Peepall Jewellers is owned and operated by Global Refining Limited. Peepalls.com (‘us’) which is the Data Controller for the purposes of the Data Protection Act 1998. You may contact us at the following address:
Global Refining Limited
Forward House
Henley-in-Arden
Warwickshire
B95 5AA
We would never want to spam our clients or ruin any surprises. We therefore are committed to protecting the private information you supply us with. In cooperation with our Terms & Conditions, this Privacy Policy informs you what happens to your information, why we collect it, how we use it and how we store it.
Collection of personal information
In the course of its business, Peepalls Jewellers, a trading style of Global Refining Limited needs to gather and use certain information about individuals. This will include clients, suppliers and other business contacts, and employees and prospective employees, as well as other people that we have a relationship with, may need to contact, or with whom we need to deal.
This policy describes how this personal data is collected, processed, transferred, handled and stored in order to meet the requirements of data protection law, in particular the General Data Protection Regulation (GDPR). We recognise that, not only must we comply with the principles of fair processing of personal data, we must also be able to demonstrate that we have done so. The procedures and principles set out below must be followed at all times by the Firm, its employees and all those within its scope as set out below.
Why this policy exists
This Policy provides help and guidance to our staff and managers in:
- complying with data protection law and following good practice
- protecting the rights of staff, clients, and business contacts.
- being open about how we use personal data and how we store it.
- protecting HoL against the risks of both inadvertent and intentional data breaches.
Scope of the policy
The Policy applies to all employees and contractors who are provided with access to any of our files and/or computer systems. Collectively these individuals are hereafter referred to as 'users'. All users have responsibility for complying with the terms of this Policy.Data protection law - GDPR
The GDPR regulates how organisations must collect, handle and store personal data. Personal data is any information relating to an identified or identifiable living individual. It is information which enables that person to be identified, directly or indirectly, and may include their name, address, telephone number(s), email address(es), age, location data, or online and biometric identifiers.
What does the law say?
The GDPR contains a number of key principles which apply to the collection and processing of personal data and which underpin everything that follows. See the key principles below.
|
Lawfulness, fairness and transparency |
Personal data shall be processed lawfully, fairly and in a transparent manner in relation to the data subject |
|
Purpose limitation |
Personal data shall be collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes |
|
Data minimisation |
Personal data shall be adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed |
|
Accuracy |
Personal data shall be accurate and, where necessary, kept up to date |
|
Storage limitation |
Personal data shall be kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed |
|
Integrity and confidentiality |
Personal data shall be processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures |
|
Accountability |
The controller shall be responsible for, and be able to demonstrate compliance with the GDPR |