DRAFT — for review by a qualified adviser before publishing. Replace every [BRACKETED] placeholder with your real business details. Last updated: [DATE].
Privacy Policy
This policy explains how The Jewellery Workshop (“we”, “us”, “our”) collects and uses your personal data when you visit [WEBSITE URL], buy from us, or contact us. We are the data controller for the purposes of the UK GDPR and the Data Protection Act 2018.
Who we are: [LEGAL/REGISTERED BUSINESS NAME], [REGISTERED ADDRESS]. Company number [COMPANY NUMBER, if a limited company]. VAT number [VAT NUMBER, if registered]. Contact: [CONTACT EMAIL] / [PHONE].
The data we collect
- Orders & accounts: name, billing/delivery address, email, phone, order history and payment confirmation (we do not store full card details — see payments below).
- Enquiries: when you use our contact or commission enquiry form, the details you provide (name, email, message). These are sent to our CRM, Salesforce.
- Newsletter: your email address, when you subscribe. We use double opt-in via Brevo.
- Wishlist: items you save (stored locally / against your account).
- Usage data: pages viewed, device/browser and similar analytics, collected via cookies only where you consent (see our Cookie Policy).
How and why we use it (legal bases)
- To fulfil your order — performance of a contract.
- To respond to enquiries and commissions — our legitimate interests / pre-contract steps.
- To send marketing emails — your consent, which you can withdraw at any time.
- Analytics and site improvement — your consent (managed through the cookie banner).
- Legal and accounting obligations — compliance with our legal duties.
Payments
Card payments are processed by [PAYMENT PROVIDER — e.g. Stripe / PayPal], who act as a separate controller for your payment data. We receive confirmation of payment but not your full card number.
Who we share data with (processors)
- [PAYMENT PROVIDER] — payment processing.
- Brevo (Sendinblue GmbH) — email marketing, transactional and order emails, and WooCommerce contact sync.
- Salesforce — managing enquiries and commission leads.
- Google (Analytics 4 / Tag Manager) — website analytics, where you consent.
- Cloudflare — content delivery and security.
- [HOSTING PROVIDER] — website hosting.
Some of these providers may process data outside the UK/EEA. Where they do, the transfer is protected by appropriate safeguards such as the UK International Data Transfer Agreement or adequacy regulations.
How long we keep it
We keep order and transaction records for [e.g. 6–7] years to meet tax and accounting obligations. Marketing data is kept until you unsubscribe. Enquiry data is kept for [PERIOD] unless it leads to an order.
Your rights
You have the right to access, correct, delete, restrict or object to our use of your data, to data portability, and to withdraw consent at any time. To exercise any of these, contact [CONTACT EMAIL]. You can also complain to the Information Commissioner’s Office (ICO) at ico.org.uk.
Cookies
We use cookies as described in our Cookie Policy. You can change your preferences at any time using the cookie settings on our site.