Privacy Policy

Last updated: 19 May 2026
Effective date: 19 May 2026

This Privacy Policy explains how Gwyneth Jewellery Limited ("we," "us," "our") collects, uses, stores, and protects personal data when you visit our website, register a trade account, or place an order with us. We are a UK silversmith wholesale supplier serving registered UK business customers only. This policy reflects that B2B context.

We process personal data in accordance with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and the Privacy and Electronic Communications Regulations (PECR) 2003.

1. Data Controller

The data controller responsible for your personal data is:

  • Company name: Gwyneth Jewellery Limited
  • Company number: 16481877
  • Registered office: 37 Willow Way, Ampthill, Bedford, MK45 2SL, United Kingdom
  • Email: hello@gwynethjewellery.co.uk
  • Telephone: +44 7947 847977

Our ICO (Information Commissioner’s Office) registration is in progress. Once registered, our ICO registration number will be displayed in this section.

2. Who This Policy Applies To

This Privacy Policy applies to:

  • (a) Visitors to our website at professor-patra-nz.zipwp.link (and any future domain we operate under);
  • (b) Authorised representatives of business customers who register a trade account with us;
  • (c) Employees and directors of trade customers whose personal data is shared with us for the purpose of fulfilling business orders;
  • (d) Business contacts who reach out to us through enquiry forms, email, or telephone.

We do not sell to individual consumers. If you are an individual consumer, please do not submit personal data through our trade account registration process.

3. Personal Data We Collect

We collect the following categories of personal data:

3.1 Trade Account Registration Data

  • Registered company name (as recorded at Companies House)
  • Companies House registration number
  • UK VAT registration number
  • Authorised representative’s name and job title
  • Business email address
  • Business telephone number
  • Business delivery address (and billing address if different)

3.2 Order and Transaction Data

  • Products ordered, quantities, and prices
  • Order date, dispatch date, and delivery date
  • Payment confirmation reference (from Stripe; we do not store full card details)
  • Invoice records (retained for HMRC compliance)
  • Returns, refunds, and dispute records

3.3 Communications Data

  • Email correspondence with our team
  • Telephone call records (we may keep brief written notes of business calls, not recordings)
  • Trade enquiry form submissions

3.4 Technical Data

  • IP address (collected by web hosting for security purposes; not used for tracking)
  • Browser type and version (server logs only)
  • Cookies that are strictly necessary for website operation (see our Cookie Policy)

We do not use third-party advertising trackers, analytics that profile users (such as Google Analytics, Meta Pixel, or similar), or social media tracking pixels.

4. Legal Bases for Processing

Under UK GDPR Article 6, we rely on the following legal bases:

  • Contract performance (Art. 6(1)(b)): To register your trade account, process orders, deliver goods, handle returns, and provide customer service.
  • Legitimate interest (Art. 6(1)(f)): To verify business identity (against Companies House and HMRC records), prevent fraud, maintain business security, and protect our legal interests.
  • Legal obligation (Art. 6(1)(c)): To retain invoice and transaction records for HMRC tax compliance (6 years), respond to lawful regulatory requests, and meet anti-money-laundering and Modern Slavery Act obligations.
  • Consent (Art. 6(1)(a)): Where you explicitly opt in (for example, to receive non-essential marketing communications). You may withdraw consent at any time.

The majority of our processing relies on contract performance and legitimate interest, given the B2B nature of the relationship.

5. How We Use Your Personal Data

We use personal data for the following purposes:

  • (a) Verifying that you are a genuine UK business entity (Companies House and HMRC checks);
  • (b) Setting up and maintaining your trade account;
  • (c) Processing trade orders, taking payment through Stripe, and arranging delivery;
  • (d) Communicating with you about orders, deliveries, returns, and account matters;
  • (e) Issuing invoices and maintaining accurate financial records for HMRC and Companies House;
  • (f) Detecting and preventing fraud, money laundering, and breach of our Trade Terms and Conditions;
  • (g) Defending or pursuing legal claims;
  • (h) Improving our services based on aggregated business feedback (no individual profiling).

6. Who We Share Your Data With

We share personal data only with the following categories of recipients, and only to the extent necessary:

  • Stripe Payments Europe Ltd: To process card payments. Stripe acts as a separate data controller for payment data. See stripe.com/gb/privacy.
  • Courier service providers: To deliver goods (name, business delivery address, contact telephone). We disclose minimum data required for delivery.
  • HMRC and Companies House: Where legally required for tax filings, statutory accounts, and regulatory reporting.
  • Professional advisers: Our accountant, legal advisers, and (if applicable) insurer, under confidentiality.
  • Web hosting provider: For website infrastructure. Hosting providers process data under written instructions and do not access personal data routinely.
  • Law enforcement and regulators: Where legally compelled by court order, regulatory request, or to prevent serious harm.

We do not sell personal data to third parties. We do not share personal data for advertising or marketing purposes.

7. International Data Transfers

We operate from the United Kingdom and our primary data storage is within the UK or European Economic Area (EEA).

Where any service provider (such as Stripe) processes data outside the UK or EEA, the transfer is protected by appropriate safeguards, including UK adequacy decisions, the International Data Transfer Agreement (IDTA), or Standard Contractual Clauses (SCCs).

8. How Long We Keep Your Data

We retain personal data only as long as necessary for the purposes set out in this policy, and in line with legal obligations:

  • Trade account records: Retained while your account is active, and for 6 years after closure (HMRC statutory retention period).
  • Invoice and transaction records: 6 years from the end of the financial year to which they relate (HMRC and Companies House requirements).
  • General business correspondence: Typically 3 to 6 years, depending on subject matter.
  • Trade enquiries that do not lead to an account: Up to 12 months, then deleted unless legitimate interest applies.
  • Server logs: Typically 90 days, retained by our hosting provider for security purposes.

After the retention period, we securely delete or anonymise personal data.

9. Your Rights Under UK GDPR

You have the following rights regarding your personal data:

  • Right of access: Request a copy of the personal data we hold about you.
  • Right to rectification: Ask us to correct inaccurate or incomplete data.
  • Right to erasure: Ask us to delete your data, subject to our legal retention obligations (we cannot delete records HMRC requires us to retain).
  • Right to restrict processing: Ask us to limit how we use your data in certain circumstances.
  • Right to data portability: Receive your data in a structured, machine-readable format where processing is based on consent or contract.
  • Right to object: Object to processing based on legitimate interest, including profiling (we do not profile customers).
  • Right to withdraw consent: Where processing relies on consent, you may withdraw it at any time without affecting prior lawful processing.

To exercise any of these rights, email hello@gwynethjewellery.co.uk. We will respond within one calendar month of receipt of a valid request. We may need to verify your identity (and that you are an authorised representative of the trade customer) before responding.

10. Cookies and Tracking

We use only strictly necessary cookies required for website operation, checkout functionality, and security. We do not use third-party advertising cookies, profiling cookies, or social media trackers.

For full details, please see our Cookie Policy.

11. Data Security

We take appropriate technical and organisational measures to protect personal data, including:

  • (a) Encrypted (HTTPS) data transmission across the website;
  • (b) Payment data handled exclusively by Stripe (PCI DSS Level 1 certified);
  • (c) Access to trade account data restricted to authorised personnel only;
  • (d) Secure password and authentication practices for our internal systems;
  • (e) Regular backups and tested recovery procedures.

No system is fully immune to risk. In the unlikely event of a personal data breach involving high risk to rights and freedoms, we will notify affected trade customers and the Information Commissioner’s Office within 72 hours, as required by UK GDPR.

12. Complaints and Contact

If you have any questions or concerns about how we handle your personal data, please contact us first so we can try to resolve the issue:

  • Email: hello@gwynethjewellery.co.uk
  • Post: Gwyneth Jewellery Limited, 37 Willow Way, Ampthill, Bedford, MK45 2SL, United Kingdom
  • Telephone: +44 7947 847977

You also have the right to lodge a complaint with the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection:

  • Website: ico.org.uk
  • Helpline: 0303 123 1113
  • Post: Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF

13. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. The "Last updated" date at the top of this page will indicate when it was last revised. Material changes affecting active trade customers will be communicated by email.

This Privacy Policy was last updated on 19 May 2026.

Scroll to Top