PURPOSE OF THIS NOTICE
This notice describes how we collect and use personal data about you, in accordance with the General Data Protection Regulation (GDPR), and any other national implementing laws, regulations and secondary legislation, as amended or updated from time to time, in the UK (‘Data Protection Legislation’).
Please read the following carefully to understand our practices regarding your personal data and how we will treat it.
G. Hewitt & Son are a retail jewellers and are based at the location in the Contact Us section on our website.
For the purpose of the Data Protection Legislation and this notice, we are the ‘data controller’. This means that we are responsible for deciding how we hold and use personal data about you. We are required under the Data Protection Legislation to notify you of the information contained in this privacy notice.
TYPES OF PERSONAL DATA PROCESSED
We will process ‘personal data’ as defined in Article 4(1) GDPR if you have given us information about yourself by completing forms on our website or corresponding with us by phone, email, in store or otherwise. The information you provide may include: your name, your contact details: postal address, telephone numbers (including mobile numbers) and e-mail address, as well as your purchase history.
What if you apply for a job with us?
If you submit your CV or other information to us for the purpose of being considered for a job we will only use the information you submit for the purposes of assessing your application and contacting you with regards to the job.
HOW WE USE YOUR PERSONAL DATA
We may use information held about you in the following ways:
- To provide you with information or services that you have requested from us.
- To carry out our obligations arising from any contracts or arrangements entered into between you and us.
- We may use the information to provide you with service and warranty information regarding the products you have purchased from us in the past and also future purchases.
LEGAL BASIS FOR DATA PROCESSING
As the Data Controller for the personal data we collect from you, we have identified a number of legal bases on which to carry out our processing activities. These are defined under GDPR as:
Contract entry: In order to commence working with you as a client we are legally required to take certain steps, such as assuring ourselves of your identity. In order to do so we require some personal data from you. During the course of our engagement with you we require to continue processing personal data about you to enable us to deliver the service(s) to you.
Consent: By providing us with your personal data and asking us to deliver you with specific products and services you provide us with your permission to utilise your personal data for those purposes.
Our legitimate interests: We may also use your personal data on the basis of our own legitimate interests including in delivering, promoting and developing our services and products. Activities promoting our products and services include marketing which you may opt-out of at any time. Opt-out can be achieved by emailing us at: email@example.com
Legal obligations: Certain statutory obligations apply to G.Hewitt & Son which require us to process personal data and in some circumstances to provide it to third parties, such as law enforcement. Where such obligations arise we will, insofar as is possible without breaching any other duty we owe to those services, advise you of our intention to process your data for their purposes.
We will process personal data for so long as you instruct us to do so and in accordance with our legal obligations. Upon termination of our services to you we will retain your data in accordance with our internal and statutory requirements.
Personal data we collect are managed in accordance with our Data Retention Policy which reflects current legal obligations. Retention periods for personal data vary.
Why might you share my personal data with third parties?
We will share your personal data with third parties where we are required by law, where it is necessary to administer the relationship between us or where we have another legitimate interest in doing so.
Which third-party service providers process my personal data?
“Third parties” includes third-party service providers and other entities within our group. The following activities are carried out by third-party service providers: IT and cloud services, suppliers appropriate to your product(s) and service(s) required.
All of our third-party service providers are required to take commercially reasonable and appropriate security measures to protect your personal data. We only permit our third-party service providers to process your personal data for specified purposes and in accordance with our instructions.
What about other third parties?
We do not sell, distribute, or lease your personal information to third parties unless we are required to do so by law.
We ensure appropriate technological and organisational controls are in place to protect your personally identifiable information from loss, misuse, alteration or unintentional destruction. Our personnel who have access to your personal data have been trained to maintain the confidentiality of such information. Conditions to protect data to at least the same standard as we do are cascaded to all our staff and suppliers.
Regular monitoring and testing of our security defences is carried out to ensure they continue to be effective against the latest threats.
Data transferred over the internet by us and through our website are protected using encryption technologies to ensure they remain secure.
Please note that no communications over the internet can be guaranteed as secure. Whilst we take appropriate steps to protect your data we cannot guarantee that it will remain secure in transit. Once data reaches your network it is your responsibility to ensure it remains secure.
YOUR DATA SUBJECT RIGHTS
Where we act as a Data Controller for your data you may exercise a number of rights.
- Request access to the personal data we hold about you
- Ask us to correct any data which are inaccurate
- Request to have your personal data deleted
- Put in place restrictions on our processing of your data
- Ask us to transfer your data to another controller (data portability)
We will handle all exercise of your data subject rights in accordance with the requirements of GDPR and any national laws at the time of your request. Requests should be submitted in writing to firstname.lastname@example.org).
You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request for access is clearly unfounded or excessive. Alternatively, we may refuse to comply with the request in such circumstances.
We may need to request specific information from you to help us confirm your identity and ensure your right to access the information (or to exercise any of your other rights). This is another appropriate security measure to ensure that personal information is not disclosed to any person who has no right to receive it.
If you are dissatisfied with the way we have handled your personal data and we are unable to resolve the matter for you, you may take your complaint to the Information Commissioner’s Office. Further details can be found via their website at www.ico.org.uk.
Should we receive a request from you or one of your staff, clients, customer, contractors or prospects, to exercise data subject rights but we are only acting as a Data Processor, we will forward the request to you as Data Controller to process. Unless you explicitly instruct us not to we will advise the data subject that we have passed their request to you.
We may use customer personal data to provide you with details about our business updates, services, products and events which we think may be of interest.
You have the right to opt-out of receiving the information detailed above at any time. To opt-out of receiving such information you can: email email@example.com or call us on 01472 342609 / 241712 providing us with your name and contact details.
VISITORS TO OUR WEBSITES
We may collect and process personal data about you in the following circumstances:
When you complete the online contact forms on our website www.ghewitt.co.uk providing us with your name, address, email address and contact number;
Whenever you provide information to us when reporting a problem with our Site, making a complaint, making an enquiry or contacting us for any other reason. If you contact us, we may keep a record of that correspondence;
When you visit our Sites we will retain details such as traffic data, location data, weblogs and other communication data, and the resources that you access (see the section on Cookies below); and
Whenever you disclose your information to us, or we collect information from you in any other way, through our Sites.
We may also collect data in the following ways:
We may collect information about your device, including where available your Internet Protocol address, for reasons of fraud protection. We may also collect information about your device’s operating system and browser type, for system administration and to report aggregate information to our advertisers. This is statistical data about our users’ browsing actions and patterns, and does not identify any individual.
We may use your personal data for our legitimate interests in order to:
Provide you with information or services that you requested from us;
Respond to an enquiry submitted via our online contact forms;
Allow you to participate in interactive features of our Sites, when you choose to do so;
Ensure that content from our Sites are presented in the most effective manner for you and for your device;
Improve our Sites and services;
Process and deal with any complaints or enquiries made by you; and
Contact you for marketing purposes where you have signed up for these.
Our Site may, from time to time, contain links to and from the websites of third parties. Please note that if you follow a link to any of these websites, such websites will apply different terms to the collection and privacy of your personal data and we do not accept any responsibility or liability for these policies. Please check before you submit your information to these websites.
CHANGES TO THIS STATEMENT
We recommend you check this statement on a regular basis to ensure you remain happy with the activities we carry out in respect of processing personal data.
Should we make significant changes to the way we process data, we will draw your attention to the relevant part(s) of this statement through email and or other appropriate communications as part of our engagement activities with you.
If you have any questions regarding this notice or if you would like to speak to us about the manner in which we process your personal data, please email us at firstname.lastname@example.org or call us on 01472 342609 / 241712.
You also have the right to make a complaint to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues, at any time. The ICO’s contact details are as follows:
Information Commissioner’s Office Wycliffe House Water Lane Wilmslow Cheshire SK9 5AF
Telephone – 0303 123 1113 (local rate) or 01625 545 745.
Website – https://ico.org.uk/concerns