The Donnell Jewellers Privacy Policy helps you to make informed decisions about the personal information you provide when using our site, products and services.

Introduction: Who we are

Donnell Holdings Ltd (we, us, our) is a registered New Zealand company, trading as Donnell Jewellers.  Our website address is: http://donnelljewellers.com.

We comply with the New Zealand Privacy Act 1993 (the Act) when dealing with personal information. Personal information is information about an identifiable individual (a natural person).

This Donnell Jewellers Privacy Policy sets out how we will collect, use, disclose and protect your personal information.  This Privacy Policy does not limit or exclude your rights under the Act. If you wish to seek further information on the Act, see www.privacy.org.nz.

Changes to the Privacy Policy

We may change this policy by uploading a revised policy on the website. The change will apply from the date that we upload the revised policy. Last updated 21 May 2018.

Internet Use

While we take reasonable steps to maintain secure Internet connections, if you provide us with personal information over the Internet, the provision of that information is at your own risk.

If you post your personal information on publicly accessible areas of the website (such as in comments fields), you acknowledge and agree that the information you post is publicly available.

If you follow a link on our website to another site, the owner of that site will have its own privacy policy relating to your personal information. We suggest you review that site’s privacy policy before you provide personal information.

What personal data we collect and why we collect it

We collect personal information about you from:

  • You, when you provide that personal information to us, including via the website and any related service, through registration or subscription process, through any contact with us (e.g. telephone call or email), or when  you buy or use our services and products.
  • Third parties where you have authorised this or the information is publicly available.

If possible, we will collect personal information from you directly.

How We Use Your Personal Information?

We will use your personal information:

  • to verify your identity,
  • to provide services and products to you,
  • to market our services and products to you, including contacting you electronically (e.g. by text or email for this purpose),
  • to improve the services and products that we provide to you,
  • to undertake credit checks of you (if necessary),
  • to bill you and to collect money that you owe us, including authorising and processing credit card transactions,
  • to respond to communications from you, including a complaint,
  • to conduct research and statistical analysis (on an anonymised basis),
  • to protect and/or enforce our legal rights and interests, including defending any claim,
  • for any other purposed authorised by you or the Act.

Comments

When visitors leave comments on the site we collect the data shown in the comments form, and also the visitor’s IP address and browser user agent string to help spam detection.

An anonymized string created from your email address (also called a hash) may be provided to the Gravatar service to see if you are using it. The Gravatar service privacy policy is available here: https://automattic.com/privacy/. After approval of your comment, your profile picture is visible to the public in the context of your comment.

Media

If you upload images to the website, you should avoid uploading images with embedded location data (EXIF GPS) included. Visitors to the website can download and extract any location data from images on the website.

Contact forms

The contact forms on our website are produced via our theme plugin. Any data captured is send direct from the website to our secure email server, which is hosted on-premise. We keep contact form submissions for customer service purposes for a maximum of 12 months. We do not use the information submitted through our contact forms for marketing purposes.

Cookies

We use cookies (an alphanumeric identifier that we transfer to your computer’s hard drive so that we can recognise your browser) to monitor your use of the website. You may disable cookies by changing the settings on your browser, although this may mean that you cannot use all of the features of the website.

If you leave a comment on our site you may opt-in to saving your name, email address and website in cookies. These are for your convenience so that you do not have to fill in your details again when you leave another comment. These cookies will last for one year.

If you have an account and you log in to this site, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser.

When you log in, we will also set up several cookies to save your login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If you select “Remember Me”, your login will persist for two weeks. If you log out of your account, the login cookies will be removed.

If you edit or publish an article, an additional cookie will be saved in your browser. This cookie includes no personal data and simply indicates the post ID of the article you just edited. It expires after 1 day.

Embedded content from other websites

Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.

These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracing your interaction with the embedded content if you have an account and are logged in to that website.

Analytics

We use Monster Insights, connected to Google Analytics, to collect anonymous analytics data. You can read Monster Insights Privacy Policy here and Google analytics Privacy Policy here. We also use Wordfence Security to protect our website, which uses real-time monitoring and collection of the IP addresses of visitors to our website. Read Wordfence’s Privacy Policy here.

Who we share your data with

Deb Donnell, of Donnell Holdings Ltd, is a director of Sabre IT Ltd, Keswin Publishing Ltd and Writing Diamonds Ltd. These companies are to be considered as part of a group of affiliated companies.  While your data is contained on secure servers managed by Sabre IT Ltd, and accessible within this group, it is owned solely by Donnell Holdings Ltd and not used by any other company within the group.  All companies, directors, and employees within this group of affiliated companies adhere to privacy and security compliance and best practice industry standards (including following Microsoft’s 10 Immutable Laws of Security).  The group has a policy to host, where possible, all intellectual property and critical data (including your data) on secure hardware contained on-premise and backed up by an encrypted link to Sabre IT’s data centre in the South Island of New Zealand.

The marketing and website is managed by Writing Diamonds Ltd and hosted on a virtual server which is secured with encrypted keys held only by Writing Diamonds Ltd.  Writing Diamonds Ltd uses and keeps up-to-date the WordPress website platform, Kadence theme and plugins which meet security and privacy standards.

Our ecommerce platform is through the WooCommerce plugin, with the payment processor being a PayPal API. All data is collected on the website, and transferred to our on premise email server which uses secure encryption and filtering.

Where you have opted into an email marketing service (such as a newsletter, industry updates, etc.) we use a third party marketing automation cloud services provider, ActiveCampaign. ActiveCampaign has EU-U.S. PRIVACY SHIELD certification. You can find more details on ActiveCampain’s Privacy Shield Certification at https://www.privacyshield.gov/participant?id=a2zt0000000GnH6AAK

How long we retain your data

If you leave a comment, the comment and its metadata are retained indefinitely. This is so we can recognize and approve any follow-up comments automatically instead of holding them in a moderation queue.

For users that register on our website (if any), we also store the personal information they provide in their user profile. All users can see, edit, or delete their personal information at any time (except they cannot change their username). Website administrators can also see and edit that information.

What rights you have over your data

If you have an account on this site, or have left comments, you can request to receive an exported file of the personal data we hold about you, including any data you have provided to us. You can also request that we erase any personal data we hold about you. This does not include any data we are obliged to keep for administrative, legal, or security purposes.

Where we send your data

Visitor comments may be checked through an automated spam detection service.

Our contact information

Subject to certain grounds for refusal set out in the New Zealand Privacy Act 1993, you have the right to access your readily retrievable personal information that we hold and to request a correction to your personal information. Before you exercise this right, we will need evidence to confirm that you are the individual to whom the personal information relates.

In respect of a request for correction, if we think the correction is reasonable and we are reasonably able to change the personal information, we will make the correction. If we do not make the correction, we will take reasonable steps to note on the personal information that you requested the correction.

If you want to exercise either of the above rights, write to our Data Protection Officer at

Donnell Holdings Ltd
C/- Writing Diamonds Ltd
P O Box 36-476
Merivale
Christchurch 8146
New Zealand

or through our contact us form.

Your correspondence should provide evidence of who you are and set out the details of your request (e.g. the personal information, or the correction, that you are requesting).

We may charge you our reasonable costs of providing to you copies of your personal information or correcting that information.

Additional information

How we protect your data

We will take reasonable steps to keep your personal information safe from loss, unauthorised activity, or other misuse.  We hold your data on-premise, on secure servers which are managed by and meet the compliance standards set by our IT Company, Sabre IT Ltd. The servers are backed up to Sabre IT’s Data Centre, based in New Zealand, through a secure, encrypted link.  This website is managed and hosted by Writing Diamonds Ltd, and adheres to best practice security standards in order to protect your data.

What data breach procedures we have in place

All on-premise technology that is part of our affiliated group is password or encrypted key protected, and kept up to date and secure to minimise the risk of data breaches. It is not accessible by non-authorised personnel or the public. All hardware and hard copy data is held in locked, secure, and alarmed premises.

As part of our security standards, we have real-time automated monitoring in place for our website, group network, and other areas where there is a risk of data breaches. Any potential or real data breach is immediately reported to us by our IT company, our Website company, and website security plugin.

In the unlikely event a data breach occurs, we will act immediately to secure and retrieve the data and advise affected parties, including you if your personal information is compromised in any way, within 72 hours of the breach.

What third parties we receive data from

We may, from time-to-time, post affiliate advertising, or use advertising and promotion on social media sites (i.e. Facebook, LinkedIn, Twitter, etc.).  We may also, from time to time, receive data about you from third party referrers, including advertisers.  Where active consent to pass on the data is not explicit, we will not store your data, and will request the referrer provides evidence of active consent.

What automated decision making and/or profiling we do with user data

We use a third party marketing automation cloud services provider, ActiveCampaign for automated sales funnels that may gather and aggregate user data. We will provide information in the appropriate place of the funnel for you to provide consent for your data to be used, or to opt-out of the process. ActiveCampaign has EU-U.S. PRIVACY SHIELD certification. You can find more details on ActiveCampain’s Privacy Shield Certification at https://www.privacyshield.gov/participant?id=a2zt0000000GnH6AAK

Industry regulatory disclosure requirements

Donnell Jewellers are members of the Jewellers and Watchmakers of New Zealand, and the Jewellery Valuers Society of New Zealand.

 

If you have any questions about the Donnell Jewellers Privacy Policy, please contact us before using this website.