Privacy policy
This privacy policy explains how we collect, store and process your personal data. Personal data is any information that can be used to identify an individual, either directly or indirectly. It can refer to obvious things like your name and address, but also to online identifiers such as IP addresses.
By making a purchase, creating a Stephanie Grace account, using our website, signing up to online marketing, or providing your details to over email, you are acknowledging that your personal data may be used according to the practices set out in this policy.
Our Privacy Promise
Here at Stephanie Grace, we promise to be transparent with you about how we use your personal data. We are committed to maintaining the safety and security of all personal data from the point of collection to its deletion from our company.
We have to collect some personal data from you in order to provide you with our services. This means that we may also need to share this information with third parties who help us to provide these services, such as our couriers so they can deliver your items to you. We will make sure that all third parties we are engaged with treat your personal data with as much respect as we do.
Who are we?
How do we collect your personal data?
This section explains how and when we collect your personal data.
You share your data with us when
- You make a purchase with us
- You register for a Stephanie Grace account
- You sign up for our newsletter and other online marketing
- You send emails or letters to us
We collect your data when you use these services
- Transactional details when you order something from us
- Cookies gathered from the devices you use to connect to our website or social media platforms
Data from 3rd parties we work with
- Our social media platforms
What personal data do we collect from you?
We have to collect some information from you so we can provide you with our services, for example when you order items from us. We do our best to make sure that we do not collect excessive information from you and limit it to only what is necessary for us to provide the service you require.
We do not collect any special category personal data from any of our customers. This includes information about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data. Nor do we collect any information about criminal convictions and offences.
Data we collect about you
We may collect, use, store and transfer different kinds of personal data about you which we have grouped together as follows:
- Identity data: name and title
- Contact data: address, postcode, email address and telephone numbers
- Transactional data: details of products you have purchased from us, including date and time of purchase and spend in relation to that purchase
- Technical data: internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access our website
- Profile data: purchases or orders made by you, your interests, your birthday, preferences
- Usage data: information about how you use our website, products and services
- Marketing and communications data: your preferences in receiving marketing from us and our third parties and your communication preferences.
How we use your personal data
We are only allowed to use personal information about you if we have a legal basis to do so, and we are required to tell you what that legal basis is. We have set out in the table below the personal information which we collect from you, how we use it, and the legal ground on which we rely when we use the personal information.
In some circumstances we can use your personal information if it is in our legitimate interest to do so, provided that we have told you what that legitimate interest is. A legitimate interest is when we have a business or commercial reason to use your information which, when balanced against your rights, is justifiable. If we are relying on our legitimate interests, we have set that out in the table below.
What we use your personal information for |
What personal information we collect |
Our legal grounds for processing |
Our legitimate interests (if applicable) |
To register you as a new customer and create your Stephanie Grace account |
Identity Contact |
Performance of a contract with you |
|
To process your transactions and deliver your items |
Identity Contact Transaction |
Performance of a contract with you Legitimate interests |
To provide you with delivery updates about your order |
To make suggestions and recommendations to you about items that may be of interest to you |
Identity Contact Marketing and communications Technical Profile Usage |
Legitimate interests Consent |
To develop our services and grow our business |
To send automated email campaigns to you based on your purchase history, frequency and activity |
Identity Contact Marketing and communications Technical Profile Usage |
Legitimate interests |
To better understand our customers and their interests |
To manage our relationship with you, including notifying you about changes to our terms or privacy notices |
Identity Contact Transaction |
Performance of a contract with you Necessary to comply with a legal obligation Legitimate interests |
To keep our records up to date |
To administer and protect our business and our website |
Transaction Technical Usage |
Legitimate interests |
Running our business, provision of administration and IT services, network security |
To deliver relevant website content and advertisements to you and measure or understand the effectiveness of the advertising we serve to you |
Identity Contact Marketing and communications Usage Profile |
Legitimate interests |
To study how customers use our services, to develop them, to grow our business and to inform our marketing strategy |
To use data analytics to improve our website, products/services, marketing, customer relationships and experiences |
Technical Usage Profile |
Legitimate interests |
To define types of customers for our services, to keep our website updated and relevant, to develop our business and to inform our marketing strategy |
Who we share your data with
We will share your name, address, email address and phone number with our trusted couriers so that they can make the delivery to you and send delivery updates directly to you. We use DPD for UK delivery and Royal Mail for international orders.
How long we keep your data
We work hard to ensure that we do not keep your personal data for longer than is necessary to fulfil the purpose for which it was collected. Generally, we will not retain your personal data for longer than six years, as this is the statutory period for retaining HMRC records.
How we look after your data
We will protect the data you entrust to us with appropriate measures and controls, as well as ensuring that the companies we work with are just as careful with your data.
- We will always use appropriate technical and organisational measures to prevent the loss, misuse, destruction or alteration of your personal data.
- We will continually test, audit and monitor our compliance with Information Security standards and relevant Data Protection regulations
- We are PCI DSS compliant – we do not store any of your card details when you make a payment to us.
- We ensure that the third parties we work with who process your personal data operate under a Data Sharing Agreement.
Your rights
You have the following rights with regards to your personal data:
- The right to be informed – this privacy notice explains to you how your personal data is processed by us.
- The right to access – you can request that we provide you with all of the personal data that we hold about you. We will provide this to you free of charge within one month of your request.
- The right to rectification – we like to make sure that the information we have about you is correct. You can manage your personal details within your Stephanie Grace account to ensure that they are up to date, or you can contact us to let us know if we have any incorrect information about you by contacting golden@stephaniegracejewellery.comThe right to erasure – you have the right to have your data ‘erased’ in the following situations:
- Where the personal data is no longer necessary in relation to the purpose for which it was originally collected or processes
- When you withdraw consent
- When you object to the processing and there is no overriding legitimate interest for continuing the processing
- When the personal data was unlawfully processed
- When the personal data has to be erased in order to comply with a legal obligation
- The right to restrict processing – You have the right to request that we stop processing your personal data in certain situations such as:
- Where you contest the accuracy of your personal data, we will restrict the processing until you have verified the accuracy of your personal data
- Where you have objected to processing and we are considering whether our legitimate grounds override your legitimate grounds
- When processing is unlawful and you oppose erasure and request restriction instead
- Where we no longer need the personal data but you require the data to establish, exercise or defend a legal claim
- The right to object – You have the right to object to the processing of your personal data in the following circumstances:
- Direct marketing – remember you can opt out at any time from our marketing communications by changing the marketing preference in your Grace Chou account, or simply by emailing us at golden@stephaniegracejewellery.com
- Where the processing is based on our legitimate interests as detailed in the table above
- Processing for purposes of scientific/historical research and statistics
How to contact us
If you want to talk to us about anything in this privacy policy, find out more about your rights or to exercise your rights, please contact us using the information provided in the ‘Who are we?’ section of this Privacy Policy and our team will be happy to help.
Not happy?
If you feel that we have not processed your data according to the law, please let us know using the contact details in the ‘Who are we?’ section of this Privacy Policy and we will do our best to correct the situation.
If you still aren’t happy with how we are processing your personal data, you have the right to make a complaint with the ICO here. You can also call them on 0303 123 1113.