Diamonds & Steel Ltd Privacy Policy

Diamonds and Steel takes your personal privacy extremely seriously. Our company was founded to help protect your privacy, and we’ve gone to court to defend that right.

We take extra care to safeguard your privacy from the second you land on our homepage to the moment your order arrives at your front door. Here’s just a few of our special measures:

The Strongest Possible Computer Defenses
Diamonds and Steel has comprehensive, companywide standards for maintaining the privacy and safety of your personal and billing information. While we can’t go into explicit details, our safeguards include multi-layered firewalls and virus scans, secured servers, mandatory password changes, and the very latest in computer encryption.

Anonymous Shipping
All of our products are shipped as anonymously as possible. Depending on your order, you might receive a plain brown box or a tan business envelope lined with bubble wrap. Because Diamonds and Steel is a recognized name, we use an alias on the return address label to protect your privacy.

Discreet Billing
Our efforts to ensure your privacy even extends to your credit card/bank statement. Our name will never appear in your billing statement. Instead, your order will be listed simply as D S Trading.


Diamonds and Steel's Privacy Policy

This Privacy Policy (referred to later as "Policy") describes how we gather and process your personal information throughout our website, located at www.diamondsandsteel.co.uk (referred to later as the "Site"). It provides you with the necessary information regarding your rights and our obligations. It also explains how, why and when we process your personal data.

By using the Site or obtaining any product or service through this Site, you agree to the limited collection and use of information as outlined in this Policy. If you do not agree to this Policy, please do not use the Site.

Emails from Diamondsandsteel.co.uk or its business partners, and the Site itself, may contain links to other Internet websites, including sites that may or may not be owned or operated by Diamondsandsteel.co.uk. Unless otherwise explicitly stated, we are not responsible for the privacy practices or the content of such websites, including their use of any information (such as IP number, browser type or operating system) collected when email recipients or Site visitors click through links to those sites. If you visit such websites, we encourage you to become familiar with the privacy practices of the sites to ensure a safe browsing experience.

We may from time to time update this Policy to reflect changing technology and other factors. We will notify you of changes to the Policy by posting the updated Policy on this page. We ask that you bookmark and periodically review this page to ensure that you remain familiar with the most current version of the Policy.

Information That We Collect
Diamonds and Steel Ltd. processes your personal information to meet our legal, statutory and contractual obligations and to provide you with our products and services. We will never collect any unnecessary personal data from you and do not process your information in any way other than as specified in this notice.

Diamondsandsteel.co.uk collects two basic types of information during your visits to our Site.

Firstly, we collect non-personally identifiable information. This is general information that cannot be traced to individuals and contains no personalized data, think of it as a simple census form. When visitors come to our Site, we collect and aggregate information indicating, among other things, which pages of the Site were visited, the order in which they were visited and which links on the site were clicked. Collecting such information involves logging the IP addresses, operating system and browser software used by each visitor to the Site. Although such information is not personally identifiable, it may be possible to determine from an IP address a visitor’s Internet Service Provider and the general geographic location of the visitor’s point of connectivity. We then use this information in making modifications and improvements to the site to provide users with a smoother and more efficient shopping experience.

We also use non-invasive "cookies" and other tracking technologies to collect non-personally identifiable information. Cookies are alphanumeric identifiers that we transfer to your computer's hard drive through your Web browser. These cookies do not track other websites you might visit and they do not plant malware on your computer. Our non-invasive cookies allow us to recognize your browser so we can personalize your return visits to the Site and save you time during checkout.

If you are uncomfortable with cookies on your computer, you can always remove them by accessing the options menu of your browser. Please refer to your browser’s help menu for more specific directions if needed.

Secondly, Diamondsandsteel.co.uk collects personally identifiable information as needed to provide you with requested services and to process your orders. This information typically comes from the account sign-up form, order form, email marketing opt-in form, and others. These forms require that you provide us with certain personally identifiable information, such as your:

  • Name
  • Date of Birth
  • Mailing Address
  • Physical Address
  • Email Address
  • Home Telephone Number
  • Mobile Telephone Number
  • Credit Card Number

Further, when you use the Site to purchase a product as a gift and ask us to deliver it for you, we collect personally identifiable information regarding the gift recipient, including their name and mailing address.

How We Use Your Data (Legal Basis for Processing)
Diamonds and Steel Ltd. takes your privacy very seriously and will never disclose, share or sell your data without your consent; unless required to do so by law. We only retain your data for as long as is necessary and for the purpose(s) specified in this notice. Where you have consented to us providing you with promotional offers and marketing, you are free to withdraw this consent at any time.

Diamondsandsteel.co.uk uses non-personally identifiable information, such as your IP address and the pages that you visit on our Site, to help diagnose problems with our servers and to administer our Site and improve Site-related services and features. Your IP address and other non-personally identifiable information also may be used to gather broad demographic information and to recognize customer traffic patterns and Site usage trends. This information aids us in merchandising and in developing the design and layout of the Site.

We also might share aggregated statistical data and other non-personally identifiable information with our current and potential business partners and with our service providers to help them provide similar services.

Diamondsandsteel.co.uk sometimes administer online surveys in connection with the Site in which we ask you for demographic information and opinions. We do not ask you for personally identifiable information as part of a survey. We use the collected survey data on an aggregated basis to better understand the needs of all of our customers.

Diamondsandsteel.co.uk uses personally identifiable information collected from you to complete transactions initiated by you, particularly the sale and delivery of products and services. Your personally identifiable information is also used to get in touch with you when necessary to provide updates about your order and answer any questions you might have.

We may also use personally identifiable information to contact you to make sure you are satisfied with our goods and services or to find out how we can serve you better. Your decision to participate in any survey or questionnaire about this is completely voluntary. Further, we may use personally identifiable information to conduct in-depth marketing research regarding our customers and potential customers.

Financial information (credit card numbers, credit card expiration dates, billing address, and so forth) is used solely to bill you for products and services and we make every effort to keep your information secure from theft or fraud.

Diamondsandsteel.co.uk also may use your personally identifiable information to "pre-populate" forms that are used by the Site to facilitate transactions with us and save you from entering every data field on the checkout.

Diamondsandsteel.co.uk may send to you periodic announcements regarding your order, status updates, service changes concerning the Site and other administrative matters. You may also, from time to time, receive information from us regarding new features, new products and services and special offers we think you'll find valuable. Also, while we won't share your email address with other companies, we may rent, sell or exchange your postal mailing address and information about your transactions with businesses that we believe to be reputable and that can provide you with offers and information that we think will be of interest to you. If you'd like to opt out of receiving future mailings from Diamondsandsteel.c.uk or opt out of Diamondsandsteel.co.uk providing your postal mailing address to third parties, please follow the procedure outlined in the Opt-Out section below.

There are some special instances when we might use or disclose personally identifiable information:

  • Gift Recipients 
    As noted above, we collect personally identifiable information regarding gift recipients and people to whom you may wish to give gifts in the future. This is done in order to accommodate proper gift delivery to such recipients and remind you of upcoming gift-giving occasions. We do not sell or rent any personally identifiable information that you provide to us regarding such persons, but gift recipients may, from time to time, receive offers from us via postal mailings regarding new features, new products and services and special offers we think they will find of interest. Also we may send marketing offers via postal mailings to gift recipients on behalf of ourselves and our business partners. In connection with such offers, we allow gift recipients to opt out of receiving future marketing-related postal mailings from us, as discussed in the Opt-Out section below.
  • Service Providers
    We work with third parties who provide services, including but not limited to website hosting, order processing and fulfillment, credit card clearance, e-commerce affiliation, data analysis, emailing, marketing, targeting and other services. Some of these third parties may be given access to some or all of the information that you provide to us and may use cookies or other tracking technologies in connection with providing their services. To the extent that we provide your personally identifiable information to such third parties, we restrict their ability to use such information for their own marketing purposes to the best of our abilities. However, we cannot be responsible for the privacy policies or practices of such third parties.
  • As Required By Law
    Subject to applicable law, we reserve the right to release information concerning any Site visitor where such visitor is believed to be in violation of his or her obligations to us, is partaking (or is suspected of partaking) in any illegal activity, in response to civil subpoenas and discovery requests, to protect the interests of Diamondsandsteel.co.uk, our customers or others, and as otherwise permitted or required by law as regards to these special cases.

Your Rights
You have the right to access any personal information that Diamonds and Steel Ltd. processes about you and to request information about:

  • What personal data we hold about you
  • The purposes of the processing
  • The categories of personal data concerned
  • The recipients to whom the personal data has/will be disclosed
  • How long we intend to store your personal data for
  • If we did not collect the data directly from you, information about the source

If you believe that we hold any incomplete or inaccurate data about you, you have the right to ask us to correct and/or complete the information and we will strive to do so as quickly as possible; unless there is a valid reason for not doing so, at which point you will be notified.

You also have the right to request erasure of your personal data or to restrict processing (where applicable) in accordance with the data protection laws; as well as to object to any direct marketing from us. Where applicable, you have the right to data portability of your information and the right to be informed about any automated decision-making we may use.

If we receive a request from you to exercise any of the above rights, we may ask you to verify your identity before acting on the request; this is to ensure that your data is protected and kept secure.

Sharing and Disclosing Your Personal Information
We do not share or disclose any of your personal information without your consent, other than for the purposes specified in this notice or where there is a legal requirement. Diamonds and Steel Ltd. uses third parties to provide the below services and business functions; however, all processors acting on our behalf only process your data in accordance with instructions from us and comply fully with this privacy notice, the data protection laws and any other appropriate confidentiality and security measures.

Keep in mind that, while we encourage all third parties involved in running our business to adhere to our policies regarding the privacy of our visitors and to handle personally identifiable information in a responsible manner, we cannot and do not assume any responsibility for any actions or omissions of third parties, including the manner in which they use information received either from Diamondsandsteel.co.uk or independently.

Opting Out
At any time, you can adjust how Diamondsandsteel.co.uk markets to you or even opt-out completely. To adjust your mailing preferences, simply log into your account and go to the Email Preferences section(s). Then select if you want to receive emails and how often you get them. When the checkmark is removed, you have successfully opted-out from those mailings. Please note that you will still receive emails regarding your order whenever you make a purchase.

If you are unable to access your account for any reason, you can still opt out of emails from Diamondsandsteel.co.uk as well as mailings from third-party marketers by using this link: Contact Us

Safeguarding Measures
Diamonds and Steel Ltd. takes your privacy seriously and takes every reasonable measure and precaution to protect and secure your personal data. We work hard to protect you and your information from unauthorized access, alteration, disclosure, or destruction and have several layers of security measures in place, including, but not limited to:

  • The highest levels of encryption for both data at rest and during transmission
  • Robust access controls
  • Multi-layered defenses
  • Vulnerability management, intrusion detection, monitoring, and continuous testing
  • A mature InfoSec policy

Unfortunately, no security system, or system of transmitting data over the Internet, can be guaranteed to be 100% secure. While we work hard to protect your personally identifiable information, we cannot guarantee the security of our servers, the means by which information is transmitted between your computer and Diamondsandsteel.co.uk servers, or any information provided to us or to any third party through or in connection with the Site. You provide all such information at your own risk, but please remember that these risks can be minimized by using responsible browsing habits such as the use of anti-virus software and similar protection measures.

Consequences of Not Providing Your Data
You are not obligated to provide your personal information to Diamonds and Steel Ltd. However, this information is required for us to provide you with our services and deliver of your products. We will not be able to offer some or all of our services without it.

How Long We Keep Your Data
Diamonds and Steel Ltd. only ever retains personal information for as long as is necessary and we have strict review and retention policies in place to meet these obligations.

Where you have consented to us using your details for direct marketing, we will keep such data until you notify us otherwise and/or withdraw your consent.

Special Categories Data
Owing to the products, services or treatments that we offer, Diamonds and Steel Ltd. sometimes needs to process sensitive personal information (known as special category data) about you, as a consequence of the type of products we sell. Where we collect such information, we will only request and process the minimum necessary for the specified purpose and identify a compliant legal basis for doing so.

Where we rely on your consent for processing special category data, we will obtain your explicit consent through a checkbox on our website. You can modify or withdraw consent at any time, which we will act on immediately, unless there is a legitimate or legal reason for not doing so.

Lodging A Question or Complaint
Diamonds and Steel Ltd. only processes your personal information in compliance with this privacy notice and in accordance with the relevant data protection laws. If, however, you have a question about this Policy, the data collection and usage practices of this Site or your dealings with this site, you can click this link: Contact Us


Making Sure Your Order is Secure

Diamonds and Steel's computer experts make every possible effort to protect your credit card information and personal data by following the some of the strictest security standards in the industry to prevent hacking. All of your credit card and personal information is code-encrypted using Secure Sockets Layer (SSL) technology. SSL works by creating a secure link between your computer and ours so only Diamonds and Steel can decode your personal information.

As an extra level of security, Diamonds and Steel employs outside companies, to regularly test our site and examine our security policies to make sure we’re doing all we can to protect your personal information.

There are several things you can do to ensure you have a safe and secure connection. The easiest thing to do is simply check the address bar of your internet browser.

Internet Explorer users should look for a lock next to the web page address. If the lock is closed, then the site is secure and safe. If the lock is open, then the page is not secure and you should not enter any sensitive information.

Chrome users need to check for a lock next to the web page address. If the lock is green, then the site is safe. If the lock is red, then it is not secure.

Firefox users can look at the icon next to the web page address. If the icon is blue, then the site is safe. If there is no color, then the site is not secure. You can also click on the icon for additional information on the security of the site.

Another option is to check the actual address of the site. Secure web pages should begin “https:” while non-secure sites use a regular “http:”


Risk-free Shopping Guarantee

In the unlikely event of someone stealing your credit card number, Diamonds and Steel wants to make sure you’re not the one paying the price. Under the Fair Credit Billing Act, your bank cannot hold you responsible for more than £50.00 of fraudulent charges. If your bank does try to bill you for the unauthorized charges, then we’ll cover it ourselves – up to the £50.00 limit. To qualify for this safeguard, you must contact us and show that the unauthorized use of your credit card resulted through no fault of your own from making a purchase at www.diamondsandsteel.co.uk on our secure server.


Copyright Infringement

Contents of Notice
The DMCA requires that all notices of alleged copyright infringement be in writing. For Diamonds and Steel to act on your notice, you must be authorized to enforce the copyrights that you allege have been infringed. When informing Diamonds and Steel of an alleged copyright infringement, you should:

I. Identify the copyrighted work that allegedly has been infringed. If multiple copyrighted works on a single Diamonds and Steel Service are involved, please provide a representative list of such works. 
II. Describe the material that is claimed to be infringing and provide sufficient information to permit Diamonds and Steel to locate that material. 
III. Provide your contact information, including an address, telephone number, and, if available, an e-mail address. 
IV. Certify or include a statement that you have a good-faith belief that the use of the copyright-protected material in the manner complained of is not authorized by the copyright owner, the owner’s agent, or law. 
V. Certify that the information that you have provided Diamonds and Steel is accurate. You should attest under penalty of perjury that you are authorized to enforce the copyrights that you allege have been infringed. 
VI. Include your physical or electronic signature.

Diamonds and Steel may not be able to act on your complaint promptly or at all if you do not provide this information.


EU General Data Protection Regulation

The EU General Data Protection Regulation (hereafter referred to as 'GDPR') is effective and enforced for European Union members on 25th May 2018 and brings with it the most significant changes to data protection law in two decades. Based on privacy by design and taking a risk-based approach, the GDPR has been designed to meet the requirements of the digital age.

The 21st Century brings with it broader use of technology, new definitions of what constitutes personal data, and a vast increase in cross-border processing. The new Regulation aims to standardize data protection laws and processing across the EU; affording individuals stronger, more consistent rights to access and control their personal information.

Our Commitment
Diamonds and Steel Ltd., and its subsidiaries  (hereafter referred to as ‘we’ or ‘us’ or ‘our’) are committed to ensuring the security and protection of the personal information that we process, and to provide a compliant and consistent approach to data protection. We have always had a robust and effective data protection program in place which complies with existing law and abides by the data protection principles. However, we recognize our obligations in updating and expanding this program to meet the demands of the GDPR.

We are dedicated to safeguarding the personal information under our remit and in developing a data protection regime that is effective, fit for purpose and demonstrates an understanding of, and appreciation for the new Regulation. Our preparation and objectives for GDPR compliance have been summarized in this statement and include the development and implementation of new data protection roles, policies, procedures, controls and measures to ensure maximum and ongoing compliance.

How we are Preparing for the GDPR
We already have in place a consistent level of data protection and security across our organization, however it is our aim to be fully compliant with the GDPR.

Our preparations include but are not limited to:

  • Information Audit – carrying out a company-wide information audit to identify and assess what personal information we hold, where it comes from, how and why it is processed and if and to whom it is disclosed.
  • Policies & Procedures – We are reviewing and when necessary revising our data protection policies and procedures to meet the requirements and standards of the GDPR and any relevant data protection laws, including but not limited to:Legal Basis for Processing – we are reviewing all processing activities to identify the legal basis for processing and ensuring that each basis is appropriate for the activity it relates to. Where applicable, we also maintain records of our processing activities, ensuring that our obligations under Article 30 of the GDPR and Schedule 1 of the Data Protection Bill are met.
    • Data Protection – our main policy and procedure document for data protection has been overhauled to meet the standards and requirements of the GDPR. Accountability and governance measures are in place to ensure that we understand and adequately disseminate and evidence our obligations and responsibilities; with a dedicated focus on privacy by design and the rights of individuals.
    • Data Retention & Erasure – we have updated our retention policy and schedule to ensure that we meet the ‘data minimization’ and ‘storage limitation’ principles and that personal information is stored, archived and destroyed compliantly and ethically. We have dedicated erasure procedures in place to meet the new ‘Right to Erasure’ obligation and are aware of when this and other data subject’s rights apply; along with any exemptions, response timeframes and notification responsibilities.
    • Data Breaches – our breach procedures ensure that we have safeguards and measures in place to identify, assess, investigate and report any personal data breach at the earliest possible time. Our procedures are robust and have been disseminated to relevant employees, making them aware of the reporting lines and steps to follow.
    • International Data Transfers & Third-Party Disclosures – where we store or transfer personal information outside the EU, we have robust procedures and safeguarding measures in place to secure, encrypt and maintain the integrity of the data. Our procedures include a continual review of the countries with sufficient adequacy decisions, as well as provisions for binding corporate rules; standard data protection clauses or approved codes of conduct for those countries without. We carry out strict due diligence checks with all recipients of personal data to assess and verify that they have appropriate safeguards in place to protect the information, ensure enforceable data subject rights and have effective legal remedies for data subjects where applicable.
    • Subject Access Request (SAR) – we have revised our SAR procedures to accommodate the revised 30-day timeframe for providing the requested information and for making this provision free of charge. Our new procedures detail how to verify the data subject, what steps to take for processing an access request, what exemptions apply and a suite of response templates to ensure that communications with data subjects are compliant, consistent and adequate.
  • Privacy Notice/Policy – we reviewed and revised our Privacy Notice(s) to comply with the GDPR, ensuring that all individuals whose personal information we process have been informed of why we need it, how it is used, what their rights are, who the information is disclosed to and what safeguarding measures are in place to protect their information.
  • Obtaining Consent – we have reviewed and revised our consent mechanisms for obtaining personal data, ensuring that individuals understand what they are providing, why and how we use it and giving clear, defined ways to consent to us processing their information. We have developed stringent processes for recording consent, making sure that we can evidence an affirmative opt-in, along with time and date records; and an easy to see and access way to withdraw consent at any time.
  • Direct Marketing – we have reviewed and revised the wording and processes for direct marketing, including clear opt-in mechanisms for marketing subscriptions; a clear notice and method for opting out and providing unsubscribe features on all subsequent marketing materials.
  • Data Protection Impact Assessments (DPIA) – where we process personal information that is considered high risk, involves large scale processing or includes special category/criminal conviction data; we have developed stringent procedures and assessment templates for carrying out impact assessments that comply fully with the GDPR’s Article 35 requirements. We have implemented documentation processes that record each assessment, allow us to rate the risk posed by the processing activity and implement mitigating measures to reduce the risk posed to the data subject(s).
  • Processor Agreements – where we use any third-party to process personal information on our behalf (i.e., Direct Marketing) we have drafted compliant Processor Agreements and due diligence procedures for ensuring that they (as well as we), meet and understand their/our GDPR obligations. These measures include initial and ongoing reviews of the service provided, the necessity of the processing activity, the technical and organizational measures in place and compliance with the GDPR.
  • Special Categories Data – where we obtain and process any special category information, we do so in complete compliance with the Article 9 requirements and have high-level encryptions and protections on all such data. Special category data is only processed where necessary and is only processed where we have first identified the appropriate Article 9(2) basis or the Data Protection Bill Schedule 1 condition. Where we rely on consent for processing, this is explicit with the right to modify or remove consent being clearly signposted.

Data Subject Rights
In addition to the policies and procedures mentioned above that ensure individuals can enforce their data protection rights, we provide easy to access information via our website of an individual’s right to access any personal information that we process about them and to request information about:

  • What personal data we hold about them
  • The purposes of the processing
  • The categories of personal data concerned
  • The recipients to whom the personal data has/will be disclosed
  • How long we intend to store your personal data
  • If we did not collect the data directly from them, information about the source
  • The right to have incomplete or inaccurate data about them corrected or completed and the process for requesting this
  • The right to request erasure of personal data (where applicable) or to restrict processing in accordance with data protection laws, as well as to object to any direct marketing from us and to be informed about any automated decision-making that we use
  • The right to lodge a complaint or seek judicial remedy and who to contact in such instances

Information Security & Technical and Organizational Measures
We take the privacy and security of individuals and their personal information very seriously and take every reasonable measure and precaution to protect and secure the personal data that we process. We have robust information security policies and procedures in place to protect personal information from unauthorized access, alteration, disclosure or destruction and have several layers of security measures, including but not limited to:

  • The highest levels of encryption for both data at rest and during transmission
  • Robust access controls
  • Multi-layered defenses
  • Vulnerability management, intrusion detection, monitoring, and continuous testing
  • A mature InfoSec policy

GDPR Roles and Employees
We have designated a member of management as our GDPR representative and have appointed a data privacy team to develop and implement our roadmap for complying with the new data protection Regulation. The team is responsible for promoting awareness of the GDPR across the organization, assessing our GDPR readiness, identifying any gap areas and implementing the new policies, procedures and measures.

We understand that continuous employee awareness and understanding is vital to the continued compliance of the GDPR and have involved our employees in our preparation plans. We have implemented an employee training program, which will be provided to all relevant employees prior to May 25th, 2018, and forms part of our induction and annual training program.

How to Request Removal (the right to be forgotten)
Diamonds and Steel Ltd., which processes the personal data of individuals in the European Union, in either the role of ‘data controller’ or ‘data processor’, has appointed DPR Group as its Data Protection Representative for the purposes of GDPR.

If Diamonds and Steel Ltd. has processed or is processing your personal data, you may be entitled to exercise your rights under GDPR in respect of that personal data. For more details on the rights you have in respect of your personal data, please refer to the European Commission (https://ec.europa.eu/info/law/law-topic/dataprotection/data-protection-eu_en) or the national Data Protection Authority in your country.

Diamonds and Steel Ltd. takes their clients’ (and the customers of their clients) data protection seriously, and has appointed DPR Group as their Data Protection Representative in the European Union so that you can contact them directly in your home country. DPR Group has locations in each of the 28 EU countries, so that Diamonds and Steel Ltd.’s customers can always raise the questions they want with them.