With effect from 25th May 2018 to reflect GDPR changes.
This privacy notice provides you with details of how we collect and process your personal data through your use of our site www.joluboutique.com & www.jolujewellery.co.uk
JOLU ACCESSORIES BOUTIQUE are the data controller and we are responsible for your personal data (referred to as “we”, “us” or “our” in this privacy notice).
Company name: Jolu Accessories Boutique
23 High Street
Contact telephone: (+44 01785 817244)
If you have any questions that are not addressed in this policy please contact us by calling +44 (0)1785 817244 or emailing firstname.lastname@example.org
1. What Data do we collect?
When you use our website we collect data about you in the following ways:
Personal data about you if you create an account – When you create an account with us, we will collect Personal Data as necessary to maintain and manage your account. In order to create an account, we will require you to inform us of your
name, postal address, telephone number and email address.
As an account holder we collect a history of orders with products sold and revenue spent.
Personal data about you if you transact as a guest -– When you place an order with us, we will require your name, postal address, telephone number and email address in order to supply you with the services and products advertised on our website or instore.
Ordering as a guest or with your account - If you place an order you may request that the fulfilment is delivered to another address. We therefore capture the delivery address for order fulfilment.
Transaction personal data collection – When you order online and pay using the services offered at checkout, to make payment from merchants to process payments, we collect information about the transaction, as well as other information such as amount paid for products and merchant information to complete the transaction, Device information, technical usage data and geolocation information.
If you enter JOLU ACCESSORIES BOUTIQUE competition we collect your name, postal address, email address and phone number on occasions.
To the best of our knowledge no personal identifiable data unless requested and opted into is shared with any third parties – excluding payment gateways.
Should you contact us via email, telephone, letter, or social media, we may collect data to be able to provide you with a service or product. The data collected in these circumstances are subject to the same policies as set out here.
When you visit us at our shop premises in-store we collect data about you in the following ways:
If you request an item to be personalised or ordered in for you – we require your name, contact telephone number or email and if required your postal address so that we can process your order and contact you when it is ready for collection or despatch.
If you join our loyalty card scheme we collect your name, telephone, email address and postal address if you wish to leave it, this information is recorded on a record card and a list of emails is transferred to our mailing database called ‘Mailchimp’ which allows us to contact you regarding news, offers, promotion, events, and other product information.
You can unsubscribe to our emails at anytime by clicking the link at the bottom of the email or by requesting by email directly to us at email@example.com.
We do not collect any Sensitive Data about you. Sensitive data refers to data that includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data. We do not collect any information about criminal convictions and offences.
Where we are required to collect personal data by law, or under the terms of the contract between us and you do not provide us with that data when requested, we may not be able to perform the contract (for example, to deliver goods or services to you). If you don’t provide us with the requested data, we may have to cancel a product or service you have ordered but if we do, we will notify you at the time.
We will only use your personal data for a purpose it was collected for.
We may process your personal data without your knowledge or consent where this is required or permitted by law.
We do not carry out automated decision making or any type of automated profiling.
2. How do we collect your data?
The data we collect is provided to us during the order process or if you contact us via email, letter, telephone, social media or enter a competition or in person via our store.
For more information on cookies see our cookies policy below
Third party Cookies
Our website uses Google Analytics which is one of the most widespread and trusted analytics solution on the web for helping us to understand how you use the site and ways that we can improve your experience. These cookies may track things such as how long you spend on the site and the pages that you visit so we can continue to produce engaging content. For more information on Google Analytics cookies, see the official Google Analytics page.
As we sell products it's important for us to understand statistics about how many of the visitors to our site actually make a purchase and as such this is the kind of data that these cookies will track. This is important to you as it means that we can accurately make business predictions that allow us to monitor our advertising and product costs to ensure the best possible price.
We also use social media buttons and/or plugins on this site that allow you to connect with your social network in various ways. The cookies allow integration with social media sites such as Facebook and Twitter, which may be used to enhance your profile on their site or contribute to the data they hold for various purposes outlined in their respective privacy policies.
3. Why do we collect data?
We use the information that we have collected from you to ensure that we are able to provide the services and products as requested by you. To manage our business needs such as monitoring, analysing and improving services and the websites functionality and performance & To grow the business.
In addition to this we also use your information to assist you with queries relating to services or products or if we have made any changes to our website, services or goods.
Where you have consented to our newsletter subscription or loyalty scheme we may provide you with information relating to other products that we think might be of interest to you. Information includes the launches of Spring, Winter and sub Collections, Spring and Winter Sales, any promotional information including competitions, event days/ open evenings and other emails relating to products or services.
4. Who do we share your data with?
Google Data Privacy and Security Policy https://support.google.com/analytics/topic/2919631?hl=en&ref_topic=1008008
Our store is hosted on Shopify Inc. They provide us with the online e-commerce platform that allows us to sell our products and services to you.
Your data is stored through Shopify’s data storage, databases and the general Shopify application. They store your data on a secure server behind a firewall.
If you choose a direct payment gateway to complete your purchase, then Shopify stores your credit card data. It is encrypted through the Payment Card Industry Data Security Standard (PCI-DSS). Your purchase transaction data is stored only as long as is necessary to complete your purchase transaction. After that is complete, your purchase transaction information is deleted.
All direct payment gateways adhere to the standards set by PCI-DSS as managed by the PCI Security Standards Council, which is a joint effort of brands like Visa, Mastercard, American Express and Discover.
PCI-DSS requirements help ensure the secure handling of credit card information by our store and its service providers.
For more insight, you may also want to read Shopify’s Terms of Service (https://www.shopify.com/legal/terms) or Privacy Statement (https://www.shopify.com/legal/privacy).
5. MARKETING COMMUNICATIONS
Our lawful ground of processing your personal data to send you marketing communications is either your consent or our legitimate interests (namely to grow our business).
Under the Privacy and Electronic Communications Regulations, we may send you marketing communications from us if
(i) you made a purchase or asked for information from us about our goods or services or
(ii) (ii) you agreed to receive marketing communications and in each case you have not opted out of receiving such communications since.
However you can still opt out of receiving marketing emails from us at any time .
You can ask us to stop sending you marketing messages at any time by following the opt-out links on any marketing message sent to you or OR by emailing us at firstname.lastname@example.org at any time.
If you opt out of receiving marketing communications this opt-out does not apply to personal data provided as a result of other transactions, such as purchases, warranty registrations etc.
6. DISCLOSURES OF YOUR PERSONAL DATA
We may have to share your personal data with the parties set out below:
Service providers who provide IT and system administration services.
Professional advisers including lawyers, bankers, auditors and insurers
Government bodies that require us to report processing activities.
Marketing Agencies, Credit Referencing Agencies
We require all third parties to whom we transfer your data to respect the security of your personal data and to treat it in accordance with the law. We only allow such third parties to process your personal data for specified purposes and in accordance with our instructions and GDPR.
We would never in any circumstance sell or pass on your data to any other third parties.
6. DATA SECURITY
We will retain the data provided to us during an ordering process for as long as legally required, which is a minimum of 6 years. We may retain the data collected for longer than legally required if it is in our legitimate business interests and not prohibited by law. We will not use your data to contact you regarding marketing unless you have consented to it.
We have put in place security measures to prevent your personal data from being accidentally lost, used, altered, disclosed, or accessed without authorisation. We also allow access to your personal data only to those senior employees who have a business need to know such data. They will only process your personal data on our instructions and they must keep it confidential.
We have procedures in place to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach if we are legally required to.
To protect your personal information, we take reasonable precautions and follow industry best practices to make sure it is not inappropriately lost, misused, accessed, disclosed, altered or destroyed.
If you provide us with your credit card information, the information is encrypted using secure socket layer technology (SSL) and stored with a AES-256 encryption. Although no method of transmission over the Internet or electronic storage is 100% secure, we follow all PCI-DSS requirements and implement additional generally accepted industry standards.
7. DATA RETENTION
We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.
When deciding what the correct time is to keep the data for we look at its amount, nature and sensitivity, potential risk of harm from unauthorised use or disclosure, the processing purposes, if these can be achieved by other means and legal requirements.
For tax purposes the law requires us to keep basic information about our customers (including Contact, Identity, Financial and Transaction Data) for six years after they stop being customers.
In some circumstances we may anonymise your personal data for research or statistical purposes in which case we may use this information indefinitely without further notice to you.
8. How do we protect your data?
In order to protect your data we have many technical and physical measures in place to provide reasonable protection against loss, misuse, unauthorised access, disclosure, and alteration. These measures include but are not limited to locked storage, firewalls and data encryption.
9. YOUR LEGAL RIGHTS
Under GDPR data protection laws you have rights in relation to your personal data that include the right to request access, correction, erasure, restriction, transfer, to object to processing, to portability of data and (where the lawful ground of processing is consent) to withdraw consent.
You can see more about these rights at:
If you wish to exercise any of the rights set out above, please email us at email@example.com
You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive or refuse to comply with your request in these circumstances.
We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
We try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you.
If you are not happy with any aspect of how we collect and use your data, you have the right to complain to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk). We should be grateful if you would contact us first if you do have a complaint so that we can try to resolve it for you.
10. THIRD-PARTY LINKS
This website may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our website, we encourage you to read the privacy notice of every website you visit.
What's a cookie?
•A "cookie" is a piece of information that is stored on your computer's hard drive and which records how you move your way around a website so that, when you revisit that website, it can present tailored options based on the information stored about your last visit. Cookies can also be used to analyse traffic and for advertising and marketing purposes.
•Cookies are used by nearly all websites and do not harm your system.
If you want to check or change what types of cookies you accept, this can usually be altered within your browser settings. You can block cookies at any time by activating the setting on your browser that allows you to refuse the setting of all or some cookies. However, if you use your browser settings to block all cookies (including essential cookies) you may not be able to access all or parts of our site.
•Cookies are either:
- Session cookies: these are only stored on your computer during your web session and are automatically deleted when you close your browser – they usually store an anonymous session ID allowing you to browse a website without having to log in to each page but they do not collect any personal data from your computer; or
- Persistent cookies: a persistent cookie is stored as a file on your computer and it remains there when you close your web browser. The cookie can be read by the website that created it when you visit that website again. [We use persistent cookies for Google Analytics.
•Cookies can also be categorised as follows:
- Strictly necessary cookies: These cookies are essential to enable you to use the website effectively, such as when buying a product and / or service, and therefore cannot be turned off. Without these cookies, the services available to you on our website cannot be provided. These cookies do not gather information about you that could be used for marketing or remembering where you have been on the internet.
- Performance cookies: These cookies enable us to monitor and improve the performance of our website. For example, they allow us to count visits, identify traffic sources and see which parts of the site are most popular.
- Functionality cookies: These cookies allow our website to remember choices you make and provide enhanced features. For instance, we may be able to provide you with news or updates relevant to the services you use. They may also be used to provide services you have requested such as viewing a video or commenting on a blog. The information these cookies collect is usually anonymised.
We hope that you are confident in the way that we handle your data however If you require any further information or have any concerns please contact us by email at firstname.lastname@example.org Where we will be happy to help you.