Payne & Son (Goldsmiths) Ltd is committed to protecting and respecting any personal information you share with us, and that your privacy is protected.
This privacy policy sets out and describes what types of information we collect from you, how we store and handle this data and how we keep it safe. It details how you can manage the information we collect from you and how to contact us. Any personal data collected will only be used in accordance with this privacy policy.
Payne & Son (Goldsmiths) Ltd reserves the right to change this policy at any time, so please check our privacy policy link on our website for the latest version and to be informed of any updates. You can email (silver@payneandson.co.uk) at any time for the latest version of our privacy policy. This privacy policy is effective from 23rd May 2018.
Please note the data controller is Payne & Son (Goldsmiths) Ltd and for simplicity throughout this policy will be referred to as ‘we’, ‘us’ or ‘our’.
Legal basis for processing personal data
Payne & Son (Goldsmiths) Ltd will only process information that is necessary for the purpose for which it has been collected. As stipulated by data protection law. we are required to set out the legal basis for which we may collect and process your personal data:
Consent
The majority of the time Payne & Son (Goldsmiths) Ltd will rely on consent as a legal basis for collecting and processing personal data. For example; you have provided consent in store to set up an account to collect information about your purchase history.
When collecting your personal data, using your consent, we will always make it clear to you which data is necessary in connection with a particular service. Customers have the right to withdraw their consent at any time. Where consent is the only legal basis for processing, we will cease to process data after consent is withdrawn.
Contractual
In order to comply with our contractual obligations we may need to collect and process your personal data. We would collect and process your personal data to perform a contract or service and to complete your orders and purchases. For example; we would collect your name, address, email address and telephone number if you asked us to complete a repair on an item of jewellery.
Legal requirements
To comply with any legal requirements and/or with any law enforcement agency we may need to collect and process your personal data. We would only collect and process any data that is relevant to the purpose of it being collected. For example, if you purchase a second hand item we are required to keep your personal data for company accounting purposes for a minimum of 6 years.
Legitimate business interest
We may collect and process your personal data when necessary to carry out activities that are of legitimate business interest to Payne & Son (Goldsmiths) Ltd. To pursue our legitimate interests, we may require your personal data in a way in which might reasonably be expected as part of running our business. It would not affect your rights, freedoms or interests. The legitimate business interests of Payne & Son (Goldsmiths) Ltd include:
-
Selling and supplying goods and services to our customers.
-
Protecting customers, employees and other individuals and maintaining their safety and welfare.
-
Improving existing products and services.
-
Complying with our legal and regulatory obligations.
-
Handling customer contracts, queries and complaints.
-
Preventing, investigating and detecting crime or fraud.
-
Internally to improve customer service and operating systems.
When do we collect personal data?
We only collect and process personal data and information when it is necessary, relevant and adequate for the purpose you are providing it. The ways in which we collect your data are as follows:
-
In store when you purchase a product or service, make an enquiry or request a quotation.
-
By phone when you purchase a product or service, make an enquiry or request a quotation.
-
By email when you purchase a product or service, make an enquiry or request a quotation.
-
By our website when you purchase a product or service, make an enquiry or request a quotation.
What personal data do we collect?
All personal data that you provide to us will only be processed for the purpose for which we are collecting it. Payne & Son (Goldsmiths) Ltd may collect the following information about you:
-
Your name including your title.
-
Your contact details: your postal address (including billing and delivery addresses if different), email address and telephone number.
-
Purchase of goods and services and orders made by you.
-
Payment card details when you make a purchase or place an order.Your image may be recorded on CCTV in store.
-
Your IP address when making a purchase via our website; we use a third-party specialist secure card processing provider when taking payments via our website, we do not have access to your payment card details.
-
Details of your interactions with us, through phone calls, texts, emails, in store or online. For example; if you proceed a quotation or if you make an enquiry about a particular product or service.
-
Personal details which help us recommend items of interest (for example, a customer’s finger size).
-
Personal details (such as wedding day or birthday) to help us process orders in a timely manner.
We would only ask for personal details and dates to enhance your shopping experience with us. It is always your choice whether you wish to share any such details with us.
How and why we use personal data?
Payne & Son (Goldsmiths) Ltd want to give customers the best possible experience, whether in store, over the phone, via email or by our website. We use your personal data for the following:
-
To set up and manage an account of your purchase history. We do this by expressly asking for your consent to do this, and use it purely for your own information about previous purchases with us and if any information is required for insurance purposes. If you do not wish to give us your consent to set up an account we will not collect or process any of your personal data for this purpose.
-
To sell any second-hand item to a customer. We must collect and retain these details for company accounting records for a minimum of 6 years as part of our legal obligations.
-
To provide a VAT receipt for a purchase we must collect and retain these details for company accounting records for a minimum of 6 years as part of our legal obligations.
-
To process a VAT refund after the purchased goods have been exported outside the EU. We must collect and retain this information for company accounting records for a minimum of 6 years as part of our legal obligation.
-
To complete repairs that you have asked us to undertake on your behalf. We need your personal data to complete any repair in order to comply with our contractual obligations.
-
To provide a service (such as engraving or a valuation) that you have requested us to undertake. We need your personal data to provide a service in order to comply with our contractual obligations.
-
To process any orders that you make in store, over the phone, by email or via our website. If we do not collect your personal data during checkout we will not be able to process your order and comply with our contractual and legal obligations.
-
To complete the delivery of orders. We are required to collect, process and share your personal data to ensure safe delivery of any order that you have placed (for example providing a courier with you name, address and telephone number to ensure safe delivery of your order). We do this as part of our contractual obligations with you.
-
To provide quotations for the supply of any product, repair or service that have been requested. Processing your information allows us to provide you with quotations and complies with our contractual obligations. If a quotation is required for insurance purposes, we must process your data for both contractual and legal purposes.
-
To respond to any queries or enquires you may have. Handling the information you provide us enables us to respond to you. This is done on the basis of your consent, our contractual obligation to you and our legitimate business interests to provide you with the best customer service.
-
To respond to any refund request or complaints. Collecting and processing your information allows us to respond to your request or compliant swiftly and to the best of our ability. We do this on the basis of our contractual obligation with you, our legal obligations and our legitimate business interests in providing the best customer experience.
-
To protect our customers, premises, assets and employees we operate a CCTV system in store and record images for security and preventing, investigating and detecting crime. We do this on the basis of our legitimate business interests.
-
To protect your account and our business from any fraudulent or illegal activities, including actively updating any necessary personal data held within your account. We do this as part of our legitimate business interest.
-
To process payments securely and prevent any potentially fraudulent transactions. We do this as part of our contractual obligations, legitimate business interest and most importantly to protect our customers from fraud.
-
If we do discover any criminal activity through our CCTV or detect any fraudulent transactions we will only process any necessary data for detecting unlawful acts, we do this as part of our contractual and legal obligations.
-
To comply with our contractual and/or legal obligation to share data with law enforcement and official regulatory bodies.
-
To communicate any information required by law or changes to the services that we provide you. We do this as part of our contractual and legal obligations.
-
To improve our customer service, products and operating systems which we do on the basis of our legitimate business interests.
How long will we keep personal data?
We do not retain your data for longer than is necessary and it is only kept for the purpose in which it was collected. The longest we would normally hold any personal data is 6 years, after which we will contact you to expressly ask for consent to retain this data for a longer period of time. If you do not give us your consent to retain any personal data, then at the end of this period your personal data will either be deleted completely or anonymized (for example we will retain the details of a purchase or service provided but not retain any personal data about who made the purchase or utilized the service), unless we have a contractual or legal obligation to retain this data.
Payne & Son (Goldsmiths) Ltd will retain certain personal data for the following periods of time:
-
If we have a relationship with you (for example if you are a customer and have made purchases of goods from us) we will hold your personal information for 6 years. We hold this data by express consent from you. When this period is due to end we will contact you to ask whether you expressly consent for us to continue to hold this personal data. If you do not give us consent to continue to hold this data, it will either be deleted completely or anonymized.
-
When you have made a purchase of a second-hand item, we will hold your personal information for a minimum of 6 years to comply with our legal obligations.
-
When you have requested a VAT receipt for a purchase, we will hold your personal data for a minimum of 6 years to comply with our legal obligations.
-
When you have requested a VAT refund after you have exported the goods outside the EU we will hold your personal data for a minimum of 6 years to comply with our legal obligations.
-
If we have obtained your personal data to carry out a service, such as engraving, a repair or valuation, we will hold this information for 6 years (please note our guarantee period on any service will vary so please contact us for further information regarding guarantees). We hold this information to carry out our contractual obligations to you. When this period is due to end we will contact you to ask whether you expressly consent for us to continue to hold this personal data. If you do not give us consent to continue to hold this data it will either be deleted completely or anonymized.
-
Where we have obtained your personal data following a request for information about a product or service from you, we will hold this information for 2 years after which it will be deleted completely. Unless during that period we form a relationship with you (for example you purchase a product or request us to carry out a service), we hold this information to give us an opportunity to form a relation with you as part of our legitimate business interest.
-
If we have required your personal information to provide you with a quotation (all our quotations are valid for 30 days) we will hold this information for 2 years after which it will be deleted completely. Unless during that period we form a relationship with you (for example you purchase a product or request us to carry out a service), we hold this information to give us an opportunity to form a relation with you as part of our legitimate business interest.
-
If we capture your image on CCTV in store, we keep this data for a period of 8 weeks, after which these images are permanently erased.
The only exceptions to the periods mentioned as above are:
-
For legal obligations if the law requires us to hold your personal data for a longer period or delete it sooner.
-
Where there is a concern or complaint regarding a product or service we have provided we may be required to hold your personal data for longer as part of our either our contractual or legal obligations.
-
You exercise your right to have all personal data erased (where applicable) and we do not need to hold it in connection with any of the reasons permitted or required under law.
How we protect personal data
Payne & Son (Goldsmiths) Ltd is committed to keeping your personal data safe and secure. Therefore, we treat your data with the upmost care and take all appropriate steps to protect it. Our security measures include:
-
We apply physical and electronic safeguards when collecting and processing personal data.
-
We protect the security of your information while it is being transmitted by using data encryption.
-
We use computer safeguards such as firewall and antivirus software that continuously scans for potential threats and data breaches.
-
We only authorise access to employees and trusted third parties who need to carry out their responsibilities.
-
Access to your personal data is password protected.
-
Card payment information is secured and tokenised to ensure it is protected.
-
Internal policies setting out our data security approach and training for employees, especially if a data breach has occurred.
-
We monitor our systems for possible vulnerabilities.
How do we share personal data?
We sometimes share your personal data with trusted third parties, so we can carry out the day to day running of the business. Examples of third parties we may work with and why are as follows:
-
Couriers, such as the Royal Mail, to deliver customer orders.
-
IT companies who support our business systems.
-
Web hosting companies to operate our website and website enquiry forms.
-
Third party specialist secure card processing provider when processing payments through our website.
-
Merchant service card processing companies when processing card payments in store and over the telephone.
-
Law enforcement agencies and/or regulatory bodies if they have made a valid request for personal data that we hold. Any request will take the privacy of our customers into consideration.
-
Law enforcement agencies when we have detected any criminal or fraudulent activity within our premises or our operating systems.
Payne & Son (Goldsmiths) Ltd only share data with third parties to perform the tasks for running the business, we would never share data with third parties for their own purposes (such as marketing companies). We ensure when working with third parties that:
-
We only provide them with the information they need to perform a specific task and/or service.
-
They may only use your data for the exact purposes specified in our contract with them.
-
We work closely with them to ensure that your privacy is respected and protected at all times.
-
That they do not share any personal data obtained from us with any other third party, unless they have a legal obligation to do so.
-
If we terminate our contract with them, we will require them to delete any of your data held by them or render it anonymous.
Our website does contain hyperlinks that link to other websites owned and operated by third parties, who have their own privacy policies and procedures. We do not accept any liability or responsibility in terms of privacy and security practices of these third-party organisations and websites. Payne & Son (Goldsmiths) Ltd does not sell your information to any third party.
Direct marketing
Payne & Son (Goldsmiths) Ltd do not conduct direct marketing to any of our customers. We do not actively advertise or market directly to our customers. We will never send you unsolicited emails or communications or share your personal information with anyone else who might.
Your rights over personal data
You have the right to request:
-
To access and ask for a copy of any personal data we hold about you, free of charge.
-
To correct and update any personal information we hold about you.
-
To object to our use of your personal information provided we do not have any existing legal reason to continue to use and process your information.
-
Delete your personal data completely provided we do not have any exisitng legal reason to continue to use and process your data.
-
The transfer of your personal data in a structured data file and machine readable format, where we rely on your consent to collect and process your information.
-
To withdraw your consent for us to use your personal data at any time where we have obtained on a consensual basis.
You have the right to request a copy of any information Payne & Son (Goldsmiths) Ltd holds on you, at any time and free of charge. We will respond to any request within 30 days of it being received. To request a copy of this information or for your information to be corrected or updated please contact us by post or email at the following addresses:
The Data Controller
Payne & Son (Goldsmiths) Ltd
131 High Street
Oxford
OX1 4DH