Privacy Policy
PRIVACY AT A GLANCE
We collect information about you to process your order, manage your account, respond to your queries, ensure the continuity of our business and, if you agree, send you information about our products and offers tailored to your interests and preferences.
We will share your information with our service providers and our affiliates for the purposes above, as well as with regulatory authorities where required by law. We will not share your personal information for marketing purposes with any other organisation.
To learn more about your rights and how we use your personal data, please read our detailed Privacy Notice below.
1. INTRODUCTION
Welcome to Graff’s Privacy Notice. Graff respects your privacy and is committed to protecting your personal data and making sure you understand our privacy practices. This Privacy Notice describes the personal data we collect through our website www.graff.com (“Site”), how it is used, and your choices regarding this data.
2. WHO IS GRAFF?
Graff Diamonds (New York) Inc. (referred to as “Graff”, "we", "us" or "our" in this Privacy Notice) is the data controller and responsible for your personal data.
If you have any questions about this Privacy Notice, including any requests to exercise your legal rights, please contact us using the details set out below:
Graff Diamonds (New York) Inc.
28-29 Albemarle Street, London, W1S 4JA
info.hq@graff.com (globally) or client.services@graffusa.com (in the U.S.)
3. WHAT PERSONAL DATA DO WE COLLECT FROM YOU?
We collect and use the following information about you:
- Information that you provide by filling in enquiry forms, creating an account with Graff, or by placing an order. Such information provided at the time of registering to use our website or requesting further services including, for example, name, home and/or business address, email address, telephone number, demographic information such as age and/or other information that may identify you as an individual. We may also ask you for information when you make an enquiry or when you report a problem with our website.
- If you contact us, we may keep a record of that correspondence.
- Details of your visits to our website including, but not limited to, traffic information, location information, weblogs and other communication information, whether this is required for our own billing purposes or otherwise and the resources that you access.
We also gather anonymous demographic information, such as age, gender, preferences, interests, and favorites.
We collect information relating to your interactions with us and our Site, including your IP address, browser type, domain names, access times and referring website addresses and other information we collect through the use of cookies and similar technology. See the Digital Advertising & Analytics section of this privacy notice to learn more about the use of this information and the choices available to you.
4. WHY DO WE USE YOUR PERSONAL DATA AND WHAT BASIS DO WE RELY ON?
We may process your personal data for the purposes below and based on the following legal bases:
Purpose | Legal Basis for processing |
---|---|
Purchasing process and delivery of products which includes taking and handling orders, deliver products and communicate with you about your orders. | Necessary for the performance of our contract with you. |
Managing payments for the services we provide you which includes billing process where you purchase a product through our website. | Necessary for the performance of our contract with you. |
Service Relationship which includes managing your account, providing customer support and communicating with you about our products and about your engagement with us, such as changes in our terms. | Necessary for the performance of our contract with you. |
Communicating with you at your request to provide you with information of our products or solve your enquiries before purchasing any of our products. | Necessary for taking steps prior to entering into a contract with you. |
Ensuring proper administration of our business which includes keeping appropriate records, resolving complaints and managing our business relationships and opportunities. | Necessary for our legitimate interest pursued by us or our service providers acting on our behalf or by a third-party insofar as such interests do not pose a high risk to your rights and freedoms. Our legitimate interest is ensuring the continuity of our service. |
Preventing, detecting and fighting fraud or other illegal or unauthorized activities which includes monitoring operations, user activity and networks for fraud prevention and crime detection purposes. | Necessary for our legitimate interest pursued by us or our service providers acting on our behalf or by a third-party insofar as such interests do not pose a high risk to your rights and freedoms. Our legitimate interest is preserving the security of our service. |
Sending marketing communications about our services, products and our organisation. | Where you signed up for our newsletter or other content, we will send you relevant information based on your consent. Where consent is not required, as you are an existing customer who purchased a similar product in the past, we may send you marketing communications based on our legitimate interest pursued by us insofar as such interests do not pose a high risk to your rights and freedoms. Our legitimate interest would be promoting our business and to provide you with offers of relevant services and products. Please note that we will include an unsubscribe link in all our email communications, which removes you from receiving further communications. |
Profiling activities to make sure the commercial communications you receive are relevant to you and tailored to your preferences and expectations. | Based on your consent. |
To establish, exercise or defend legal claims in suspected or actual legal proceedings. | Necessary for compliance with applicable laws and regulations. |
To provide any requested information to the tax, regulatory, anti-money laundering or any other relevant authorities or public bodies, where required to do so, as well as any processing of your personal data in connection to specific legislation, statutory codes of practice and other legal or tax related obligations. | Necessary for compliance with applicable laws and regulations. |
To ensure your safety and for the prevention and detection of crime, CCTV is in operation during your visit to any of our retail outlets. Please be aware that if we are requested to provide CCTV images of you or any other personal information relating to you by the police or any other regulatory or government authority investigating suspected illegal activities, we are obliged do so. | Necessary for our legitimate interest pursued by us or our service providers acting on our behalf or by a third-party insofar as such interests do not pose a high risk to your rights and freedoms. Our legitimate interest would be to ensure the safety and security of our facilities, employees and visitors against theft and vandalism. |
5. WHO DO WE SHARE YOUR PERSONAL DATA WITH?
We may disclose your personal data in accordance with the applicable laws and for the above-stated purposes, to the following parties:
· Third-party service providers acting on our behalf and that provide services such as website hosting, data analytics and information technology assistance. We have appropriate contracts in place that define the legitimate use and sharing of personal information in accordance with this Privacy Notice and oblige such service providers to only process personal information that is necessary for the performance of the contract or are required by applicable laws.
· Our affiliates, subsidiaries and/or divisions.
· Regulatory authorities, as required by applicable laws, for the purposes of including, without limitation to, responding to any governmental or regulatory authority request, cooperating with law enforcement investigations and mutual assistance, or upon receipt of any court order.
· Parties including prospective or actual buyers or seller in the event of a merger, acquisition, or other reorganization or sale or disposition of all or any portion of our business and/or assets, including disposition in bankruptcy.
- We may share information that has been anonymized or aggregated without limitation.
6. DIGITAL ADVERTISING & ANALYTICS
We may partner with ad networks and other ad serving providers (“Advertising Providers”) that serve ads on behalf of us and others on non-affiliated platforms. Some of those ads may be personalized, meaning that they are intended to be relevant to you based on information Advertising Providers collect about your use of the Site and other sites or apps over time, including information about relationships among different browsers and devices. This type of advertising is known as interest-based advertising.
Graff adheres to the Digital Advertising Alliance (“DAA”) Self-Regulatory Principles in connection with this interest-based advertising activity. You may visit the DAA Webchoices tool at www.aboutads.info to learn more about this type of advertising and how to opt out of this advertising on websites by companies participating in the DAA self-regulatory program. If you delete your cookies or use a different browser or mobile device, you may need to renew your opt-out choices exercised through the DAA Webchoices tool. Note that electing to opt out will not stop advertising from appearing in your browser or applications. It may make the ads you see less relevant to your interests. Additionally, your browser may offer tools to limit the use of cookies or to delete cookies; however, if you use these tools, our Sites may not function as intended.
We may also work with third parties that collect data about your use of the Site and other sites or apps over time for non-advertising purposes. Graff uses Google Analytics and other third-party services to improve the performance of the Site and for analytics and marketing purposes. For more information about how Google Analytics collects and uses data when you use our Site, visit https://www.google.com/policies/privacy/partners/, and to opt out of Google Analytics, visit https://tools.google.com/dlpage/gaoptout/.
7. THIRD-PARTY LINKS AND TOOLS
Our Site may provide links to third-party websites or apps. We do not control the privacy practices of those websites or apps, and they are not covered by this privacy notice. You should review the privacy notices of other websites or apps that you use to learn about their data practices.
Our Site may also include integrated social media tools or “plug-ins,” such as social networking tools offered by third parties. If you use these tools to share personal information or you otherwise interact with these features on the Sites, those companies may collect information about you and may use and share such information in accordance with your account settings, including by sharing such information with the general public. Your interactions with third-party companies and your use of their features are governed by the privacy notices of the companies that provide those features. We encourage you to carefully read the privacy notices of any accounts you create and use.
8. DO WE TRANSFER YOUR PERSONAL DATA OUTSIDE OF YOUR COUNTRY?
We do not usually send your personal data outside of your country unless it is strictly necessary for the purposes stated in this Privacy Notice. When we do send personal data abroad, we have in place adequate safeguards to do so. This includes standard contract clauses approved by the European Commission or other suitable safeguard to permit personal information transfers from the United Kingdom or the European Economic Area (“EEA”) to other countries in accordance with the applicable laws.
9. HOW LONG DO WE KEEP YOUR PERSONAL DATA FOR?
Your personal data will be stored in accordance with applicable laws and kept for as long as needed to carry out the purposes described in this Privacy Notice. How long we keep your personal data will depend on:
· what type of product or service we are providing for you;
· how long laws or regulations say we must;
· what we need for fraud and other financial crime prevention;
· what we need to lend responsibly;
· other legitimate business reasons (for example because we need to respond to a complaint or legal claim).
10. YOUR RIGHTS
In certain circumstances, if you are an EEA resident, you may exercise the rights available to you under applicable data protection laws as follows:
· If you wish to access, correct, update or request deletion of your personal information.
· You can object to processing of your personal information when such processing is based on legitimate interests, ask us to restrict processing of your personal information or request portability of your personal information.
· If we have collected and process your personal information with your consent, then you can withdraw your consent at any time. Withdrawing your consent will not affect the lawfulness of any processing we conducted prior to your withdrawal, nor will it affect processing of your personal information conducted in reliance on lawful processing grounds other than consent.
· You have the right to complain to a data protection authority about our collection and use of your personal information. For more information, please contact the Information Commissioner's Office in this link https://ico.org.uk/make-a-complaint/ or your local data protection authority.
You can exercise your rights at any time by contacting us using the contact details included in this Privacy Notice.
If you are a California or Nevada resident please see our notice here.
We respond to all requests we receive from users in accordance with applicable data protection laws. We may ask you to provide proof of identity before we can answer the above requests. In some cases, we may reject requests for certain reasons (for example, if the request is unlawful or if it may infringe on trade secrets or intellectual property or the privacy of another individual).
11. WHAT COOKIES AND SIMILAR TECHNOLOGIES DO WE USE?
Please see our Cookies Policy for more information on what cookies we use, why we use them and how you can better control their use through your browser and other tools.
12. CONTACT US
If you have questions regarding your privacy and rights, please let us know how we can help.
· Email: data@graff.com (globally) or client.services@graffusa.com (in the U.S.)
· Postmail: 28-29 Albemarle Street, London, W1S 4JA
13. CHANGES TO THIS PRIVACY NOTICE
We reserve the right to change this Privacy Notice from time to time. If we make any changes, the updated Privacy Notice will be posted with a revised effective date.
Effective date: August 2020