This page lists what personal data we hold, where it is held, and how it is used. If third parties provide or have access to this data they are identified along with links to their privacy/GDPR policy.

1. For recipients of our newsletter e-shot's (roughly once a month).

2. For customers who have made purchases from our online store or at local markets.

3. For visitors to our website.

4. For people who have sent email enquiries to us.
   

You may find that one or more of the above categories apply to you.

We will never sell or share your personal data with any other organisation or person, except as stated in this page. In the event that Cufflinks World Limited's business is transferred to new owners, the personal data will form part of the sale of the business.

If legal, accounting or statutory government (eg HMRC) organisations request it, we may have to release some or all of your personal data to a suitably authorised organisation.

In the normal course of business, some personal details (e.g. as shown on invoices) may be shared temporarily with our accountant. This may be facilitated using a shared DropBox folder. DropBox's privacy policy can be found at https://www.dropbox.com/privacy

1. Our newsletter system, which is hosted on a server owned by Simply Computers in the UK (privacy policy can be found at https://www.simplyhosting.com/info/terms/privacy-policy) contains email addresses of customers, account holders & current subscribers, alongside a list of email addresses (a black list) of those that have previously unsubscribed from the newsletter. This is to ensure none of those people are re-subscribed without manual intervention (which would only be carried out in response to a specific and verified request from the user of the email address). Each time a newsletter is sent out it contains tracking that logs (on that same server) who has opened and/or clicked through on any links in the newsletter. This could be used to monitor and compare the deliverability of the e-shots that we create.
   
   New direct subscribers to our newsletter e-shot from the website are required to “double opt-in” by clicking on a link in an email sent to the email address, which verifies that it is the email address user that has requested the subscription. All emails sent out as newsletters/e-shots contain an automated unsubscribe link.
   
   Newsletter emails are despatched utilising AWS servers in Ireland (privacy policy can be found at https://aws.amazon.com/compliance/data-privacy-faq/) and passed on to the servers/systems of the recipient's ISP which are outside of our control and visibility.
   
   

2. When you place an order with us, all the details you enter are stored on our e-commerce servers which are operated by Big Commerce (https://www.bigcommerce.com/) in the USA.
   
   Their privacy policy can be found at https://www.bigcommerce.com/privacy
   
   and they participate in the EU/US Privacy Shield programme (see https://www.privacyshield.gov/) which equates to GDPR. Those details are transferred to us by email, and may be stored on computers at our registered company address, as well as on backup media at the same location.
   Our email service is provided by Google Gmail (their privacy policy can be seen at https://policies.google.com/privacy?hl=en)
   
   

3. Visitors to our website, if you choose to allow/accept Cookies in your browser (please consult the help files for your specific browser for more information on this), will be exposed to the following services that may collect personally identification data in the form of the IP address they are using at the time, which may or may not uniquely identify them.
   
   Pre April 2019: If you visit our website as a result of clicking an advertising banner link promoted by any of our web affiliates/brand ambassadors, then details of that visit and any subsequent order you place will be stored as cookies in your browser, and additionally by the affiliate scheme operated by Refersion Inc whose privacy policy can be found at https://www.refersion.com/privacy. This information will only be used by us to assign any commission payments due to the affiliate concerned.
   
   Google analytics cookies & tracking: (see https://support.google.com/analytics/answer/6004245?hl=en for their privacy and other policies).
   We do not send any personally identifiable user data embedded in the URLs of our e-commerce site to Google, but they may track the IP number of your connection if you allow tracking and/or Cookies in your browser. To mitigate this we have activated the IP Anonymisation feature as provided by Google. Any granular data that is collected by Google Analytics will be deleted by them after 14 months, the shortest option offered by Google at the present time.
   
   BigCommerce (privacy policy https://www.bigcommerce.com/privacy) also add cookies to our e-commerce website. They participate in the EU/US Privacy Shield programme - see  https://www.privacyshield.gov/.
   These cookies are utilised to improve and facilitate the customer experience within the online shop. If you choose to block these in your browser it may adversely affect your user experience on the site, but you should still be able to place orders.
   
   Pre 24th June 2019: When you go through the checkout to make a payment from our shop, you will be transferred to the SagePay website (their security, privacy/gdpr & other policies can be found at https://www.sagepay.co.uk/policies). They are a PSP (Payment Services Provider) who make information about your transaction authorisation, billing and delivery addresses, and fraud score (but not your credit/debit card number or CVV) available to us via email and a secure & password protected web-based control panel.
   Within SagePay you are given the option to pay via PayPal (privacy policy wef May 2018 can be found at https://www.paypal.com/uk/webapps/mpp/ua/privacy-prev). They make information about your transaction authorisation, billing and delivery addresses available to us via email and a secure & password protected web-based control panel.
   
   From June 12th 2019: At the checkout you choose between making payment via SquareUp Europe Ltd or Paypal. SquareUp Europe Ltd are authorised by the Financial Conduct Authority under the Electronic Money Regulations 2011 (registered reference no. 900846) for the issuing of electronic money and provision of payment services. Their security, privacy/gdpr & other policies can be found at https://squareup.com/gb/en/legal/general/privacy-no-account   They are a PSP (Payment Services Provider) who make information about your transaction authorisation, billing and delivery addresses, and fraud score (but not your credit/debit card number or CVV) available to us via email and a secure & password protected web-based control panel.
   PayPal (privacy policy wef May 2018 can be found at https://www.paypal.com/uk/webapps/mpp/ua/privacy-prev). They make information about your transaction authorisation, billing and delivery addresses available to us via email and a secure & password protected web-based control panel.
   Please note, post June 24th 2021, PayPal payment option temporarily unavailable.
   
   

4. Email enquiries:
   When you make an enquiry via our contact-us website form, all the details you enter pass through our e-commerce servers which are operated by Big Commerce (https://www.bigcommerce.com/) in the USA.
   
   Their privacy policy can be found at https://www.bigcommerce.com/privacy
   
   and they participate in the EU/US Privacy Shield programme (see https://www.privacyshield.gov/) which equates to GDPR. Those details are then transferred to us by email.
   
   Emails received and sent by us are stored on computers at our registered company address, as well as on backup media at the same location. Our inbound and outbound email service is provided by Google Gmail (their privacy policy can be seen at https://policies.google.com/privacy?hl=en)
   
   

Data storage disposal:
Our company policy is such that should any of the storage media containing personal data cease to be used for this purpose, or become unusable due to failure, they will be wiped or destroyed in accordance with GDPR standards (by http://www.jamies.org.uk/collection-process/free-data-destruction/ or a similarly qualified contractor).

If you require any more information, or require details of the data we hold on you, or wish us to delete data that we hold on you, then please initially email info@cufflinksworld.com You will usually receive an acknowledgement within two (2) working days (Monday to Friday), however as email is not a guaranteed delivery medium, you may alternatively contact us via the postal service (allowing you to utilise a recorded delivery/signed-for service) to our registered company address:-

Cufflinks World Limited, fao John Short, 9 Claire Gardens, Waterlooville, Hampshire, PO8 0JH

This page was last updated 24th June 2021.

Cufflinks World Limited:  Registered in England and Wales no 7177134.