David Ashley – Privacy Policy

We are Worldwide Bargains Limited t/a David Ashley (referred to as David Ashley, we, us and our in this Privacy Policy), a company incorporated in England with company registration number 11741922 and whose registered office address is 24 Tudor Close, Woodford Green, England, IG8 0LF.

The information set out in this Privacy Policy is provided to individuals whose personal data we process (you or your) as data controller, in compliance with our obligations under the Data Protection Act 2018 and the General Data Protection Regulation 2016/679 (GDPR).

Data controller details

We are the data controller in relation to the processing of the personal information that you provide to us. Our contact details are as follows:

  • Address: London Diamond Bourse, 100 Hatton Garden, London, England, EC1N 8NX.
  • Email address: Help@davidashleys.com (please include “Personal Data Request” in your subject heading to ensure it receives the correct attention).

How we collect your information

Generally, the information we hold about you comes from the way you engage with us, for example by doing any of the following:

  • through engaging with us via our website;
  • purchasing a product and/or services from us;
  • providing us with information in the course of registering as a subscriber;
  • contacting us offline, for example by telephone, SMS, email or by post; and
  • interacting with us using social media.

What we collect, legal grounds and purpose for processing

The types of personal data that we may collect, use, store and transfer about you are set out below, together with the legal grounds and purposes for processing:

What we collect Purposes and legal grounds
Contact information such as your name, email address, postal address and mobile or other telephone number.
  • If it is necessary for the performance of our contract or for the purposes of entering into a contract: for the purpose of negotiating and entering into contractual agreements with you, in the course of providing our services e.g. processing and delivering orders to you.
  • If it is in our legitimate business interests to do so: for internal record keeping for administration purposes, for the purpose of communications in relation to establishing a customer relationship, obtaining evidence of identity of our customers, communications regarding our service and fees, for insight purposes (e.g. to analyse market trends and demographics, and develop the service which we offer to you or other individuals in the future) and sending information to you about products and services which we think may be of interest to you for marketing purposes.
  • Compliance with a legal obligation: in order to prevent fraud or money laundering or to comply with any other legal or regulatory requirements.
Payment and account information (such as your payment card number, expiration date, security code and billing address)
  • If it is necessary for the performance of our contract: for the purpose of making or receiving payments in the course of providing our services.
  • If it is in our legitimate business interests to do so: for internal record keeping for administration purposes, for the purpose of retaining evidence of payment transactions, for insight purposes (e.g. to analyse market trends and demographics in relation to our fees), for establishing our customer’s ability to pay costs and to develop the service which we offer to you or other individuals in the future).
  • Compliance with a legal obligation: in order to prevent fraud or money laundering or to comply with any other legal or regulatory requirements.
Identification information contained in or provided to us as part of our customer ID checks. This includes details included in copy personal photo and residential ID documents we receive.
  • If it is in our legitimate business interests to do so: for the purposes of obtaining evidence of identity of our customer and internal record keeping for administration purposes.
  • Compliance with a legal obligation: in order to prevent fraud or money laundering or to comply with any other legal or regulatory requirements.
  • Consent: if disclosing to other organisations where we cannot rely on any legal obligation to do so.
Technical data including internet protocol (IP) address, unique device identifier, location information, metadata, cookies and other information associated with other files stored on your device.
  • If it is in our legitimate business interests to do so: for ensuring the proper administration of our site; monitoring and improving our site and the content provided to you; for analytics and insight purposes e.g. to improve the user experience within our site; to understand customer behaviours, analyse market trends and customer demographics and develop the product/service which we offer to you or other individuals in the future; and research or statistical purposes, including to analyse how people use our site, view our products, respond to our advertising and to improve our understanding of what customers need;
  • Compliance with a legal obligation: in order to prevent fraud or money laundering or to comply with any other legal or regulatory requirements.
  • Consent: where we collect certain types of cookies or use other tracking technologies such as pixels e.g. for the purpose of targeted advertisements, we will only do so with your consent. For further information, please see our cookie policy.
We do not collect any Special Categories of Personal Data about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health, and genetic and biometric data). Nor do we collect any information about criminal convictions and offences.

Sharing your information

Please note that personal information we are holding about you may be shared with and processed by:

  • regulators or other third parties for the purposes of monitoring and/or enforcing our compliance with any legal and regulatory obligations, including statutory or regulatory reporting or the detection or prevention of unlawful acts;
  • credit reference and fraud prevention agencies;
  • any third party in the context of actual or threatened legal proceedings, provided we can do so lawfully (for example in response to a court order);
  • other parties and/or their professional advisers involved in a matter where required as part of the conduct of the services;
  • our own professional advisers and auditors for the purpose of seeking professional advice or to meet our audit responsibilities;
  • credit financing companies (such as Klarna) if financing is requested by you as part of a purchase of goods and/or services from us;
  • our service providers and agents (including their subcontractors) or third parties which process information on our behalf (e.g. internet service and platform providers, our bank, payment processing providers and those organisations we engage to help us send communications to you) so that they may help us to provide you with the applications, products, services and information you have requested; and
  • another organisation to whom we may transfer our agreement with you or if we sell or buy (or negotiate to sell or buy) our business or any of our assets (provided that adequate protections and safeguards are in place).

Please note that we include links within our website to third party social media providers such as Facebook and Twitter, but we will not share your information with such providers without your consent.

International transfers

We will not transfer personal data relating to you to a country which is outside the European Economic Area (EEA) unless:

  • the country or recipient is covered by an adequacy decision of the Commission under GDPR Article 45;
  • appropriate safeguards have been put in place which meet the requirements of GDPR Article 46 (for example using the European Commission’s Standard Model Clauses for transfers of personal data outside the EEA); or
  • one of the derogations for specific situations under GDPR Article 49 is applicable to the transfer. These include (in summary):
    • the transfer is necessary to perform, or to form, a contract to which we are a party:
      • with you; or
      • with a third party where the contract is in your interests;
    • the transfer is necessary for the establishment, exercise or defence of legal claims;
    • you have provided your explicit consent to the transfer; or
    • the transfer is of a limited nature, and is necessary for the purpose of our compelling legitimate interests.

Retention of personal data

  • Unless we are required or permitted by law to hold on to your data for longer specific retention period (for example, by rules imposed by the Financial Conduct Authority), we will only hold your personal information on our systems for a period of 6 years from your last transaction with us.
  • In some circumstances we will anonymise your personal data (so that it can no longer be associated with you) for research or statistical purposes, in which case we may use this information indefinitely without further notice to you.
  • Where we no longer need your personal information, we will dispose of it in a secure manner.

Your rights in respect of your personal data

  • You have certain rights under existing data protection laws, including the right to (upon written request) access a copy of your personal data that we are processing. From 25 May 2018, in accordance with the GDPR:
  • you will have the following rights:
    • right to access: the right to request certain information about, access to and copies of the personal information about you that we are holding (please note that you are entitled to request one copy of the personal information that we hold about you at no cost, but for any further copies, we reserve the right to charge a reasonable fee based on administration costs); and
    • right to rectification: the right to have your personal information rectified if it is inaccurate or incomplete; and
  • in certain circumstances, you will also have the following rights:
    • right to erasure/“right to be forgotten: the right to withdraw your consent to our processing of the data (if the legal basis for processing is based on your consent) and the right to request that we delete or erase your personal information from our systems (however, this will not apply if we are required to hold on to the information for compliance with any legal obligation or if we require the information to establish or defend any legal claim);
    • right to restriction of use of your information: the right to stop us from using your personal information or limit the way in which we can use it;
    • right to data portability: the right to request that we return any information you have provided in a structured, commonly used and machine-readable format, or that we send it directly to another company, where technically feasible; and
    • right to object: the right to object to our use of your personal information including where we use it for our legitimate interests or for marketing purposes.
  • You have the right to unsubscribe from our marketing communications at any time by following the link in the footer of the last email you received from one of our brands (“Unsubscribe”) or by sending your request with detailed instructions to us (see contact details above in the “Data Controller details” section.
  • Please note that if you withdraw your consent to the use of your personal information for purposes set out in our Privacy Policy, we may not be able to carry out our contractual obligations to you or provide you with access to all or certain parts of our services.
  • If you consider our use of your personal information to be unlawful, you have the right to lodge a complaint with the UK’s supervisory authority, the Information Commissioner’s Office. Please see further information on their website: www.ico.org.uk.

Automatic decision making

We do not make decisions based solely on automated data processing, including profiling.

Security

We keep your information protected by taking appropriate technical and organisational measures to guard against unauthorised or unlawful processing, accidental loss, destruction or damage. For example:

  • where appropriate, data is encrypted when transiting on our system or stored on our databases;
  • we have implemented safeguards in relation to access and confidentiality in order to protect the information held within our systems; and
  • we frequently carry out risk assessments and audits to monitor and review threats and vulnerabilities to our systems to prevent fraud.

However, while we will do our best to protect your personal information, we cannot guarantee the security of your information which is transmitted via an internet or similar connection. It is important that all details of any username, password and/or other identification information created to access our servers are kept confidential by you and should not be disclosed to or shared with anyone.

Changes to this Privacy Policy

We may amend this Privacy Policy from time to time, for example to keep it up to date, to implement minor technical adjustments and improvements or to comply with legal requirements. We will always update this Privacy Policy on our website, so please try to read it when you visit the website (the “last updated” reference tells you when we last updated our Privacy Policy).

Last updated August 2020

1