Legal

Privacy Policy

Last updated: March 2026

1. Who We Are

Polly Gasston Goldsmith ("we", "us", "our") is a jewellery business based in the United Kingdom. We are committed to protecting your personal data and respecting your privacy. This policy explains what personal information we collect, how we use it, and your rights in relation to it.

If you have any questions about this policy, please contact us at info@pollygasston.com.

2. Information We Collect

We may collect the following categories of personal data:

  • Identity & Contact Data: name, email address, phone number, and postal address provided when you place an order or make an enquiry.
  • Transaction Data: details of purchases made through our website, including order numbers and payment confirmation (we do not store card details — payments are processed securely by Stripe).
  • Marketing Data: your email address if you subscribe to our newsletter.
  • Technical Data: IP address, browser type, and pages visited, collected automatically when you use our website.

3. How We Use Your Information

We use your personal data to:

  • Process and fulfil your orders and send order confirmations.
  • Communicate with you about your orders, enquiries, or bespoke commissions.
  • Send you our newsletter if you have opted in (you may unsubscribe at any time).
  • Improve and administer our website and services.
  • Comply with our legal and regulatory obligations.

4. Legal Basis for Processing

We process your personal data on the following legal grounds: (a) to perform a contract with you (processing your order); (b) with your consent (newsletter subscriptions); (c) to comply with a legal obligation; and (d) for our legitimate interests, such as improving our services and communicating with customers.

5. Sharing Your Information

We do not sell or rent your personal data to third parties. We may share your data with trusted service providers who assist us in running our business, including:

  • Stripe — for secure payment processing.
  • Supabase — for secure database hosting.
  • Resend — for transactional email delivery.
  • Delivery and courier services when fulfilling orders.

All third-party providers are required to protect your data in accordance with applicable law.

6. Data Retention

We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected, including satisfying any legal, accounting, or reporting requirements. Order data is typically retained for seven years in line with HMRC requirements.

7. Your Rights

Under UK data protection law you have the right to:

  • Request access to the personal data we hold about you.
  • Request correction of inaccurate or incomplete data.
  • Request erasure of your personal data in certain circumstances.
  • Object to or restrict our processing of your data.
  • Withdraw consent at any time where processing is based on consent.

To exercise any of these rights, please contact us at info@pollygasston.com. You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.

8. Security

We take reasonable technical and organisational measures to protect your personal data from unauthorised access, loss, or misuse. Payment data is handled exclusively by Stripe and is never stored on our servers.

9. Changes to This Policy

We may update this privacy policy from time to time. Any changes will be posted on this page with a revised date. We encourage you to review this page periodically.