Privacy Policy

1. Introduction to this privacy policy

We understand how important it is that we keep your personal data safe and only use it in appropriate ways. This privacy policy is intended to help you understand the personal data we collect and obtain, what we use it for and how we protect it. We ask that you read this privacy policy carefully as it contains important information about your legal rights.


2. Who are we?

We are Eaglesure Limited and our address is 22-23 Commercial Street, Leeds, West Yorkshire LS1 6AL. We trade as Owen & Robinson Jewellers. 

In this privacy policy we refer to ourselves generally as “O&R” and you can contact privacy@oandr.co.uk in relation to data protection matters concerning any of the companies. 

Where in this privacy policy it mentions that we collect information about you, the company you are dealing with will collect the information as the data controller.

We have appointed Simon Oxby as privacy officer and he will have day to day responsibility for ensuring we comply with the Data Protection Laws and dealing with any requests we receive from individuals exercising their rights under the Data Protection Laws.


3. What laws apply to our processing of your personal data

When we process your personal data we are required to comply with the Data Protection Act 1998 until and including 24 May 2018 (“DPA”), and in substitution from midnight at the start of 25 May 2018, the General Data Protection Regulation 2016 (“GDPR”) (the DPA and GDPR are together referred to as the “Data Protection Laws”).


4. What type of information do we collect?

Your personal data includes all the information we hold that identifies you or is about you, including but not limited to:

your name, email address, postal address, date of birth, location data, records of enquiries you have made and in some cases opinions that we document about you;

details of transactions you carry out in a shop or through our websites and of the fulfilment of your orders;

details of your visits to our websites.


5. IP addresses and cookies

We may collect information about your computer, including where available your IP address, operating system and browser type, for system administration and to report aggregate information to our advertisers. This is statistical data about our users' browsing actions and patterns and does not identify any individual.

For the same reason, we may obtain information about your general internet usage by using a cookie file which is stored on the hard drive of your computer. Cookies contain information that is transferred to your computer's hard drive. They help us to improve our websites and to deliver a better and more personalised service. They enable us:

to estimate our audience size and usage pattern;

to store information about your preferences, and so allow us to customise our websites according to your individual interests;

to speed up your searches; and

to recognise you when you return to our websites.

You may refuse to accept cookies by activating the setting on your browser which allows you to refuse the setting of cookies. However, if you select this setting you may be unable to access certain parts of the website. Unless you have adjusted your browser setting so that it will refuse cookies, our system may issue cookies when you log on to our websites.


6. Why do we process your personal data?

Everything we do with your personal data counts as processing it, including collecting, storing, amending, transferring and deleting it. We are therefore required to comply with the Data Protection Laws to make sure that your information is properly protected and used appropriately.

We process your personal data to fulfil the contract we have entered into with you, to receive services or goods from you, and/or to provide the services you have requested from us. We may also process your personal data to respond to any queries or comments you submit to us, including via our website.

We may need personal data from you to be able to enter into a contract with you and provide you with all the information you need. If we do not receive that personal data from you, we may be unable to fulfil our obligations to you.

We process most of your information on the grounds of our legitimate interests (i.e. processing that is necessary to continue our relationship with you and to provide you with or receive from you (as applicable) services or products), fulfilment of our contract with you or to comply with a legal obligation.

If none of the grounds set out above applies, we will obtain separate consent from you to the processing of your personal data. You can withdraw your consent at any time. This won’t affect the lawfulness of any processing we carried out prior to you withdrawing your consent.


7. Marketing communications

We particularly want to draw your attention to our use of your personal data to send you information about promotional offers, new products and events at our shops.

If you have made a purchase from us, we will send marketing communications to you on the basis of our legitimate interest. You may opt out at any time, either by clicking on the unsubscribe option in an email, speaking to a member of our staff in a shop, by writing to us at 22-23 Commercial Street, Leeds, West Yorkshire LS1 6AL (FAO The Privacy Officer), or by emailing us at privacy@oandr.co.uk

Our marketing communications may promote products and services offered by our group companies (detailed above), however we never provide your personal data to any other third parties for them to market to you.


8. Who will receive your personal data?

We only transfer your personal data to the extent we need to. Who we transfer your personal data to will depend upon what we are doing (for example, if you wish to take advantage of a credit plan we will need to contact financial institutions and credit reference agencies to authorise your application). Recipients of your personal data may include:

members of our group of companies (detailed above);

banks and other financial institutions;

credit reference agencies;

business partners, suppliers and sub-contractors that are necessary for us to provide the services that you have requested;

analytics and search engine providers that assist us in the improvement and optimisation of our websites;

legal, financial and other professional advisors where we wish to enforce or apply any rights of Berens.

We don’t transfer your personal data outside of the EEA.


9. How long will we keep your personal data?

We will retain details of any purchases you make from us for 7 years after the date of purchase. We retain information necessary for marketing purposes (for example, name, address and email address) until you unsubscribe from our communications (see section 6, above, for details of how to unsubscribe).  We retain your information for this period in case any issues arise or in case you have any queries. Your information will be kept securely at all times. 

Following the end of the relevant period, your files and personal data we hold about you will be permanently deleted or destroyed. 


10. What are your rights?

You benefit from a number of rights in respect of the personal data we hold about you. We have summarised your rights below, and more information is available from the Information Commissioner’s Office website (https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/individual-rights/). These rights apply for the period in which we process your data.

a) Access to your data

You have the right to ask us to confirm that we process your personal data, as well as access to / copies of your personal data. You can also ask us to provide a range of information, although most of that information corresponds to the information set out in this privacy policy. 

We will provide the information free of charge unless your request is manifestly unfounded or excessive or repetitive, in which case we are entitled to charge a reasonable fee. We may also charge you if you request more than one copy of the same information.

We will provide the information you request as soon as possible and in any event within one month of receiving your request. If we need more information to comply with your request, we’ll let you know. 

b) Rectification of your data

If you believe personal data we hold about you is inaccurate or incomplete, you can ask us to rectify that information. We will comply with your request within one month of receiving it, unless we don’t feel it’s appropriate in which case we’ll let you know why. We’ll also let you know if we need more time to comply with your request.

c) Right to be forgotten

In some circumstances, you have the right to ask us to delete personal data we hold about you. This right is available to you:

where we no longer need your personal data for the purpose for which we collected it;

where we have collected your personal data on the grounds of consent and you withdraw that consent;

where you object to the processing and we don’t have any overriding legitimate interests to continuing processing the data;

where we have unlawfully processed your personal data (i.e. we have failed to comply with GDPR); and

where the personal data has to be deleted to comply with a legal obligation.

There are certain scenarios in which we are entitled to refuse to comply with a request. If any of those apply, we’ll let you know.

d) Right to restrict processing 

In some circumstances you are entitled to ask us to suppress processing of your personal data. This means we will stop actively processing your personal data but we don’t have to delete it. This right is available to you:

if you believe the personal data we hold isn’t accurate – we’ll cease processing it until we can verify its accuracy;

if you have objected to us processing the data – we’ll cease processing it until we have determined whether our legitimate interests override your objection;

if the processing is unlawful; or

if we no longer need the data but you would like us to keep it because you need it to establish, exercise or defend a legal claim.

e) Data portability

You have the right to ask us to provide your personal data in a structured, commonly used and machine-readable format so that you are able to transmit the personal data to another data controller. This right only applies to personal data you provide to us:

where processing is based on your consent or for performance of a contract (i.e. the right does not apply if we process your personal data on the grounds of legitimate interests); and 

where we carry out the processing by automated means.

We’ll respond to your request as soon as possible and in any event within one month from the date we receive it. If we need more time, we’ll let you know.

f) Right to object

You are entitled to object to us processing your personal data:

if the processing is based on legitimate interests or performance of a task in the public interest or exercise of official authority;

for direct marketing purposes (including profiling); and/or

for the purposes of scientific or historical research and statistics.

In order to object, you must have grounds for doing so based on your particular situation. We will stop processing your data unless we can demonstrate that there are compelling legitimate grounds which override your interests, rights and freedoms or the processing is for the establishment, exercise or defence of legal claims.


11. Automated decision making

Automated decision-making means making a decision solely by automated means without any human involvement. This would include, for example, an online credit reference check that makes a decision based on information you input without any human involvement. It would also include the use of an automated clocking-in system that automatically issues a warning if a person is late a certain number of times (without any input from HR, for example).

We don’t carry out any automated decision making using your personal data.


12. Your right to complain about our processing

If you think we have processed your personal data unlawfully or that we have not complied with GDPR, you can report your concerns to the supervisory authority in your jurisdiction. The supervisory authority in the UK is the Information Commissioner’s Office (“ICO”). You can call the ICO on 0303 123 1113 or get in touch via other means, as set out on the ICO website - https://ico.org.uk/concerns/.


13. Any questions?

If you have any questions or would like more information about the ways in which we process your data, please contact privacy@oandr.co.uk

Top