Privacy & Security
We no longer require clients to register, sign in and use an account. This reduces the amount of data we hold and improves your online experience. Instead, purchases can be made simply and easily without the need for an account.
Information we keep
We record client information on our invoicing system, including your name, address and email alongside order details. This information is encrypted and secured electronically, held within a third party GDPR compliant system. This information allows us to track material goods, sales information and order details to serve clients with after-sales support in the future. We do not store any physical invoice copies to ensure your data is protected.
The lawful basis for processing data
Under the guidelines of the Information Commissioners Office, we have identified the lawful basis on which we process data as:
6(1)(a) Consent from the data subject
6(1)(b) Processing is necessary for the performance of a contract with the data subject or to take steps to enter into a contract
6(1)(c) Processing is necessary for compliance with a legal obligation
HTTPS (Hyper Text Transfer Protocol Secure) is the secure version of the HyperText Transfer Protocol (HTTP). When you connect to a website through HTTPS, your visit is encrypted with a digital SSL Certificate. You can tell if you are securely connected to a Website by looking at the URL. If the URL begins with https:// instead of HTTP://, the page is secure. When you connect to a website with an SSL Certificate, all of the data passed back and forth between yourself and the website is secure and encrypted. By having SSL on all web pages of our site, your visit is secured the entire time you are on our site – protecting any and all data that is transferred.
Google believes that always-on https is critical to online security and data privacy.
Our website is integrated with third-party payment systems (Stripe and Paypal) that are fully PCI compliant to ensure that payment information is never stored. In store, we use chip and pin to ensure the security of your payment.
We will always act in accordance with current legislation and aim to meet current internet best practice. We fully comply with all applicable UK Data Protection and consumer legislation.
You have a right under the Data Protection Act 1998 to ask what information we hold about you. You can do this in writing, finding our address by clicking on the contact us icon. We will, however, require proof of identification prior to providing this information. We have 24 hour CCTV on our premises for your protection. If you wish to request a copy of a personal recording, please apply in writing giving details of your visit date and time.
Privacy Update - On May 25th, 2018 the Regulation (GDPR) will be enforced across Europe, including the UK despite Brexit. The law aims to give people more control over their data and to create a uniform set of rules to enforce across the continent. Serendipity Diamonds is reviewing all of our data-policies to be sure we comply with the regulations. Our policy is available below and if at any time you would prefer us not to hold your email address on file or any further information you can unsubscribe from us at the bottom of our emails to you.
Further information can be found at the GDPR website - https://www.eugdpr.org
We send occasional email newsletter updates (one per month maximum) to clients. If you no longer wish to receive our newsletter, please use the unsubscribe process detailed at the foot of our email.
We will not send you information about products and services of ours unless you have opted in and consented to receive marketing information, you may opt out at a later date. You have a right at any time to stop us from contacting you for marketing purposes. If you no longer wish to be contacted for marketing purposes, please contact us. All newsletter and sign-up forms are now GDPR compliant requiring subscribers to actively opt-in to receive further updates.
We work with a selection of service providers including Deko and Close Brothers Retail Finance. Clients applying for finance submit their personal information to Deko and Close Brothers as part of their finance agreements, with both organisations GDPR compliant in how your data is secured and transferred.
We do not share any client information with marketing organisations. We will never share subscriber information or sell personal data to any third parties.
Access to your information
You have the right to request a copy of the information that we hold about you. If you would like a copy of some or all of your personal information, please email or write to us via our contact us page. We want to make sure that your personal information is accurate and up to date. You may ask us to correct or remove information you think is inaccurate.
This website uses Google AdWords
You can set preferences for how Google advertises to you using the Google Ad Preferences page, and if you want to you can opt out of interest-based advertising entirely by cookie settings or permanently using a browser plugin.
Cookies are very small text files that are stored on your computer when you visit some websites.
You can disable any cookies already stored on your computer, but these may stop our website from functioning properly. For more information please see aboutcookies.org.
The following is strictly necessary in the operation of our website.
- serendipitysession (Serendipity Diamonds) - Distinguishes between users and sessions once a user has signed in by storing an anonymised token.
- _csrf (Serendipity Diamonds) - A randomly generated token which is used to prevent external websites from submitting forms on this website (Cross Site Request Forgery)
We use the following cookies to improve your website experience.
- __utmt (Google Analytics) Used to throttle the request rate for the service, limiting the collection of data on high traffic sites
- _gat (Google Analytics) Used to throttle the request rate for the service, limiting the collection of data on high traffic sixes
- _ga (Google Analytics) Distinguish unique users by randomly generatng a number (client identifier). Calculate visitor, session and campaign data.
- _gid (Google Analytics) Store and update a unique value for each page visited.
- __utma (Google Analytics) Distinguishes between users and sessions, calculate new and returning visitor statistics
- __utmc (Google Analytics) Identify new sessions / visits for returning visitors
- __utmv (Google Analytics) Used to create custom visitor-level variables for customising what can be measured__utmz Google Analytics Source of traffic
- __utmb (Google Analytics) New sessions and visits and expires after 30 minutes
- __adroll_bounced3 & __ar_v4 (Adroll) We use Adroll for re-targeting advertising. Clients are provided with the option to opt-out via on-screen notifications. These cookies are used to track conversion rates for our ads.
- __zlcmid & __zlcprivacy (Zoopim) We use Zopim for live chat, to track visitors and to assist in their buying experience. Zopim requires two cookies: the first cookie stores Zopim Live Chat ID to identify the device during visits. The second stores user’s preference to disable Live Chat.
- AWSALB (Amazon Web Services / Zopim) Anonymous token used to ensure that repeated page loads server the Zopim client from the same server location (known as 'Sticky Sessions' on AWS's 'Elastic Load Balancers').
- __stripe_mid & __stripe_sid (Stripe) Stripe.com uses these two cookies to process payments for our website.
This Website Will :
Remember what is in your shopping basket
Remember where you are in the order process
The following are required to provide you with the best user experience and also to tell us which pages you find most interesting (anonymously).
Track the pages you visits via Google Analytics
This website will not Share any personal information with third parties.
Please contact us for more on what information we store and how we process user data.