Privacy Policy
PRIVACY AT A GLANCE
We collect information about you to process your order, manage your account, respond to your queries, ensure the continuity of our business and, if you agree, send you information about our products and offers tailored to your interests and preferences.
We will only share your information with our service providers and our affiliates for the purposes above, as well as with regulatory authorities where required by law. We will not share your personal information for marketing purposes with any other organisation.
To learn more about your rights and how we use your personal information, please read our detailed Privacy Notice below.
1. INTRODUCTION
Welcome to Graff’s Privacy Notice. Graff respects your privacy and is committed to protecting your personal data and making sure you understand our privacy practices. This Privacy Notice describes the personal data we collect, how it is used, and your choices regarding this data.
2. WHO IS GRAFF?
Graff Diamonds (Taiwan) Limited (referred to as “Graff”, "we", "us" or "our" in this Privacy Notice) is the controller and responsible for your personal data.
If you have any questions about this Privacy Notice, including any requests to exercise your legal rights, please contact us using the details set out below:
Graff Diamonds (Hong Kong) LimitedRooms 1107-1108, 11/F, St. George's Building, 2 Ice House Street, Central, Hong Kong
info.asiahq@graff.com
3. WHAT TYPES OF PERSONAL DATA DO WE COLLECT FROM YOU?
The types of personal data we collect from you will depend on the nature of your dealings with us as indicated at the time of collection. The types of personal information we collect may include:
• Contact information (such as name, address, email address, mobile phone or other phone number);
• User name and password;
• Payment information (such as your card number, expiration date, authorization number or security code, and billing address);
• Customer service information (such as customer service inquiries, comments, and repair records);
• Information about your personal or professional interests, date of birth, marital status, product experience and preferred contact methods;
• Purchase and transaction information;
• The contact information of your friend or other person who you want us to contact provided by you;
• Information about your online activities (such as information about your device, browsing behaviour, and usage patterns), including information obtained through online channels and third-party websites using cookies, web beacons, and similar technologies (see our Cookie Policy);
• Information we may obtain from our third-party service providers; and
• Other personal information we obtain during our transaction.
4. WHY DO WE USE YOUR PERSONAL DATA AND WHAT BASIS DO WE RELY ON?
We may process your personal data for the purposes below and based on the following legal bases:
Purpose | Legal Basis for processing |
---|---|
Purchasing process and delivery of products which includes taking and handling orders, deliver products and communicate with you about your orders. | Necessary for the performance of our contract with you. |
Managing payments for the services we provide you which includes billing process where you purchase a product through our website. | Necessary for the performance of our contract with you. |
Service Relationship which includes managing your account, providing customer support and communicating with you about our products and about your engagement with us, such as changes in our terms. | Necessary for the performance of our contract with you. |
Communicating with you at your request to provide you with information of our products or solve your enquiries before purchasing any of our products. | Necessary for taking steps prior to entering into a contract with you. |
Ensuring proper administration of our business which includes keeping appropriate records, resolving complaints and managing our business relationships and opportunities. | Necessary for our legitimate interest pursued by us or our service providers acting on our behalf or by a third-party insofar as such interests do not pose a high risk to your rights and freedoms. Our legitimate interest is ensuring the continuity of our service. |
Preventing, detecting and fighting fraud or other illegal or unauthorized activities which includes monitoring operations, user activity and networks for fraud prevention and crime detection purposes. | Necessary for our legitimate interest pursued by us or our service providers acting on our behalf or by a third-party insofar as such interests do not pose a high risk to your rights and freedoms. Our legitimate interest is preserving the security of our service. |
Sending marketing communications about our services, products and our organisation. | Where you signed up for our newsletter or other content, we will send you relevant information based on your consent. Where consent is not required, as you are an existing customer who purchased a similar product in the past, we may send you marketing communications based on our legitimate interest pursued by us insofar as such interests do not pose a high risk to your rights and freedoms. Our legitimate interest would be promoting our business and to provide you with offers of relevant services and products. Please note that we will include an unsubscribe link in all our email communications, which removes you from receiving further communications. |
Profiling activities to make sure the commercial communications you receive are relevant to you and tailored to your preferences and expectations. | Based on your consent. |
To establish, exercise or defend legal claims in suspected or actual legal proceedings. | Necessary for compliance with applicable laws and regulations. |
To provide any requested information to the tax, regulatory, anti-money laundering or any other relevant authorities or public bodies, where required to do so, as well as any processing of your personal data in connection to specific legislation, statutory codes of practice and other legal or tax related obligations. | Necessary for compliance with applicable laws and regulations. |
To ensure your safety and for the prevention and detection of crime, CCTV is in operation during your visit to any of our retail outlets. Please be aware that if we are requested to provide CCTV images of you or any other personal information relating to you by the police or any other regulatory or government authority investigating suspected illegal activities, we are obliged do so. | Necessary for our legitimate interest pursued by us or our service providers acting on our behalf or by a third-party insofar as such interests do not pose a high risk to your rights and freedoms. Our legitimate interest would be to ensure the safety and security of our facilities, employees and visitors against theft and vandalism. |
5. WHO DO WE SHARE YOUR PERSONAL DATA WITH?
We value and respect your data privacy and do not sell, rent or trade your personal data to or with any third party. We may disclose or transfer your personal data in accordance with the applicable laws and for the above-stated purposes, to the following parties:
· Professional advisers (including auditors and legal representatives), third-party service providers acting on our behalf to support our business and that provide services such as website hosting, data analytics, information technology assistance, distribution of marketing materials and delivery of our products to you. We have appropriate contracts in place that define the legitimate use and sharing of personal information in accordance with this Privacy Notice and oblige such service providers to only process personal information that is necessary for the performance of the contract or are required by applicable laws.
· Our parent, affiliates, subsidiaries and/or divisions within the Graff Group of companies.
· Regulatory authorities, as required by applicable laws, for the purposes of including, without limitation to, responding to any governmental or regulatory authority request, cooperating with law enforcement investigations and mutual assistance, or upon receipt of any court order.
· Parties including prospective or actual buyers or seller in the event of a merger, acquisition, or other reorganization or sale or disposition of all or any portion of our business and/or assets.
6. DO WE TRANSFER YOUR PERSONAL DATA OUTSIDE OF YOUR COUNTRY?
We do not usually send your personal information outside of your country unless it is strictly necessary for the purposes stated in this Privacy Notice. When we do send personal information abroad, we have in place adequate safeguards to do so. This includes suitable safeguard to permit personal information transfers from Taiwan to other countries in accordance with the applicable laws.
7. HOW LONG DO WE KEEP YOUR PERSONAL DATA FOR?
Your personal information will be stored in accordance with applicable laws and kept for as long as needed to carry out the purposes described in this Privacy Notice. How long we keep your personal data will depend on:
· what type of product or service we are providing for you;
· how long laws or regulations say we must;
· what we need for fraud and other financial crime prevention;
· what we need to lend responsibly;
· other legitimate business reasons (for example because we need to respond to a complaint or legal claim).
8. YOUR RIGHTS
In certain circumstances, you may exercise the rights available to you under applicable data protection laws as follows:
· If you wish to access, supplement, correct, update, request deletion or obtain a copy of your personal information.
· You can ask us to cease collecting, processing and/or using your personal information.
· If we have collected and process your personal information with your consent, then you can withdraw your consent at any time. Withdrawing your consent will not affect the lawfulness of any processing we conducted prior to your withdrawal, nor will it affect processing of your personal information conducted in reliance on lawful processing grounds other than consent.
· You have the right to complain to a data protection authority about our collection and use of your personal information. For more information, please contact your local data protection authority.
You can exercise your rights at any time by contacting us using the contact details included in this Privacy Notice.
We respond to all requests we receive from users in accordance with applicable data protection laws. We may ask you to provide proof of identity before we can answer the above requests. In some cases, we may reject requests for certain reasons (for example, if the request is unlawful or if it may infringe on trade secrets or intellectual property or the privacy of another individual).
9. WHAT COOKIES AND SIMILAR TECHNOLOGIES DO WE USE?
Please see our Cookies Policy for more information on what cookies we use, why we use them and how you can better control their use through your browser and other tools.
10. CONTACT US
If you have questions regarding your privacy and rights, please let us know how we can help.
· Email: data@graff.com
11. CHANGES TO THIS PRIVACY NOTICE
We reserve the right to change this Privacy Notice from time to time. If we make any changes, the updated Privacy Notice will be posted with a revised effective date.
Effective date: August 2021