Introduction: Who we are
Donnell Holdings Ltd (we, us, our) is a registered New Zealand company, trading as Donnell Jewellers. Our website address is: http://donnelljewellers.com.
We comply with the New Zealand Privacy Act 1993 (the Act) when dealing with personal information. Personal information is information about an identifiable individual (a natural person).
We may change this policy by uploading a revised policy on the website. The change will apply from the date that we upload the revised policy. Last updated 21 May 2018.
While we take reasonable steps to maintain secure Internet connections, if you provide us with personal information over the Internet, the provision of that information is at your own risk.
If you post your personal information on publicly accessible areas of the website (such as in comments fields), you acknowledge and agree that the information you post is publicly available.
What personal data we collect and why we collect it
We collect personal information about you from:
- You, when you provide that personal information to us, including via the website and any related service, through registration or subscription process, through any contact with us (e.g. telephone call or email), or when you buy or use our services and products.
- Third parties where you have authorised this or the information is publicly available.
If possible, we will collect personal information from you directly.
How We Use Your Personal Information?
We will use your personal information:
- to verify your identity,
- to provide services and products to you,
- to market our services and products to you, including contacting you electronically (e.g. by text or email for this purpose),
- to improve the services and products that we provide to you,
- to undertake credit checks of you (if necessary),
- to bill you and to collect money that you owe us, including authorising and processing credit card transactions,
- to respond to communications from you, including a complaint,
- to conduct research and statistical analysis (on an anonymised basis),
- to protect and/or enforce our legal rights and interests, including defending any claim,
- for any other purposed authorised by you or the Act.
When visitors leave comments on the site we collect the data shown in the comments form, and also the visitor’s IP address and browser user agent string to help spam detection.
If you upload images to the website, you should avoid uploading images with embedded location data (EXIF GPS) included. Visitors to the website can download and extract any location data from images on the website.
The contact forms on our website are produced via our theme plugin. Any data captured is send direct from the website to our secure email server, which is hosted on-premise. We keep contact form submissions for customer service purposes for a maximum of 12 months. We do not use the information submitted through our contact forms for marketing purposes.
If you leave a comment on our site you may opt-in to saving your name, email address and website in cookies. These are for your convenience so that you do not have to fill in your details again when you leave another comment. These cookies will last for one year.
If you have an account and you log in to this site, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser.
When you log in, we will also set up several cookies to save your login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If you select “Remember Me”, your login will persist for two weeks. If you log out of your account, the login cookies will be removed.
If you edit or publish an article, an additional cookie will be saved in your browser. This cookie includes no personal data and simply indicates the post ID of the article you just edited. It expires after 1 day.
Embedded content from other websites
Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.
Who we share your data with
Deb Donnell, of Donnell Holdings Ltd, is a director of Sabre IT Ltd, Keswin Publishing Ltd and Writing Diamonds Ltd. These companies are to be considered as part of a group of affiliated companies. While your data is contained on secure servers managed by Sabre IT Ltd, and accessible within this group, it is owned solely by Donnell Holdings Ltd and not used by any other company within the group. All companies, directors, and employees within this group of affiliated companies adhere to privacy and security compliance and best practice industry standards (including following Microsoft’s 10 Immutable Laws of Security). The group has a policy to host, where possible, all intellectual property and critical data (including your data) on secure hardware contained on-premise and backed up by an encrypted link to Sabre IT’s data centre in the South Island of New Zealand.
The marketing and website is managed by Writing Diamonds Ltd and hosted on a virtual server which is secured with encrypted keys held only by Writing Diamonds Ltd. Writing Diamonds Ltd uses and keeps up-to-date the WordPress website platform, Kadence theme and plugins which meet security and privacy standards.
Our ecommerce platform is through the WooCommerce plugin, with the payment processor being a PayPal API. All data is collected on the website, and transferred to our on premise email server which uses secure encryption and filtering.
Where you have opted into an email marketing service (such as a newsletter, industry updates, etc.) we use a third party marketing automation cloud services provider, ActiveCampaign. ActiveCampaign has EU-U.S. PRIVACY SHIELD certification. You can find more details on ActiveCampain’s Privacy Shield Certification at https://www.privacyshield.gov/participant?id=a2zt0000000GnH6AAK
How long we retain your data
If you leave a comment, the comment and its metadata are retained indefinitely. This is so we can recognize and approve any follow-up comments automatically instead of holding them in a moderation queue.
For users that register on our website (if any), we also store the personal information they provide in their user profile. All users can see, edit, or delete their personal information at any time (except they cannot change their username). Website administrators can also see and edit that information.
What rights you have over your data
If you have an account on this site, or have left comments, you can request to receive an exported file of the personal data we hold about you, including any data you have provided to us. You can also request that we erase any personal data we hold about you. This does not include any data we are obliged to keep for administrative, legal, or security purposes.
Where we send your data
Visitor comments may be checked through an automated spam detection service.
Our contact information
Subject to certain grounds for refusal set out in the New Zealand Privacy Act 1993, you have the right to access your readily retrievable personal information that we hold and to request a correction to your personal information. Before you exercise this right, we will need evidence to confirm that you are the individual to whom the personal information relates.
In respect of a request for correction, if we think the correction is reasonable and we are reasonably able to change the personal information, we will make the correction. If we do not make the correction, we will take reasonable steps to note on the personal information that you requested the correction.
If you want to exercise either of the above rights, write to our Data Protection Officer at
Donnell Holdings Ltd
C/- Writing Diamonds Ltd
P O Box 36-476
or through our contact us form.
Your correspondence should provide evidence of who you are and set out the details of your request (e.g. the personal information, or the correction, that you are requesting).
We may charge you our reasonable costs of providing to you copies of your personal information or correcting that information.
How we protect your data
We will take reasonable steps to keep your personal information safe from loss, unauthorised activity, or other misuse. We hold your data on-premise, on secure servers which are managed by and meet the compliance standards set by our IT Company, Sabre IT Ltd. The servers are backed up to Sabre IT’s Data Centre, based in New Zealand, through a secure, encrypted link. This website is managed and hosted by Writing Diamonds Ltd, and adheres to best practice security standards in order to protect your data.
What data breach procedures we have in place
All on-premise technology that is part of our affiliated group is password or encrypted key protected, and kept up to date and secure to minimise the risk of data breaches. It is not accessible by non-authorised personnel or the public. All hardware and hard copy data is held in locked, secure, and alarmed premises.
As part of our security standards, we have real-time automated monitoring in place for our website, group network, and other areas where there is a risk of data breaches. Any potential or real data breach is immediately reported to us by our IT company, our Website company, and website security plugin.
In the unlikely event a data breach occurs, we will act immediately to secure and retrieve the data and advise affected parties, including you if your personal information is compromised in any way, within 72 hours of the breach.
What third parties we receive data from
We may, from time-to-time, post affiliate advertising, or use advertising and promotion on social media sites (i.e. Facebook, LinkedIn, Twitter, etc.). We may also, from time to time, receive data about you from third party referrers, including advertisers. Where active consent to pass on the data is not explicit, we will not store your data, and will request the referrer provides evidence of active consent.
What automated decision making and/or profiling we do with user data
We use a third party marketing automation cloud services provider, ActiveCampaign for automated sales funnels that may gather and aggregate user data. We will provide information in the appropriate place of the funnel for you to provide consent for your data to be used, or to opt-out of the process. ActiveCampaign has EU-U.S. PRIVACY SHIELD certification. You can find more details on ActiveCampain’s Privacy Shield Certification at https://www.privacyshield.gov/participant?id=a2zt0000000GnH6AAK
Industry regulatory disclosure requirements
Donnell Jewellers are members of the Jewellers and Watchmakers of New Zealand, and the Jewellery Valuers Society of New Zealand.