PRIVACY POLICY – JENNI FISH JEWELLERY

Effective date: 1 st November 2023

1. Introduction

Welcome to Jenni Fish Jewellery. We are committed to protecting and respecting your

privacy. This policy outlines how we handle the personal information you provide to us or

that we collect about you when you use our website, jennifishjewellery.com. By using our

site, you agree to the collection and use of information in accordance with this policy.

2. Data Controller Information

Jenni Fish Jewellery is the controller of your personal data. If you have any questions about

this privacy policy or our data protection practices, please contact us at:

 Email: jennifishjewellery@gmail.com

3. Information Collection

We collect various types of personal information, including:

 Your name, address, email, and telephone number for order processing and

customer service.

 Payment information for purchase transactions.

 Data collected through cookies and similar technologies as detailed in our Cookie

Policy.

4. Lawful Basis for Processing

We process your personal data on several legal bases:

 To fulfill our contractual obligations to you (e.g., order fulfillment).

 Where you have given your explicit consent (e.g., for marketing communications).

 For compliance with our legal obligations.

 For the purposes of our legitimate interests, provided your rights do not override

these interests.

5. Purpose of Data Processing

Your personal data is used for the following purposes:

 To process and deliver your orders.

 To manage your account and improve your website experience.

 To communicate with you, including responding to inquiries and providing customer

support.

 For internal record keeping and business management.

 For marketing purposes, subject to your consent.

6. Data Recipients and Sharing

Your personal data may be shared with:

 Third-party service providers for payment processing, delivery services, and website

analytics.

 Legal and regulatory authorities when required by law.

 Any other party where we have your explicit consent to share your data.

We ensure all data transfers, especially international transfers, comply with data protection

laws.

7. Consent Mechanisms

We obtain your consent for data processing activities where required:

 Consent is requested explicitly through clear affirmative actions.

 We provide options to give separate consents for different data processing activities.

 You have the right to withdraw your consent at any time.

8. Data Retention Period

We retain your personal data only for as long as necessary to fulfill the purposes we

collected it for, including for the purposes of satisfying any legal, accounting, or reporting

requirements. The criteria used to determine our retention periods include the duration of our

ongoing relationship with you, the existence of a legal obligation, or whether retention is

advisable in light of our legal position.

9. Data Subject Rights

You have various rights under data protection laws, including:

 The right to access your personal data.

 The right to request correction of inaccurate personal data.

 The right to request erasure of your data where there is no good reason for us

continuing to process it.

 The right to object to processing of your data where we are relying on a legitimate

interest.

 The right to request restriction of processing of your personal data.

 The right to data portability.

 The right to withdraw consent at any time.

10. Information on Automated Decision Making

We do not use automated decision-making processes, including profiling, in a way that

produces legal effects concerning you or similarly significantly affects you.

11. Cookie Policy

Our website uses cookies to enhance user experience and gather information about website

usage. You have the option to accept or reject cookies, and this choice can be made through

our cookie banner. For detailed information on how we use cookies, please refer to our

separate Cookie Policy.

12. Security Measures

We have implemented appropriate technical and organizational measures to protect your

personal data against unauthorized or unlawful processing and against accidental loss,

destruction, or damage. This includes encryption, firewalls, and secure server facilities.

13. Data Breach Notification Procedures

In the event of a personal data breach, we will notify the appropriate data protection authority

and you, where feasible, within 72 hours of becoming aware of the breach, unless the

breach is unlikely to result in a risk to your rights and freedoms.

14. Policy Updates and Changes

We reserve the right to update this privacy policy at any time. Changes and clarifications will

take effect immediately upon their posting on the website. We will notify you of significant

changes to this policy.

15. Third-Party Links and Services

Our website may contain links to third-party websites. Please be aware that we are not

responsible for the privacy practices of such other sites. We encourage you to be aware

when you leave our site and to read the privacy statements of each website that collects

personal information.

Please note, our website is hosted on Squarespace. Squarespace provides us with the

online platform that allows us to sell our products and services to you. Your data may be

stored through Squarespace’s data storage, databases, and general applications. They store

your data on a secure server behind a firewall. For more insight, you may also want to read

Squarespace’s Terms of Service or Privacy Statement.

16. Contact Information

For any questions or concerns regarding your privacy, please contact us at:

 Email: jennifishjewellery@gmail.com

 Contact details mentioned on our website.

17. Governing Law and Jurisdiction

This privacy policy is governed by and construed in accordance with the laws of Ireland. Any

disputes relating to this policy will be subject to the jurisdiction of the courts of Ireland.

18. Acknowledgment and Consent

By using our website, you acknowledge that you have read and understand this privacy

policy and agree to its terms.

19. Children's Privacy

Our website is not intended for children under the age of 16. We do not knowingly collect

personal information from children under 16. If we learn that we have collected personal

information from a child under 16, we will take steps to delete the information as soon as

possible.

20. Supervisory Authority Information

You have the right to lodge a complaint with a data protection supervisory authority,

particularly in the Member State of your habitual residence, place of work, or place of the

alleged infringement if you consider that the processing of your personal data infringes

GDPR.