Last Updated: November 2025

This Privacy Notice explains how Elizabeth Hodder-Green T/A Amari Permanent Jewellery (referred to as "we," "us," or "our") collects, uses, and protects your personal data. We are committed to protecting your privacy and complying with the UK General Data Protection Regulation (UK GDPR) and the Privacy and Electronic Communications Regulations (PECR).

1. Who We Are (The Data Controller)

We are the Data Controller for the personal data processed in connection with this business. Our business is Elizabeth Hodder-Green T/A Amari Permanent Jewellery (Sole Trader). Our contact email for all data enquiries is hello@amaripermanentjewellery.uk, and our business address is 16 East Mount Road, York, YO24 1BD. Our ICO Registration Number is 00012255707.

2. The Personal Data We Collect and Where It Comes From

We collect the following personal data to provide our services, manage bookings, and fulfil our legal obligations.

Data Categories and Sources:

  • Identity & Contact Data: This includes your name, email address, telephone number, and home address (if provided for booking or events). This data comes from contact forms, booking systems (Squarespace), social media messaging platforms, and event sign-up sheets/forms.

  • Contract & Service Data: This includes the date and time of your booking, details of the jewellery purchased, and your Signed Service Waiver (including your signature). This data originates from the Squarespace booking system, SumUp transaction records, and our digital database/spreadsheet.

  • Financial Data: We only retain the record of the transaction amount and date. We DO NOT store full credit or debit card details. This information is sourced from the SumUp Payment Platform as a record of payment.

  • Correspondence Data: This covers the content of your enquiry, complaint, or feedback. This data is collected via Work Email (e.g., Gmail/Outlook), Website contact forms, and notes recorded from phone calls.

  • Technical Data: This includes your IP address, browser type, and device type, collected automatically when you use our website. This data is sourced from Squarespace (Website Host) and Google Analytics.

3. How and Why We Use Your Data (Lawful Basis)

We rely on specific Lawful Bases under UK GDPR to process your personal data for the following purposes:

Processing for Service Fulfilment, Warranty, and Accounts.

  • We use your Identity, Contact, Transaction, and Waiver data to fulfil your service and booking obligations, relying on Contract. This is necessary to secure your appointment, complete the sale, and deliver the permanent jewellery service as promised.

  • For Warranties and Claims, we rely on Contract and Legal Obligation because using this data is necessary to verify and honour our guarantee/warranty and comply with the Consumer Rights Act 2015.

  • For Accounts & Tax Compliance, we use Transaction Data, Name, and Date, relying on Legal Obligation. This is necessary to comply with UK tax law (HMRC) and mandatory accounting duties.

Processing for Customer Relations and Marketing

  • Dealing with Queries/Complaints: We use your Identity, Contact, and Correspondence data based on our Legitimate Interests. Our commercial interest here is providing responsive customer service and maintaining business relations.

  • Marketing Communications (Soft Opt-in): We use your Name and Email Address based on Legitimate Interests. This allows us to send promotional emails about similar products/services to existing customers, provided they were given an opt-out opportunity at the point of sale (The PECR 'Soft Opt-in').

  • Marketing Communications (New Leads): We use your Name and Email Address based on Consent. This applies to sending promotional emails to individuals who have not yet purchased but have actively and specifically given their permission (e.g., ticking a marketing opt-in box).

4. Who We Share Your Data With (Data Processors)

We use third-party service providers (Data Processors) to help us run our business. They process your data strictly under our instructions and are contractually obligated to keep it secure.

  • Squarespace: Processes Identity, Contact, Booking/Waiver Data, and Email Address for website hosting, contact forms, appointment scheduling, and database storage.

  • SumUp: Processes Transaction Data, Name, Date/Time for processing card payments and retaining transaction records.

  • Google Analytics: Processes Technical Data (IP addresses, which are pseudonymised) for analysing website traffic and user behaviour.

5. How Long We Keep Your Data (Retention Periods)

We will only keep your personal data for as long as necessary to fulfil the purposes we collected it for and to comply with legal obligations.

  • Contract / Transaction Data & Waivers: Retained for a minimum of 6 years from the end of the tax year of the transaction. This is necessary to align with the minimum retention period for HMRC/VAT records and the 6-year statute of limitations for contract claims.

  • General Enquiries (Non-Customer): Retained for 6 months from the date of the last contact. This allows for follow-up and ensures we can reference past discussions, after which it is deleted.

  • Marketing Data (Soft Opt-in & Consent): Retained until you unsubscribe (opt-out). Your details are deleted from our active marketing list immediately upon receiving an unsubscribe request.

  • Technical Data (Analytics): Usually retained for 14–26 months (as configured in Google Analytics) to analyse seasonal business trends and website performance.

6. Your Legal Rights

Under UK GDPR, you have the following rights regarding your personal data. To exercise any of these rights, please contact us using the details in Section 1.

  • Right to Access: You can request a copy of the personal data we hold about you (a Subject Access Request).

  • Right to Rectification: You can ask us to correct any inaccurate or incomplete data we hold about you.

  • Right to Erasure ('Right to be Forgotten'): You can ask us to delete your personal data where there is no good reason for us to continue processing it (note: this is subject to our legal obligations, e.g., HMRC records).

  • Right to Object: You can object to us processing your data where we are relying on Legitimate Interests (including for soft opt-in marketing).

  • Right to Withdraw Consent: Where we rely on Consent for processing (e.g., new lead marketing), you can withdraw that consent at any time.

7. How to Complain

If you are unhappy with how we have used your data, you can contact us first to resolve the issue.

You also have the right to lodge a complaint directly with the UK supervisory authority for data protection, the Information Commissioner's Office (ICO).