This privacy policy (“Privacy Policy”) applies to all Personal Data processed by Jewells Retail Limited (“Jewells”, “we”, “us”, or “Data Controller”). Jewells complies with: 

 

• the Australian Privacy Principles in the Privacy Act 1988 (Cth) (Privacy Act); and 
• the General Data Protection Regulation (“GDPR”). Personal data in Europe (that is, personal data is defined as any information relating to an identified or identifiable natural person under Art 4 no 1 of the GDPR). 

          (together, “Personal Data”) 

At Jewells, we take our responsibilities under current data protection regulations and laws seriously. We recognise the importance of the Personal Data you have entrusted to us and are committed to properly managing, protecting, and processing Personal Data.

Jewells reserves the right to change this Privacy Policy from time to time. If we make changes, we will notify you by revising the date of this Privacy Policy. If we make material changes to this Privacy Policy, we will provide you with additional notice (such as adding a statement to our websites’ homepage).

Jewells only collects Personal Data where it is reasonably necessary for our business activities.  Unless it is not reasonable or practicable to do so, and in other cases allowed by law, we will collect Personal Data about you directly from you. The kinds of Personal Data that Jewells collects will vary depending on our particular interaction or dealing with you. However, generally speaking, the kinds of Personal Data Jewells collects and the purposes for which Jewells uses Personal Data are set out in this clause.

4.1. SENSITIVE INFORMATION 

Jewells may collect sensitive information for the primary purpose of enabling you to buy and receive a piercing in the respective body part (for example, the ear lobe, ear helix or nose) or a tattoo (permanent or semi-permanent) and to analyse and respond to any of your queries, claims or complaints. The kinds of sensitive information that Jewells may collect includes certain health information such as: 

• history of medication; and 
• history of infection. 

Jewells may also collect and hold other kinds of sensitive information as permitted or required by law or other kinds of personal information that we notify you of at or about the time of collection.  

4.2. WEBSITE DATA COLLECTION 

When accessing our website, your device automatically transmits data for technical reasons. The following data is stored separately from other data that you may transmit to us: 

• browser type and browser version 
• operating system used 
• referrer URL 
• host name of the accessing computer 
• time of the server request 
• IP address 

We save this data for the following purposes: 

• Load balancing, i.e., to distribute the access to our website across several devices and to be able to offer you the fastest possible loading times. 
• Ensuring the security of our IT systems in accordance with Art 32 GDPR and based on our legitimate interest in protecting us from misuse of our service, for example, to prevent specific attacks on our systems and to identify attack patterns. 
• Ensuring the proper operation of our IT systems, for example if errors occur that we can only remedy by storing the IP address. 
• To enable criminal prosecution, security, or legal prosecution if there are specific indications of criminal offenses. 

This processing takes place on the basis of our predominant legitimate interests mentioned above in accordance with Sec 25 para 2 no 2 German Telecommunications and Telemedia Data Protection Act (TTDSG) and Art 6 Para 1 lit f) GDPR).  

4.3. REGISTRATION DATA 

To be able to use all functions within our website, you have to register. For this, you have to provide the following mandatory information: 

• Full Name 
• Email Address 
• Phone Number 
• Password 

Your registration data is required to set up and manage a user account for you and so that you can use all the features of our website. In this case, you conclude a (free) usage contract with us on the basis of which we collect this data (Art 6 para 1 lit b) GDPR). 

In order to conclude the contract, you have to provide us with this data. However, you are neither contractually nor legally obliged to conclude the contract and thus to provide the data. 

In addition, you can provide further voluntary information as part of the registration, for example, you can provide your birthday date. This information is voluntary and not necessary for your registration. We collect this data in order to be able to provide you with the corresponding functions of our website (Art 6 para 1 lit b) GDPR). 

Additionally, we process your Personal Data for the following purposes: 

• Complete Transactions. Complete transactions you request and perform our contractual obligations, including sending notifications related to your purchases, exchanges, and returns based on Art 6 para 1 lit b) GDPR. 
• Respond to You. To manage your queries, claims and complaints for products in order to identify fraudulent behaviour and technical support matters through email, our chat function, telephone and through social media based upon Art 6 para 1 lit f) GDPR. 
• Comply with Legal Obligations. To comply with legal obligations, court findings and decisions from authorities based upon Art 6 para 1 lit c) GDPR. 
• Aftercare Follow up. If you complete an services within any of our stores, pop ups or partner locations we will contact you to share aftercare details and what to expect after your pooointment.  

Registration data only needed for providing your user account will be deleted once your user account is closed.  

4.4. CONTACT VIA EMAIL OR LIVE CHAT 

If you send us a question/query e.g. via e-mail, via our contact page https://www.Jewells.com/pages/help-centre or via our live chat, your details will be saved and used to process the question/query. The contact details you provide us with will be used to respond to you in response to your question/query. 

Our contact forms and live chat functionality are provided by a service desk management platform, on the servers of the service provider Gorgias(Devonshire House, Manor Way, Borehamwood, Hertfordshire, WD6 1QQ, UK) processes your data on our behalf, i.e., exclusively according to our instructions. The processing takes place in each region we operate in. From time to time, data may be transferred to the United States as part of Gorgias’s backup and recoverability procedures based upon standard contractual clauses approved by the EU Commission in accordance with Art 46 para 2 lit c) GDPR available at: https://www.gorgias.com/legal/data-processing-agreement/.  

We store inquiries about contracts or of potentially legal relevance and all other inquiries for the duration of the general limitation period or applicable legal obligations to store such Personal Data. 

The storage takes place on the basis of our legitimate interest to document our business operations and the securing of our legal positions (Art 6 para 1 lit f) GDPR). For inquiries about contracts, the data is saved for the initiation and implementation of the respective contractual relationship (Art 6 para 1 lit b) GDPR) and, if applicable, for the fulfilment of legal obligations (Art 6 para 1 lit c) GDPR).  

4.5. IN STORE DATA 

We offer our customers a choice of either physical or digital receipt when they are shopping in store. When a customer selects to receive a digital receipt, we collect the following information: 

• Full Name 
• Phone Number 
• Email address 

The customer’s email address is saved in our CRM System (Emarsys) for the purpose of being able to send a digital receipt to the customer.  

4.6. OUR SOCIAL MEDIA CHANNELS 

4.6.1 SOCIAL MEDIA GENERALLY 

If you visit our social media channels (Facebook, Youtube, Instagram, TikTok, Pinterest) we will process certain data, e.g., when you interact with one of our channels or our social media account, like or comment on a post. The corresponding data processing is carried out based on our legitimate interest (Art 6 para 1 lit. f) GDPR) in providing you with the respective functions or based upon your consent provided to the respective social media provider (e.g., Facebook Ireland, TikTok Technology Limited, Pinterest Europe Ltd.) 

Please note that these areas are publicly accessible and any personal information you post or provide when registering may be viewed by others. We cannot control how other users use this information. In particular, we cannot prevent unsolicited messages from being sent to you by third parties. 

Content posted in community areas may be stored for an unlimited period of time. If you would like us to remove any content you have posted, please send us an e-mail to the address given.  

4.6.2 FACEBOOK FANPAGES 

You can find us on our Facebook  

https://www.facebook.com/jewellsofficial 

For users outside the U.S. and Canada Facebook Services are provided by Meta Platforms Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (“Meta Ireland”). For users in the U.S. and Canada Meta Platforms Inc., 1601 South California Avenue, Palo Alto, CA 94304, U.S., provides the services. 

Even if you are not registered with Facebook and visit our Facebook accounts, Meta may collect pseudonymous usage data from you. You can find more information in Meta’s data policy at https://www.facebook.com/privacy/policy/ and at https://www.facebook.com/legal/terms/information_about_page_insights_dataIn the data policy, you will also find information on the settings options for your Facebook account. 

Meta Ireland may share your data within the Meta group companies and with other third parties. This may involve the transfer of Personal Data to the U.S. and other third countries for which there is no EU Commission adequacy decision. In this case, Meta Ireland will use the standard contractual clauses approved by the EU Commission in accordance with Art 46 para 2 lit c) GDPR. Further information can also be found in Meta's data policy. 

We are also jointly responsible with Meta for the processing of so-called insights data when visiting our Facebook fan page. With the help of this insights data, Meta Ireland analyses the behaviour on our Facebook fan page and makes this data available to us in anonymised form. For this purpose, we have concluded an agreement with Meta Ireland on joint responsibility for data processing, which can be viewed here: https://www.facebook.com/legal/terms/page_controller_addendum In this agreement, Meta Ireland undertakes, among other things, to assume primary responsibility under the GDPR for the processing of insights data and to fulfil all obligations under the GDPR with regard to the processing of insights data. The processing serves our legitimate economic interests in the optimisation and needs-based design of our Facebook fan page, Art 6 para 1 lit f) GDPR. 

We would also like to draw your attention to the following: If you visit or like our Facebook page as a registered Facebook user, Meta Ireland collects Personal Data. If you are not registered with Facebook and visit the Facebook fan page, Meta Ireland may collect pseudonymous usage data. 

Specifically, the following information is collected by Meta Ireland: 

• Accessing a page or a post or a video from a page; 
• Subscribe or unsubscribe to a page; 
• Tag a page or post with "like" or "no longer like"; 
• Recommend a Page in a post or comment; 
• Comment on, share or respond to a Page post (including how to respond); 
• Hide a Page post or report it as spam; 
• Click on a link leading to the Page from another page on Facebook or from a website outside Facebook; 
• Hover over the name or profile picture of a Page to preview Page content; 
• Click on the webpage button, phone number button, "plan a route" button or any other button on a page; and 
• Information whether you are logged in via a computer or a mobile device. 

For more information, please see Facebook's privacy policy at: https://www.facebook.com/legal/terms/information_about_page_insights_data 

4.7. NEWSLETTERS, NOTIFICATIONS AND SURVEYS (DIRECT MARKETING) 

In addition to the purposes outlined in this clause 4, we may use and disclose Personal Data in order to inform you of events, products or services that may be of interest to you.  This may include Jewells disclosing Personal Data to related companies of Jewells or other entities with which Jewells has a commercial relationship or arrangement for the purpose of the other entity contacting you for such marketing purposes. Details of these marketing purposes are set out in further detail below.  If you do not wish to receive such communications, you can opt-out by contacting Jewells via the contact details set out in paragraph 20 of this privacy policy or through the opt-out mechanism contained in a marketing communication to you.  

4.7.1 EMAIL MARKETING 

Our customers can sign up to our newsletter list by providing an email address. As a subscriber to our newsletter, they will receive marketing emails including but not limited to: special offers, new products & services, time sensitive email alerts and surveys. 

We offer a free newsletter to keep you informed about special offers, product, and styling news and so-called trigger-based communications with time sensitive reminders such as abandoned cart e-mails and post purchase surveys (in order for us to receive feedback on product or website experience, brand and customer satisfaction. If you would like to receive such newsletters, reminders or surveys, we require your e-mail address for registration.  

No further Personal Data is collected unless provided by you on a voluntary basis. We use this data exclusively for sending the requested information. 

The processing of your Personal Data is based on your consent (Art 6 para 1 lit a) GDPR). 

Further storage for the purpose of proving consent is based on our legitimate interest, the proper documentation of our business operations and the assertion, safeguarding or defence of claims (Art 6 para 1 lit f) GDPR). 

We operate an e-mail marketing platform on the servers of the service provider Emarsys (SAP).  Emarsys  processes your Personal Data on our behalf, i.e., exclusively according to our instructions. The processing takes place in the United States and for this purpose we have entered into standard contractual clauses approved by the EU Commission in accordance with Art 46 para 2 lit c) GDPR available at https://www.klaviyo.com/legal/dpa. More information regarding Emarsys data and privacy policies can be found here: 

https://emarsys.com/privacy-policy/ 

4.7.2 SMS MARKETING / MOBILE MESSAGE SERVICE 

If you provide us with your consent, we will send you text notifications as specified in the Mobile Terms of Service partnered with Emarsys (SAP) & Attentive.  

https://www.attentive.com/legal/terms  

No further Personal Data other than your name, phone number, country, time of consent and consent method is collected unless provided by you on a voluntary basis.  We use this data exclusively for providing you with the Service as specified in the Mobile Terms of Service. 

The processing of your Personal Data is based on your consent (Art 6 para 1 lit a) GDPR). 

Further storage for the purpose of proving consent is based on our legitimate interest, the proper documentation of our business operations and the assertion, safeguarding or defence of claims (Art 6 para 1 lit f) GDPR). 

1. PIERCING & TATTOO CONSENT 

In order to carry out piercing procedures in our store, we require that you fill out our piercing consent form. You can access this consent form via QR codes accessible in our stores. After you complete the consent form on your personal device and have digitally signed it, this information is sent to the local store email address. 

The respective Jewells company in your jurisdiction acts as the data controller: Jewells Retail Limited (UK).  

The processing of the following Personal Data is carried out solely for the purpose of the providing you our piercing and tattoo services: 

Information 

What we use for 

 Full Name 

For contact tracing – consent form accuracy 

Date of Birth 

For contact tracing – consent form accuracy 

 Phone Number 

 For contact tracing - consent form accuracy 

Address 

For contact tracing – consent form accuracy 

Lobe or cartilage piercing 

For consent form accuracy. 

E-mail address 

Send consent form to customer so they retain copy. 

Confirm not on any medications 

Consent form accuracy - legal requirement. 

Confirm don't have history of infection 

Consent form accuracy - legal requirement. 

Confirm not pregnant 

Consent form accuracy - legal requirement. 

Confirm not under influence of drugs/alcohol 

Consent form accuracy - legal requirement. 

Confirm customer does not have series of diseases (such as diabetes and epilepsy) 

Consent form accuracy - legal requirement. 

You may additionally provide the respective Jewells entity with consent for general evaluation purposes to better understand the use of our services and to be able to adapt our services accordingly. 

The corresponding data processing is carried out based on your consent (Art 9 para 2 lit a) GDPR for health data and Art 6 para 1 lit a) GDPR for all other Personal Data). 

We will store your consent and any Personal Data provided in your consent forms in accordance with paragraph 16.  You can withdraw your consent at any time with effect for the future by emailing data@jewells.com. Your consent withdrawal however does not affect the lawfulness of the processing carried out or statutory retention obligations 

1. COOKIES  

We may use cookies and similar technologies (we will refer to all of these as “Cookies”) to enable you to use certain features on our website, store your preferences, recognise you when you return to our website and maintain information about your use of our website. Cookies are small files that are saved on your device with the help of your internet browser. 

Specifically, we use the following Cookies (unless other Cookies are specified elsewhere in this data protection declaration): 

• Session Cookies: These Cookies are required to save certain technical data during your visit to our website, e.g., to determine whether you have logged in. 
• Login Cookies: These Cookies are required to save your login over a session if you want to. 

The legal basis for the use of these Cookies is Sec 25 para 2 no 2 German Telecommunications and Telemedia Data Protection Act (TTDSG) and Art 6 para 1 lit f) GDPR, insofar as these Cookies are essentially necessary for the us to provide you with our website content. 

For all other (non-essentially necessary) Cookies we will only use these Cookies based upon your consent. If we use Cookies based upon your consent, you can withdraw your consent at any time with effect for the future by adjusting your Cookie settings at https://www.Jewellsjewellery.eu/pages/data-privacy. Alternatively, you can change your settings at any time via the "Cookie settings" link at https://www.Jewellsjewellery.eu/pages/data-privacy. You will find the link in the footer of the website. Your withdrawal does not affect the lawfulness of the processing carried out up to the point. 

The following Cookies are integrated into our website: 

Google Optimize, owned by Google LLC 

Google Optimize is an optimization tool used to test different combinations of website content. 

Data is kept for 90 days for analytics purposes (can vary depending on length of the experiment) 

Microsoft Clarity, owned by Microsoft Corporation 

Microsoft Clarity provides website usage statistics, session recordings, and heatmaps. 

Data kept to 3 months from the time of recording, for analytics purposes.

TikTok Pixel, owned by TikTok Inc 

The TikTok Pixel tracks the impact of our TikTok ads on the website. 

Data kept for 13 months from the date of last use, used for analytics purposes.

Google Tag Manager, owned by Google LLC 

Google Tag Manager is a tag management system that allows configuration and ability to instantly deploy tags to our website. 

Data is kept for 30 days, used for analytics purposes

Emarsys, owned by Emarsys (SAP) 

Emarsys, a marketing automation platform that automates SMS and e-mail marketing. 

Data is kept for 24 months, used for marketing purposes.

Pinterest, owned by Pinterest Inc 

The Pinterest Pixel (Pinterest Tag) allows us to measure, optimize and build audiences for ad campaigns. 

 Data is kept for 24 months, used for analytics purposes. 

Tagalys, owned by Tagalys LLC 

Tagalys uses user interaction data (namely: views, add to carts, orders, and user sign-ins) to help improve the product discovery experience across collections, search and recommendations. 

Data is kept for 24 months, used for analytics purposes. 

Meta, owned by Meta Platforms, Inc. 

Meta Platforms, Inc. is a global technology company that owns and operates social media and communication platforms including Facebook, Instagram, and WhatsApp. Meta provides digital advertising and analytics services that may involve the use of user data for targeted advertising and engagement measurement. 

Data is kept for up to 180 days and used for marketing and analytics purposes.

X, owned by X Corp. 

X Corp., a subsidiary of X Holdings Corp., owns and operates the platform formerly known as Twitter. X Corp. offers real-time content sharing, social networking, and advertising services that may use personal data for content personalization and ad targeting. 

Data is kept for 60 days and used for marketing purposes.

LinkedIn, owned by Microsoft 

Microsoft is a multinational technology company that provides a wide range of products and services, including cloud computing, productivity tools (e.g., Office), and advertising platforms. Microsoft may process user data for service delivery, security, analytics, and personalized advertising. 

Data is kept for 180 days and used for analytics and marketing purposes.

Later, owned by Mavrck 

Later is a visual-first social media management platform designed to help businesses, creators, and marketers plan, schedule, and analyze content across multiple platforms, including Instagram, TikTok, Facebook, Twitter, Pinterest, LinkedIn, and Threads.

Data is kept for 365 days and used for analytics purposes.

Rakuten, owned by Rakuten Group, Inc. 

Rakuten is a global e-commerce and digital services company offering online retail, marketing, and loyalty solutions. It operates various platforms and affiliate networks, and may process user data to provide targeted promotions, cashback rewards, and performance analytics. 

Data is kept for 365 days and used for analytics and marketing purposes.

Duel, owned by Duel Tech 

Duel Tech is a brand advocacy platform that enables businesses to build communities of advocates and encourage peer-to-peer marketing. It uses customer and engagement data to facilitate user-generated content campaigns, loyalty tracking, and social sharing analytics. 

 Data is kept for 365 days and used for analytics purposes.

Disclosure of your Personal Data will generally be for the primary purpose of providing products or services to you in accordance with this Privacy Policy.  In addition, Jewells may disclose your Personal Data  for purposes related to the above purpose, other purposes which we notify you of when we collect the information and for purposes otherwise permitted or required by law.  This may include Jewells disclosing Personal Data to related companies of Jewells or other entities with which Jewells has a commercial relationship, including to third parties in the following cases: 

7.1 LEGAL ENQUIRIES 

If it is necessary to clarify an illegal use of our services or for legal prosecution, Personal Data will be forwarded to the law enforcement authorities and, if necessary, to injured third parties. However, this only happens if there are concrete indications of unlawful or abusive behaviour. Data may also be passed on if this serves to enforce contracts or other agreements. We are also legally obliged to provide information to certain public authorities upon request. These are law enforcement agencies, authorities that prosecute administrative offences subject to fines and the tax authorities. This data is disclosed on the basis of our legitimate interest in combating abuse, prosecuting criminal offences, and securing, asserting, and enforcing claims, Art 6 para 1 lit f) GDPR or on the basis of a legal obligation pursuant to Art 6 para 1 lit c GDPR.  

7.2 PASSING ON DATA 

We rely on contractually affiliated third-party companies and external service providers ("processors") to provide the services. In such cases, we pass on Personal Data to these processors in order to enable them to continue processing. These processors are carefully selected and regularly reviewed by us to ensure that your rights and freedoms are protected. The processors may only use the data for the purposes specified by us and we also contractually oblige these processors to process your Personal Data in accordance with applicable data protection laws. 

The transfer of data to processors takes place on the basis of Art 28 para 1 GDPR. In addition to the processors already mentioned in this Privacy Policy, we also use the following categories of processors: 

• IT service providers 
• Cloud service providers 
• Hosting service providers 
• Software service providers 

7.3 TRANSMISSION TO AUTHORITIES 

In the context of administrative processes and the organisation of our operations, financial accounting, and compliance with legal obligations, such as archiving, we disclose or transmit the same data that we have received in the context of the provision of our contractual services to the tax authorities, consultants, such as tax advisors or auditors, as well as other fee offices and payment service providers. 

This data is passed on based upon our legitimate interest in maintaining our business activities, performing our tasks, and providing our services, Art 6 para 1 lit f) GDPR or on the basis of a legal obligation pursuant to Art 6 para 1 lit c) GDPR. 

7.4 COMPLIANCE 

In the course of the further development of our business, the structure of may change by changing its legal form or by founding, buying, or selling subsidiaries, parts of companies or components. In such transactions, data of our customers and contact persons in particular will be passed on together with the part of the company to be transferred. Whenever personal data is passed on to third parties to the extent described above, we ensure that this is done in accordance with this Privacy Policy and the relevant data protection laws. 

Any disclosure of personal data is justified by the fact that we have a legitimate interest in adapting our corporate form to the economic and legal circumstances as required, Art 6 para 1 lit f) GDPR. 

Any Personal Data collected by Jewells will be processed fairly, lawfully, and in a transparent manner. “Processing” includes, but is not limited to, collection, storage, transfer, dissemination, or erasure of Personal Data. Jewells takes appropriate technical and organisational measures against unauthorised or unlawful processing of Personal Data and against accidental loss or destruction of, or damage to Personal Data. 

However, to the extent that the Internet is not completely secure, we cannot guarantee that any of your personal information stored or sent to us will be completely safe. We encourage you to use caution when using internet to access our web sites, applications, or social media. 

We operate our website on servers of the service provider Shopify, Inc., 150 Elgin Street, 8th Floor, Ottawa, Ontario, Canada K2P 1L4 (“Shopify”). Shopify processes your data on our behalf, i.e., exclusively according to our instructions. The processing takes place in Canada based upon the adequacy decision for Canada in accordance with Art 45 GDPR. More information regarding Shopify’s GDPR compliance can be found here: 

https://help.shopify.com/en/manual/your-account/privacy/GDPR/GDPR-Shopify 

If you contact Jewells via our website to apply for a job, we will process your e-mail address and the other contact details you provide, as well as your application documents and the information contained therein, in order to process your application or to decide whether to offer you employment. 

We use theteamtaylor.com service provided by Team Taylor (National House, W1F 0TA London) to process your data as part of the application process. We have engaged Teamtaylor as a processor, which means that Teamtaylor will only process your data in accordance with our instructions. 

Your application documents will only be made available to the persons responsible for the application within our company. The data processing is carried out on the legal basis of Sec 26 para 1, 3 German Federal Data Protection Act ("BDSG"). 

If we are unable to offer you a position, your application documents will generally be retained for up to 6 months after completion of the respective application process in order to be able to answer queries in connection with your application. Further storage may take place if we feel you are a potential candidate for future employment or if this is necessary for the provision of evidence, in particular for the defence, assertion, or enforcement of claims (Art 6 para 1 lit f) GDPR). 

Otherwise, we only store your applicant data if you have expressly consented to this (Art 6 para 1 lit a) GDPR). You can withdraw your consent at any time with future effect. You can do this, for example, by contacting the contact details given. Withdrawing your consent does not affect the processing that took place before your withdrawal. 

We do not use automated processing for decision-making or profiling.

In instances where Personal Data is collected inside the EU or European Economic Area (“EEA”) and transferred to countries without adequacy decisions (see Art 45 GDPR and https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/adequacy-decisions_en for further information), transfers within the Jewells Group will only be carried out in accordance with its binding corporate rules relating to data transfers outside the EU / EEA.  

In all other cases, we make use of the standard contractual clauses approved by the EU Commission in accordance with Art 46 para 2 lit c) GDPR when structuring contractual relationships with recipients in third countries. With our service providers who process your data on our behalf ("processors"), we conclude the standard contractual clauses for transfers to processors in third countries. For transfers to third parties who act as controllers in third countries, we use the standard contractual clauses for transfers to third parties as data controllers. You can request a copy of these standard contractual clauses using the contact details. 

Some of the parties to whom Jewells discloses your Personal Data to may be located outside of the UK, including in the United States of America, Australia, Canada and the Philippines and related companies of Jewells located in countries including the United States of America, Europe, including France, the Netherlands and Switzerland, the United Kingdom, the Philippines, Israel and Bulgaria.  We also take reasonable steps to ensure that any such overseas recipients do not hold, use or disclose your Personal Data in a way that is inconsistent with the obligations imposed under the Privacy Act and the United Kingdom Privacy Principles in the Privacy Act.  

We have an obligation to ensure that your Personal Data is protected from unauthorised processing, accidental disclosure, access, loss, destruction, or alteration. Accordingly, we have a range of technical security measures and procedures in place to ensure that your personal information is protected appropriately. These include but are not limited to: 

• Restricting access to information systems through access control measures and authentication techniques; 
• Encrypting sensitive data while at rest and in transmission; 
• Providing information security training to internal employees; and 
• Binding employees and contractors to information security policies 

Your Personal Data will be kept on databases held on servers kept in a physically and technologically secured environment, accessed only by authorised personnel or contractors. Where personal information is held in hard copy, it will be held in controlled, access restricted premises which only authorised personnel or contractors will be permitted to access. 

You are neither legally nor contractually obliged to provide your Personal Data (including any sensitive information). 

However, the provision of your Personal Data is necessary to a certain extent so that we can provide you with the functions on our website and our services. In particular, the provision of your Personal Data is necessary to enable us to receive and process your enquiries, to enable us to initiate or execute contracts, and to enable you to use the community functions in connection with our social media presences. 

If it is necessary to provide your data, we will indicate this by marking the relevant field as mandatory. The provision of further Personal Data is voluntary. In the case of required Personal Data, failure to provide this Personal Data will result in Jewells not being able to provide the corresponding functions and services, in particular we will not be able to receive and process your enquiries and/or enable the initiation or execution of a contract. Furthermore, you will not be able to use the community functions of our social media sites. If you do not provide us with the required Personal Data in connection with your application, we will not be able to consider your application. Insofar as voluntary information is concerned, the failure to provide it means that we cannot provide the corresponding functions and services or cannot provide them to the usual extent. 

Your data will only be processed for purposes other than those described in this Privacy Policy if this is permitted by law or if you have consented to the changed purpose of the data processing. In the event of further processing for purposes other than those for which the data was originally collected, we will inform you of these other purposes prior to further processing and provide you with all other relevant information.

Unless otherwise stated within this Privacy Policy, we will delete or anonymise your Personal Data as soon as it is no longer required for Jewells to achieve the purpose for which we collected or used your Personal Data. 

Insofar as Jewells is legally obliged to store your Personal Data, we also store it for the legally required period (Art 6 para 1 lit c) GDPR). Legal storage requirements may arise in particular from the retention periods (e.g. the German Commercial Code (HGB) or the German Fiscal Code (AO). The retention period according to these regulations is usually between 6 and 10 years from the end of the year in which the corresponding process was completed, e.g., we have finally processed your enquiry, or the contract has ended or your piercing was completed. Your Personal Data will then be archived to be used in the event of a litigation or dispute for the statute of limitation term applicable to the related purpose. If a judicial action is initiated, the personal information may be stored until the end of such action, including any potential periods for appeal, and will then be deleted or archived as permitted by applicable law. The storage is based on our legitimate interest, the proper documentation of our business operations and the protection of our legal positions (Art 6 para 1 lit f) GDPR). If your Personal Data is relevant to the initiation of a contract or the execution of contracts, it is stored for the initiation and execution of the respective contractual relationship (Art 6 para 1 lit b GDPR). 

Your Personal Data will then be anonymized or deleted. 

17.1 RIGHT TO ACCESS 

You have the right to request information on the Personal Data that Jewells holds about you. You are entitled to know what Personal Data we are processing, why we have processed it, and whether we have shared your Personal Data. You may exercise your right to request access and to obtain copies of any Personal Data we have collected from you, and request that your Personal Data be provided to you in a format that can be easily read. 

You can contact our Privacy Officer using the contact details in the contact section of this Privacy Policy and we will provide you with your Personal Data via e-mail. 

17.2 RIGHT TO RECTIFICATION 

You have the right to ask us to rectify information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete by contacting  

https://www.Jewells.com/help-centre 

If you are dissatisfied with Jewells’s refusal to grant correct, your Personal Data, you may make a complaint to the relevant regulatory authority, including the Office of the Information Commissioner, United Kingdom. 

17.3 RIGHT TO OBJECT 

You have the right to object to the processing of your Personal Data that is done based upon Art 6 para 1 lit e) or f) GDPR (Art 6 para 1 lit f) GDPR being Jewells’s legitimate interests). Jewells will not continue to process the Personal Data unless we can demonstrate a legitimate ground which overrides your interest and rights, or due to legal claims. 

You also have the right to object to direct marketing. You can opt out from Jewells’s direct marketing by following the instructions contained in each marketing e-mail. After your objection, we will stop the processing. 

17.4 RIGHT TO RESTRICTION 

In limited circumstances, you have the right to request that Jewells restricts the processing of your Personal Data. These circumstances include: 

• If you object to a processing based on Jewells’s legitimate interest, in which case Jewells shall restrict all processing the data pending the verification of the legitimate interest; 
• If your Personal Data is incorrect, in which case Jewells will restrict the processing of your data pending verification of the accuracy of your Personal Data; and 
• If the processing is unlawful, in which case you can request restriction of your Personal Data as opposed to deletion. 

If Jewells no longer requires your Personal Data but it is required by you to defend legal claims. We process the Personal Data you provide Jewells when making use of your aforementioned rights for the purpose enabling these rights and to be able to provide proof thereof. This processing is based on the legal basis of Art 6 para 1 lit c) GDPR in conjunction with Art 15 - 22 GDPR and Section 34 para 2 German Federal Data Protection Act (“BDSG”). 

17.5 RIGHT TO DATA PORTABILITY 

This only applies to information you have given us. You have the right to ask that we transfer the information you gave us from one organisation to another or give it to you. The right only applies if we are processing information based on your consent or under, or in talks about entering into a contract and the processing is automated. 

17.6 RIGHT TO LODGE A COMPLAINT 

You have a right to make a complaint if you are unhappy with how your personal information has been treated under this privacy policy.  Such complaints should be sent to the Jewells Privacy Officer at data@jewells.com.  At all times, privacy complaints: 

• will be treated seriously; 
• will be dealt with promptly; 
• will be dealt with in a confidential manner; and 
• will not affect your existing obligations or affect the commercial arrangements between you and Jewells. 

We will seek to resolve your complaint within 30 days of receipt, unless we I nform you otherwise and seek your agreement in writing. 

On receipt of your complaint, our Privacy Officer will commence an investigation and you will be informed of the outcome following completion of the investigation.  In the event that you are dissatisfied with the outcome of your complaint, or an extension to the time in which Jewells will resolve it, you may refer the complaint to the Office of the  Information Commissioner UK(https://ico.org.uk/). 

1. CONSENT MANAGEMENT 

You can manage your consent and take other data-related actions on the Data Privacy page. 

1. BREACH 

In the event of a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, Personal Data, Jewells will assess the risk to your rights and freedoms and if appropriate report this breach to the relevant authorities. 

1. CONTACT US 

If you have any questions or comments about this Privacy Policy email us at data@jewells.com.