Privacy Policy

Privacy Policy

At Lester & Brown, we value the privacy of our customers – we understand the importance of protecting your personal information and ensuring a safe and enjoyable experience with us.

Our goal is to provide a service that you’ll want to return to and recommend. A key part of this commitment is respecting and protecting your personal data. This Privacy Policy will explain what information we collect, why we collect it, how we use it, and your choices regarding how we store and use your personal data.

1. Introduction

Lester & Brown Limited (‘we’, ‘us’, or ‘our’) is a luxury jewellery brand accessible via the website https://lesterandbrown.com/. We offer a wide variety of pre-designed and custom-made jewellery products, along with related services.

We are dedicated to ensuring the correct procedures are in place to protect and respect your privacy, in line with the EU General Data Protection Regulation (“GDPR”).

For the purposes of the Data Protection Act 1998 and the General Data Protection Regulation ((EU) 2016/679) (“GDPR”), Lester & Brown Limited is the data controller. Our company is registered in England and Wales, under registration number [Insert Company Registration Number], and our principal place of business is at [Insert Business Address].

We may need to collect and use certain information about individuals. This Privacy and Data Protection Policy explains the data we collect, how it is processed, and how we keep it safe. Individuals covered by this policy include customers, suppliers, business contacts, employees, and other people with whom the company has a relationship or may need to contact.

This policy applies to all Lester & Brown Limited employees and all personal data processed by Lester & Brown Limited at any time. The objective of this policy is to ensure that:

  • We process personal data in compliance with GDPR.
  • All Lester & Brown Limited staff are aware of their obligations when processing personal data.
  • We protect the rights of our staff, customers, and partners, as well as your personal data.
  • Lester & Brown Limited takes steps to prevent the risk of data breaches.

By visiting https://lesterandbrown.com/ (“our site”), you are accepting and consenting to the practices described in this policy.

2. Terminology

  • Data Controller: The organization that determines how and why personal data is processed.
  • Data Processor: The organization or individual that processes personal data on behalf of the Data Controller.
  • Data Subject: The individual who is the subject of personal data (also referred to as ‘you’, ‘your’, or ‘yourselves’).
  • Personal Data: Information relating to an individual who can be directly identified. This includes factual information as well as opinions or intentions.
  • Personal Data Breach: The loss, theft, or unauthorized access, use, or disclosure of personal data.

3. Legal Basis for Data Collection

We are legally allowed to collect and process personal data based on several grounds:

  • Consent: We may collect your personal data when you provide clear consent, such as opting into our email newsletters.
  • Contractual Obligations: We may need to collect information to fulfill our contract with you, such as processing orders or delivering products.
  • Legal Compliance: In certain cases, we are required by law to collect and process data, such as for fraud prevention.
  • Legitimate Interest: We may collect data to meet our legitimate interests in operating our business, as long as it does not negatively affect your rights or freedoms.

4. Policy Statement

Lester & Brown Limited will only collect and process personal data where we have obtained your consent, are fulfilling contractual obligations, have a legitimate interest, or need to comply with legal requirements. We will:

  • Comply with the Data Protection Legislation and the following principles:
  • Keep accurate entries on the Information Commissioner’s public register of Data Controllers.
  • Ensure transparency around how personal data is processed, including clear privacy notices when data is collected.
  • Provide a simple process for opting in and out of marketing communications.
  • Ensure that personal data is not disclosed to third parties without legal basis.
  • Manage complaints promptly and according to our Data Protection & Incident Response Policy.

5. Information We Collect

We collect, store, and process personal information when you interact with us. This can include:

  • Information You Provide: When you fill out forms on our site, correspond with us, or visit our showroom. This may include your name, gender, address, email address, phone number, and payment details.
  • Information We Collect Automatically: We collect data such as IP addresses, browser type, pages viewed, and interactions on our website using tools like Google Analytics and Microsoft Clarity to enhance user experience.
  • Information from Other Sources: We may receive information from third-party partners, including payment processors or marketing platforms.

We also collect anonymized data for statistical purposes.

6. How We Use Your Information

We will use your personal data to:

  • Fulfill our contractual obligations to you, such as processing orders.
  • Comply with legal requirements.
  • Protect our business and your data from fraud or other illegal activities.
  • Improve our products and services.
  • Provide relevant marketing materials, if you have opted in.

We may share your personal data with trusted third parties (e.g., Google Analytics, Salesforce) for these purposes.

7. Disclosure of Your Information

At Lester & Brown, we occasionally share your personal data with trusted third parties, such as business partners and service providers, to enhance our services and manage fraud.

We may share your data with the following entities:

  • Google Analytics (USA)
  • Salesforce, our CRM software provider (USA)
  • Yesware, our email CRM software provider (USA)
  • Marketing Cloud, our marketing service provider (USA)
  • Wufoo, our survey software provider (USA)
  • Typeform, our survey software provider (USA and Germany)
  • Professional advisors, including lawyers, bankers, auditors, and insurers (UK)
  • Regulators and authorities that require reporting of processing activities in certain situations
  • Third parties involved in potential sales, transfers, or mergers of our business or assets. Should any such changes occur, the new owners may use your personal data as outlined in this privacy notice.
  • Fraud prevention agencies

We ensure that all third parties respect the security of your personal data and handle it in compliance with the law. We do not permit our third-party service providers to utilize your personal data for their own purposes and restrict them to processing your data according to our instructions.

8. International Transfers

Many of our external partners, including Salesforce and Google Analytics, operate outside the European Economic Area (EEA), which means your personal data may be transferred to the USA and other locations.

If such transfers are necessary, we have established procedures to guarantee that your data receives the same protection as it would within the EEA, in accordance with this Privacy Notice.

9. Data Security

We have implemented appropriate security measures to protect your personal data from accidental loss, unauthorized access, alteration, or disclosure. Access to your personal data is limited to employees, agents, contractors, and third parties who require it for legitimate business purposes. They are required to process your personal data solely in line with our instructions and maintain confidentiality.

While we strive to protect your data, please note that transmission of information via the internet is never completely secure. Any data you send to our site is at your own risk. We have established procedures to address any suspected data breaches and will notify you and relevant regulators if we are legally obligated to do so.

10. Data Retention

We will retain your personal information only as long as necessary to fulfill the purposes for which it was collected, including legal, accounting, or reporting requirements.

To determine the appropriate retention period, we consider the nature and sensitivity of the personal data, the potential risks of unauthorized use or disclosure, the purposes of processing, and applicable legal requirements. In some cases, we may anonymize your personal data for research or statistical purposes, allowing us to use this information indefinitely without further notice.

11. Your Rights

Under data protection legislation, you have the following rights:

  • You can withdraw your consent for the processing of your personal data at any time by contacting us at Lester & Brown, 29 Park Lane, Stockport, Cheshire, SK12 1RD, or via email at info@lesterandbrown.com.
  • You may request rectification of any inaccuracies in your personal information.
  • You can request the erasure of your personal information if we have no valid reason to continue processing it, if you have successfully exercised your right to object to processing, if we have processed your information unlawfully, or if local law requires us to erase your personal data.
  • You have the right to object to our processing of your personal data based on legitimate interests or for direct marketing purposes. In certain cases, we may demonstrate compelling legitimate grounds to process your information that override your rights and freedoms.
  • You can request restrictions on our processing of your personal data if:
  • You can request a copy of your personal data in a commonly used and machine-readable format or request that we transmit your data to another data controller.
  • You have the right not to be subject to automated decision-making, including profiling, that has significant effects on you.
  • You can access information we hold about you without charge. However, we may charge a reasonable fee for clearly unfounded, repetitive, or excessive requests, or we may refuse to comply in such circumstances.

You can send subject access or correction requests to: info@lesterandbrown.com or in writing to:

Data Protection Officer
Lester & Brown
29 Park Lane,
Poynton,
Stockport, SK12 1RD

Questions, comments, and requests regarding this privacy policy are welcomed and should be directed to us using the contact information provided above.

You also have the right to lodge a complaint with the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues. More information can be found at www.ico.org.uk.

If we decide not to fulfill your request, we will explain the reasons for our refusal. If the ICO deems the request onerous or unreasonable, we may ask you to narrow your request or, if permitted by the ICO, your full request may incur a charge.

To protect your information, we will require verification of your identity before processing any request. If a third party, such as a solicitor, is authorized to make a request on your behalf, we must still receive proof of their authorization and your identity. We will respond directly to the individual making the data subject access request and not to the third party.

12. Links to and from Our Site

Lester & Brown may contain links to and from the websites of our partners, such as advertisers or affiliates. If you choose to follow these links, please be aware that these websites have their own privacy policies, and Lester & Brown cannot accept any responsibility for these policies.

13. Data Accuracy

All employees at Lester & Brown who handle data are responsible for taking reasonable steps to ensure it is kept accurate and up-to-date.

Data should be stored in as few locations as necessary. Staff are advised against creating unnecessary datasets, and when required, they must dispose of data properly, either by shredding paper copies or thoroughly deleting electronic versions.

We encourage staff to confirm and update customer details whenever possible, such as verifying contact information during calls or updating email footers.

Lester & Brown makes it easy for individuals to update their information. You may request access, changes, or to exercise your right to be forgotten by contacting us at info@lesterandbrown.com. We aim to address these requests promptly, typically within 14 days and no longer than 30 days.

Data will be updated as inaccuracies are discovered. For instance, if a customer’s stored telephone number becomes invalid, it will be removed from our database.

You have the right to contact us at any time to correct any data we hold about you. For example, if you change your name after marriage, we will update our records and inform any relevant third parties.

14. Klarna

To provide you with Klarna’s payment options, we will share specific aspects of your personal information, such as contact and order details, with Klarna. This allows them to assess your eligibility for their payment options and tailor these options for you.

You can find general information about Klarna here. Your personal data is handled in accordance with applicable data protection laws and as outlined in Klarna’s privacy policy.

15. Changes to Our Privacy Policy

Any future changes we make to our privacy policy will be posted on this page. We encourage you to check back frequently for updates or changes.

Instagram@lesterandbrown