Penelope Fine Jewelry (‘the ‘Brand’, ‘we’ or ‘our’) operates the https://www.penelopefinejewerly.com/ website (the ‘Website’ or the ‘Service’). We are fully committed to data protection and privacy.
2. PERSONAL DATA
Personal Data under the General Data Protection Regulation (‘GDPR’) 2016/679 of the European Union is defined as any information relating to an identified or identifiable natural person (‘data subject’) who, in turn, is defined as one who can be distinguished by reference to an identifier such as a name, an identification number, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that person.
3. DATA PROTECTION
We ensure that the confidentiality of the personal data collected and processed via its website is treated with the utmost discretion. We employ physical, technical, and organisational security measures to ensure the protection of your personal data while at rest, in use, or in transit, against accidental or intentional modification, disclosure, loss or access by unauthorised individuals. We comply with all relevant GDPR rules and regulations.
4. DISCLOSURE OF DATA
The Brand will not disclose your personal data to third parties without your express consent unless this is required by law, owing to a court decision or in connection with legal or criminal proceedings following an attack on the Brand’s infrastructure.
5. DATA COLLECTION, PROCESSING AND USE
We use your data to provide and improve our Website, to process your order (such as your name, physical address, billing address, email, credit or debit card information) and to contact you via email regarding your order or to answer any questions or concerns you may have. This information is processed as needed by us and or by a relevant third party (such as credit card authorization platform, financial institution, shipping company) in order to execute your order. The information is processed in accordance with GDRP rules and regulations.
6. PERSONAL INFORMATION WE COLLECT
When you visit our website, we automatically collect certain information about your device, including information about your computer’s Internet Protocol address (e.g. IP address), browser type, browser version, the pages of our website that you visit, the time and date of your visit, the time spent on those pages, unique device identifiers and other diagnostic data. Our IT systems may collect this information automatically and may use it to facilitate your visit and improve our services. We refer to this automatically-collected information as ‘Usage Information’.
We collect Usage Information using the following technologies:
- ‘Log files’ track actions occurring on the website, and collect data including your IP address, browser type, Internet service provider, referring/exit pages, and date/time stamps.
- ‘Web beacons’, ‘tags’, and ‘pixels’ are electronic files used to record information about how you browse the website.
In addition, when you make a purchase or attempt to make a purchase through our website, we collect certain information from you, including your name, billing address, shipping address, payment information (including credit card numbers, email address, and phone number). This information is required in order to complete and execute the purchase.
7. USE OF DATA
We use the collected data for various purposes the main of which are the following: to provide and maintain the Service, to notify you about changes to our Service, to provide customer care and support, to provide analysis or valuable information so that we can improve the Service, to monitor the usage of the Service, and, to detect, prevent and address technical issues.
8. SERVICE PROVIDERS
We may employ third party companies and individuals (‘Service Providers’) to facilitate our Service, to provide the Service on our behalf, to perform Service-related services or to assist us in analysing how our Service is used. These Service Providers have access to your Personal Data only to perform these tasks on our behalf and are obligated not to disclose or use it for any other purpose. For example, we use Google Analytics to help us understand how our customers use our website.
9. DO NOT TRACK
Please note that we do not alter our Website’s data collection and use practices when we see a Do Not Track signal from your browser. If you are a European resident, you have the right to access personal information we hold about you and to ask that your personal information be corrected, updated, or deleted. If you would like to exercise this right, please contact us through the contact information below. Additionally, if you are a European resident we note that we are processing your information in order to fulfil contracts we might have with you (for example if you make an order through the Website), or otherwise to pursue our legitimate business interests listed above.
10. LINKS TO THIRD PARTY WEBSITES
11. HOW WE PROTECT AND SECURE YOUR PERSONAL DATA
We are committed to taking appropriate technical and organisational measures to protect your personal data against unauthorized or unlawful processing and against accidental loss, destruction or damage to personal data. We take a number of reasonable and appropriate steps to secure your information. As part of these steps, and as reasonably possible, we use encryption technology for transmission and storage of information, we do not store details of your credit card information beyond what is needed to complete specific transactions, and we ask you to use a secure password to access your account on our Site. We regularly monitor the traffic on our Site to detect vulnerabilities and possible breaches. Nonetheless, you should be aware that any information transmitted over the internet or stored in digital form is not completely secure and we cannot complete guarantee the security of your personal data transmitted to us through the internet. You accept the risk of any such transmission.
12. WEBSITE SECURITY
For your safe navigation on our website as well as for the security of your transactions through this site, we takes all appropriate measures by adopting modern high quality security standards according to market trends, and uses TLS 1.2 encryption with 256-bit (SSL) encryption protocol, which are put into operation during the import of sensitive personal data offering encoded communication. We take the necessary steps to protect your personal data, but you should also keep in mind that safe navigation on our website is also up to you.
13. SECURITY OF CREDIT CARD TRANSACTIONS
We have taken necessary steps to ensure the security of your credit card transaction. If you provide us with your credit card information, the information is encrypted using secure socket layer technology (SSL) and stored with a AES-256 encryption. Although no method of transmission over the Internet or electronic storage is 100% secure, we follow all PCI-DSS requirements and implement additional generally accepted industry standards.
14. PROTECTION OF MINORS
Persons under 18 years of age should not transmit any personal data to us without the consent of their parents or legal guardians. We do not request personal data from children or young people. We do not knowingly collect such data or disclose them to third parties.
15. YOUR RIGHTS UNDER GDPR
As per the GDPR, and under certain terms and conditions, you have the following rights as far as the processing of your personal data is concerned: (a) to access and request a copy of your personal data, (b) to request the rectification of your personal data which is inaccurate or incomplete, (c) to request the erasure of your personal data, (d) to restrict to the processing of your personal data, (e) to object to the processing of your personal data, and, (f) to withdraw the consent that you have given to us with regard to the processing of your personal data at any time.
You also have the right to lodge a complaint with your local supervisor. Our local supervisor is the ‘Office of the Commissioner for Personal Data Protection’ (http://www.dataprotection.gov.cy). In order to lodge a complaint with our local regulator, you should fill in one of the three available forms on the Commissioner’s website, depending on the case, and send it to the Commissioner.
16. COMPROMISE OF PERSONAL INFORMATION
In the event that personal information has been compromised, we will promptly notify our customers in compliance with applicable regulatory framework.
18. APPLICABLE LAW
By using our Service, you accept that the relationship between us is governed by European and Cyprus laws as appropriate.
19. CONTACT US