Privacy Policy
July 2021
Introduction
This privacy notice tells you how we collect and process your personal data. It lets you know how we look after your personal data and informs you about your privacy rights and how the law protects you.
Who we are
Jianhui London is a fashion accessory design company. The products are unique and sold through our online store based in London and wholesale to business customers in the UK, Europe, US, Japan, Australia, India and the Middle East.
You can contact us at:
Jianhui London
Email:shop@jianhui.london
Changes to this privacy notice and informing us of changes to your data
The data protection law in the UK changed on 25 May 2018. Like most small businesses we are reviewing our data procedures. Therefore, we will update this notice as our working methods change.
In 2019, we revamped our website and set up on online shop where you can buy our goods directly. We continue to make sure that both the website and the online shop will only collect data lawfully and that we protect the data you give us.
Meanwhile, it is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us.
The data we collect about you
We may collect, use, store and, in some cases, transfer different kinds of data about you as follows:
- Identity Data includes the name of your business and your first and family name where you are the business owner, trade contact person or retail customer. If you are an employee of Jianhui London, or apply for a job here, the data includes your first and family name, title, date of birth and gender. For employees we will also record data that is required by the tax authorities, such as your national insurance number.
- Contact Data includes billing address, delivery address, email address and telephone numbers. For employees or job applicants the data will also include your home address.
- Personal Data only applies to employees and includes human resources data such as proof of your ability to work legally in the United Kingdom or sickness record.
- Financial Data includes bank account and payment card details.
- Transaction Data includes details about payments to and from you and other details of products and services you have purchased from us.
- Marketing and Communications Data includes your preferences in receiving marketing from us and your communication preferences.
We do not currently process any of the technical data that may be available from your visiting our website such as your internet protocol (IP) address.
How we collect data about you
The data we collect is, in almost all circumstances, the data you have provided to us in our direct interaction with you to carry out a proposed or enacted business or employment contract. The only exceptions are where:
- You have placed an order through a recognized agent marketing our goods or services, in which case the agent will provide, or we will ask you for, details that allow the order to be delivered and paid for
- You have attended our stand at a Trade Show and although not placed an order have provided us with your business details
- You have given us your name and contact details when you have visited our showroom in London
- Jianhui London has directly researched potential contacts who may be interested in our goods or services.
- Jianhui London has directly researched potential suppliers who may offer goods or services we need
- Jianhui London has undertaken a credit reference check following nonpayment of a debt to us
- You have applied for a job at Jianhui London
Jianhui London takes great pride in our unique customer service and we value our personal relationship with our customers. We do not buy or utilize marketing lists or other external data.
How we use your personal data
We will only use your personal data when the law allows us to. Most commonly, we will use your personal data in the following circumstances:
- Where we need to perform the contract that we are about to make or have made with you.
- Where it is necessary for our legitimate interests and your interests and fundamental rights do not override those interests.
- Where we need to comply with a legal or regulatory obligation.
Purposes for which we will use your personal data
We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose; for example, where you have bought goods from us and we inform you of new products in which you may be interested.
Below lists the data we keep:
CUSTOMER INFORMATION
Company Name and Address
VAT number if in an EU country other than the UK
Contact name(s)
Telephone and Fax number(s)
Website address
Emails
Dates and amounts of orders and payments
Copies of orders
Bank records of any transfers from a customer into our Business Account
Credit Card numbers and security code, where you have authorised payment by credit card
Copies of currency rate of exchange for any international customers
Evidence of shipping associated with each order
STAFFING INFORMATION
Name and gender
Address
Date of Birth
NI number
Employment dates
Employee statement of previous employment
Student Loan information
Dates of sickness
Sick notes or reports
Salary and tax & NI paid
Details of pension scheme and payments
Bank accounts for the receipt of payments or wages
How long do we keep data for?
We retain your data for as long as necessary in line with the purposes for which we collected it, including for the purposes of satisfying any legal, accounting, or reporting requirements.
To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
Where you authorise payment by credit card and give us the details allowing us to do that, we will ask if we can retain those details securely for 12 months, to facilitate further orders. If you do not wish us to do that please tell us. If you do not make further orders those details will be destroyed.
Other details are kept for three years after your last order, unless the law requires us to keep them for longer
In some cases the law will require us to keep basic information about our customers (including Contact, Identity, Financial and Transaction Data) for six years after they cease being customers for tax and other legal purposes.
Your legal rights
Under certain circumstances, you have rights under data protection laws in relation to your data. You can:
- Request access to your data
- Request correction of your data
- Request erasure of your data
- Object to processing of your data
- Request restriction of processing your data
- Request transfer of your data, and
- You have the right to withdraw consent.
These are explained in more detail on page 7. If you wish to exercise any of the rights set out above, please contact us at shop@jianhui.london. No fee is usually required, and we will seek to respond to all legitimate requests within one month.
Third-party marketing
We do not currently use third party marketing, other than contracting with agents to represent our goods or services to their direct contacts. You can ask us or third parties to stop sending you marketing messages at any time by following the opt-out links on any marketing message sent to you or by contacting us at shop@jianhui.london. However, where you opt out of receiving these marketing messages, this will not apply to personal data provided to us because of a product or service purchase, product or service experience or other transactions.
Disclosures of your personal data
To run our business, we may have to share your personal data with the parties set out below:
- Suppliers who make the goods you order, where they may have the details of your name delivery address and order, but never your financial details
- Professional advisers who will have access to your data, and under the law will act as processors or joint controllers of your data, including individuals and agencies who provide consultancy, banking, legal, insurance and accounting services to us
- Specific third parties whose websites or facilities we use
- Contractors who provide us with website development or customer relationship management services
- HM Revenue & Customs, regulators and other authorities acting as processors or joint controllers based in the United Kingdom who require reporting of processing activities in certain circumstances.
If at any time we choose to sell, transfer, or merge parts of our business or our assets or seek to acquire other businesses or merge with them, then the new owners may only use your personal data in the same way as set out in this privacy notice.
We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes, unless that is a legal requirement as with the tax authorities, and only permit them to process your personal data for specified purposes and in accordance with our instructions.
International transfers
Some of the applications we use belong to third parties based outside the European Economic Area (EEA) so their processing of your personal data will involve a transfer of data outside the EEA
Whenever we transfer your personal data out of the EEA, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:
- The transfer of your personal data will be to countries that have been deemed to provide an adequate level of protection for personal data by the European Commission. For further details, see European Commission: Adequacy of the protection of personal data in non-EU countries.
- Where we use providers based in the US, we may transfer data to them if they are part of the Privacy Shield which requires them to provide similar protection to personal data shared between the Europe and the US. For further details, see European Commission: EU-US Privacy Shield.
- Otherwise we use specific contracts, which give personal data the same protection it has in Europe. For further details, see European Commission: Model contracts for the transfer of personal data to third countries.
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.
We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
The lawful basis on which we process data
Given the nature of our business, and our focus on personal contact with our customers and staff, we do not generally rely on consent as the only legal basis for processing your personal data.
Legitimate Interest means the interest of our business in conducting and managing our business to enable us to give you the best services and products and the best and most secure experience. We make sure we consider and balance any potential impact on you (both positive and negative) and your rights before we process your personal data for our legitimate interests. We do not use your personal data for activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted to by law). You have the right to withdraw consent to marketing at any time by contacting us at shop@jianhui.london
Performance of Contract means processing your data where it is necessary for the performance of a contract to which you are a party.
Comply with a legal or regulatory obligation means processing your personal data where it is necessary for compliance with a legal or regulatory obligation that we are subject to.
YOUR LEGAL RIGHTS
You have the right to:
Request access to your personal data. This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it.
Request correction of the personal data that we hold about you. This enables you to have any incomplete or inaccurate data we hold about you corrected, though we may need to verify the accuracy of the new data you provide to us.
Request erasure of your personal data. This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data where you have successfully exercised your right to object to processing (see below), where we may have processed your information unlawfully or where we are required to erase your personal data to comply with local law. Note, however, that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request.
Object to processing of your personal data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms. You also have the right to object where we are processing your personal data for direct marketing purposes.
Request restriction of processing of your personal data. This enables you to ask us to suspend the processing of your personal data in particular circumstances, such as where you want us to establish the data’s accuracy
Request the transfer of your personal data to you or to a third party. We will provide to you, or a third party you have chosen, your personal data in a structured, commonly used, machine-readable format. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.
Withdraw consent at any time where we are relying on consent to process your personal data. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent.
Complaints
You have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the supervisory authority in the United Kingdom for data protection issues (www.ico.org.uk). However, we pride ourselves upon our customer service and we would welcome the chance to deal with your concerns before you approach the ICO, so please contact us in the first instance by one of the methods above.