Privacy Policy
1. Introduction
At SF Jewellers, accessible from www.sfjewellers.co.uk, we are committed to protecting your privacy and ensuring you have a positive experience on our website. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website, make a purchase, or interact with us.
Please read this Privacy Policy carefully. If you do not agree with our policies and practices, please do not use our website.
2. Information We Collect
2.1 Information You Provide Directly
When you interact with SF Jewellers, we may collect the following personal information:
- Account Information: Name, email address, username, password, postal address, postcode, telephone number
- Billing Information: Billing address, payment card details (processed securely through payment providers)
- Shipping Information: Delivery address, shipping preferences
- Order Information: Products purchased, order history, purchase dates, amounts paid
- Contact Information: When you contact us via email, phone, contact form, or live chat, we collect the content of your communication, your contact details, and any attachments
- Communication Preferences: Subscription to newsletters, marketing communications, product updates
- Customer Reviews: Any reviews, ratings, or feedback you provide about products or services
- Surveys & Feedback: Responses to customer satisfaction surveys and feedback forms
- Identity Verification: For luxury item authentication or security purposes, we may request additional identification
2.2 Information Collected Automatically
When you visit our website, we automatically collect certain information about your device and browsing behaviour:
- Device Information: Device type, operating system, browser type and version, device identifiers, mobile network information
- Usage Information: Pages viewed, products browsed, time spent on pages, links clicked, search queries, referral source
- Connection Information: IP address, Internet service provider (ISP), time zone, date and time of access, pages visited before and after our website
- Location Information: General geographic location (based on IP address), not precise location unless you grant permission
- Cookies & Tracking Technologies: Cookie identifiers, session information, tracking pixels, web beacons
2.3 Information from Third Parties
We may receive information about you from:
- Payment Processors: Payment confirmation, transaction details, fraud prevention information
- Shipping Providers: Delivery tracking information, confirmation of receipt
- Marketing Partners: Demographic information for targeted advertising (with your consent)
- Social Media: If you connect your social media accounts to our website
- Data Brokers: Publicly available information to enhance customer profiles (where permitted)
2.4 Special Categories of Data
We do not intentionally collect sensitive personal data such as racial/ethnic origin, religious beliefs, political opinions, trade union membership, genetic data, biometric data, health information, or sexual orientation. However, if you provide such information voluntarily, we will handle it with utmost care in compliance with UK GDPR requirements.
3. Legal Basis for Processing
We only process your personal data where we have a lawful basis under UK GDPR and Data Protection Act 2018. Our lawful bases include:
3.1 Contractual Necessity
- Fulfilling customer orders and delivery
- Processing payments
- Providing customer service
- Sending order confirmations and shipping updates
3.2 Consent
- Marketing emails and newsletters (opt-in)
- Non-essential cookies
- Customer testimonials and reviews
- Communication preferences beyond those required for orders
3.3 Legal Obligation
- Compliance with tax and accounting requirements (6-year retention)
- Fraud prevention and detection
- Compliance with regulatory authorities
- Response to legal requests or court orders
- Anti-money laundering compliance
3.4 Legitimate Interests
- Improving website functionality and user experience
- Fraud prevention and security measures
- Analytics and statistical analysis
- Direct marketing (where you are an existing customer)
- Protecting our rights, privacy, safety, or property
- Enforcing our terms and conditions
3.5 Vital Interests
- Protecting your health and safety in emergency situations
- Responding to life-threatening situations
4. How We Use Your Information
We use the information we collect for various purposes, including:
4.1 Order Fulfillment & Service Delivery
- Processing and fulfilling your orders
- Processing payments and billing
- Sending order confirmations and shipping notifications
- Delivering products to your specified address
- Providing customer service and support
- Handling returns, exchanges, and refunds
4.2 Communication
- Responding to your inquiries and requests
- Sending transactional emails (order confirmations, shipping updates, receipts)
- Providing information about products and services
- Notifying you of changes to our website or policies
- Sending mandatory compliance communications
4.3 Marketing & Promotional Activities
- Sending newsletters and promotional offers (with your consent)
- Informing you about new products, services, and features
- Conducting customer satisfaction surveys
- Personalizing your shopping experience
- Retargeting advertising on third-party platforms
4.4 Analytics & Website Improvement
- Analyzing website usage patterns and user behaviour
- Improving website design, functionality, and performance
- Monitoring and troubleshooting technical issues
- Conducting market research and trend analysis
- Developing new products and services
- Understanding customer preferences and patterns
4.5 Fraud Prevention & Security
- Detecting and preventing fraudulent transactions
- Verifying customer identity
- Monitoring for suspicious activity
- Protecting against cyberattacks and data breaches
- Complying with anti-money laundering regulations
4.6 Legal & Compliance
- Complying with tax, accounting, and legal obligations
- Responding to legal requests or regulatory inquiries
- Enforcing our terms and conditions
- Protecting our rights and interests
- Maintaining necessary records for dispute resolution
5. How We Protect Your Information
We implement comprehensive security measures to protect your personal data:
5.1 Technical Security
- SSL/TLS Encryption: All data transmitted between your browser and our website is encrypted using SSL (Secure Sockets Layer) or TLS (Transport Layer Security) technology
- Secure Payment Processing: Payment information is processed through PCI DSS compliant payment gateways
- Firewall Protection: Our website is protected by industry-standard firewalls
- Regular Security Audits: We conduct regular security assessments and penetration testing
- Intrusion Detection: Systems monitor for unauthorized access attempts
- Data Encryption: Sensitive data is encrypted both in transit and at rest
5.2 Organizational Security
- Access Controls: Only authorized personnel with a legitimate business need have access to personal data
- Staff Training: Our team receives regular data protection and privacy training
- Confidentiality Agreements: All staff and contractors sign confidentiality agreements
- Vendor Assessment: Third-party vendors are vetted for data protection compliance
- Data Processing Agreements: All processors sign Data Processing Agreements (DPAs) compliant with UK GDPR
5.3 Incident Response
- Breach Procedures: We have documented procedures for responding to data breaches
- 72-Hour Notification: We will notify affected individuals and the Information Commissioner’s Office (ICO) within 72 hours of discovering a breach that poses a risk to your rights and freedoms
- Incident Logging: All security incidents are logged and investigated
Please note: While we implement robust security measures, no method of transmission over the internet or electronic storage is completely secure. You use our website at your own risk, and we cannot guarantee absolute security.
6. Cookies & Tracking Technologies
6.1 What Are Cookies?
Cookies are small text files stored on your device that allow us to recognize you and remember your preferences. We use cookies to enhance your browsing experience, analyze website usage, and deliver targeted advertising.
6.2 Types of Cookies We Use
| Cookie Type | Purpose | Duration | Consent Required |
|---|---|---|---|
| Essential/Necessary | Required for website function, security, shopping cart, checkout process | Session or persistent | No (except under ePrivacy rules) |
| Performance/Analytics | Measure website usage, page performance, user behaviour (Google Analytics) | Persistent (up to 2 years) | No (under 2025 changes) but disclosure required |
| Functional | Remember preferences, language settings, user account information | Persistent | No (except for enhanced functions) |
| Marketing/Advertising | Display targeted ads, retargeting, social media integration | Persistent (up to 2 years) | Yes – Opt-in Required |
| Third-Party | Advertising partners, social media, analytics providers | Varies | Yes – Opt-in Required |
6.3 Other Tracking Technologies
- Pixels & Web Beacons: Used to track conversions and advertising effectiveness
- Log Files: Automatically record server activity and user interactions
- Session Storage: Temporary storage of data during your browsing session
- Local Storage: Persistent storage of preferences and settings on your device
6.4 Cookie Management
You can control cookies through your browser settings:
- Disable Cookies: Most browsers allow you to disable cookies. However, some website features may not function properly without cookies
- Delete Cookies: You can delete existing cookies from your device
- Third-Party Cookies: You can block third-party cookies in your privacy settings
- Cookie Policy Management: You can manage your cookie preferences through our cookie consent banner when you first visit our website
Popular Browsers:
- Chrome: Settings → Privacy and Security → Cookies
- Firefox: Options → Privacy & Security → Cookies
- Safari: Preferences → Privacy → Cookies
- Edge: Settings → Privacy → Cookies
6.5 Do Not Track
If your browser includes a “Do Not Track” feature, we will respect this preference. However, please note that many websites do not currently respond to “Do Not Track” signals.
6.6 PECR & Consent
Under the Privacy and Electronic Communications Regulations (PECR) and recent 2025 updates:
- Non-Essential Cookies: Require explicit opt-in consent
- Analytics Cookies: No longer require consent under 2025 rules but disclosure is required
- Marketing Communications: Require consent before sending promotional emails
We obtain your consent through our cookie banner and manage preferences via your account settings.
7. Data Sharing & Third Parties
7.1 When We Share Your Data
We do not sell, trade, or transfer your personal information to unrelated third parties. However, we share data with the following categories of recipients who help us operate our website and conduct our business:
7.2 Service Providers & Processors
| Category | Purpose | Examples |
|---|---|---|
| Payment Processors | Securely process credit/debit card payments | Stripe, PayPal, Square |
| Shipping & Logistics | Fulfil orders and track deliveries | Royal Mail, DPD, FedEx, UPS |
| Email Services | Send newsletters, transactional emails, marketing communications | Mailchimp, SendGrid, Klaviyo |
| Customer Service | Provide support and handle inquiries | Zendesk, Intercom, Help Scout |
| Hosting & Infrastructure | Maintain website functionality and security | AWS, Google Cloud, Cloudflare |
| Analytics & Tracking | Analyze website performance and user behaviour | Google Analytics, Mixpanel, Hotjar |
| Marketing & Advertising | Display targeted ads and retargeting | Google Ads, Facebook Ads, AdRoll |
| Fraud Prevention | Detect and prevent fraudulent transactions | Fraud detection services, payment providers |
| Accounting & Tax | Comply with tax and accounting obligations | Accountants, tax advisors, Companies House |
| Legal & Compliance | Respond to legal requests and regulatory inquiries | Legal counsel, law enforcement, regulators |
7.3 Data Processing Agreements
All service providers are bound by Data Processing Agreements (DPAs) that comply with UK GDPR Article 28 and commit them to:
- Process data only on our instructions
- Maintain appropriate security measures
- Respect your data protection rights
- Assist with data subject access requests
- Notify us of data breaches
7.4 International Transfers
Some of our service providers are located outside the United Kingdom or EU. When we transfer data internationally, we use appropriate safeguards:
- Standard Contractual Clauses: Contracts include SCCs approved by the UK authorities
- Adequacy Decisions: We transfer data to countries with adequacy determinations
- Your Consent: We inform you of international transfers and obtain your consent where required
Countries Where Your Data May Be Processed:
- European Union (GDPR compliance)
- United States (via SCCs or Privacy Shield alternatives)
- Canada, Australia, New Zealand (where safe transfers are in place)
7.5 Legal Obligations
We may disclose your information if required by law or to:
- Comply with court orders, subpoenas, or legal processes
- Enforce our Terms & Conditions
- Protect our rights, privacy, safety, or property
- Protect public safety or prevent crimes
- Comply with regulatory or government requests
7.6 Business Transfers
If SF Jewellers is involved in a merger, acquisition, bankruptcy, dissolution, reorganization, or similar transaction or proceeding, your personal information may be transferred as part of that transaction. We will provide notice before your information becomes subject to a different privacy policy.
7.7 Non-Personal Information
We may share aggregated, anonymized, or statistical information with third parties for marketing, analytics, and research purposes without restrictions. This information cannot identify you personally.
8. Data Retention
We retain your personal data for as long as necessary to:
- Fulfil the purposes for which it was collected
- Comply with legal and regulatory obligations
- Resolve disputes and enforce agreements
- Protect our interests and rights
8.1 Retention Periods
| Data Type | Retention Period | Reason |
|---|---|---|
| Customer Account Data | Duration of account + 3 years after inactivity | Legal obligations, dispute resolution |
| Order & Transaction Data | 6 years | UK tax, accounting, and legal requirements |
| Payment Information | 2-3 years or per payment processor policy | Fraud prevention, chargeback management |
| Cookies & Tracking Data | 2 years maximum | Analytics and compliance with Privacy Act |
| Marketing Communications | Until unsubscribed | Legal basis for marketing |
| Support Tickets & Inquiries | 3-6 years | Customer service history, dispute resolution |
| Backup Copies | 30-90 days after deletion | System recovery and disaster management |
| Website Logs & Analytics | 12-24 months | Security and performance monitoring |
| **CCTV (if applicable) | 30 days | Security purposes |
8.2 Deletion Process
When data is no longer needed:
- Data is securely deleted or anonymized
- Backup copies are retained for 30-90 days as required by our systems
- Deletion requests are processed within 30 days
- You can request deletion via our Data Subject Access Request process
9. Your Rights & How to Exercise Them
Under UK GDPR and the Data Protection Act 2018, you have the following rights:
9.1 Right of Access (Data Subject Access Request)
Right: You can request a copy of all personal data we hold about you.
How to Exercise:
- Email us at: contact@sfjewellers.co.uk
- Send a letter to: SF Jewellers, 71-75 Shelton Street, Covent Garden, London, WC2H 9JQ
- Submit our online data subject access request form: [link on contact page]
Response Time: We will respond within 30 calendar days (extendable to 90 days for complex requests).
Fees: Requests are free. We may charge reasonable fees for manifestly unfounded or excessive requests.
9.2 Right to Rectification (Correction)
Right: You can request correction of inaccurate or incomplete personal data.
How to Exercise:
- Contact our Data Protection Officer
- Update your account information directly on our website
- Provide corrected information via email or contact form
Response Time: We will respond within 30 days.
9.3 Right to Erasure (“Right to Be Forgotten”)
Right: You can request deletion of your personal data in specific circumstances.
Eligible Circumstances:
- Data is no longer necessary for its original purpose
- You withdraw your consent (where consent is the legal basis)
- You object to processing and we have no overriding legitimate interests
- Data was unlawfully processed
- Deletion is required by law
Non-Eligible Circumstances:
- We still need the data to fulfil your order
- Legal obligations require us to retain it (e.g., tax/accounting)
- We have legitimate interests that override your request
- You initiated the relationship and we need data for records
How to Exercise: Contact our Data Protection Officer using the methods above.
Response Time: 30 days.
9.4 Right to Restrict Processing
Right: You can request that we limit how we use your data while we investigate a dispute or confirm your request.
Scenarios:
- You dispute the accuracy of your data
- Processing is unlawful but you request restriction instead of deletion
- We no longer need the data but you require it for legal claims
- You have objected and we are considering your objection
How to Exercise: Email us with details of your restriction request.
Response Time: 30 days.
9.5 Right to Data Portability
Right: You can request your data in a structured, commonly used, machine-readable format (e.g., CSV) and request transfer to another organization.
Applicable to:
- Data you have provided
- Data processed based on consent or contract
- Data processed automatically
Excluded:
- Data processed based on other legal bases
- Non-personal or aggregated data
How to Exercise: Submit a data portability request to our Data Protection Officer.
Response Time: 30 days.
Format: We will provide data in standard formats (CSV, JSON, Excel, etc.).
9.6 Right to Object
Right: You can object to certain types of processing, particularly for marketing purposes.
Object to:
- Direct marketing (email, phone, SMS)
- Targeted advertising and profiling
- Processing for legitimate interests
- Automated decision-making
How to Exercise:
- Click the “unsubscribe” link in marketing emails
- Update marketing preferences in your account settings
- Email us with your objection
- Contact our Data Protection Officer
Response Time: We will stop marketing communications immediately. For other objections, we respond within 30 days.
9.7 Right Not to Be Subject to Automated Decision-Making
Right: You have the right not to be subject to automated decision-making that produces legal or similarly significant effects unless:
- The decision is necessary for entering into or performing a contract with you
- We have your explicit consent
- Processing is authorized by law
Exceptions: This right does not apply to purely technical or non-consequential decisions.
How to Exercise: Contact us if you believe automated decision-making is being applied to you.
9.8 Right to Withdraw Consent
Right: If we rely on your consent as our legal basis, you can withdraw it at any time (this does not affect lawfulness of processing before withdrawal).
How to Exercise:
- Update your preferences in your account
- Unsubscribe from marketing communications
- Contact our Data Protection Officer in writing
9.9 Right to Lodge Complaints
Right: You have the right to lodge a complaint with the Information Commissioner’s Office (ICO) if you believe we have violated your data protection rights.
Information Commissioner’s Office (ICO):
- Website: www.ico.org.uk
- Phone: 0303 123 1113
- Address: Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF
- Online Complaint Form: www.ico.org.uk/make-a-complaint
10. Children’s Privacy (Post-2025 UK GDPR)
10.1 Age Restrictions
Our website and services are not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13.
10.2 Children Aged 13-18
For users aged 13-18, enhanced protections apply under the updated 2025 UK GDPR:
- We limit collection of personal data from minors
- We do not use profiling or targeted advertising for minors
- Parental consent is required for children under 16 to process cookies and non-essential data
- We do not use automated decision-making that significantly affects minors
10.3 Parental Consent
If you are a parent or guardian and believe we have collected information from your child without consent, please contact us immediately using the details below.
10.4 Parental Rights
Parents have the right to:
- Request access to their child’s personal data
- Request deletion of their child’s data
- Withdraw consent for their child’s data processing
- Restrict their child’s data use
11. Contact Information
11.1 Data Protection Officer & Privacy Inquiries
For questions about our privacy practices, to exercise your rights, or to report a privacy concern:
Email: privacy@sfjewellers.co.uk or contact@sfjewellers.co.uk
Postal Address:
SF Jewellers
71-75 Shelton Street
Covent Garden
London, WC2H 9JQ
United Kingdom
Phone: [Your contact phone number]
Contact Form: [Link to contact form on website]
Response Time: We aim to respond to all privacy inquiries within 10 business days.
11.2 Filing a Complaint
Internal Complaints:
- Contact our Data Protection Officer using the details above
- Provide details of your complaint and any relevant documentation
- We will investigate and respond within 30 days
External Complaints (ICO):
- Information Commissioner’s Office (ICO)
- Phone: 0303 123 1113
- Website: www.ico.org.uk
12. Changes to This Privacy Policy
We may update this Privacy Policy at any time to reflect changes in our practices, technology, legal requirements, or other factors.
12.1 Notice of Changes
- Minor Changes: Posted on website with updated date
- Material Changes: We will notify you via email or prominent website notice
- Consent Required: For significant changes, we may request your consent
12.2 Effective Date
Changes are effective when posted on our website. Your continued use of our website after changes constitutes acceptance of the updated Privacy Policy.
12.3 Previous Versions
Previous versions of this Privacy Policy are available upon request.
13. Policy Acknowledgment
Effective Date: November 2025
By accessing and using the SF Jewellers website, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy. If you do not agree with our practices, please do not use our website.
Last Updated: November 2025
This Privacy Policy is compliant with UK GDPR, Data Protection Act 2018, PECR (Privacy and Electronic Communications Regulations), and the Data (Use and Access) Act 2025.
For more information about your rights, visit the Information Commissioner’s Office (ICO) website
