Personal information about other individuals
If you give us information on behalf of someone else (for example as a wholesale customer the secondary contact's details or where you "refer [a product] to a friend" or if you are sending a gift to someone at a different address), you confirm that the other person has appointed you to act on his/her behalf and has agreed that you can.
· Legitimate interests
We are permitted to process your personal data if it is based on our ‘legitimate interests’ i.e. we have good, sensible, practical reasons for processing your personal data which is in the interests of Joma Jewellery. To do so, we have considered the impact on your interests and rights, and have placed appropriate safeguards to ensure that the intrusion on your privacy is reduced as much as possible. The section above explains the personal data processed on this basis and provides a description of our specific 'legitimate interests'. You can object to processing on the grounds of legitimate interests. See the section headed "Your Rights" to find out how.
It is necessary for our performance of the contract you have agreed to enter with us (such as for the sale of our goods). If you do not provide your personal data to us, we will not be able to carry out our obligations under the terms of your contract.
Sometimes we want to use your personal data in a way that is entirely optional for you. On these occasions, we will ask for your consent to use your information for that purpose. You can withdraw your consent at any time. Currently we only rely on consent as a legal basis for processing to send direct marketing to you.
· Formation Media – our website developers and website support
· DPD, TNT, Royal Mail, Hermes, DHL, Hacklings – to arrange delivery of our goods to you
· First Data - our payment gateway provider and anti-fraud checking service
· Quick Stock – an internal stock and customer management tool
· Mirus - our IT support agency
· Mailchimp – our marketing distribution provider
· Katie Loxton Inc – our sister company. We share infrastructure and systems with our group companies who stores and manages data on our behalf.
· Zendesk chat – website live chat functionality.
of a security breach or to any other similar approved mechanisms.
If you want to know more about how data is transferred, please contact us using the details in the 'How to contact us' section.
against accidental or unlawful destruction, accidental loss or alteration, unauthorised disclosure or access and any other unlawful forms of processing. We aim to ensure that the level of security and the measures adopted to protect your personal data are appropriate for the risks presented by the nature and use of your personal data.
We follow recognised industry practices for protecting our IT environment and physical facilities.
When will we delete your data?
We will keep personal data for the following periods:
You have the following rights under the Data Protection Laws:
· the right to object to processing of your personal data
· the right of access to personal data relating to you (known as data subject access request)
· the right to correct any mistakes in your information
· the right to restrict processing of your personal data
· the right to have your personal data ported to another controller
· the right to withdraw your consent (including to receiving marketing)
· the right to erasure
These rights are explained in more detail below. If you want to exercise any of your rights, please contact us (please see "How to contact us").
We will respond to any rights that you exercise within a month of receiving your request, unless the request is particularly complex, in which case we will respond within three months.
Please be aware that there are exceptions and exemptions that apply to some of the rights which we will apply in accordance with the Data Protection Laws.
Right to object to processing of your personal data
You may object to us processing your personal data where we rely on a legitimate interest as our legal grounds for processing.
If you object to us processing your personal data we must demonstrate compelling grounds for continuing to do so. We believe we have demonstrated compelling grounds in the section headed "How is processing your personal data lawful".
Right to access personal data relating to you
You may ask to see what personal data we hold about you and be provided with:
· a copy of the personal data
· details of the purpose for which the personal data is being or is to be processed
· details of the recipients or classes of recipients to whom the personal data is or may be disclosed, including if they are overseas and what protections are used for those overseas transfers
· the period for which the personal data is held (or the criteria we use to determine how long it is held)
· any information available about the source of that data
· whether we carry out an automated decision-making, or profiling, and where we do information about the logic involved and the envisaged outcome or consequences of that decision or profiling.
To help us find the information easily, please provide us as much information as possible about the type of information you would like to see.
Right to correct any mistakes in your information
You can require us to correct any mistakes in your information which we hold. If you would like to do this, please let us know what information is incorrect and what it should be replaced with.
Right to restrict processing of personal data
You may request that we stop processing your personal data temporarily if:
· you do not think that your data is accurate. We will start processing again once we have checked whether or not it is accurate
· the processing is unlawful but you do not want us to erase your data
· we no longer need the personal data for our processing, but you need the data to establish, exercise or defend legal claims
· you have objected to processing because you believe that your interests should override our legitimate interests
Right to data portability
You may ask for an electronic copy of your personal data which we hold electronically and which we process when we have entered into a contract with you. You can also ask us to provide this directly to another party.
Right to withdraw consent
You may withdraw any consent that you have given us to process your personal data at any time. This means that we will not be able to carry out any processing which required use of that personal data. If you want us to stop sending marketing, this may take a few days to implement in our systems.
Right to erasure
You can ask us to erase your personal data where:
· you do not believe that we need your data in order to process it for the purposes set out in this Privacy Notice
· if you had given us consent to process your data, you withdraw that consent and we cannot otherwise legally process your data
· you object to our processing and we do not have any legitimate interests that mean we can continue to process your data
· your data has been processed unlawfully or have not been erased when it should have been.
What will happen if your rights are breached?
You may be entitled to compensation for damage caused by contravention of the Data Protection Laws.
Complaints to the regulator
It is important that you ensure you have read this Privacy Notice - and if you do not think that we have processed your data in accordance with this notice - you should let us know as soon as possible. You may also complain to the ICO. Information about how to do this is available on his website at .
This means any person who determines the purposes for which, and the manner in which, any personal data is processed.
Data Protection Laws
This means the laws which govern the handling of personal data. This includes the General Data Protection Regulation (EU) 2016/679 and any other national laws implementing that Regulation or related to data protection.
This means the UK Information Commissioner's Office which is responsible for implementing, overseeing and enforcing the Data Protection Laws.
This means any information from which a living individual can be identified.
This will include information such as telephone numbers, names, addresses, e-mail addresses, photographs and voice recordings. It will also include expressions of opinion and indications of intentions about individuals (and their own expressions of opinion/intentions).
It will also cover information which on its own does not identify someone but which would identify them if put together with other information which we have or are likely to have in the future.
This covers virtually anything anyone can do with personal data, including:
· obtaining, recording, retrieving, consulting or holding it;
· organising, adapting or altering it;
· disclosing, disseminating or otherwise making it available; and
· aligning, blocking, erasing or destroying it.
This means any person who processes the personal data on behalf of the controller.
special categories of data
This means any information relating to:
· racial or ethnic origin;
· political opinions;
· religious beliefs or beliefs of a similar nature;
· trade union membership;
· physical or mental health or condition;
· sexual life; or
· genetic data or biometric data for the purpose of uniquely identifying you.