PRIVACY POLICY – JENNI FISH JEWELLERY
Effective date: 1 st November 2023
1. Introduction
Welcome to Jenni Fish Jewellery. We are committed to protecting and respecting your
privacy. This policy outlines how we handle the personal information you provide to us or
that we collect about you when you use our website, jennifishjewellery.com. By using our
site, you agree to the collection and use of information in accordance with this policy.
2. Data Controller Information
Jenni Fish Jewellery is the controller of your personal data. If you have any questions about
this privacy policy or our data protection practices, please contact us at:
Email: jennifishjewellery@gmail.com
3. Information Collection
We collect various types of personal information, including:
Your name, address, email, and telephone number for order processing and
customer service.
Payment information for purchase transactions.
Data collected through cookies and similar technologies as detailed in our Cookie
Policy.
4. Lawful Basis for Processing
We process your personal data on several legal bases:
To fulfill our contractual obligations to you (e.g., order fulfillment).
Where you have given your explicit consent (e.g., for marketing communications).
For compliance with our legal obligations.
For the purposes of our legitimate interests, provided your rights do not override
these interests.
5. Purpose of Data Processing
Your personal data is used for the following purposes:
To process and deliver your orders.
To manage your account and improve your website experience.
To communicate with you, including responding to inquiries and providing customer
support.
For internal record keeping and business management.
For marketing purposes, subject to your consent.
6. Data Recipients and Sharing
Your personal data may be shared with:
Third-party service providers for payment processing, delivery services, and website
analytics.
Legal and regulatory authorities when required by law.
Any other party where we have your explicit consent to share your data.
We ensure all data transfers, especially international transfers, comply with data protection
laws.
7. Consent Mechanisms
We obtain your consent for data processing activities where required:
Consent is requested explicitly through clear affirmative actions.
We provide options to give separate consents for different data processing activities.
You have the right to withdraw your consent at any time.
8. Data Retention Period
We retain your personal data only for as long as necessary to fulfill the purposes we
collected it for, including for the purposes of satisfying any legal, accounting, or reporting
requirements. The criteria used to determine our retention periods include the duration of our
ongoing relationship with you, the existence of a legal obligation, or whether retention is
advisable in light of our legal position.
9. Data Subject Rights
You have various rights under data protection laws, including:
The right to access your personal data.
The right to request correction of inaccurate personal data.
The right to request erasure of your data where there is no good reason for us
continuing to process it.
The right to object to processing of your data where we are relying on a legitimate
interest.
The right to request restriction of processing of your personal data.
The right to data portability.
The right to withdraw consent at any time.
10. Information on Automated Decision Making
We do not use automated decision-making processes, including profiling, in a way that
produces legal effects concerning you or similarly significantly affects you.
11. Cookie Policy
Our website uses cookies to enhance user experience and gather information about website
usage. You have the option to accept or reject cookies, and this choice can be made through
our cookie banner. For detailed information on how we use cookies, please refer to our
separate Cookie Policy.
12. Security Measures
We have implemented appropriate technical and organizational measures to protect your
personal data against unauthorized or unlawful processing and against accidental loss,
destruction, or damage. This includes encryption, firewalls, and secure server facilities.
13. Data Breach Notification Procedures
In the event of a personal data breach, we will notify the appropriate data protection authority
and you, where feasible, within 72 hours of becoming aware of the breach, unless the
breach is unlikely to result in a risk to your rights and freedoms.
14. Policy Updates and Changes
We reserve the right to update this privacy policy at any time. Changes and clarifications will
take effect immediately upon their posting on the website. We will notify you of significant
changes to this policy.
15. Third-Party Links and Services
Our website may contain links to third-party websites. Please be aware that we are not
responsible for the privacy practices of such other sites. We encourage you to be aware
when you leave our site and to read the privacy statements of each website that collects
personal information.
Please note, our website is hosted on Squarespace. Squarespace provides us with the
online platform that allows us to sell our products and services to you. Your data may be
stored through Squarespace’s data storage, databases, and general applications. They store
your data on a secure server behind a firewall. For more insight, you may also want to read
Squarespace’s Terms of Service or Privacy Statement.
16. Contact Information
For any questions or concerns regarding your privacy, please contact us at:
Email: jennifishjewellery@gmail.com
Contact details mentioned on our website.
17. Governing Law and Jurisdiction
This privacy policy is governed by and construed in accordance with the laws of Ireland. Any
disputes relating to this policy will be subject to the jurisdiction of the courts of Ireland.
18. Acknowledgment and Consent
By using our website, you acknowledge that you have read and understand this privacy
policy and agree to its terms.
19. Children's Privacy
Our website is not intended for children under the age of 16. We do not knowingly collect
personal information from children under 16. If we learn that we have collected personal
information from a child under 16, we will take steps to delete the information as soon as
possible.
20. Supervisory Authority Information
You have the right to lodge a complaint with a data protection supervisory authority,
particularly in the Member State of your habitual residence, place of work, or place of the
alleged infringement if you consider that the processing of your personal data infringes
GDPR.