Privacy policy
We are committed to protecting and respecting the privacy of our clients. We take responsibility for complying with the U.K. Data Protection Act 1998 (DPA), the Privacy and Electronic Regulations 2003 (PECR), and the General Data Protection Regulation 2018 (GDPR).
This privacy policy details rteflects what personal data we collect, how we will use that data, and how we will protect it. Please also read our Terms & Conditions for additional information regarding our services.
For any questions that may not be answered here, you can contact us by email: info@ashajewellery.co.uk
What personal data we collect and why
We collect your personal data when you place an order, return an order, contact us directly, sign up for our marketing communications, sign up to create an account, browse our website or use the other services offered by our website, www.ashajewellery.co.uk, The data we collect includes details you provide to us, such as your first and surname, and your shipping and billing addresses. We also collect data regarding your shopping habits and the pages and products you have viewed from your use of the website.
We use this data to:
Take your orders, process your payments and deliver the items you have purchased.
Process return and refund for items you have purchased.
Provide any additional services you have requested, such as our newsletter.
Provide you with help and assistance, including contacting you about your order.
Personalise your visit to the website and ensure that content from our site is relevant and presented in the most optimised manner for you and the device you are viewing from.
Under the law, we must have a valid legal basis to process your data. In most instances, we will process your data because we have a contract with you e.g. to deliver your purchases or to provide you with other services you have requested. We will also use your personal data to send you sales and marketing communications that we believe may be of interest to you if we have your explicit consent for this activity, or if you are an existing customer where we have a legitimate interest in communicating with you. You can opt-out of sales and marketing communications from us at any time.
How long we keep your data
We will not retain your personal data for longer than is necessary to fulfill the purposes for which you provided that personal data, unless the law permits or requires that we retain it for longer. The retention period varies depending on the purpose of the processing.
Your rights regarding your personal data
Under the Law, you have the right to:
Know what personal data of yours we are processing, where that data came from and how we are using that data.
Ask us to update, correct or supplement the data we hold about you.
Withdraw consent for processing for a specified purpose.
Ask us to delete or erase your data from our systems.
Limit or oppose our processing of your data.
Ask us to supply the personal data we hold about you in an easily readable electronic format.
What personal data we collect
We collect and process only the data that is required to allow us to provide our services to you. We collect the following data when you browse or shop at www.ashajewellery.co.uk:
Personal data required to complete and ship your purchase; including your name, billing address, delivery address, payment details, mobile number, telephone number and email address. We collect your email address in order to send you confirmation of your order; we collect your telephone number so that we can contact you if there are any issues with the order.
Someone else's data, that you provide to us, e.g. if you purchase a product to be delivered to a friend or as a gift, we will collect and process the personal data required to complete the transaction such as the name, delivery address and other contact details for your friend.
Who will process your data
Your personal data will be processed by the internal staff of ASHA who are authorised for this purpuse. Your personal data will also be transmitted to third parties that we use to provide our services; these parties have been rigorously assessed and offer a guarantee of compliance with the legislation on the processing of personal data. These parties have been designated as data processors and carry out their activities according to the instructions given by ASHA and under our control.
The third parties in question belong to the following categories: payment processors, banking operators, internet providers, eCommerce hosting maintainers, companies specialising in IT and telematics services; logistic partners; companies that execute marketing activities such as email marketing services; companies specialising in market research and data processing; companies providing publishing and distribution services.
Under some circumstances we may be required to disclose or share your data without your consent, for example, if we are required by the police, the courts or for other legal reasons. Your data may be transmitted to the police, judicial and administrative authorities, in accordance with the law, for the investigation and prosecution of crimes, the prevention of and protection from threats to public security, to allow ASHA to ascertain, exercise or defend a right in court, as well as for other reasons related to the protection of the rights and freedoms of others.
We may also transfer your personal data to a buyer or potential buyer in the event that our assets are acquired by another organisation. The purchaser will be required by law to use your personal data only as described in this privacy policy.
Security
We protect your personal data with specific technical and organisational security measures aimed at preventing your personal data from being used illegitimately or fraudulently.
In particular, our infrastructure has been designed with high security and privacy standards including disk encryption, identity provider, personal credentials, etc. We additionally use security measures that guarantee: pseudonymisation or encryption of your data; the confidentiality, integrity, and availability of your data as well as the resilience of the systems and services that process them; the ability to restore data in the event of a data breach. Furthermore, ASHA undertakes to test, verify and regularly evaluate the effectiveness of technical and organisational measures in order to guarantee continuous improvement in the safety of processing.