data that is known to be inaccurate or out of date will be deleted. However, it is your obligation to keep us informed of any changes to your personal data, eg if you move house, or if you become aware of any inaccuracies in the personal data we hold about you. You may do this by sending us an e-mail to firstname.lastname@example.org.Your Consent
- We will not keep your personal data for longer than is necessary for the purpose. This means that data will be destroyed or erased from our systems when it is no longer required.
- We will only process your data in line with your data rights.
- By using our Website and submitting information, you consent to the collection and use of your personal information by us. You have the right to:
- Request access to any personal data we hold about you;
- Prevent the processing of your data for direct marketing purposes;
- Ask to have inaccurate data held about you amended.
- To exercise any of these rights, please send us an e-mail at email@example.com with your full name and details and we will do our best to make the amendments as soon as possible. But do please understand that changes may not be immediate.
- We will ensure that appropriate measures are taken against unlawful or unauthorised processing of personal data, and against the accidental loss of, or damage to, personal data.
- We will ensure that we have in place procedures and technologies to maintain the security of all personal data from the point of collection to the point of deletion.
Information disclosure to Third Parties
- We may disclose your personal information to third parties in the following circumstances only:
- To service providers who manage aspects of our operations (for example third parties who provide hosting, technical or payment services to our Website) in connection with the Purposes;
- If CD Pearls or substantially all of its assets are acquired by a third party, in which case personal data held by us about our clients and prospective clients will be one of the transferred assets;
- If we are under a duty to disclose or share your personal data in order to comply with any legal obligation, or in order to enforce or apply our Terms of Service.
Our use of Shopify web hosting and e-commerce site
- We have contracted for the hosting of our Website with Shopify International Limited, a private company limited by shares, incorporated in Ireland under registration number 560279, with its registered offices located at 2nd Floor Victoria Buildings, 1-2 Haddington Road, Dublin 4, D04 XN32. If you are in Europe or Switzerland, Shopify may send your personal information to Canada where it is protected under Canadian law, which the European Commission has found will adequately protect your information. When Shopify send your personal information directly to the United States, they do so under the EU-U.S. Privacy Shield and the Swiss-U.S. Privacy Shield programs, which set out standards for how they process your personal information in the United States if you are located in Europe or Switzerland. These programs require Shopify to follow the Privacy Shield Principles of notice, choice, accountability for onward transfers, security, data integrity, and purpose limitation, access, recourse, enforcement, and liability. Because Shopify participates in these two programs, they are subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission.
- If you are located in Europe or Switzerland and believe Shopify are not following the Privacy Shield Principles, please reach out to us.
- Finally, while we do what we can to protect your information, we may at times be legally required to disclose your personal information (for example, if we receive a valid court order).
- You will only receive marketing communications from us if you have consented to this when you provided your contact details to us (or if you have otherwise submitted your consent to us for these purposes).
- You have the right to ask us not to use your personal data for marketing purposes. You can request that you stop receiving information from us or change your preferences at any time by e-mailing firstname.lastname@example.org.
Subject Access Requests
If you wish to make a Subject Access Request to know what personal data we hold about you, you may make the request in writing to the addresses below.
Subject Access Request Contacts:
- For e-mail requests: email@example.com
- For written requests: Coleman Douglas Pearls, V312 Vox Studios, 1-45 Durham Street, London SE115HJ, United Kingdom
- All information you provide to us is stored on our secure servers or those of Shopify which are based within the European Economic Area.
- The dynamics of the internet may mean that information is sent electronically to servers outside of the country where you originally entered the information. In addition, that information may be used, stored and processed outside the country where you entered that information. While there is a risk that countries to which information is transferred will not be subject to an information protection regime as rigorous as that of the UK and the EU, we will do our best to minimise this.
- Transmitting information via the internet cannot be completely secure. Although we do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our Website; any transmission is at your own risk. Once we receive your information, we use strict procedures and security features to try and prevent unauthorised access. Agents or contractors who in the course of providing services to us have access to information which you give to us are required to keep that information secure and confidential and are not permitted to use it for any purpose other than to carry out the services which they are performing for us and they, if they are Data Processors, are also bound to comply with the GDPR.