Date effective from: 01 July 2019
This Privacy Notice is designed to help you understand everything you need to know about the what, why and how’s of RJC’s data gathering and processing operations, and what your legal rights are. We hope you’ll take some time to read this page. We’ve tried to keep it all as simple as possible and we will keep you informed if there are any changes to the way we process your personal data in the future, before making them.
RJC takes its responsibility of protecting your data very seriously and we do advise you get to know our practices – If there’s anything in this policy you don’t understand or if you want to ask any questions, please feel free to contact us using any of the details below.
Our Data Protection Officer is:
Ametros Group Ltd
Thorne Business Park
+44 0330 223 2246
Who are we?
We are the Responsible Jewellery Council, a UK limited company registered in England and Wales at the Cardiff Office, Crown Way, Cardiff CF14 3UZ (5449042). In this document the Responsible Jewellery Council will sometimes be referred to as “we” or RJC.
What kind of personal data might we ask you to provide?
RJC will only ever ask for personal data if it is required for a specific purpose; with that in mind we have created a full list of all the kinds of personal data that we may ask you to provide in order to achieve those purposes. The kinds of personal data we may collect are:
- Volunteer / Intern / Student: Name, address, DOB, telephone, email
- Job applicant: Name, address, telephone, email, work and education history
- Member: Name, work address, telephone, email, usernames, bank details, job title, Certificate number
- Prospect: Name, telephone, email, job title
- Professional contact / Agent / Reference / Principal Contact: Name, address, telephone, email, job title
- Supplier: Name, address, telephone, email, job title
- Sub-Contractor: Name, address, telephone, email, bank details, tax information
- Directors: Name, telephone, email, job title, marital status, employment history, birth place, residency, nationality, ethnicity, current address, previous address, residential status, parentage
Why do we collect personal data?
We will use personal data firstly to fulfil any contractual obligations that exist between us and yourself; where we request personal data be provided to meet the terms of any such contract you will be required to provide the relevant personal data or we will not be able to deliver the goods and/or services you want. In such cases the lawful basis of us processing the personal data is that it is necessary for the performance of a contract. We may also process your personal data in accordance with our legitimate business interests; this is on the considered measure that we need the personal data to achieve the various purposes and that it could be reasonable for an individual to expect their data to be used for those purposes.
Our data processing activities conducted on the lawful basis of ‘legitimate interests’ are:
- To provide you with goods and services you are looking for.
- To inform you of other goods and services we provide, or offers that may interest you (direct marketing.
- To send notifications on subjects you have subscribed to, or otherwise asked us to keep you informed of.
- To improve the quality of the services we offer, and to better understand our customers’ needs by requesting feedback, or requesting you review the services we have provided, or we may send survey forms that we ask you to complete.
- To notify you of any changes to the goods and/or services we provide, or have provided, that may affect you.
- To allow us to understand the scale and range of our customer base; for statistical analysis and market research.
- To recognise when customers re-engage with our services.
- To allow us to support and maintain our products in active service.
- Improve website so content is delivered more efficiently.
- To enhance the security measures in place that protect data we are responsible for.
- To protect the company’s assets.
We may also process your personal data in order for RJC to comply with our various legal obligations; this might include:
- Providing for financial commitments between us and yourself, or to relevant financial authorities.
- Complying with industry regulatory requirements and any self-regulatory schemes.
- Carrying out required business operations and due diligence; e.g. administration, security, reorganisations, investment or corporate/asset sales.
- Cooperating with relevant authorities for reporting criminal activity, or to detect and prevent fraud.
- To investigate any insurance claims, claims of unfair dismissal, claims of any kind of harassment or of discrimination, or any other claim whereby we may have to defend ourselves.
Where did we obtain your personal data?
Other than collecting data directly from you, we may gather personal data from sources including:
- From third party organisations, which can mean your personal data has been provided directly by another company for a specific purpose, or where you may have accessed our platforms through a third-party online service.
Who whill we share your information with?
In order to achieve the above stated purposes for which we process your personal data, we may need to share your personal data with various third-party service providers who act as data processors. We may share your personal data with third party organisations acting as data controllers or with specific individuals, groups or other organisations who act as neither data controllers nor data processors, but only where we are either legally require to do so by law or where doing so is necessary to achieve the intended stated purpose of processing the data. In the event that we sell or reorganise our business, or if otherwise required by law or by an authorised regulator, we may transfer your personal data as a part of the general business data to the relevant parties.
Where is my data going to be stored?
RJC as a part of its standard business practices may be required to transfer your personal data to countries outside the European Union (EU), or to organisations who intend to transfer the data outside the EU. Where such transfers of data take place, we shall ensure that at least one of the following control measures are in place:
- The data transfer is necessary in order to fulfil a contract between the data controller and you, or to satisfy pre-contractual requirements that have been requested by you.
- We have gathered your specific consent before the transfer takes place, after making you aware of any risks involved.
- Contracts are in place between the parties involved that ensure the recipient organisation has a suitable standard of data protection in place.
How long will we keep your data for?
We will keep your personal data only for as long as required in order to achieve the purposes for which it was gathered, in line with this privacy notice. For determining when personal data should be erased we shall take into consideration the amount of and sensitivity of the personal data we have, the amount of harm that could be caused by a data breach, the benefits of the purposes the data is being used for and any legal requirements that we are bound to. You may request that we erase your personal data an anytime, though in cases where there is a remaining relevant or legal reason why we are required to keep the data we may opt to restrict the amount of processing being conducted to what is absolute necessary in line with your legal rights in order to minimise the impact the processing will have. Where the lawful basis of our processing is based on protection of vital interests and insofar any relevant health and safety obligations apply, RJC will retain your personal data for 40 years.
Your rights, our responsibility.
There are several rights granted to you immediately upon providing us with your personal information; some of these are mentioned above. We’d like you to know that at RJC we take your rights as a Natural Person seriously and will always conduct ourselves in a way that is considerate of our responsibility to serve your legal rights.
You have the right of access.
This grants you the right to confirm whether or not your personal data is being processed, and to be provided with relevant details of what those processing operations are and what personal data of yours is being processed. If you would like access to the personal data we have about you, we ask that you contact us by using any of the details below.
The right to recertification.
This one is fairly straight forward; if you notice that the data we have about you is inaccurate or incomplete, you may request we rectify the mistake. We will make every effort to respond to requests of this type immediately.
The right to objection.
The right to object is a basic freedom all democracies enjoy. If you wish to object to the way we use, or have used, your personal data you may do so freely.
The right to probability.
This is a legal right afforded to you that states we must pass on all of the details you have provided to us in a machine-readable format, either to your or to another provider of your choosing.
The right to complain.
We will always try to maintain the highest standards and encourage the confidence our stakeholders have in us as an organisation. In order that we can achieve this we do request that any complaints be first brought to our attention so we can properly investigate matters; if however you would like to complain about RJC to a supervisory authority you may do so by contacting the Information Commissioners Office on +44 0303 123 1113, or anyone of the other reporting methods listed on their website – https://ico.org.uk/concerns