M&M Jewel

Privacy Policy for M&M Jewels

1. Introduction

1.1 M&M Jewels ("we", "us", or "our") is committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how we collect, use, and disclose your personal data when you visit our website mmjewels.co.uk (the "Website") and when you purchase our products or interact with us.

1.2 We are the data controller responsible for your personal data processed through the Website. Our registered office is at 47 Sapcote Trading Centre Willesden London NW10 2DJ.

2. What Personal Data We Collect

2.1 We may collect and process the following types of personal data about you:

Identity Data: Includes your name, title, username or similar identifier, date of birth, and gender.
Contact Data: Includes your billing address, delivery address, email address, and telephone numbers.
Financial Data: Includes your bank account and payment card details (processed securely by our payment gateway provider; we do not directly store your full card details).
Transaction Data: Includes details about payments to and from you and other details of products and services you have purchased from us.
Technical Data: Includes your internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, and other technology on the devices you use to access this Website.
Profile Data: Includes your username and password, purchases or orders made by you, your interests, preferences, feedback, and survey responses.
Usage Data: Includes information about how you use our Website, products, and services.
Marketing and Communications Data: Includes your preferences in receiving marketing from us and our third parties and your communication preferences.

3. How We Collect Your Personal Data

3.1 We collect your personal data in various ways, including:

Direct Interactions: You may provide us with your Identity, Contact, Financial, and Transaction Data when you create an account on our Website, place an order, subscribe to our newsletter, contact us via email or phone, complete surveys, or provide feedback.
Automated Technologies or Interactions: As you interact with our Website, we may automatically collect Technical and Usage Data. We collect this data by using cookies, server logs, and other similar technologies. Please see our Cookie Policy [You will need to create a separate Cookie Policy and link to it here] for more details.
Third Parties: We may receive personal data about you from third parties such as:
- Payment processing providers (Financial Data).
- Analytics providers (Technical and Usage Data).
- Marketing and advertising networks (Identity, Contact, and Usage Data).

4. How We Use Your Personal Data

4.1 We may use your personal data for the following purposes:

To register you as a new customer.
To process and deliver your orders, including managing payments, fees, and charges.
To manage our relationship with you, including notifying you about changes to our terms or privacy policy, and asking you to leave a review or take a survey.
To enable you to participate in a prize draw, competition, or complete a survey.
To administer and protect our business and this Website (including troubleshooting, data analysis, testing, system maintenance, support, reporting, and hosting of data).
To deliver relevant website content and advertisements to you and measure or understand the effectiveness of the advertising we serve to you.
To use data analytics to improve our Website, products/services, marketing, customer relationships, and experiences.
To make suggestions and recommendations to you about goods or services that may be of interest to you.
To send you marketing communications if you have opted in to receive them.

5. Legal Basis for Processing Your Personal Data

5.1 We will only process your personal data when we have a legal basis for doing so. The legal bases we rely on include:

Performance of a contract: Where processing is necessary for the performance of a contract we have with you or to take steps at your request before entering into such a contract (e.g., processing your order).
Legitimate interests: Where processing is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests (e.g., improving our Website, direct marketing where you have shown interest, preventing fraud).
Consent: Where you have given us explicit consent to process your personal data for a specific purpose (e.g., sending you marketing emails). You have the right to withdraw your consent at any time.
Legal obligation: Where processing is necessary for compliance with a legal obligation that we are subject to.

6. Sharing Your Personal Data

6.1 We may share your personal data with the following categories of third parties:

Service providers who provide IT and system administration services, payment processing, delivery services, and marketing services.
Professional advisers including lawyers, bankers, auditors, and insurers who provide consultancy, banking, legal, insurance, and accounting services.
HM Revenue & Customs, regulators, and other authorities based in the United Kingdom who require reporting of processing activities in certain circumstances.
Third parties to whom we may choose to sell, transfer, or merge parts of our business or our assets. Alternatively, we may seek to acquire other businesses or merge with them. If a change happens to our business, then the new owners may use your personal data in the same way as set out in this privacy policy.

6.2 We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.

7. International Transfers

7.1 We may transfer your personal data to countries outside the UK. If we do this, we will ensure that appropriate safeguards are in place to protect your personal data, in accordance with UK data protection law. This may include relying on adequacy decisions or implementing Standard Contractual Clauses approved by the UK Information Commissioner's Office (ICO).

8. Data Security

8.1 We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used, or accessed in an unauthorised way, altered, or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors, and other third parties who have a business need to know. They will only process your personal data on our instructions and are subject to a duty of confidentiality.

8.2 We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.

9. Data Retention

9.1 We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.

9.2 To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data, and whether we can achieve those purposes through other means, and the applicable legal requirements.

9.3 Typically, we will retain your order history and related data for [Specify retention period, e.g., 7 years] for tax and accounting purposes. Marketing data will be retained until you unsubscribe.

10. Your Legal Rights

10.1 Under UK data protection law, you have several rights in relation to your personal data, including:

The right to be informed: You have the right to be provided with clear, transparent, and easily understandable information about how we use your personal data (which is what this policy aims to do).
The right of access: You have the right to request access to your personal data and certain other supplementary information.
The right to rectification: You have the right to request that we correct any inaccurate or incomplete personal data we hold about you.
The right to erasure ('right to be forgotten'): You have the right to request that we erase your personal data in certain circumstances.
The right to restrict processing: You have the right to request that we restrict the processing of your personal data in certain circumstances.
The right to data portability: You have the right to receive the personal data you have provided to us in a structured, commonly used, and machine-readable format and have the right to transmit that data to another controller in certain circumstances.
The right to object: You have the right to object to the processing of your personal data in certain circumstances, including for direct marketing purposes.
Rights in relation to automated decision making and profiling: You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you.
The right to withdraw consent: If we are processing your personal data based on your consent, you have the right to withdraw your consent at any time.

10.2 If you wish to exercise any of these rights, please contact us using the contact details provided below.

11. Complaints

11.1 You have the right to make a complaint at any time to the Information Commissioner's Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk). We would, however, appreciate the chance to deal with your concerns before you approach the ICO, so please contact us in the first instance.

12. Contact Us

12.1 If you have any questions about this Privacy Policy or our data protection practices, please contact us.

Privacy Policy

This website uses cookies.