Michaels Jewellers needs to collect and use personal data (information) for the purposes of fulfilling online customer orders.
Data Protection law safeguards the privacy rights of individuals in relation to the processing of their personal data. The EU General Data Protection Regulation (GDPR), effective May 2018 confers rights on individuals as well as responsibilities on those persons processing personal data. Personal data, both automated and manual are data relating to a living individual who is or can be identified, either from the data or from the data in conjunction with other information.
This policy is a statement of Michaels Jewellers commitment to protect the rights and privacy of individuals in accordance with the GDPR.
This policy applies to all personal data created or received in the course of our business in all formats, of any age. It applies to all locations where personal data is held by Michaels Jewellers. Personal data may be held or transmitted in paper, physical and electronic formats or communicated verbally in conversation or over the telephone. All staff engaged with Micheales Jewellers and processing personal data are all subject to the provisions of the Data Protection Policy.
Personal data is any information that can identify an individual person. This includes a name, an ID number, location data (for example, location data collected by a mobile phone) or a postal address, online browsing history, images or anything relating to the physical, physiological, genetic, mental, economic, cultural or social identity of a person.Obtain and process information lawfully, fairly and in a transparent manner
Michaels Jewellers obtains and processes personal data fairly and in accordance with its statutory and other legal obligationsKeep it only for one or more specified, explicit and lawful purposes
Michaels Jewellers keeps personal data for purposes that are specific, lawful and clearly stated. Personal data will only be processed in a manner compatible with these purposesUse and disclosure only in ways compatible with these purposes
Michaels Jewellers only uses and discloses personal data in circumstances that are necessary for the purposes of for which it collects and keeps the dataKeep it safe and secure
Michaels Jewellers takes appropriate security measures against unauthorised access to, or alteration, disclosure or destruction of data and against accidental loss or destructionKeep it accurate, complete and up-to-date
Michaels Jewellers operates procedures that ensure high levels of data accuracy, completeness and consistencyEnsure it is adequate, relevant and not excessive
Personal data held by Michaels Jewellers are adequate, relevant and not excessive in data retention termsRetain for no longer than is necessary
Michaels Jewellers has a policy on retention periods for personal data
Individuals have the following rights over the way Michaels Jewellers process their personal data:Right of Access by the data subject
Individuals have the right to request a copy of their personal data Michaels Jewellers are processing about them and to exercise that right easily and at reasonable intervals. Michaels Jewellers has procedures in place to ensure that data subjects can exercise their rights under the GDPR.Right of rectification
Individuals have the right to have inaccuracies in personal data that Michaels Jewellers hold about them rectified.Right to erasure (right to be forgotten)
Individuals have the right to have their personal data deleted where Michaels Jewellers no longer have any justification for retaining it subject to exemptions such as the use of pseudonymised data for scientific research.Right to restriction of processing
Individuals have the right to request the restriction or suppression of their personal data. This is not an absolute right and only applies in certain circumstances. When processing is restricted, Michaels Jewellers is permitted to store the personal data, but not use it. An individual can make a request for restriction verbally or in writing and Michaels Jewellers must respond within one calendar month.Right to data portability
Where it is technically feasible Individuals have the right to have a readily accessible machine readable copy of their data transferred or moved to another data controller where Michaels Jewellers are processing their data based on their consent and if that processing is carried out by automated means.Right to object
Individuals have the right to object to processing or restrict the processing of their personal data if:
The processing is based on public interest or in order to pursue a legitimate interest
The personal data was processed unlawfully;
You need the personal data to be deleted in order to comply with a legal obligations;
In certain circumstances individuals can object to profiling and automated decision making.
Michaels Jewellers has established IT policies and procedures to safeguard essential services, protect the privacy of students and staff, and comply with contractual requirements and legislation.
A personal data security breach is any event that has the potential to affect the confidentiality, integrity or availability of personal data held by Michaels Jewellers in any format. Under GDPR Michaels Jewellers, through the Data Protection Officer (DPO), is required to report data breaches to the Data Protection Commissioner within 72 hours from the time of becoming aware of the Data Breach. Michaels Jewellers, as data controller, is expected to respond promptly and appropriately to data security breaches, including all relevant reporting obligations. It is vital to take prompt action in the event of any actual, potential or suspected breach of data security or confidentiality to avoid the risk of harm to individuals, damage to operational business or severe financial, legal and reputational costs to Michaels Jewellers. Michaels Jewellers has developed a Personal Data Security Breach Report Form to deal with data breaches efficiently and effectively and to minimise the consequences of any breach occurring to the the rights and freedoms of those data subjects, whose data are at the care of Michaels Jewellers.
Michaels Jewellers has overall responsibility for ensuring compliance with GDPR legislation when it is the Data Controller of personal data. However, all employees and students of Michaels Jewellers who separately collect and/or control the content and use of personal data are individually responsible for compliance with the legislation. The Data Protection unit provides support, assistance, advice, and training to all departments and offices to ensure that they are in a position to comply with GDPR.
Michaels Jewellers is firmly committed to ensuring personal privacy and compliance with GDPR, including the provision of best practice guidelines and procedures in relation to all aspects of Data Protection.
This Policy will be reviewed regularly in light of any legislative or other relevant developments.
If you have any queries relating to the processing of your personal data for the purposes outlined above or you wish to make a request in relation to your rights you can contact us here.