GDPR Compliance
Privacy
Last modified 2023
Contents
- Contents
- Introduction
- Cookies
- Data collected by our shop
- Data collected by third parties on our behalf
- Other data collected by third parties
Introduction
We protect your personal data in line with the requirements of the General Data Protection Regulation (GDPR). The GDPR requires data controllers such as ourselves to document our lawful basis for processing personal data. It also gives you rights over how your data is processed. This privacy policy documents the data we collect, why and how we process it, and how to exercise your rights.
Data controller
The data controller responsible for this website is Jambo Jewellery, who can be contacted at info@jambojewellery.com.
This website contains links to third-party websites, which have their own data controllers and privacy policies. This privacy policy applies only to this website.
Lawful basis for processing
For each method by which we collect personal data, this privacy policy documents our lawful basis for processing the data. Where we rely on your consent to process your data, we explain how you can withdraw your consent and delete your data.
Individual rights
The GDPR gives you rights over how your personal data is processed. You can exercise your rights by contacting us. In some cases you can also exercise your rights through automated systems, as described at the relevant points in this privacy policy.
Security
The GDPR requires us to implement appropriate technical measures to protect data. We verify the identity of any individual who requests access to data before granting access. We use Transport Layer Security (TLS, also known as SSL) to encrypt any data you supply to us through our website. Additional technical measures are described at the relevant points in this privacy policy.
Disclosures
In addition to any sharing of data described elsewhere in this privacy policy, we may disclose data for legal reasons. If we suspect criminal activity we may disclose data relating to those involved or affected to the appropriate authorities. We may also be obliged to disclose data if we receive a request from an appropriate authority.
Changes to this privacy policy
We may occasionally make changes to this privacy policy. Following any changes, the date at the top of this privacy policy will be updated. If any change allows for wider access to data, such changes will only apply to data collected after the date of the updated privacy policy.
Cookies
Cookies are small pieces of text that are stored by your browser. Each cookie has a name and is associated with a particular site. When your browser sends a request to a site (for example, to download a page, image, or video), the computer that responds (known as a server) may tell your browser to set one or more cookies. When your browser makes further requests to the same site it sends the cookies back to the server. This allows the server to remember you as you browse the site, and provide features such as shopping baskets or password-protected areas. For more information on the cookies we use, see our cookie policy.
Data collected by our shop
Accounts
When you place an order you register for an account. A registered account allows you to log in to your account in future and view your order history or wishlist, or place further orders without needing to enter your details again. You can also choose to create a registered account without placing an order. When you register for an account we collect your name, e-mail address, telephone number, and company.
You can download the data we have collected about you by going to your account page and following the link to download your data.
You can close your account by going to your account page and following the link to close your account. If you close your account we will retain records of any orders you have placed (as described below), but will delete any other data you have supplied.
Lawful basis for processing: Consent given by data subject
Why? You have supplied us with this data in order to create an account
Wishlists
If you have a registered account you may choose to add items to your wishlist. Some items in our shop allow personalisation, and you may choose to enter personal data when you add these items to your wishlist. Your wishlist has a public page whose address you can share. Your public wishlist page displays your name and the items on your wishlist.
You can delete this data by removing the items from your wishlist or closing your account.
Lawful basis for processing: Consent given by data subject
Why? You have supplied us with this data in order to create a wishlist
Orders
When you place an order we collect your name, e-mail address, telephone number, company, delivery and billing addresses, and any comments you choose to leave.
We use purchase history data to show recommendations on product pages for other products that were also purchased by customers who purchased the product being viewed. Recommendations are based on aggregated data and no personally identifiable data is revealed. If you close your account your purchase history will no longer be used in this way.
Lawful basis for processing: Performance of a contract
Why? To enable us to enter into a contract with you and fulfil our obligations under it
Lawful basis for processing: Compliance with a legal obligation
Why? To maintain a record of financial transactions for taxation purposes
Payment through PayPal
When you make a payment through PayPal, we send PayPal your name, billing address, and e-mail address. After you enter your card details, PayPal attempts to take payment and tells us whether the payment was successful. For more information on how PayPal handles the data it collects, see PayPal’s privacy policy.
Lawful basis for processing: Performance of a contract
Why? To enable you to pay for your purchase
Data collected by third parties on our behalf
Spoton.net
Our site is hosted by Spoton.net Limited (registered company number 06139437 in England and Wales). Spoton.net logs all requests in order to determine the causes of reported faults and to detect and block suspicious traffic. The log records the time of the request, your IP address, the requested resource, the referring site (if specified by your browser), and your browser’s user agent string (which will usually include the name and version of your browser and operating system). Log files are deleted after ninety days.
Lawful basis for processing: Compliance with a legal obligation
Why? To comply with the GDPR obligation to implement appropriate technical measures to protect data
Cloudflare
Our site is served through Cloudflare. Cloudflare helps our site load faster by storing copies of our content in data centres around the world, and defends our site from attacks by logging requests to detect and block suspicious traffic. For more information on how Cloudflare handles the data it collects, see Cloudflare’s privacy policy.
Lawful basis for processing: Compliance with a legal obligation
Why? To comply with the GDPR obligation to implement appropriate technical measures to protect data
Facebook pixel
We use Facebook pixel to track visitor interaction with our site in order to measure the success of our advertising and target it more effectively. Facebook collects details of the adverts with which you interact, pages you view and the time you viewed them, the features of your browser, and your IP address. For more information on how Facebook handles the data it collects, see Facebook’s privacy policy.
To opt out of Facebook pixel tracking on our site, see the Facebook pixel section of our cookie policy. To opt out of Facebook pixel tracking on all sites, see Facebook’s Ad Preferences.
Lawful basis for processing: Pursuance of our legitimate interests
Why? To allow us to analyse the effectiveness of our advertising
Google Analytics
We use Google Analytics to track visitor interaction with our site in order to produce statistical reports. Google collects details of the pages you view and the time you viewed them, the features of your browser, and your IP address. For more information on how Google handles the data it collects, see Google’s privacy policy.
To opt out of Google Analytics tracking on our site, see the Google Analytics section of our cookie policy. To opt out of Google Analytics tracking on all sites, use the Google Analytics Opt-out Browser Add-on.
Lawful basis for processing: Pursuance of our legitimate interests
Why? To allow us to analyse how visitors interaction with our site in order to improve our site and our services
Other data collected by third parties
Mapbox maps
When you view a page containing Mapbox maps, your browser connects to Mapbox. For more information on how Mapbox handles the data it collects, see Mapbox’s privacy policy.
Data Rectification
You can use the link below to update your account data if it is not accurate.
Data Portability
You can use the links below to download all the data we store and use for a better experience in our store.
Access to Personal Data
You can use the link below to request a report which will contain all personal information that we store for you.
Right to be Forgotten
Use this option if you want to remove your personal and other data from our store. Keep in mind that this process will delete your account, so you will no longer be able to access or use it anymore.
Pure Malachite Bracelet
Our Malachite Crystal Bracelet, is made with real crystals and brass beads. Malachite is believed to offer protection, transformation and emotional healing. Protecting you from negative energy, Malachite can cleanse the Chakras