Privacy Statement.

Introduction

Michaels Jewellers needs to collect and use personal data (information) for the purposes of fulfilling online customer orders.

Data Protection law safeguards the privacy rights of individuals in relation to the processing of their personal data. The EU General Data Protection Regulation (GDPR), effective May 2018 confers rights on individuals as well as responsibilities on those persons processing personal data. Personal data, both automated and manual are data relating to a living individual who is or can be identified, either from the data or from the data in conjunction with other information.

Purpose of this policy

This policy is a statement of Michaels Jewellers commitment to protect the rights and privacy of individuals in accordance with the GDPR.

Scope of this policy

This policy applies to all personal data created or received in the course of our business in all formats, of any age. It applies to all locations where personal data is held by Michaels Jewellers. Personal data may be held or transmitted in paper, physical and electronic formats or communicated verbally in conversation or over the telephone. All staff engaged with Micheales Jewellers and processing personal data are all subject to the provisions of the Data Protection Policy.

Definition of Personal Data

Personal data is any information that can identify an individual person. This includes a name, an ID number, location data (for example, location data collected by a mobile phone) or a postal address, online browsing history, images or anything relating to the physical, physiological, genetic, mental, economic, cultural or social identity of a person.

Obtain and process information lawfully, fairly and in a transparent manner

Michaels Jewellers obtains and processes personal data fairly and in accordance with its statutory and other legal obligations

Keep it only for one or more specified, explicit and lawful purposes

Michaels Jewellers keeps personal data for purposes that are specific, lawful and clearly stated. Personal data will only be processed in a manner compatible with these purposes

Use and disclosure only in ways compatible with these purposes

Michaels Jewellers only uses and discloses personal data in circumstances that are necessary for the purposes of for which it collects and keeps the data

Keep it safe and secure

Michaels Jewellers takes appropriate security measures against unauthorised access to, or alteration, disclosure or destruction of data and against accidental loss or destruction

Keep it accurate, complete and up-to-date

Michaels Jewellers operates procedures that ensure high levels of data accuracy, completeness and consistency

Ensure it is adequate, relevant and not excessive

Personal data held by Michaels Jewellers are adequate, relevant and not excessive in data retention terms

Retain for no longer than is necessary

Michaels Jewellers has a policy on retention periods for personal data

Rights of Data Subjects

Individuals have the following rights over the way Michaels Jewellers process their personal data:

Right of Access by the data subject

Individuals have the right to request a copy of their personal data Michaels Jewellers are processing about them and to exercise that right easily and at reasonable intervals. Michaels Jewellers has procedures in place to ensure that data subjects can exercise their rights under the GDPR.

Right of rectification

Individuals have the right to have inaccuracies in personal data that Michaels Jewellers hold about them rectified.

Right to erasure (right to be forgotten)

Individuals have the right to have their personal data deleted where Michaels Jewellers no longer have any justification for retaining it subject to exemptions such as the use of pseudonymised data for scientific research.

Right to restriction of processing

Individuals have the right to request the restriction or suppression of their personal data. This is not an absolute right and only applies in certain circumstances. When processing is restricted, Michaels Jewellers is permitted to store the personal data, but not use it. An individual can make a request for restriction verbally or in writing and Michaels Jewellers must respond within one calendar month.

Right to data portability

Where it is technically feasible Individuals have the right to have a readily accessible machine readable copy of their data transferred or moved to another data controller where Michaels Jewellers are processing their data based on their consent and if that processing is carried out by automated means.

Right to object

Individuals have the right to object to processing or restrict the processing of their personal data if:
The processing is based on public interest or in order to pursue a legitimate interest
The personal data was processed unlawfully;
You need the personal data to be deleted in order to comply with a legal obligations;

Right not to be subject to automated individual decision-making, including profiling

In certain circumstances individuals can object to profiling and automated decision making.

Information Technology and Data Protection

Michaels Jewellers has established IT policies and procedures to safeguard essential services, protect the privacy of students and staff, and comply with contractual requirements and legislation.

Personal Data Security Breaches

A personal data security breach is any event that has the potential to affect the confidentiality, integrity or availability of personal data held by Michaels Jewellers in any format. Under GDPR Michaels Jewellers, through the Data Protection Officer (DPO), is required to report data breaches to the Data Protection Commissioner within 72 hours from the time of becoming aware of the Data Breach. Michaels Jewellers, as data controller, is expected to respond promptly and appropriately to data security breaches, including all relevant reporting obligations. It is vital to take prompt action in the event of any actual, potential or suspected breach of data security or confidentiality to avoid the risk of harm to individuals, damage to operational business or severe financial, legal and reputational costs to Michaels Jewellers. Michaels Jewellers has developed a Personal Data Security Breach Report Form to deal with data breaches efficiently and effectively and to minimise the consequences of any breach occurring to the the rights and freedoms of those data subjects, whose data are at the care of Michaels Jewellers.

Responsibility

Michaels Jewellers has overall responsibility for ensuring compliance with GDPR legislation when it is the Data Controller of personal data. However, all employees and students of Michaels Jewellers who separately collect and/or control the content and use of personal data are individually responsible for compliance with the legislation. The Data Protection unit provides support, assistance, advice, and training to all departments and offices to ensure that they are in a position to comply with GDPR.

Procedures and Guidelines

Michaels Jewellers is firmly committed to ensuring personal privacy and compliance with GDPR, including the provision of best practice guidelines and procedures in relation to all aspects of Data Protection.

Review of Policy

This Policy will be reviewed regularly in light of any legislative or other relevant developments.

Contact

If you have any queries relating to the processing of your personal data for the purposes outlined above or you wish to make a request in relation to your rights you can contact us here.