Privacy Policy

Conwy Pearls is committed to protecting and respecting your privacy.

This policy will outline what personal information we collect from you when you visit our website (, as well as how we use the information, how we share it with third parties and how we keep it secure. By using our website, you are agreeing to the terms set out in this policy. Conwy Pearls will be known as the ‘controller’ of the personal data that you provide us with unless otherwise specified.


What information do we collect from you, how do we collect it, how is it used and under what grounds do we process it?

We may collect information from you and process your data when you visit our website, for example when you place an enquiry via the contact form, when you email us, message us and/or comment via social media. The lawful grounds for this processing is legitimate interest in order to respond to any communication that you send us, as well as keeping records of such interactions, or to pursue or defend any legal claims.


If you place an order with us or we will collect data relating to your purchase of goods, such as your title, name, billing address, delivery address, email address, telephone number and purchase details. We collect this data in order to fulfil our obligations to provide you with the goods that you have purchased. We will keep a record of such transactions. Our lawful grounds for processing this data is to fulfil our contractual obligations that we have entered into with you.


When you visit our website, as well as any contact details that you may leave, we may also collect and store data, such as your IP address, information about the browser that you are using, details of page views, length of time visiting pages on our website, navigation paths and information about the devices you use to access our website. This information is captured by our analytics system and we process this data to ensure that we provide you with relevant content, to maintain back-ups of our website and databases, to keep our website secure, to enable us to effectively administer our website, as well as gaining an insight into the effectiveness of our marketing. The lawful basis for processing this information is legitimate interest in order to maintain our website and grow our business through effective marketing.


We may use your data to deliver online content that we think will be of interest to you (e.g. online advertisements or content via social media). We may also use this data to measure the effectiveness of our marketing campaigns. The lawful basis for processing this information is legitimate interest to allow us to grow our business.


We do not collect any sensitive data from you.


Who will have access to your information?

We will never share or sell your personal information to any third party for marketing purposes. However, there may be times when we need to share your information with third parties in order to fulfil our obligations. These include:

  • Third parties who we work with to provide IT and system administration services.
  • Third party payment providers who specialise in secure online payment (e.g. PayPal).
  • Third party suppliers that we work with in order to fulfil our contractual obligations with you (e.g. Royal Mail and mail other delivery companies).
  • Professional advisers such as accountants, lawyers, bankers, auditors, insurers.
  • Government bodies that may require us to report to any processing activities to them.
  • Any third party who we might sell or transfer the business to.


Where working with a third party that involves transferring your data outside the European Economic Area (EEA) (e.g. Mailchimp), we ensure that security measures are in place to protect your data. Mailchimp are part of EU-US Privacy Shield and equivalent safeguards are in place.


We require all third parties that we work with to respect your data privacy in line with current legislation and we only allow your data to be processed for the specified purpose and in accordance with our instructions.


How long will we keep your information for?

We will hold on to your information for as long as is deemed necessary for the relevant activity. We are bound by legal and statutory obligations to keep records for a certain amount of time e.g. for tax and accounting purposes. If you have consented to receive marketing communications from us, we will keep your details until you request otherwise. We may anonymise your data to carry out research about our business, in which case we may use this information indefinitely without further notice to you.


How do we keep your data secure?

We recognise that you might be worried about security when using your debit/credit card to make payments on our website. Secure server software encrypts all your personal information, including name, address and credit card details before it leaves your computer. We make use of the highest quality encryption technology available (technically 256 bit SSL encryption). All payment card information is handled by PayPal and we do not store your payment card information. We only work with third parties that are fully compliant with The General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679). We recommend that you also read PayPal’s privacy policy



When you visit our website, we collect standard internet log information and details of visitor behaviour patterns. We do this to find out things such as the number of visitors to the various parts of the site. We collect this information in a way which does not identify you. We do not make any attempt to find out your identity. We will not associate any data gathered from our website with any personally identifying information from any source. If we do want to collect personally identifiable information from you through our website, we will be up front about this. We will make it clear when we collect personal information and will explain what we intend to do with it.


What are your rights?

Under the General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679) you have the right to request access to your data, for it to be: corrected, erased, restricted or transferred. You also have the right to object to us processing your data. Where consent to process has been given, you have the right to withdraw this consent.


If at any point you believe the information we process on you is incorrect, you can request to see this information and have it corrected or deleted. If you wish to raise a complaint on how we have handled your personal data, you can contact us to have the matter investigated. Please We will not charge a fee for providing access to your personal data, providing that the request is reasonable, not excessive or repetitive. In such circumstances that the request is deemed to be unreasonable, we may charge a fee for your request or refuse to comply with the request.


We will always check that we have enough information to be sure of your identity before providing you with access to your personal data and if we have any doubt, we may ask you to provide evidence to confirm identity.


We aim to respond to all legitimate requests within once calendar month. However, depending on the complexity of the information requested, it may take us longer. However, in this case, we will notify you.


If you are dissatisfied with our response, or if you believe we are processing your personal data unlawfully, please inform us first so that we can investigate and resolve the issue for you. However, should our response be unsatisfactory, you can complain to the Information Commissioner’s Office


Review of this policy

We will regularly review this policy and update it when necessary. This policy was last updated in June 2018.