Gemsa Jewellery Limited, Gemsa (UK), (“Gemsa”, “we”, “us”, “our”) recognize the importance of your personal information. This Privacy Policy sets out how Gemsa uses and protects information that it collects from its customers, visitors and users (collectively, the “Users”) through, or in association with, its website with a homepage located at www.gemsa.co.uk (the “Site”), its products and services that may be offered from time to time via the Site, its related social media sites, or otherwise through Users’ interactions with Gemsa (the Site, products, services, and social media pages, collectively, the “Services”), why it collects that information, how it uses that information, and to whom and in what capacity it shares that information. By accessing the Services, using features of the Services, and/or submitting information to Gemsa, you are bound by all terms and conditions in the Terms of Use (the “Terms of Use”) and this Privacy Policy.

This Privacy Policy also explains your choices for managing your information preferences, including opting out of certain uses of your Personal Information (defined below). This Privacy Policy applies to all users of the Site.

Our website is not intended for children. We do not knowingly collect or maintain the personal information of children under the age of 18. If you are under the age of 18, please do not access our website at any time or in any manner. We will take appropriate steps to delete the personal information of persons under the age of 18.

MANAGING YOUR INFORMATION PREFERENCES

You can review, correct, update, or change your Personal Information or opt out of receiving certain marketing communications by changing the relevant settings in your account or by emailing us at contact@gemsa.co.uk. You are able to opt out of receiving marketing e-mails from us, however, you cannot opt out of receiving all e-mails from us, such as e-mails about the status of your account or order. If you have questions or concerns regarding this Privacy Policy, please e-mail us at the same address.

WHY WE ARE ALLOWED TO HANDLE AND STORE YOUR PERSONAL DATA?

Consent
If you visit the Site and are not already an existing customer, we might ask for your consent to process your data, so that we can send you our special offers and news.

Contractual obligations
For example, in order to allow us to fulfil an order when you purchase our products.

Legal compliance
In some circumstances, we may be legally required to collect and process your data e.g. to pass it on to the police if criminal activity is suspected.

Legitimate Interest
It may be necessary to use your data to help us run and improve our business. For example, to personalise the services we provide, or to improve our internal processes. We will only use your data in these instances, where doing so does not materially impact your rights, freedom or interests.

We will only use your personal data when the law allows us to. Most frequently, we will use your personal data to fulfil a contractual obligation, or where we have a legitimate interest.

PROCESSING OF PERSONAL INFORMATION

Please be aware that your Personal Information and communications may be transferred to and maintained on servers or databases located outside your  state, province, or country. Please be advised that we may process and store information in the United Kingdom. By using the Site or Services, you are agreeing to the collection, use, transfer, and disclosure of your Personal Information.

Generally, we do not rely on consent as a legal basis for processing your personal data. However, if you are not already a customer, we will get your consent before sending third party direct marketing communications to you via email or text message. In the event you do not wish for us to use ‘Your Personal Data for marketing purposes, please either:

Click on the ‘Unsubscribe’ link in the emails we have sent you (if any).

Contact our Customer Service Team (contact@gemsa.co.uk) if you wish to be removed from our marketing database.

HOW WE COLLECT INFORMATION

We are the controller and responsible for the information we may collect. We collect personal information about you in order to provide a personalised experience catered to you. This also allows us to alert you to administrational, product or service changes, for marketing purposes, offer you competitions and promotions and to ensure that Gemsa is able to continue to improve its standards and services.

This also allows us to alert you to administrational, product or service changes, and for marketing purposes.

Information that you provide us:

We will collect any information that you provide to us when you:
• Make an enquiry, provide feedback or make a complaint over the phone, by email or on our website;
• Submit correspondence to us by post, email or via our website;
• Order products or services from our website;
• Create an account to use the website;
• Update your profile and other account details including your address book;
• Subscribe to our newsletter and mailing lists;
• Subscribe to receive our catalogue;
• Fill in a form, conduct a search, respond to surveys, participate in promotions or use any other features of the website;
• Participate in our loyalty programme
• Participate in our affiliate programme;
• Register to and/or attend our events;
• Submit a CV or application for a job vacancy or attend an interview or assessment for a job vacancy
• ‘Follow’, ‘like’, post to or interact with our social media accounts, including Facebook, Twitter, Pinterest, and Instagram.

We automatically collect information regarding the actions you take on the Site (“Usage Data”). For example, each time you use the Site we automatically collect the type of Web browser and device that you use, your operating system, your Internet Service Provider, your IP address, the pages you view or click on, the products that you add to your basket and purchase, and the time and duration of your visits to the Site. We use this information to help us understand how people use the Site and Services and to enhance the services we offer.

INFORMATION WE RECEIVE FROM THIRD PARTIES

Sometimes we receive personal data about you from third parties when you engage with our Services through social media, or other non-Gemsa Jewellery sites or applications, those sites will share personal data with us including, but not limited to:

The content you have viewed or interacted with;

About adverts within the content which you have been shown or clicked on;

Your IP address, registered beacons or GPS (geolocation) signals you have received;

Publically available information; and

Non-personal information is used to supplement existing information, such as demographics and affluence metrics (e.g. social-demographic groupingsthrough  matching postcodes).

The privacy notices for these sites and applications will contain more detail about this and how to
change your privacy settings on those sites and applications.

WHAT WE COLLECT

We collect information that personally identifies you, such as your name, date of birth, gender, address, phone number, mobile phone number, e-mail, postal address, your purchase history, payment information, and other personally identifiable information that you choose to provide us with or that you choose to include in your account (“Personal Information”). You may be asked to provide us with Personal Information when you register with the Site, and at other times.

HOW WE USE YOUR INFORMATION

We use your information for the following purposes:
• To provide access to our website: in a manner convenient and optimal for you and with personalised content relevant to you;
• To register your account: we will use the details provided on your account registration form, or Facebook if you choose Facebook Login for the purposes of setting up your account;
• To enable you to place orders and to process and facilitate transactions with us;
• Relationship management: To manage our relationship with you, which will include notifying you about changes to our terms of use or privacy notice, and asking you to leave a review or take a survey;
• User and customer support: to provide customer service and support, to offer a live chat support service to our customers, and to deal with enquiries or complaints about the website and share your information with our website developer, IT support provider, payment services providers, marketing services providers and customer support service provider as necessary to provide customer support;
• Prize draws, competitions and surveys: to enable you to take part in prize draws, competitions and surveys;
• Marketing: to keep in contact with you about our news, events, new website features products or services that we believe may interest you, provided that we have the requisite permission to do so;
• Loyalty programme: to operate a loyalty programme, including rewarding points for referrals, newsletter subscriptions and your purchases;
• Advertising: to deliver relevant website content and advertisements to you and measure or understand the effectiveness of the advertising we serve to;
• Social media interactions: to interact with users on social media platforms including Facebook, Twitter, Pinterest, Instagram, for example, responding to comments and messages, posting, ‘retweeting’ and ‘liking’ posts;
• Analytics: to use data analytics to improve our website, products/services, marketing, customer relationships and experiences;
• Suggestions and recommendations: to share your information with selected third parties (where we have your consent to do so);
• Research: to carry out aggregated and anonymised research about general engagement with our website (on the basis of our legitimate interest in providing the right kinds of products and services to our website users);
• Fraud and unlawful activity detection: to protect, investigate, and deter fraudulent, unauthorised, or illegal activity;
• Compliance with policies, procedures and laws: to enable us to comply with our policies and procedures and enforce our legal rights.

FAILURE TO PROVIDE PERSONAL DATA

If you do not provide personal data to us in the case where it is needed by law, or under the terms of a contract we have with you, we may not be able to perform the contract we have, or are trying to enter into, with you (for example, to fulfil your order). In this case, we may have to cancel your order, but we will notify you if this is the case at the time.

WE SHARE YOUR DATA WITH THE FOLLOWING CATEGORIES OF THIRD PARTIES:

Gemsa may share, transfer and/or disclose your Personal Information to or with third parties to provide the services or products requested by you, and under the following circumstances:
Gemsa shares certain Personal Information with its shipping company, credit card processing company, payment service provider(s), email service provider(s), and Service providers who provide IT, finance, logistics and system administration services.

Professionals include lawyers, bankers, auditors and insurers. HM Revenue & Customs, regulators and other similar authorities. Marketing agencies and researchers and other third parties necessary to fulfil an order placed through the Services.
In all cases, the third party is acting on Gemsa Jewellery’s express instructions and in accordance with this Policy, confidentiality and levels of security.

Without your consent, we share your personal data:

With third-party platforms such as Facebook or Google to send you targeted advertisements on our behalf;

In response to legal process, for example, in response to a court order or a subpoena, a law enforcement or government agency's request;

With third parties if this will help us to enforce our policies and terms of use, to check for potential illegal activity (such as copyright infringement or fraud) or to protect the safety of other users of the Services; and

If we, or one of our business units, undergoes a business transition, like a merger, acquisition by another company, or sale of all or part of our assets.

We operate globally, so we do need to transfer your personal data internationally. In particular, your personal data will be transferred to and processed in Australia, Canada, European Economic Area and the United States.
Where information is transferred outside the EEA, and where this is to a stakeholder or vendor in a country that is not subject to an adequacy decision by the EU Commission, data is adequately protected by EU Commission approved standard contractual clauses, an appropriate Privacy Shield certification or a vendor's Processor Binding Corporate Rules.

ADVERTISING AND ONLINE TRACKING

We may allow third-party companies to serve ads and collect certain anonymous information when you visit the Site and Services. These companies may use non-personally identifiable information (e.g. click stream information, web browser type, time and date, subject of advertisements clicked or scrolled over) during your visits to the Site and other websites in order to provide advertisements about goods and services likely to be of interest to you. These companies typically use a cookie to collect this information. Our systems do not recognize browser “Do Not Track” signals, but several of our Service Providers who utilize these cookies on our Site enable you to opt out of targeted advertising practices. To learn more about these advertising practices or to opt out of this type of advertising, you can visit www.networkadvertising.org or www.aboutads.info/choices/. We also provide you with additional tools to opt out of marketing from us. You can learn about this in the “Managing Your Information Preferences” section of this Privacy Policy.

These third parties are contractually or otherwise legally prohibited from using your Personal Information for promotional purposes or from selling your Personal Information. We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.

These third-party service providers may have access to information about you if it is needed to perform their functions for us, but they are not authorized by us to use or disclose such information except as necessary to perform services on our behalf or to comply with legal requirements, and they are required to maintain the information in confidence.

Gemsa reserves the right to disclose Personal Information: as permitted or required by law; when Gemsa believes disclosure is necessary to protect our rights or to comply with a legal process; and/or in the event, it is necessary to prevent, investigate or take action regarding unlawful, illegal or suspicious activities that violate the Terms of Use or this Privacy Policy. Gemsa may share your Personal Information in response to legal processes, for example, in response to a court order or a subpoena, a law enforcement or government agency’s request or a similar request.

Gemsa may share your Personal Information with third parties to investigate, prevent, or take action (in our sole discretion) regarding potentially illegal activities, suspected fraud, situations involving potential threats to any person, us, or the Services, or violations of our policies or the law.

All information voluntarily shared by you through forums, comments, or blog posts is publicly available and your username may be visible by other Users. Gemsa is not responsible for any information you submit that can be read by other Users and can be used to send you unsolicited information by other Users.

THIRD-PARTY LINKS

The site may include links to third-party websites, plug-ins and applications. By clicking on those links or enabling those connections you may allow third parties to collect or share data about you. Please note that we do not control these third-party websites and are not responsible for their privacy statements. As such, we recommend that you read the privacy policy of every website you visit.

Where we use your information for our legitimate interests, we make sure that we take into account any potential impact that such use may have on you. Our legitimate interests don’t automatically override yours and we won’t use your information if we believe your interests should override ours unless we have other grounds to do so (such as your consent or a legal obligation). If you have any concerns about our processing, please refer to the details of “Your Rights” below.

Our Site and Services may contain links to other websites or allow others to send you such links. A link to a third party’s website does not mean that we endorse it or that we are affiliated with it. We do not exercise control over third-party websites. You access such third-party websites or content at your own risk. You should always read the privacy policy of a third-party website before providing any information to the website.

HOW DO WE KEEP YOUR DATA SAFE?

We ensure that your personal data is protected by the appropriate security measures to prevent accidental loss, unauthorised use, alteration or disclosure. In addition, we only share your personal data with those employees, or third parties who have a business need to know. These individuals and entities are subject to duties of confidentiality and will only process your data on our instructions.

COOKIES AND ANONYMOUS IDENTIFIERS

We use cookies (a small text file placed on your computer to identify your computer and web browser) and may use anonymous identifiers (a random string of characters that is used for the same purposes as a cookie). We use cookies and other anonymous identifiers to analyse the use of and improve the Site and Services as described in the Advertising and Online Tracking Section of this Privacy Policy.

We do not use cookies to collect Personal Information. Most web browsers are initially set up to accept cookies. You can reset your web browser to refuse all cookies or to indicate when a cookie is being sent, however, certain features of the Site or Services may not work if you delete or disable cookies. Some of our Service Providers (defined below) may use their own cookies, anonymous identifiers, or other tracking technology in connection with the services they perform on our behalf.

Device Identifiers: When you access the Services by or through a device, we may access, collect, monitor and/or remotely store one or more “device identifiers”. Device identifiers allow us to uniquely identify your device and are used to enhance the Services (including sending updates and information from the Services). A device identifier may also be used in conjunction with other Personal Information.

We use Google Analytics on the Site and Services to collect Usage Data, to analyse how users use the Site and Services, and to provide advertisements to you on other websites. For more information about how to opt-out of having your information used by Google Analytics, visit https://tools.google.com/dlpage/gaoptout/.

COOKIE POLICY

Our website (https://www.gemsa.co.uk) (“Website”) uses cookies to distinguish you from other users of our Website. This helps us to provide you with a good experience when you browse our Website and also allows us to improve our Website. By continuing to browse our Website, you are agreeing to our use of cookies.
A cookie is a small file of letters and numbers that we store on your browser or the hard drive of your device if you agree. Cookies contain information that is transferred to your device's hard drive.

We use the following cookies:
Strictly necessary cookies These are cookies that are required for the operation of our Website. They include, for example, cookies that enable you to log into secure areas of our Website, use a shopping cart or make use of e-billing services.

Analytical/performance cookies They allow us to recognise and count the number of visitors and to see how visitors move around our Website when they are using it. This helps us to improve the way our Website works, for example, by ensuring that users are finding what they are looking for easily.

Functionality cookies These are used to recognise you when you return to our Website. This enables us to personalise our content for you, greet you by name and remember your preferences (for example, your choice of language or region).

Targeting cookies These cookies record your visit to our Website, the pages you have visited and the links you have followed. We will use this information to make our Website and the advertising displayed on it more relevant to your interests. We may also share this information with third parties for this purpose. Please note that third parties (including, for example, advertising networks and providers of external services like web traffic analysis services) may also use cookies, over which we have no control. These cookies are likely to be analytical/performance cookies or targeting cookies.

You may block cookies by activating the setting on your browser that allows you to refuse the setting of all or some cookies. Alternatively, you can visit www.allaboutcookies.org which provides general information about cookies and how you can manage cookies on your computer. Please note that if you use your browser settings to block all cookies (including essential cookies) you may not be able to access all or parts of our site.

YOUR RIGHTS IN RELATION TO OUR STORAGE OF YOUR PERSONAL DATA

You have various rights when it comes to your data including the right to:
Request access to your personal data.
Request correction of your personal data.
Request erasure of your personal data.
Object to processing of your personal data.
Request restriction of processing your personal data.
Request transfer of your personal data.
Right to withdraw consent.

For more information on these rights, please see the ICO’s website Individual rights | ICO If you have unresolved concerns, you have the right to complain to an EU data protection authority where you live, work or where you believe a breach may have occurred.

HOW LONG WILL WE KEEP YOUR PERSONAL DATA?

We will retain the data until the time at which you decide to ‘unsubscribe’, or as long as is necessary for the purpose for which it was collected (subject to legal obligations).

We also keep a record of the fact that you have asked us not to send you direct marketing or to process your data indefinitely so that we can respect your request in future.

OPTING OUT

You can opt out of Gemsa or third-party marketing communications at any time by following the opt-out links on any marketing message sent to you, or by contacting us at contact@gemsa.co.uk.

Where you opt out of receiving these marketing messages, will not apply to any personal data provided to us as a result of purchasing our goods or any other transactions with us.

SECURITY POLICY

To process an order, we need your credit/debit card number and expiry date, plus any security details that the credit card processor may require. Gemsa Jewellery employs trusted and reputable third-party hosting agents and payment providers to ensure the security of personal data.

All credit card details that are given to us by you the customer are done so on a secure server using Shopify Payments. The transfer of the purchase details from our site to Shopify Payments are encapsulated using their encrypted and digitally-signed protocol.

This uses a combination of standard methods to ensure that the information passed is secure and tamper-proof. Shopify Payments is PCI DSS compliant and is regulated by qualified security assessor Trustwave. Please note, that we do not store any financial information from you.

Alternatively, you may process an order using Apple Pay, Google Pay or Amazon Pay. We maintain physical, electronic, and procedural safeguards to protect the confidentiality and security of information transmitted to us. However, no data transmission over the Internet or other network can be guaranteed to be 100% secure. As a result, while we strive to protect information transmitted on or through the Site or Services, we cannot and do not guarantee the security of any information you transmit on or through the Site or Services, and you do so at your own risk.

PRIVACY POLICY CHANGES

We may change this Privacy Policy from time to time. If we decide to change this Privacy Policy, we will inform you by posting the revised Privacy Policy on the Site. Those changes will go into effect on the “Revised” date shown in the revised Privacy Policy. By continuing to use the Site or Services, you are consenting to the revised Privacy Policy. You have the right to make a complaint at any time to the Information Commissioner's Office (“ICO”), the UK regulator for data protection issues (www.ico.org.uk). We hope, however, that any concerns you may have would be satisfactorily dealt with by us, so please contact us in the first instance.

If you have any questions about this privacy policy or our privacy practices, please contact us at contact@gemsa.co.uk.