17th of January 2022
At Cornish Gems, we are committed to protecting and respecting your privacy and safeguarding any personal data that you give to us. We are transparent about the processing of your personal data and this notice sets out the basis on which any personal data we collect from you, or that you provide to us, will be processed by us.
We are a controller under the UK GDPR and the Data Protection Act 2018. Our data protection officer is Kristy Gouldsmith and she can be contacted at firstname.lastname@example.org
Cornish Gems Limited of Carne House, Western Extension, Threemilestone Industrial Estate, Threemilestone, Truro, Cornwall. TR4 9LD.
What kind of personal data does Cornish Gems collect and process?
In order for you to create an account, we need your name and email address. This data is only used to create an account for you. You consent to create an account with us when you put in your details. Once you have created an account, we are permitted to send you marketing information under the legal basis of legitimate interest. You can opt out of receiving our marketing emails at any time.
- Purchases and Delivery
When you purchase something through our website, your payment data are sent directly to our payment handler (Stripe) and your delivery details are sent directly to our delivery partners. We don’t ever handle your payment card details. Stripe is a data controller for all of the personal data that you input when paying for an item. Stripe’s Privacy Notice can be found here: https://stripe.com/en-gb/privacy
We keep a copy of your delivery data to ensure we can find your details in the case of an issue.
For billing, we require your first name, last name, address, phone and email. For an alternative shipping address, we require the first name, last name and address.
We process your personal data for a purchase and delivery because we have a contract with you.
Once you have put an item into your basket or purchased an item, we are permitted to send you marketing information under the legal basis of legitimate interest. You can opt out of receiving our marketing emails at any time.
We will send you marketing information if you have opened an account with us or purchased a product and our legal basis for doing so is legitimate interest.
You can also choose to receive marketing from us by signing up to receive it with your email address.
If you unsubscribe from any emails, we will keep your email address in a suppression list for five years so that we don’t email you again by accident. This is a legitimate interest for us.
- Improving our services
We use personal data for analytical purposes and product improvement. This is part of our commitment to making our services better and enhancing the user experience. As much as possible, we strive to use pseudonyms for this analytical work. Our legal basis is legitimate interest.
- Call monitoring
We record all calls made to our customer service team. When you call, our customer service staff will ask for authentication, which helps to keep your personal details confidential. Calls are recorded for quality control and training purposes and for the handling of complaints, legal claims and for fraud detection. Recordings are kept for a limited amount of time before being automatically deleted. An exception to this rule would be if Cornish Gems has a legitimate need to keep the recordings longer for complaints, issues, fraud investigation or legal purposes. Calls are recorded under our legal basis of legitimate interest.
Do we use any automated decision making?
We do not use any automated decision making.
How does Cornish Gems share your data with third parties?
We share your data with:
- Our software providers
- Our delivery partners
- Email platforms
What security and retention procedures does Cornish Gems use?
We have procedures in place to prevent unauthorised access to, and the misuse of, personal data.
We use appropriate business systems and procedures to protect and safeguard the personal data you give us. We also use security procedures and technical and physical restrictions for accessing and using the personal data on our servers. Only authorised personnel are permitted to access personal data in the course of their work.
We keep financial data and invoices for seven years. We keep you on our newsletter email list until you opt out or we see that you are no longer opening our emails.
Does Cornish Gems transfer data out of the UK?
We endeavour to hold most of your data in the UK but we do have some service providers who are based outside of the UK. Several of these providers are based in countries that are adequate for data transfer; for countries that are not, we use approved Standard Contractual Clauses as our data transfer safeguard.
What are your rights regarding your personal data?
You have the right:
- To access to your personal data and information about our processing of it. You also have the right to request a copy of your personal data (but we will need to remove information about other people).
- To rectify incorrect personal data that we are processing.
- To request that we erase your personal data if:
- we no longer need it;
- if we are processing your personal data by consent and you withdraw that consent;
- if we no longer have a legitimate ground to process your personal data; or
- we are processing your personal data unlawfully
- To object to our processing if it is by legitimate interest.
- To restrict our processing if it was by legitimate interest.
- To request that your personal data be transferred from us to another company if we were processing your data under a contract or with your consent and the processing is carried out automated means.
If you want to exercise any of these rights, please contact us.
If you have a concern about the way we are collecting or using your personal data, please raise your concern with us in the first instance. You may also contact the Information Commissioner’s Office at https://ico.org.uk/concerns/.