Customer Privacy Notice

A little about us…

Starting out with modest roots in 1977, our family-run business has been helping retailers to find the perfect jewellery to suit their customers’ needs for over 40 years. We are now one of the UK’s leading wholesalers of high-quality sterling silver and 9ct gold products, with over 5000 beautiful designs to choose from.

We are a registered Data Controller with the Information Commissioner registration reference ZA393268.

Your Privacy matters to us

We appreciate the trust you place in us when sharing your personal data, the security of your data is very important to us. In this notice, we will explain how we collect, use, and protect your personal data. We will also provide information on what rights you have with regards to your personal data and how you can exercise those rights.

We appreciate that the world of data protection can seem a little complicated, we will try to explain things in a simple and straight forward way.

We collect information from:

• You, when you provide it directly to us either as a new or returning customer
• As we deal primarily with businesses we may collect information from your business/employer
• Trusted data & marketing companies
• Online enquiries via our website and google ads
• Website visitors – see our cookies policy for further information
• Our social media profiles on various profiles including; TikTok, Facebook, Instagram, Twitter, YouTube and Pinterest
• CCTV on our premises

What information we collect:

• Contact details (such as name, address, phone, email) this data is usually linked to employees and representatives of limited companies, all though we may also collect sole trader and non-commercial data.
• Contact information for the business and wider commercial information for example ethical information around responsible business practice
• Financial information to process orders
• Marketing preferences
• Complaints data
• CCTV footage on our premises
• Data protection requests
• Cookies data – see our cookies policy

Here’s how we use the personal data we hold:

• To keep you informed about services, offers and products from CME
• To process your order and payment
• To comply with our contractual obligations
• To prevent and detect criminal activity
• To promote our business needs and legitimate interests
• To comply with our financial obligations such as providing evidence to HMRC
• Manage the information and keep it secure & up to date
• Process payments and invoices
• To record & review calls and wider correspondence for training and monitoring purposes
• To identify the most appropriate service offering for you
• To assess business status i.e. sole trader vs ltd company
• To promote physical security of our assets and staff – our CCTV monitors and live footage are accessible to authorised personnel
• To assess company ethics
• To advertise via social media platforms such as Facebook and Instagram to attract lookalike audiences. Lookalike audiences are groups of people who share similar characteristics and behaviours with our existing customers, identified through analysis of cookies data. It is recommended that users duly consider the relevant privacy notices and cookies information of the applicable social media platform, in addition to CME’s.

• To adhere to our legal obligations in accordance with the following:
  • Data Protection Act 2018 & UK General Data Protection Regulations (UK GDPR)
  • Privacy and Electronic Communications Regulations (PECR) 2003
  • Income Tax Act 2007 and wider Tax legislation
  • Trading Standards Act 2008 and wider Trading standards legislation
  • Health and Safety at Work Act 1974 and wider Health & Safety legislation
  • Limitation Act 1980
  • Protection of Freedoms Act 2012
  • Contracts (Applicable Law) Act 1990

Please note this list is not exhaustive and many UK legal provisions may apply

Do we have a reason to use your information?

We use some personal information in accordance with CME ‘legitimate interests.’ Where we rely on legitimate interests we assess benefits both to the customer and the business whilst assessing the proportionality of such processing.

Where its appropriate to do so, we will ask for your consent to ensure we are clear on your choices.

We may also use information to fulfil a transaction or contract – for example if you purchase jewellery, we’ll handle payment information and address details, to deliver you what we have promised!

We always need to follow the law so there may be some cases where we are legally required to share information with statutory partners & Ombudsman – these are official Organisations like the Police or trading standards. We’ll tell you more about this in the ‘who we share information with’ section.

Can you opt out?

Of course! Wherever we have used your information in line with legitimate interests and consent you will usually be able to opt out by emailing sales@cmejewellery.co.uk

There may be some cases where we have to hang on to some information – we explain this in the ‘information we keep’ section.

Who we share information with:

May https://www.wearemay.com/ for marketing services and support.

Google Analytics marketing insight and support.

Our marketing agency may use tools such as Hike https://hikeseo.co/privacy-policy/ and Yoast https://yoast.com/privacy-policy/ to assist with search engine optimisation

From time to time we use SurveyMonkey services to send you marketing updates you can view more about processing details here https://www.surveymonkey.co.uk/mp/legal/privacy-basics/

Statutory partners for investigations and audits such as the Police, the Information Commissioner and so on.

IT consultants

IT system providers inclusive of website provider

Courts and Tribunals where necessary.

Data protection consultants

CCTV system and IT maintenance providers

Our accountants company

International Transfers

We are committed to ensuring that any international transfers comply with UK Data Protection Legislation. In most cases, it will be necessary for CME to implement the appropriate contractual safeguards in place prior to transferring such data.

We also use Google Analytics who process limited cookies information within the United States of America. Google has developed a browser add-on to allow users to opt-out of Google Analytics across all websites which use it. This is also available in the Chrome web store. Click here to read Google's overview of privacy and safeguarding data.

From time to time we use SurveyMonkey services to send you marketing updates you can view more about processing details here

Your rights for personal data, you can:

• ask for a copy of the personal data we hold about you. Assuming your request is reasonable, we will provide a copy of all the personal data we hold about you and you can check that we’re processing it lawfully
• ask us to correct the personal data that we hold about you
• ask us to delete your personal data. This one’s a little tricky! If, for some reason, we still hold your data, but without good reason, at your request we’ll delete it. To be honest, this is a pretty unusual scenario, because we’re pretty hot on getting rid of data we’re not obliged to hold!
• object to us processing your personal data. This applies where we’re relying on a “legitimate interest” of ours or a third party, and you have a situation which makes you want to object to us processing your data.
• ask for the restriction of the processing of your personal data. This means you can ask us to suspend the processing of personal data about you
• ask for the transfer of your personal data to you or another data controller if the processing is based on consent or contract – and you provided that information to us
• withdraw consent for processing – we’ve mentioned this above in the ‘can you opt out?’ section
• Right to prevent automatic decisions – you have the right to challenge a decision that affects you that has been made automatically. Here at CME, we don’t make automatic decisions, we carefully reach decisions about you and your information

Information we keep:

We keep your personal data for as long as we have to and always do this in line with data protection laws. We don’t want to keep your data any longer than we need to!

We store information securely, we mainly keep this digitally on our protected devices, we may also keep paper records for a certain period of time but don’t worry we’ll keep these secure as well.

How to complain:

You can email: assist@cmejewellery.co.uk

Or call: 0116 283 2240

CME Contact details can be found at cmejewellery.com

For independent advice about data protection, privacy and data sharing issues, you can contact the Information Commissioner's Office (ICO):

• By post: Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF
• By phone:0303 123 1113 (local rate) or 01625 545 745 if you prefer to use a national rate number

Alternatively, visit ico.org.uk or email icocasework@ico.org.uk

Retention Schedule

All CME Information must be kept in accordance with this retention schedule, as required by the Data Protection Policy and the Records Management & Information Policy. In the event that employees identify any discrepancies or areas which are not covered by this retention schedule this should be promptly reported to the Debbie Hunt for review.

21/03/2025