About this Privacy Policy

We care about your privacy and we think it is important that you always know what information we obtain about you in the context of your use of De Beers' website (available at www.debeers.com, including any purchases or associated activities undertaken by you whilst using the website (the "Services") and what that information is used for.

In the Privacy Policy below, we therefore aim to keep you fully informed as to the type, extent and purpose of the collection, storage, use and processing of your personal data by us.

Personal data (as used in this Privacy Policy) is all information relating to an identified or an identifiable natural person. A person is identified when the identity of a specific person can be deduced from the information itself. A person is identifiable when we can make a connection to a specific person using information available to us.

You generally have the option of not identifying yourself or of using a pseudonym when dealing with us, except where this is impractical (for example when you shop online with us) or where certain laws or a court order provides otherwise. 

This Privacy Policy applies to the Website and your use of the Services. Depending on your jurisdiction, this Privacy Policy may apply with or without changes.  Where changes apply depending on your jurisdiction, the changes are noted in Schedule 2.

Please read this Privacy Policy carefully to understand our practices regarding your personal data and how we will treat it.

IF YOU DO NOT AGREE WITH OUR POLICIES AND PRACTICES, DO NOT VISIT OUR WEBSITE OR USE THE WEBSITE SERVICES.

Our Privacy Policy applies to any customer or visitor to our website.

Who we are

We are the entity described in Schedule 1 as the entity registered in your country of residence (hereinafter: "De Beers" "we" or "us").

We are the provider of the Website and the Services and the organisation responsible for the personal data collected about you as part of your use of the Website and the Services within the meaning of applicable data protection and privacy laws.

We are an organisation who sell luxury jewellery.

How to contact us

If you have any questions about this Privacy Policy or our use of your personal data, if you need to report a problem, or if you would like to exercise one of your rights under data protection and privacy laws you can contact us using the contact details set out in Schedule 1.

You can get in touch with our dedicated privacy contacts with any queries or complaints regarding your data.

How we get information and what data we collect

When you (i) use the Services, (ii) visit our Website, (iii) sign-up for our newsletter, (iv) book an appointment with us, (v) contact our customer services department or (vi) use our live chat service we may collect the following information from you directly:

• your name;
• your email address and phone number;
• your address;
• your IP address;
• credit or debit card details; and
• cookies referred to in the section on cookies below.

We collect certain information about you when you sign up to our services or use our website.

When you visit the Website our server will record your IP address together with the date, time and duration of your visit. An IP address is an assigned number, similar to a telephone number, which allows your computer to communicate over the Internet. It enables us to identify which organisations have visited the Website.  

IF YOU DO NOT WANT US TO COLLECT ANY OF THE INFORMATION DESCRIBED IN THIS PRIVACY POLICY, DO NOT USE OUR WEBSITE OR THE WEBSITE SERVICES.

Use of our customer service web chat function

We provide a customer service web chat function as part of the Services.  You should be aware that personal data that you voluntarily include and transmit online via this chat function will also be processed in accordance with this privacy policy.  Please bear this in mind when providing us with information about yourself via the chat function.

You choose what personal data you share with us when you use our chat function, and we will process that personal data in accordance with this policy.

Why we collect, process and use your information

We collect, process and use your personal data for the following purposes:

To provide you with the Services

• to maintain updated customer accounts
• to provide you with a personalised online shopping experience
• to fulfil any enquiries you raise
• to process your online orders
• to communicate with you about your orders, and
• to book in-store appointments

We use your data to provide you with the Services.

For business administrative purposes

• to facilitate our internal business administration, including maintaining proper business records
• to administer databases (including our contacts database)
• to establish and manage good relationships with you or the organisation with which you are associated
• to investigate or respond to any incidents, complaints or grievances
• to compile statistical data on the use of the Services to report on the cross section of people who use the Services, and
• as part of our efforts to keep the Website and our physical and digital assets safe and secure.

We use your data for business administrative purposes.

For marketing and promotion purposes

• to update you on our latest products and services which we think you may be interested in.

We use your data to provide you with details of new products and services.

How long we keep your information for

We retain your personal data until you ask us to delete it or it is no longer necessary for the purposes described above.

Your rights

You have various rights in relation to the data which we hold about you as described below. You can find out more about your rights by contacting the data protection authority in your jurisdiction (where applicable).  Some of the rights described below are not legal rights in all jurisdictions, and we may not be legally required to comply with requests that you make in respect of these.  We will comply with requests where we are required by law to do so, and where reasonable and practicable, we will also endeavour to meet other requests you make in respect of these rights.  If we are unable to do so, then we will communicate this to you.

To get in touch with us about any of your rights under applicable data protection laws, please use the contact details set out in Schedule 1. We will seek to deal with your request without undue delay, and in any event within any time limits provided for in applicable data protection law (subject to any extensions to which we are lawfully entitled). Please note that we may keep a record of your communications to help us resolve any issues which you raise.

Right to object

This right enables you to object to us processing your personal data where we do so for one of the following reasons:

• because it is in our legitimate interests to do so (for further information please see the section on the grounds for processing below);
• to enable us to perform a task in the public interest or exercise official authority;
• to send you direct marketing materials; or
• for scientific, historical, research, or statistical purposes.

Right to withdraw consent

If we obtain your consent to process your personal data for any activities, you may withdraw this consent at any time and we will cease to use your data for that purpose unless we consider that there is an alternative legal basis to justify our continued processing of your data for this purpose, in which case we will inform you of this condition.  You can withdraw your consent by updating your preferences in your account or by contacting our customer services department.

Right to access a copy of your data

You may ask us for a copy of the information we hold about you at any time, and request us to modify, update or delete such information. If we provide you with access to the information we hold about you, we will not charge you for this unless permitted by law. If you request further copies of this information from us, we may charge you a reasonable administrative cost. Where we are legally permitted to do so, we may refuse your request. If we refuse your request we will always tell you the reasons for doing so.

Right to erasure

You have the right to request that we "erase" your personal data in certain circumstances. Normally, this right exists where:

• The data are no longer necessary;
• You have withdrawn your consent to us using your data, and there is no other valid reason for us to continue;
• The data has been processed unlawfully;
• It is necessary for the data to be erased in order for us to comply with our obligations under law; or
• You object to the processing and we are unable to demonstrate overriding legitimate grounds for our continued processing.

We would only be entitled to refuse to comply with your request for erasure in limited circumstances and we will always tell you our reason for doing so. When complying with a valid request for the erasure of data we will take all reasonably practicable steps to delete the relevant data.

Right to restrict processing

You have the right to request that we restrict our processing of your personal data in certain circumstances, for example if you dispute the accuracy of the personal data that we hold about you or you object to our processing of your personal data for our legitimate interests. If we have shared your personal data with third parties, we will notify them about the restricted processing unless this is impossible or involves disproportionate effort. We will, of course, notify you before lifting any restriction on processing your personal data.

Right to rectification

You have the right to request that we rectify any inaccurate or incomplete personal data that we hold about you. If we have shared this personal data with third parties, we will notify them about the rectification unless this is impossible or involves disproportionate effort. You may also request details of the third parties that we have disclosed the inaccurate or incomplete personal data to. Where we think that it is reasonable for us not to comply with your request, we will explain our reasons for this decision.

Right of data portability

If you wish, you have the right to transfer your personal data between service providers. In effect, this means that you are able to transfer the details we hold on you to another third party. To allow you to do so, we will provide you with your data in a commonly used machine-readable format so that you can transfer the data. Alternatively, we may directly transfer the data for you.

Right to complain

You also have the right to complain to your data protection authority (where applicable).

You have a number of rights regarding your data.

Sharing your information

In general, your data is processed exclusively by us and we do not pass on any personal data to third parties unless in the context of our Website and Services. Where we do share your personal data, we do so with the following categories of recipients:

Service providers

We may share your personal data with third party service providers who perform functions on our behalf (including logistics companies, website providers, email communications service providers, payment and tax calculation services providers, technical support functions and IT consultants carrying out testing and development work on our business technology systems). We will only share your data with these third party service providers where we have appropriate data processing agreements (or similar protections) in place (or your consent where required) and they will not be able to use your data for their own purposes (e.g. for their own marketing purposes).

Related Entities

We may disclose your personal data to our affiliated companies and to our franchisees.

Regulatory bodies

We may disclose your personal data:

• to data protection regulatory authorities;
• in response to an enquiry from a government agency; and
• to other regulatory authorities with jurisdiction over our activities.

Professional advisors and Auditors

We may disclose your personal data to professional advisors (such as legal advisors and accountants) or auditors for the purpose of providing professional services to us.

Replacement providers

In the event that we sell or buy any business assets, we may disclose your personal data to the prospective seller or buyer of such business or assets. If De Beers or substantially all of its assets are acquired by a third party, personal data held by us about our clients will be one of the transferred assets.

Otherwise, your data will only be disclosed in special exceptional cases, where we are obligated or entitled to do so by statute or upon binding order from a public authority.

We may share your data with certain third parties (e.g. to help us provide the Services and the Website).

Changes to this Privacy Policy

We will review this Privacy Policy periodically, and reserve the right to modify and update it at any time. You acknowledge that we may make changes to this Privacy Policy.  Where those changes are not material, it is your responsibility to check back to this page from time to time to review the Privacy Policy. Changes to this Privacy Policy will come into effect immediately upon such changes being uploaded to our Website.  Where changes are material, we will notify you of those changes and obtain your consent if required.  This Privacy Policy was last revised on 17/04/2020

We may make changes to this Privacy Policy from time to time.

Cookies

We use cookies (access data files) on our Website which save certain personal information in order to provide a specialised service that is customised and personalised, as well as for analytics and tracking purposes. Cookies are small pieces of data (text files) that are sent by the website server to the user's browser or app and saved on the user's computer and other devices. With respect to its operation, our cookies distinguish between the users' computer or mobile phones but do not differentiate the individual users.

You have a right to choose whether the cookies are installed or not. You may choose to refuse all cookies, confirm each time a cookie is saved, or permit all cookies by going to [Tools]>[Internet Option]>[Security]>[Custom Setting], or by using the Settings or Options function on mobile devices. If you reject cookies or delete our cookies, you may still use our Website, but you may have reduced functionality.

We use the following cookies on the Website:

We also use third party cookies on our Website. These third party cookies help us learn more about our customers so that we can provide a more personalised service. We use the following third parties cookies on the Website; to find out how these companies process your personal data, please review the relevant privacy notice.

We use cookie technology on the Website.

Security

We care about protecting your personal data. That’s why we put in place appropriate security measures which are designed to prevent any misuse of the data that you provide to us, including:

• HTTPS or FTPS being used for all data in motion; and
• Organisational controls on who within De Beers can access your personal data.

Unfortunately, there is always risk involved in sending information through any channel over the internet. You send information over the internet entirely at your own risk. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted over the internet and we do not warrant the security of any information, including personal data, which you transmit to us over the internet.

If you suspect any misuse, loss, or unauthorised access to your personal data please let us know immediately using the contact details set out in this Privacy Policy. We will investigate the matter and update you as soon as possible on next steps.

We take security seriously and put in place measures to protect your information

Where your information is transferred and stored

In general, your data will be stored in the United Kingdom (UK) and replicated elsewhere depending on your geographic location.

A number of our service providers are also located elsewhere in the world.  For example, in the United States of America, Singapore, Russia, the United Arab Emirates, South Africa, Canada, Slovakia, Kazakhstan and Kuwait. 

In the event that we transfer your personal data to, or store your personal data in, a country or territory which does not maintain adequate data protection standards, we will take all reasonable steps to ensure that any such transfers are undertaken in accordance with applicable data protection and privacy laws (including, where required, obtaining your consent to such transfers) and that your data is treated securely and in accordance with this Privacy Policy.

However, please note that where personal data is stored in another country, it may be accessible to law enforcement agencies in accordance with domestic laws.

We store your data in the UK and elsewhere depending on your geographic location but our service providers may be located elsewhere in the world.

Grounds for processing your information

Where you give us your consent to process your personal data

We are allowed to use your personal data where you have specifically consented. In order for your consent to be valid:

• It has to be given freely, without us putting you under any type of pressure;
• You have to know what you are consenting to – so we'll make sure we give you enough information;
• You should only be asked to consent to one thing at a time – we therefore avoid "bundling" consents together so that you don't know exactly what you're agreeing to; and
• You need to take positive and affirmative action in giving us your consent – for example, we could provide a tick box for you to check so that this requirement is met in a clear and unambiguous fashion.

We currently seek your consent to use your personal data for marketing and advertisement purposes.

Before giving your consent you should make sure that you read any accompanying information provided by us so that you understand exactly what you are consenting to.

You have the right to withdraw your consent at any time, and details can be found in the "Right to withdraw consent" paragraph in the section on your rights above.

Where processing your information is within our legitimate interests

We are allowed to use your personal data where it is in our interests to do so, and those interests aren't outweighed by any potential prejudice to you.

We believe that our use of your personal data is within a number of our legitimate interests, including but not limited to:

• To provide you with the Services;
• To ensure that our systems run smoothly;
• To protect against improper use or unauthorized use of our Website;
• To protect against fraud; and
• To market our Website and Services.

We don't think that any of the activities set out above will prejudice you in any way. However, you do have the right to object to us processing your personal data on this basis. We have set out details regarding how you can go about doing this in the section on your rights above.

Where processing your personal data is necessary for us to carry out our obligations under our contract with you

We are allowed to use your personal data when it is necessary to do so for the performance of our contract with you.

For example, we need to collect and store your email address in order to provide you with our newsletter if you have requested it.

Where processing is necessary for us to carry out our legal obligations

As well as our obligations to you under any contract, we also have other legal obligations that we need to comply with, and we are allowed to use your personal data when we need to comply with those other legal obligations.

We rely on certain grounds to collect, use and share data about you.