Privacy Policy | KD Fine Jewellery

KD Fine Jewellery is committed to protecting your personal data and respecting your privacy. This Privacy Policy explains how we collect, use, store, and protect your information when you visit our Website or make a purchase. This policy complies with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and relevant international privacy laws including the EU GDPR and applicable US state privacy laws.

1. Data Controller

The data controller for your personal information is KD Fine Jewellery, based in London, United Kingdom. If you have any questions or concerns about how your data is handled, please contact us via the contact details on our Website.

2. What Data We Collect

We may collect the following categories of personal data:

• Identity data: name, title;

• Contact data: email address, telephone number, billing and delivery addresses;

• Transaction data: details of products you have purchased and payment history (we do not store full card details);

• Technical data: IP address, browser type, device information, pages visited;

• Marketing & communications data: your preferences for receiving marketing from us (if applicable).

3. How We Use Your Data

We use your personal data for the following purposes:

• To process and fulfil your order, including sending confirmations and shipping updates;

• To manage returns, refunds, and customer service enquiries;

• To comply with legal and regulatory obligations;

• To detect and prevent fraud;

• To improve our Website and user experience;

• To send marketing communications where you have given explicit consent (you may withdraw consent at any time).

4. Legal Basis for Processing (UK & EU GDPR)

We process your personal data under the following legal bases:

• Contract performance: processing necessary to fulfil your purchase;

• Legal obligation: compliance with applicable laws and regulations;

• Legitimate interests: fraud prevention, website analytics, and improving our services;

• Consent: for marketing communications, where applicable.

5. Email Marketing

We currently do not operate an email marketing programme. Should we introduce newsletters or marketing communications in the future, we will only do so with your explicit opt-in consent. You will always have the right to unsubscribe at any time.

6. Data Sharing

We do not sell, rent, or trade your personal data. We may share your data with carefully selected third parties strictly for the purposes of fulfilling your order and operating our business, including:

• Shipping and logistics providers;

• Payment processors (who operate under their own privacy policies and are PCI-DSS compliant);

• Website hosting and technology providers;

• Legal or regulatory authorities where required by law.

7. Shopify as Our E-Commerce Platform

Our Website is hosted and operated through Shopify Inc., a technology platform provider based in Ottawa, Canada. Shopify acts as a data processor on our behalf, meaning they process your personal data only on our instructions and in accordance with this Privacy Policy.

When you visit our store and make a purchase, Shopify collects and processes the following data on our behalf:

• Your name, billing and delivery addresses, email address, and telephone number;

• Payment information (processed securely — KD Fine Jewellery and Shopify do not store your full card details);

• Device and browsing data including IP address, browser type, and pages visited on our Website;

• Order history and transaction data.

Shopify operates in compliance with applicable data protection laws. For full details of how Shopify handles your data, please review Shopify's Privacy Policy at www.shopify.com/legal/privacy. Shopify is certified under international data transfer frameworks and implements appropriate safeguards for cross-border data transfers.

By making a purchase or using our Website, you acknowledge that your data will be processed by Shopify in accordance with their privacy policy and applicable law.

8. Shopify Enhanced Services & Targeted Advertising

Shopify may provide enhanced services that involve the use of customer data for advertising and analytics purposes. Where Shopify's services involve the placement or delivery of advertising based on customer data from interactions with our store and other merchants on the Shopify platform, this may constitute 'sharing' or 'targeted advertising' under certain applicable privacy laws — in particular, US state privacy laws including the California Consumer Privacy Act (CCPA) and the Colorado, Connecticut, and Virginia consumer privacy acts.

You have the right to opt out of the sharing of your personal information for targeted advertising purposes. To exercise this right, please contact us directly or use the cookie consent tool on our Website. You may also adjust your preferences through Shopify's opt-out mechanisms where available.

We do not use your personal data to build advertising profiles or sell your data to third-party advertisers. Any use of data for analytics or advertising improvement is limited to improving your experience on our Website and is disclosed in our Cookie Policy.

9. International Data Transfers

Where your data is transferred outside the UK or European Economic Area — including to Shopify's servers in Canada and the United States — we ensure appropriate safeguards are in place, including Standard Contractual Clauses (SCCs) approved by the UK ICO or European Commission, and reliance on Canada's adequacy status under UK GDPR. For US-based service providers including Shopify's US operations, we ensure compliance with relevant US-UK and US-EU data transfer frameworks.

10. Data Retention

We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected, including legal, accounting, and reporting obligations. Order data is typically retained for 7 years in accordance with UK tax and financial regulations.

11. Your Rights

Under UK and EU GDPR, you have the following rights:

• Right of access: to request a copy of your personal data;

• Right to rectification: to correct inaccurate or incomplete data;

• Right to erasure: to request deletion of your data in certain circumstances;

• Right to restriction: to limit the processing of your data;

• Right to data portability: to receive your data in a structured, machine-readable format;

• Right to object: to processing based on legitimate interests;

• Right to withdraw consent: at any time where processing is based on consent.

To exercise any of these rights, please contact us via our Website. We will respond within 30 days. You also have the right to lodge a complaint with the UK Information Commissioner's Office (ICO) at www.ico.org.uk.

12. California Residents — CCPA Rights

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA), including the right to know what personal information is collected, the right to delete personal information, and the right to opt out of the sale of personal information. We do not sell personal information. To exercise your rights, please contact us directly.

13. Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, loss, or disclosure. All payment transactions are processed through encrypted, industry-standard secure channels. However, no data transmission over the internet is entirely secure, and we cannot guarantee absolute security.

14. Third-Party Links

Our Website may contain links to third-party websites. We are not responsible for the privacy practices or content of those sites and encourage you to review their respective privacy policies.