This Privacy Policy outlines how BIG GOLD JEWELLERY LIMITED processes, secures, and retains personal data collected through our e-commerce platform and physical trade desks. For any data protection inquiries, you can reach us directly at info@biggold.co.uk.

1. Data Subject Rights

Under UK data protection frameworks, you maintain explicit control over your personal metrics. Upon identity verification, you can exercise the following free services:

  • Access & Rectification: Request a complete statement of the personal data we store about your profile or correct any operational inaccuracies.
  • Erasure & Restriction: Request that we delete your history or halt specific processing behaviors, provided there is no overriding tax, legal record-keeping, or regulatory reason requiring us to retain the information.
  • Regulatory Appeals: While we request you contact us immediately to resolve any operational data complaints, you maintain the statutory right to file a dispute directly with the Information Commissioner’s Office (ICO).

2. Data Transfer & System Infrastructure

Geographic Processing Limits: All personal data collected via our infrastructure remains strictly stored and processed inside the United Kingdom and the European Economic Area (EEA). No private details are transferred to overseas jurisdictions outside these parameters.

3. Comprehensive Processing Framework

Trigger Event Collected Metrics Processing Objectives Authorized Recipients Retention Criteria & Impacts
Order Placement (Retail & B2B) Full name, billing address, delivery destination, telephone contact, email address, transaction manifest, and account password string. Order fulfillment logistics; corporate fraud evaluation; tax, accounting, and anti-money laundering record compliance; returns validation and customer service support. Secure server infrastructure hosts, accredited merchant payment clearers, domestic/B2B freight couriers, and necessary supplier distribution points. Retained for the duration required by UK accounting and corporate tax statutory mandates. Revocation prevents order processing, financial refunds, or verified support.
Payment Checkout Intermediary payment data tokens, card address matching status, and partial card parameters. Secure transaction clearance; fraud prevention; verification of payment origin; managing refund cycles. PCI-compliant primary gateways, merchant clearance systems, and our corporate bank infrastructure. Full payment strings are managed via external secure processors. Partial identifiers are completely expunged 13 months following transaction settlement.
Digital Browsing & Site Interaction IP address, referral path string, precise tracking timestamps, system browser version, device identifiers, and page paths. Server integrity verification; anti-fraud protocols; anonymous marketing campaign metrics; product curation algorithms. Analytics system managers and secure cloud platform administrators. Extended logs are rendered entirely anonymous or deleted after 24 months. Revocation minimizes personal marketing alignment.
Marketing Subscriptions Email address, verification timestamp, and acquisition path details. Distribution of stock updates, wholesale rate lists, and trade alerts. Provision of immediate unsubscribe controls. Authorized email communication system providers. Maintained continuously until an explicit “unsubscribe” or profile deletion request is validated.
Web Form Communication Information supplied inside contact forms, source paths, and associated IP metadata. Processing direct inquiries, validating commercial trade requests, and confirming incoming messages are legitimate. Internal operational staff and web application security systems. Determined dynamically by the operational scope of your communication or contract length.

4. Security Safeguards

All active data traffic moving through our systems utilizes encrypted Secure Sockets Layer (SSL) channels. Standard storage methods adhere completely to the Payment Card Industry Data Security Standard (PCI DSS), and all platform password profiles are maintained through cryptographic hashing routines rather than plain-text logs.