We respect your privacy and are committed to protecting your personal data. This policy explains what we collect, why, and your rights under UK GDPR and the Data Protection Act 2018.
Download Policy (PDF)We only collect what we need. We never sell your data. Your rights under UK law are always respected.
The data controller is Castle Jewellery Ltd, Mow Cop, Cheshire. We decide how and why your personal data is processed.
Under UK GDPR, we must have a lawful basis for every use of your personal data.
| Purpose | Lawful Basis |
|---|---|
| Processing your order and delivering your ring | Contract performance |
| Responding to enquiries and pre-sale communication | Legitimate interests |
| Sending marketing emails to wedding fair leads | Consent (at point of sign-up) |
| Keeping financial and invoice records | Legal obligation |
| Improving our website using Google Analytics | Legitimate interests / Cookie consent |
| Serving targeted ads via Meta | Consent (cookie banner) |
| Using consultation photos on our website & social media | Consent (verbal, at time of photography) |
| Post-purchase customer care calls | Legitimate interests |
During home consultations we may take photographs of rings being tried on or of the consultation itself. We always ask for your verbal consent before taking any photographs.
These photos may appear on our website, Instagram, Facebook, or other marketing materials. We are mindful not to publish images that clearly identify individuals without their knowledge.
Our practice: We ask verbally at the time of the consultation. You are always free to say no — this will have absolutely no effect on your order or our service to you.
A note on best practice: Verbal consent is valid under UK GDPR. If you would like written confirmation of how your photos will be used, just ask us at the consultation and we will be happy to confirm in writing.
We use Sendr to send marketing emails to people who have expressed interest in our products — typically couples we have met at wedding fairs who have provided their contact details and agreed to hear from us.
We do not send bulk marketing emails to existing customers after purchase. We may call you after delivery to check you are happy with your ring — this is customer care, not marketing.
We use Google Analytics to understand how visitors use our website. Cookies collect anonymised data about pages visited and time on site. No personally identifiable information is shared with Google through this.
Meta Pixel (Facebook & Instagram Ads)We use (or plan to use) the Meta Pixel to measure ad performance and show relevant ads to people who have visited our website. This requires your consent via our cookie banner.
Opting out: Adjust your browser settings, use the Google Analytics Opt-out Add-on, or update your preferences in Meta Ad Settings at any time.
We never sell your personal data. We share it only where necessary with trusted partners who must handle it securely and lawfully:
| Data Type | Retention Period |
|---|---|
| Order records and invoices | 7 years (legal/tax obligation) |
| Enquiry and marketing data | Until unsubscribed, or 2 years of inactivity |
| Consultation photographs | Until consent withdrawn, or no longer needed |
| Website analytics data | Per Google Analytics settings (default 26 months) |
| Customer care notes | 12 months |
Email sales@castle-jewellery.com to exercise any right — we respond within 30 days. If unsatisfied, complain to the ICO at ico.org.uk or call 0303 123 1113.
We take reasonable steps to protect your personal data against unauthorised access, loss, or disclosure. Payment processing is handled entirely by Square (PCI-DSS compliant) — we never see or store your full card details.
We may update this Privacy Policy from time to time. The current version will always be at castle-jewellery.com/privacy-policy. Material changes will be communicated with reasonable notice.
