IMPORTANT INFORMATION
Introduction
The De Beers Group is committed to protecting and respecting your privacy in accordance with data protection laws to which we are subject.
This Privacy Policy (together with our Terms and Conditions which can be found here and any other documents referred to in it) sets out how we will collect, use and look after any personal data which you provide when you visit ignite.debeersgroup.com (the “Site”) (regardless of where you visit it from) and tell you about your privacy rights and how the law protects you.
It is important that you read this Privacy Policy together with any other privacy policy or fair processing policy we may provide on specific occasions when we are collecting or processing personal data about you so that you are fully aware of how and why we are using your data. This Privacy Policy supplements other notices and privacy policies and is not intended to override them.
The Site is intended for use by business, commercial or corporate users and is not intended for children or individual consumers. We do not knowingly collect data relating to children or individual consumers. If you are an individual consumer, please click here.
Controller and who we are
[De Beers UK Limited] (“Company”, “we” or “us” or “our”) is the controller and responsible for the Site and your personal data. We are registered in England and Wales under company number 02054170 and have our registered office at 20 Carlton House Terrace, London, SW1Y 5AN, UK.
The Company is a member of the De Beers Group of Companies (“Group”). The Group is made up of different legal entities, including:
- DeBeers Diamond Jewellers Limited
- De Beers Auction Sales
- Belgium NV
- De Beers UK Limited
- Forevermark Italy S.r.l.
- Forevermark Limited (UK)
- Forevermark NV
- Forevermark Marketing (Shanghai) Limited
- Element Six (UK) Limited
- Element Six AB
- Element Six B.V
- Element Six GmbH
- Element Six Limited
- Element Six Limited (Ireland)
- Element Six Technologies Limited
You can find out more about our Group at www.debeersgroup.com or by contacting us using the information in the contact us section.
Changes to the Privacy Policy and your duty to inform us of changes
We keep our Privacy Policy under regular review and may amend this Privacy Policy from time to time to keep it up to date with legal requirements and the way we operate our business and will place any updates on this Site. Please regularly check this webpage for the latest version of this Policy. If we make fundamental changes to this Privacy Policy, we will seek to inform you by notice on the Site or email where possible.
This Privacy Policy was last updated on 29 May 2020.
It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us.
Third Party Websites
You might find links to third party websites, plug-ins and applications on the Site. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. This Privacy Policy does not apply to your use of a third party site or connection. We do not control and are not responsible for the privacy practices of such third parties and we advise you to read the privacy notices provided on such websites.
WHAT PERSONAL DATA WE COLLECT AND WHEN AND WHY WE USE IT
In this section you can find out more about:
- the types of personal data we collect
- when we collect personal data
- how we use personal data
- the legal basis for using personal data
When we collect personal data
Personal data is any information capable of identifying a natural person, directly or indirectly, in particular by reference to an identification number or to one or more factors specific to their his or her physical, physiological, mental, economic, cultural or social identity. Data is considered personal when it enables anyone to link information to a specific person, even if the person or entity holding that data cannot make that link.
We collect personal data about you (“you“) if you use the Site and if you send us enquiries, creative suggestions, proposals, offers, ideas, opportunities, notes, photographs, drawings, concepts, or any other or related information or details (each, a “Submission” and collectively, the “Submissions”), as detailed below and in accordance with the terms and conditions applicable to the Site. We do not collect any Special Categories of Personal Data about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data).
If you submit a Submission
- If you submit a Submission through the Site (or using contact details specified on the Site), we will process your personal data in order to review your Submission and for the purpose of deciding whether or not to enter into any further discussions, correspondence or agreement(s) with you in relation to the Submission or related matters (the “Purpose“).
- The personal data that we process to do so will be the personal data that you provide to us, such as your name and your contact details (such as your email address) and personal information contained within or related to your Submission.
- The initial source of your personal data will be you, however, we may also generate personal data internally or collect personal data from other sources (such as social network profiles or information about you available from third parties) if this is needed to fulfil the Purpose.
If you contact us using the enquiry form on the Site
- If you contact us using the enquiry form, we will process your personal data in order to consider and respond to those queries.
- The personal data that we process to do so will be the personal data that you provide to us, such as your name, your contact details (such as email address) and the content of your query.
- The source of your personal data will be you, however, we may also generate personal data internally if this is needed to respond to your query.
Automated technologies and cookies
- If you visit the Site, we use automated technologies and cookies to understand who has seen which webpages, to determine how frequently particular pages are visited and to determine the most popular areas of the Site.
- Our automated technologies and cookies will automatically collect personal data about you including your internet protocol (IP) address, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access the Site.
- The source of this personal data will be you, gathered by the cookie. For further information, please see the Cookie Policy.
Third parties or publicly available sources
- We will receive personal data about you from various third parties and public sources (which may be based both inside and outside the EU) as set out below:
- Technical data from the following parties:
(a) analytics providers such as Google;
(b) advertising networks; and
(c) search information providers. - Personal data which you make available on third party websites, blogs or social media such as LinkedIn, Facebook, Twitter or Instagram.
- Identity and contact data from data brokers or aggregators.
- Identity and contact data from publicly available sources such as Companies House and the Electoral Register.
- Technical data from the following parties:
Aggregated data
- We also collect, use and share aggregated data such as statistical or demographic data for any purpose. Aggregated data may be derived from your personal data but is not considered personal data in law as this data does not directly or indirectly reveal your identity.
- For example, we may aggregate your usage data (such as information about how you use the Site, our products and services) to calculate the percentage of users accessing a specific website feature.
- However, if we combine or connect aggregated data with your personal data so that it can directly or indirectly identify you, we treat the combined data as personal data which will be used in accordance with this Privacy Policy.
If you fail to provide personal data
If we need to collect personal data by law, or under the terms of a contract we have with you, and you fail to provide that data when requested, we may not be able to perform the contract we have or are trying to enter into with you (for example, to provide you with goods or services). In this case, we may have to cancel a product or service you have with us but we will notify you if this is the case at the time.
How we use your personal data
We will only collect, use and share your personal data when the law allows us to and we are satisfied that we have an appropriate legal basis to do this. This may be because:
- we need to use your personal data to perform a contract or take steps to enter into a contract with you; and/or
- we need to use your personal data for our legitimate interest as a commercial organisation (and in all such cases, we will look after your information at all times in a way that is proportionate and respects your privacy rights and you have a right to object to processing as explained in the Rights section below); and/or
- we need to use your personal data to comply with a relevant legal or regulatory obligation that we have; and/or
- we have your consent to using your personal data for a particular activity including to facilitate the Purpose in respect of any Submission you have made.
We have set out below, in a table format, a description of all the ways we plan to use your personal data, and which of the legal bases we rely on to do so. We have also identified what our legitimate interests are where appropriate.
Note that we may process your personal data for more than one lawful ground depending on the specific purpose for which we are using your data. Please contact us if you need details about the specific legal ground we are relying on to process your personal data where more than one ground has been set out in the table below.
What we use your information for | Legal basis for using personal data | Legitimate interest |
---|---|---|
To consider and respond to queries that you submit using the “contact us” section of the Site and any Submissions | Legitimate interests | The management of our business |
For legal, tax, accounting and billing purposes | Compliance with legal obligations Legitimate interests | To be in a position to exercise, manage and defend legal claims To satisfy our record-keeping requirements |
To administer, manage and protect our business and the Site and improve your user experience (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data) | Legitimate interests Compliance with legal obligations | To ensure the effective operation of the Site. To ensure that content from the Site is presented in the most effective manner for you and for your computer. If you review or download information on the Site, we track the visit to give us information about which part of the site is frequented. |
To make suggestions and recommendations to you about goods or services that may be of interest to you | Legitimate interests | To develop our products/services and grow our business |
To use data analytics to improve our website, products/services, customer relationships and experiences | Legitimate interests | To define types of recipients for our products and services, to keep our website updated and relevant, to develop our business |
If you would like to find out more about the legal basis for which we process personal data please contact us at: [email protected].
Change of purpose
We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If you wish to get an explanation as to how the processing for the new purpose is compatible with the original purpose, please contact us.
If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.
Please note that we may process your personal data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.
Sharing your personal data
In this section you can find out more about how we share personal data:
- within Company
- with third parties that help us provide our products and services; and
- government organisations and agencies, law enforcement and regulators
We share your personal data in the manner and for the purposes described below:
- within the Group, where such disclosure is necessary to provide you with our products or services, to manage our business, and to facilitate the review of your Submission;
- with external counsel, in relation to the Purpose;
- with third parties who help manage our business and deliver our services;
- with our supplier that carries out customer due diligence checks on our behalf, in the context of reviewing your Submission;
- with government organisations and agencies, law enforcement, supervisory authorities and regulators, which may include the Information Commissioner’s Office or the Cyberspace Administration of China, to comply with all applicable laws, regulations and rules, and requests of law enforcement, regulatory and other governmental agencies; and
- we may share in aggregate, statistical form, non‑personal data regarding the visitors to the Site, traffic patterns, and website usage with our partners, affiliates or advertisers.
Where we share personal data with our suppliers, we ensure that they have agreed to protect the personal data we share with them or which they collect on our behalf and use such data solely for the purpose of providing the contracted service to us.
Some of our suppliers and external third parties are situated in countries outside the European Economic Area (“EEA“) so their processing of your personal data will involve a transfer of data outside the EEA. Whenever we transfer your personal data out of the EEA, we ensure that we have appropriate safeguards in place for the transfer of that data outside the EEA, for example EU-approved data transfer agreements. Please contact us if you want further information on the specific mechanism used by us when transferring your personal data out of the EEA.
If, in the future, we sell or transfer some or all of our business or assets to a third party, we will need to disclose information to a potential or actual third party purchaser of our business or assets.
HOW WE PROTECT AND STORE YOUR INFORMATION
Security
Where we have given you (or where you have chosen) a password which enables you to access certain parts of the Site, you are responsible for keeping this password confidential. We ask you not to share a password with anyone.
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions, and they are subject to a duty of confidentiality. However, due to the inherent nature of the internet as an open global communications vehicle, we cannot guarantee that information, during transmission through the internet or while stored on our system or otherwise in our care, will be absolutely safe from intrusion by others, such as hackers.
You should (a) immediately change your password and notify us if you become aware of any unauthorised use of your password or account or any other breach of security, and (b) ensure that you exit from your account at the end of each session. You should also make sure protect your password and the use of your account and notify us when you desire to cancel your account on this Site.
We recommend that you change your password every three months. If you are using a public computer (e.g. at a library), or a shared computer, we urge you to log out of your account and the Site altogether and quit the browser application before you leave the computer. This will help prevent others from accessing your account and any personal information.
We have put in place procedures to deal with any suspected personal data breach. In the unlikely event that we believe that the security of your personal information in our possession or control may have been compromised, we will notify you and any applicable regulator of a breach where we are legally required to do so. If a notification is required, we would endeavour to do so as promptly as possible under the circumstances, and, to the extent we have your e-mail address, we may notify you by e-mail.
Storing your personal data
We will store your personal data for as long as is reasonably necessary for the purposes for which it was collected, as explained in this Privacy Policy. These purposes include legal, regulatory, tax or accounting purposes and the handling of queries or complaints made by you or legal claims brought or contemplated against us.
To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting or other requirements.
Where your information is no longer needed, we will ensure that it is disposed of in a secure manner.
In some circumstances we will anonymise your personal data (so that it can no longer be associated with you) for research or statistical purposes, in which case we may use this information indefinitely without further notice to you.
PRIVACY RIGHTS
Subject to certain exemptions, and in some cases dependent upon the processing activity we are undertaking and the legal basis on which such processing relies, you have certain rights in relation to your personal data. Click on the links below to learn more about each right you may have:
To access personal data
You have a right to request that we provide you with a copy of your personal data that we hold and that we inform you of how we process your personal data and more specifically of: (a) the source of your personal data; (b) the purposes and legal bases of processing such data; (c) the entities or categories of entities to whom your personal data is transferred, (d) the periods for which we retain your data or how we determine those periods, (e) your rights in respect of your data and (f) whether we use your data to take automated decisions about you.
To rectify / erase personal data
You have a right to request that we rectify any inaccurate personal data we may hold on you. We may seek to verify the accuracy of the personal data before rectifying it.
You can also request that we erase your personal data in limited circumstances where:
- we no longer need the data for the purposes for which it was collected;
- you have withdrawn your consent (where the data processing was based on consent and we do not have any other legal basis to continue processing your data);
- you have exercised your right to object on the basis of valid grounds (see right to object below);
- the data has been processed unlawfully; or
- the deletion of the data is necessary in order for us to comply with our legal obligations.
To the extent permitted by law, we are not required to comply with your request to erase personal data if the processing of your personal data is necessary:
- for our compliance with a legal obligation; or
- for the establishment, exercise or defence of legal claims
Right to restrict the processing of your personal data
You can ask us to restrict your personal data, in which case we should only continue storing your data but not use it in any other way. You only have the right to request the restriction of your data where:
- its accuracy is contested, to allow us to verify its accuracy;
- the processing is unlawful, but you do not want it erased;
- it is no longer needed for the purposes for which it was collected, but you require that we continue storing it to allow you to establish, exercise or defend legal claims; or
- you have exercised the right to object, and verification of the validity of your request is pending.
We can continue to use your personal data following a request for restriction, where:
- we have your consent;
- we need to establish, exercise or defend legal claims; or
- we need to protect the rights of another natural or legal person.
Right to receive a portable copy of your personal data
You can ask us to provide your personal data to you in a structured, commonly used, machine‑readable format (for example in Excel format), or you can ask to have it transferred directly to another company, but in each case only where:
- we have collected the data directly from you;
- the processing is based on your consent or on the performance of a contract with you; and
- the processing is carried out by automated means.
Right to object to the processing of your personal data
You can object to any processing of your personal data which has our legitimate interests as its legal basis, if you believe your fundamental rights and freedoms outweigh our legitimate interests.
If you raise an objection, we have an opportunity to demonstrate that we have compelling legitimate interests which override your rights and freedoms.
Right to obtain a copy of safeguards used for transfers of personal data outside the EEA
You can ask to obtain a copy of, or reference to, the safeguards under which your personal data is transferred outside of the EEA.
We may redact data transfer agreements to protect commercial terms.
Right to lodge a complaint with your local supervisory authority
You have a right to lodge a complaint at any time with your local supervisory authority (in the UK, if you have concerns about how we are processing your personal data. The supervisory authority for data protection issues in the UK is the Information Commissioner’s Office (ICO) (www.ico.org.uk).
We would, however, appreciate the chance to deal with your concerns before you approach the ICO or another supervisory authority, so please contact us in the first instance, although you have a right to contact your supervisory authority at any time.
If you wish to exercise any of the above-mentioned rights, we may ask you for additional information to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights), in particular before disclosing personal data to you. This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
The exercise of your rights is free of charge, but we reserve the right to charge a reasonable fee where permitted by law, for instance if your request is manifestly unfounded, repetitive or excessive. Alternatively, we could refuse to comply with your request in these circumstances.
You can exercise your rights by using the contact details under section “Contact Us” below. Subject to legal and other permissible considerations, we will make every reasonable effort to honour your request promptly or inform you if we require further information in order to fulfil your request. We try to respond to all legitimate requests within one month. Occasionally it could take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.
We may not always be able to fully address your request, for example if it would impact the duty of confidentiality we owe to others, or if we are legally entitled to deal with the request in a different way.
CONTACT US
The primary point of contact for all issues arising from this Privacy Policy is our Data Protection Team. The Data Protection Team can be contacted in the following ways:
Email address: [email protected]
Telephone number: +44 (0)20 7968 8888
Postal address: 20 Carlton House Terrace, London, SW1Y 5AN
If you have any questions, concerns or complaints regarding this Privacy Policy, the information we hold about you and how we process it or if you wish to exercise your rights, please contact our Data Protection Team. We will investigate and attempt to resolve complaints and disputes and make every reasonable effort to honour your wish to exercise your rights as quickly as possible and, in any event, within the timescales provided by data protection laws.