Privacy Policy

Introduction
Carl Chistopher The Jewellers needs to gather and use certain information about individuals.

These can include clients, business contacts, employees, and other people with whom Carl Christopher The Jewellers have a relationship and whom it may need to contact. This Policy describes how this personal data must be collected, handled, and stored to meet the Company’s data protection standards – and comply with the law.

Why this policy exists.
This Data Protection Policy ensures that Carl Christopher The Jewellers:

  • Complies with data protection law and follows good practice.
  • Protects the rights of staff, clients, and partners.
  • Is open about how it stores and processes individuals’ data.
  • Protects itself from the risks of a data breach.

Data Protection Law
The General Data Protection Regulations (GDPR) 2018 describe how organisations – including Carl Christopher The Jewellers– must collect, handle and store personal information. These regulations apply regardless of whether data is stored electronically, on paper or on other materials. To comply with the law, personal information must be collected and used fairly, stored safely, and not disclosed unlawfully. The GDPR 2018 is underpinned by six important principles. Personal data must be:

  • Processed lawfully, fairly and in a transparent manner.
  • Collected for specified, explicit and legitimate purposes.
  • Adequate, relevant, and limited to what is necessary.
  • Accurate and, where necessary, kept up to date.
  • Retained only for as long as necessary.
  • Processed in an appropriate manner to maintain security.

PEOPLE, RISKS AND RESPONSIBILITIES

Policy scope

This policy applies to all Carl Christopher The Jewellers staff

This policy applies to all data that Carl Christopher The Jewellers holds relating to identifiable individuals. This can include:

  • Names of individuals
  • Postal addresses
  • Email addresses
  • Telephone numbers
  • Any other information relating to individuals.

Data Protection risks
This policy helps to protect Carl Christopher The Jewellers from data security risks, including:

Breaches of confidentiality – for instance, information being given out inappropriately.

Failing to offer choice – for instance, all individuals should be free to choose how

Carl Christopher The Jewellers uses data relating to them.

Reputational damage – for instance, Carl Christopher The Jewellers could suffer if hackers successfully gained access to personal data.

Responsibilities
Everyone working for Carl Christopher The Jewellers has some responsibility for ensuring data is collected, stored, and handled properly in line with this policy and data protection principles.

The Director is responsible for ensuring that Carl Christopher The Jewellers meets its legal obligations.

This includes:

Reviewing all data protection procedures and related policies, in line with an agreed schedule.

Arranging data protection training and advice
Handling data protection questions from staff and anyone covered by this policy.
Dealing with requests from individuals to see the data that Carl Christopher The Jewellers holds about them (Subject Access Requests)

Checking and approving any contracts or agreements with third parties that may handle Carl Christopher The Jewellers personal data.

Ensuring all IT systems, services and equipment used for storing data meet acceptable security standards.

Performing regular checks and scans to ensure security hardware and software is functioning properly.

Evaluating any third-party services Carl Christopher The Jewellers is considering using to store or process data, such as cloud computing services approving any data protection statements attached to communications.

General Guidelines
Carl Christopher The Jewellers will provide training to staff to help them understand their responsibilities when handling data. All data must be kept secure by taking sensible precautions and following the guidelines below.
Strong passwords must be used on all systems. Personal data should not be disclosed to unauthorised people outside Carl Christopher The Jewellers. Data should be regularly reviewed and updated if it is found to be out of  date. If no longer required, it should be deleted. Staff should request help the Director if they are unsure of any aspect of data protection.

Data Storage
These rules describe how and where data should be safely stored.
When data is stored on paper, it should be kept in a secure place where unauthorised people cannot see it. Data printouts should be shredded and disposed of securely when no longer required.

When data is stored electronically, it must be protected from unauthorised access, accidental deletion, and malicious hacking attempts:
Data should be protected by strong passwords that are changed regularly. If data is stored on removable media, these should be locked away securely when not being used.

Data should only be stored on designated drives and servers and should only be uploaded to approved cloud computing services.
Data should be backed up frequently. These backups should be tested regularly.

All servers and computers containing data should be protected by approved security software and a firewall.

Data Accuracy
The Regulations require Carl Christopher The Jewellers to take reasonable steps to ensure data is accurate and kept up to date. It is the responsibility of all staff implement this. Data should be kept in as few places as necessary. Staff should not create any unnecessary additional data sets.

Subject Access Requirements
All individuals whose personal data is held by Carl Christopher The Jewellers are entitled to:

  • Ask what information Carl Christopher The Jewellers holds about them and why.
  • Ask how to gain access to it.
  • Be informed how to keep it up to date.
  • Be informed how Carl Christopher The Jewellers is meeting its data protection obligations.
  • Access requests from individuals should be made by email, addressed to sales@carlchristopher.co.uk

Disclosing Data for Other Reasons
In certain circumstances, GDPR 2018 allows personal data to be disclosed to law enforcement agencies without the consent of the data subject.
Under these circumstances Carl Christopher The Jewellers will disclose such data in response to a proven legitimate request, seeking assistance from the Company’s legal advisors where necessary.

Carl Christopher The Jewellers is registered in England and Wales under company number 14066441 and we have our registered office at 3 Park Street, Lytham, Lancashire, FY8 5LU. We are a limited company.

This policy (together with our terms of use and terms of supply and any other Additional Terms referred to or set out in on carlchristopher.co.uk Website) sets out the basis on which any personal data we collect from you, or that you provide to us, will be processed by us. Please read the following carefully to understand our views and practices regarding your personal data and how we will treat it.

For the purpose of the Data Protection Act 1998 (the “Act”), we are the data controller.

Our address is:
Carl Christopher The Jewellers
3 Park Street,
Lytham,
Lancashire,
FY8 5LU

Information we may collect from you.
When you place an order with us, we need to know your name, email address, telephone number, delivery address and payment details. We collect information about you for two reasons: firstly, to process your order, and secondly to keep you up to date with its progress. We may collect and process the following data about you:
Information that you provide by filling in forms on the carlchristopher.co.uk Website. This includes information provided at the time of registering to use the carlchristopher.co.uk Website, subscribing to our service, posting material, or requesting further services. We may also ask you for information when you enter a competition or promotion sponsored by us.

If you contact us, we may keep a record of that correspondence.

We may also ask you to complete surveys that we use for research purposes, although you do not have to respond to them.

Details of transactions you carry out through the Website and of the fulfilment of your orders. We do not store credit or debit card details.

Details of your visit to the Website including, but not limited to, traffic data, location data, weblogs, and other communication data, whether this is required for our own billing purposes or otherwise and the resources that you access. By submitting your information, you consent to the use of that information in accordance with our privacy policy. If we change our privacy policy, we will post details on our website. We will also email you. Continued use of our services will signify that you agree to any changes made.

Security
The internet is not a secure medium, but we have put in place various security procedures to keep your personal information confidential. These cover the storage, access, and disclosure of your information.

Because the internet is global, your information may be transferred outside the EEA (European Economic Area) to countries that do not have similar data protection legislation during use as set out in this policy. However, we have taken the steps set out above to keep your information secure. By submitting your information, you consent to these transfers.

Marketing
We also want to be able to inform you of any product updates or promotions. Accordingly, we may choose to contact you by email with our newsletter, with new product information, competitions, and special offers. If you do not want to receive the newsletter, then please remove the tick from the box on the delivery details page by clicking on it.

We may disclose your personal information to third parties: Business partners, suppliers, and sub-contractors for the performance of any contract we enter into with them or you.

In the event that we sell or buy any business or assets, in which case we may disclose your personal data to the prospective seller or buyer of such business or assets.

If carlchristopher.co.uk or substantially all of its assets are acquired by a third party, in which case personal data held by it about its customers will be one of the transferred assets.

If we are under a duty to disclose or share your personal data in order to comply with any legal obligation, or in order to enforce or apply our terms of use or terms of supply of supply and other agreements; or to protect the rights, property, or safety of carlchristopher.co.uk, our customers, or others. This includes exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction.

Your rights
You have the right to ask us not to process your personal data for marketing purposes. We will usually inform you (before collecting your data) if we intend to use your data for such purposes or if we intend to disclose your information to any third party for such purposes. You can exercise your right to prevent such processing by checking certain boxes on the forms we use to collect your data. You can also exercise the right at any time by contacting us at carlchristopher.co.uk

The carlchristopher.co.uk website may, from time to time, contain links to and from the websites of our partner networks, advertisers, and affiliates. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to these websites.

Access to information
The Act gives you the right to access information held about you. Your right of access can be exercised in accordance with the Act. Any access request may be subject to a fee of £10 to meet our costs in providing you with details of the information we hold about you.

Changes to our privacy policy
Any changes we may make to our privacy policy in the future will be posted on this page and, where appropriate, notified to you by e-mail.

Contact
For any questions, comments and requests regarding this privacy policy please click here.

sales@carlchristopher.co.uk

October 2022