PRIVACY AND COOKIES POLICY
Last updated June 2022.
It’s simple really, in this policy, we set out what personal data we might collect from you, why we need it and what your rights are. You should read this policy and our terms and conditions (on our website), as this will tell you everything you need to know and applies to your use of our website, available at thelmawest.com and your purchase of our jewellery (together known as our “services”).
About us
We respect your right to privacy and so we’ll only process personal information about you in line with applicable data protection laws. We comply with the retained EU law version of the General Data Protection Regulation (2016/679), the Data Protection Act 2018 and the California Consumer Privacy Act of 2018 (the “data protection legislation”). If any of these laws are replaced or superseded, we’ll comply with that too.
We’re Thelma West Diamonds, a company registered in England and Wales based in 19 Kingly Street, London, England, W1B 5PY (“we” or “us”). We’re VAT registered and our VAT number is 409455977. If you need us, you can contact us by phone to 0207 287 7953 or email to twd@thelmawest.com. We’ll contact you using the contact details you provide to us.
We’re registered with the Information Commissioner's Office (ICO), the UK supervisory authority for data protection issues (ico.org.uk), and our registration number is ZB334741. If you have any concerns about data protection, we would appreciate it if you contacted us first so we can discuss these with you before you approach the ICO. You can reach us at twd@thelmawest.com.
What information do we collect?
Personal data, or personal information, is any information about an individual from which that person can be identified. It doesn’t include data where the identity has been removed (anonymous data).
We may collect, use, store and transfer different kinds of personal data about you when you engage with us. Whenever we collect personal data about you, we must have a legal ground (lawful basis) to do so. We must also observe the principles of data minimisation and only collect as much personal data as necessary and retain that data for no longer than necessary.
• Identity and contact information you provide to us when you contact us about our services, such as by WhatsApp’ing, emailing, calling or completing the ‘Contact us’ form on our website (Personal Data)
Includes:
Name
Email address
Telephone number
We collect this information so we can respond to your enquiry or correspondence. We might use your name and email address to send you information about your matter or issue raised and we may also provide you with updates on changes to this policy or security information.
• Identity and contact information you provide to us when you make a purchase from us on our website (Personal Data)
Includes:
Name
Email address
Telephone number
Home and/or delivery address
We collect this information so we can process your order and provide you with the jewellery you have purchased.
The lawful basis for collection of this information is it is needed to perform our contract with you (i.e., to process your order and send you the jewellery you have purchased.
The cart on our website is run by Stripe. We don’t see or record any of your payment details.
• Identity and contact information you provide to us when you make a purchase of our bespoke jewellery or you use our lifetime guarantee service (Personal Data)
Includes:
Name
Email address
Telephone number
Home and/or delivery address
We collect this information so we can process your order and provide you with the bespoke jewellery you have purchased, or the lifetime guarantee service we offer to purchasers of our bespoke products.
The lawful basis for collection of this information is it is needed to perform our contract with you (i.e., to process your order and send you the bespoke jewellery you have purchased and we have repaired/polished).
The purpose is to provide you with marketing and promotional material and to enable direct marketing.
The lawful basis for this is you have provided your consent and it’s in our legitimate interest to present relevant content, products, and services to you. You can withdraw your consent at any time by contacting us at twd@thelmawest.com.
• Identity and contact information you provide to us when you subscribe to our email marketing (Marketing and Communications Data)
Includes:
Name
Email address
The purpose is to provide you with marketing and promotional material and to enable direct marketing.
The lawful basis for this is you have provided your consent and it’s in our legitimate interest to present relevant content, products, and services to you. You can withdraw your consent at any time by contacting us at twd@thelmawest.com.
• Cookies Data
Like many websites, we use "cookies" to enhance your experience and gather information about visitors and visits to our website. Please refer to the cookies section below for information about cookies and how we use them and what kind.
Cookies are small text files placed on your device when you visit our website and are used to make the users’ experience more efficient.
The lawful basis is this is necessary for us to perform our contract with you (i.e., to give you access to the service our website provides).
We also need this information to study how you use our website, in order to improve and develop the services we provide, and better inform our marketing strategies.
• Analytics
Includes third-party analytics services (such as Google Analytics) to evaluate your use of our website, compile reports on activity, collect demographic data, analyse performance metrics, and collect and evaluate other information relating to the website and internet usage. These third parties use cookies and other technologies to help analyse and provide us the data. By accessing and using the website, you consent to the processing of data about you by these analytics providers in the manner and for the purposes set out in this policy.
The purpose is to enable direct marketing.
The lawful basis is it is necessary for our legitimate interest to present relevant content, products, and services to you.
• Technical Data
Includes:
Internet protocol (IP) address
Your login data, browser type and version
Time zone setting and location
Browser plug-in types and versions
Operating system and website
Other technology on the devices you use to access our website.
This data is automatically collected when you use our website. The purpose is to enable your access to our website.
The lawful basis is this is necessary for us to perform our contract with you (i.e., to give you access to the service our website provides).
Cookies
We use cookies in accordance with the relevant parts of the Privacy and Electronic Communications (EC Directive) Regulations 2003 and data protection legislation. Cookies are small text files placed on your device when you visit our website and are used to make the users’ experience more efficient. We use cookies to distinguish users and to improve our website. We analyse how you use our website, and we look at aggregate statistics about your usage, and how others use our website. We collect certain information from these cookies, and this includes information about your IP address, your location when you access our website, the date and time you access our website, the language you use and the type of browser you use.
These are the types of cookies we use:
'Session cookies' allow us to track your actions during a single browsing session, but they don’t remain on your device afterwards; and
'Persistent cookies' remain on your device between sessions. We use them to authenticate you and to remember your preferences. We can also use them to balance the load on our servers and improve your experience on our website.
Session and Persistent cookies can be either first or third party cookies. A first-party cookie is set by the website being visited; a third-party cookie is set by a different website. Both types of cookies may be used by us or our business partners.
The third-party cookies we use are:
Google Analytics – this is a web analytics service provided by Google, Inc. The cookies used by Google Analytics help us to analyse how users use our website and to count the number of people who use it. Google Analytics stores your IP address anonymously. Google does not associate your IP address with any personally identifiable information;
Facebook Ads (the Facebook pixel) – these cookies collect information about how visitors use our Website. This data is collected anonymously and is used to help improve our website’s functionality; and
Google Ad Words – these cookies collect information about how visitors use our website. This data is collected anonymously, to help make our marketing communications more relevant, and is used to improve our website’s functionality.
All of our cookies are categorised by the role they fulfil on our website:
Strictly Necessary: these are essential to enable you to move around our website and use features such as secure services. Without these cookies such services couldn’t be provided
Functionality: allow our website to remember your choices and to personalise certain features. These cookies may be anonymised and cannot track your browsing activity on other websites; and
Performance: collect information as to how users use our website. These cookies don’t collect information that identifies a visitor. The information collected is aggregated and used to improve our website.
None of the cookies employed are classified as Behavioural Targeting.
We will always ask for your consent to use non-essential cookies. You’re free to withhold consent to this, but it means that we might not be able to provide the full website experience to you, including some elements of video advertising. If at any time you wish to disable our cookies, you can do so through the settings on your browser, or whenever the pop-up appears on our website (each time you access our website).
We may process your data for compliance with a regulatory requirement or legal obligation to which we are subject to. Your data will only be processed if processing the data to comply with such obligation is a reasonable and appropriate way of achieving compliance.
We also collect, use, and share aggregated data such as statistical or demographic data for any purpose. Aggregated data may be derived from your personal data but is not considered personal data in law as this data does not directly or indirectly reveal your identity. For example, we may aggregate your usage data to calculate the percentage of users accessing a specific website feature. However, if we combine or connect aggregated data with your personal data so that it can directly or indirectly identify you, we treat the combined data as personal data which will be used in accordance with this policy.
Storing your personal data
We store all of your personal data on our servers within the UK. We may transfer your collected data to storage outside the European Economic Area (EEA) or the UK, or it may be processed outside the EEA or the UK so you can receive our services and deal with payment. If we do store or transfer data outside the EEA or the UK, we will take all reasonable steps to ensure that your data is treated as safely and securely as it would be within the EEA or the UK. This means that sometimes we may need to use legally binding contractual terms between us and any third parties we engage with and the use of the EU-approved Model Contractual Arrangements. We will still be responsible for protection of your personal data, even where we have transferred it outside the EEA or the UK.
Data security is of great importance to us, and to protect your data we have put in place suitable physical, electronic, and managerial procedures to safeguard and secure data collected through our website.
Specifically, we use Google Drive to host all personal data collected. Google’s cloud services employ industry standard security including encryption in transmit and at rest and ISO/IEC27001/27017/27018/27701, SOC 1/2/3, PCI DSS, and FedRAMP certifications. For more information, please refer to: https://cloud.google.com/security/. It is important to note that personal data is encrypted between your device and any external host storage we use.
Disclosing your personal data
We may disclose your information in the following cases:
If we want to sell our business, or our company, we can disclose it to the potential buyer
We can disclose it to other businesses in our group, as defined in the UK Companies Act 2006
We can disclose it if we have a legal obligation to do so, or in order to protect other people's property, safety, or rights
We can exchange information with others to protect against fraud or credit risks.
We might contract with third parties/subcontractors to supply our services to you on our behalf. These include cloud services used to send emails and technology providers that assist in providing our services to you and delivery services so we can arrange delivery of the jewellery to you. The lawful basis is that it’s necessary for our legitimate interest to present relevant content, products, and services to our target audience.
If any of your personal data is shared with a third party, we will take steps to ensure that your personal data is handled safely, securely, and in accordance with your rights, our obligations, and the third party’s obligations under the law, as described in this policy.
Your rights
When you provide us with personal data, you have certain legal rights, and these include:
To request access to, deletion or correction of, your personal data held by us at no cost to you
To request that your personal data be transferred to another person (data portability)
To be informed of what data processing is taking place
To restrict processing
To object to processing of your personal data
To complain to a supervisory authority.
We regularly review our data retention obligations to ensure we are not retaining data for longer than we’re legally obliged to.
If you wish to access, rectify, erase, or transfer your personal data, please contact us at twd@thelmawest.com.
Notice for California residents of privacy practices and rights
If you are a California resident, California law may provide you with additional rights regarding your personal data.
The California Consumer Privacy Act of 2018 (“CCPA”) gives you the following rights:
Right to know about the personal information we collect and share:
The CCPA gives you the right to request that we disclose the specific pieces of personal information we have collected about you;
Please see above for information on the data we collect on you, and how we process it; and
We do not sell your personal information. However, we do disclose your personal data to limited third parties, as described above
Right of deletion:
You have the right to request that we delete your personal information, subject to certain exceptions
If you wish to delete your personal data, please contact us at twd@thelmawest.com. Please note that we may require certain information from you in order to verify your identity before proceeding with your request.
We collect the categories of personal information from you in connection with your use of our website as described above.
We won’t discriminate against you for exercising any of your CCPA rights.
Third party links
This policy only relates to our services. We might have links on/within our services to other websites, and these websites will have their own terms and conditions and privacy policies. You should check those privacy policies before providing your personal data to those websites.
Changes to this policy
We can update this policy from time to time as laws change or as our services change. If we make material changes to this policy, and we need your consent to those changes, we will contact you by email to do so.