We know your personal information is important to you and it is also important to Elysian Diamonds. This Privacy Statement describes what we use your personal information for and explains your rights governing how we use it.
We wish to be transparent on how we process your data and show you that we are accountable with the GDPR in relation to not only processing your data but ensuring you understand your rights.
Please read this Statement carefully as this sets out the basis on which any personal data we obtain about you, or that you provide to us, will be processed by us.
If you provide us with personal information about someone else, please make sure you have their permission and also make them aware of this Privacy Statement because it also applies to them.
Who controls your information?
For the purposes of the applicable data protection legislation, Hanmatt Limited t/a Elysian Diamonds is the data controller (“we”, “us”, or “our”). Our Head Office is located at 30-31 King Street South, Dublin 2, D02 Y426, Ireland. Elysian Diamonds is a jewellery company that also operates as a content publishing, events and contests business.
What information do we collect?
To effectively carry out our services for our customers, we may collect and process the following categories of data:
Information you give us:
- Full name
- E-mail address
- Telephone numbers
- Payment details
- Contact details for additional nominated persons
- Scans of photo IDs for verification for large cash transactions (as per Anti-Money Laundering legislation)
- Finger sizes for the purpose of showing, ordering, fitting and customising rings
- Date of wedding and related information you share
- A minimum of two forms of contact (phone, address, email)
- When we run competitions, we may require your email address as a means to allow you to enter, and for verification purposes, we may collect your IP address and browser data
- Our website uses pixels and analytics services including Google Analytics and Facebook Analytics. These may capture some personally identifiable information which is managed through Google or Facebook.
Information we capture:
In the course of business, to maintain security and quality, we may capture:
- CCTV images/recordings for security
- Phone calls with customers for verification purposes and order/quote updates
- Cookies on our websites and online properties
We may also process other information, which is not personal data within the meaning of data protection law.
Why and how do we use your personal data?
Without collecting and using the information you provide to us or we obtain about you, it would not be possible for us to provide you with our products and/or services.
We may use your personal data for the following purposes:
- to carry out our obligations arising from any contracts entered into between you and us and to provide you with the information, products and services that you request from us;
- to provide you with information about new products or services we offer that are similar to those that you have already purchased or enquired about;to contac
- t you from time to time for market research purposes. We may contact you by email, phone, fax or mail.
- to contact you from time to time to invite you to enter a contest, share a review or to keep you up to date regarding our business.
- to administer our products and services and for internal operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes;
- to improve our products and services to ensure that content is presented in the most effective manner for you;
- as part of our efforts to keep our products and services safe and secure;
- to measure or understand the effectiveness of marketing and product information we serve to you and others, and to help deliver the most relevant information to you.
- To comply with applicable law(s) (for example, to comply with a search warrant, subpoena or court order)
- To notify you about occassional competitions or promotions – including to contact winners of occasional diamond giveaway contestsIf we need to use your personal information for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.
We will endeavour to keep your information accurate and up to date, and not keep it for longer than is necessary.
We must have lawful bases to collect and use your personal information, the below sets these out:
- Performance of a contract
- Personal information about you and other users registered to under the same subscription plan is held and used to:
- provide you with a quote;
- provide you with information about the product or service;
- receive payment;
- provide customer care and service.
- Inform you about and enable you to enter a contest and contact you about it
Invite you to view our latest jewellery collections
- protecting the vital interests of you or others;
- public interest; and
- our legitimate interests or the legitimate interests of a third party (e.g. your employer).
Disclosing your personal data to others
We will not share your personal data with others, unless:
- We are under a duty to disclose or share your personal details to comply with any legal order or obligation or in order to enforce or apply our rules.
- Our business enters a joint venture with – or is sold to or merged with – another business. We may then share your personal details with our new business partners or owners.
Our legitimate interest: We use your personal information for our legitimate interests as shown below. We have taken account of any privacy risks and ensured that your data protection rights are not affected. We believe these uses benefit our customers. You can contact us if you have any questions using the contact details.
Training: for customer service training and compliance purposes. We let you know if a call is being recorded at the start of the call so you can decide whether to continue with the call or not
Statistical Analysis: we combine and group personal information for analysis to help us understand our customers and develop better products and services.
With your consent: For certain of our uses, we rely on your consent to collect and use your personal information. You are given the choice to provide consent or not. When we collect your consent, we explain what we need it for and how you can change your mind in the future.
Who We Share Your Personal Information With
We may share your information with selected third parties including:
- Business partners, suppliers and sub-contractors for the performance of any contract we enter into with them or you.
- Communication companies that require the data to select and serve relevant marketing information to you and others.
- Third-party service providers to provide website and application development, hosting.
- Data storage partners and who provide virtual infrastructure.
- Partners who provide payment processing facilities on our behalf.
- Analytics and search engine providers that assist us in the improvement and optimisation of our products or services.
- If a service provider needs to access information about you to perform services on our behalf, they do so under close instruction from us, including policies and procedures designed to protect your information.
We may disclose your personal information to third parties:
- In the event that we dispose of or buy any business or assets, in which case we may disclose your personal data to the prospective seller or buyer of such business or assets.
- If Elysian Diamonds or substantially all of its assets are acquired by a third party, in which case personal data held by it about its customers will be one of the transferred assets.
Where we store your personal data?
We strive to store all your personal details within secure software that complies with GDPR rules and regulations.
How long do we retain personal data supplied to us by you?
We only keep your personal data for as long as is necessary to fulfill the purposes we collected it for, including for the purposes of satisfying any legal, accounting or reporting requirements.
To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data – and whether we can achieve those purposes through other means – and the applicable legal requirements. In short we will only use your personal information to administer your account and to provide the products and services you have requested from us.
Specific legal periods are in place for payments details, tax and invoicing data, and this would be retained in accordance with the law (which is currently six years).
How secure is your data?
We have put in place appropriate security measures to prevent your personal information from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed.
In addition, we limit access to your personal information to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal information on our instructions and they are subject to a duty of confidentiality.
We have put in place procedures to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so.
We are committed to protecting the security of your personal data. We use a variety of security technologies and procedures to help protect your personal data from unauthorised access and use. For more detailed and technical information please see our Security Page.
As effective as modern security practices are, no physical or electronic security system is entirely secure. The transmission of information via the internet is also not completely secure. We cannot guarantee the complete security of our databases, nor can we guarantee that information you supply will not be intercepted while being transmitted to us over the Internet. We will continue to revise policies and implement additional security features as new technologies become available.
Although we will do our best to protect your personal data, we cannot guarantee the security of your personal data transmitted to us. Any transmission of data is at your own risk. Once we receive your personal data, we use appropriate security measures to seek to prevent unauthorised access.
Where your data is stored
- Physical files are stored in secured premises at our business address.
- Electronic files are stored on secure servers or in the cloud.
- We use cloud solutions for web hosting or proprietary software solutions delivered through the Cloud. Your data will not be transferred between our servers without your permission.
- Some tools we use have their own cloud storage systems and we seek to ensure their provision is compliant.
At any point while we are in possession of or processing your personal data, you, the data subject, have the following rights:
- Right of access – you have the right to request a copy of the information that we hold about you.
- Right of rectification – you have a right to correct data that we hold about you that is inaccurate or incomplete.
- Right to be forgotten – in certain circumstances you can ask for the data we hold about you to be erased from our records.
- Right to restriction of processing – where certain conditions apply to have a right to restrict the processing.
- Right of portability – you have the right to have the data we hold about you transferred to another organisation.
- Right to object – you have the right to object to certain types of processing such as direct marketing
- Right to object to automated processing, including profiling – you also have the right to be subject to the legal effects of automated processing or profiling.
- Right to judicial review: in the event that Elysian Diamonds refuses your request under rights of access, we will provide you with a reason as to why.
- All of the above requests will be forwarded on should there be a third party data processor involved as we have indicated in the processing of your personal data.
If you would like to review, verify, correct or request erasure of your personal information, object to the processing of your personal data, or request that we transfer a copy of any personal information to another party, please write to us at:
Elysian Diamonds, firstname.lastname@example.org.
You will not have to pay a fee to access your personal information (or to exercise any of the other rights).
However, we may charge a reasonable fee if your request for access is clearly unfounded or excessive. Alternatively, we may refuse to comply with the request in such circumstances.
Your right to complain
If you have any issues with the way that we are processing your personal data, you should contact the Data Protection Commissioner.
The DPC can be contacted by telephone on 1890 25 22 31 – or by email at: email@example.com .
You can also visit the DPC website by following this link: https://www.dataprotection.ie
Changes to this Privacy Statement
If you have any questions about this privacy notice or how we process your personal information, please contact us on 01-6778449
This Privacy Statement was last updated on the 24th May 2018.