Rabbit Forest
Jewellery

Introduction

Rabbit Forest Jewellery (“we” or “us”) is committed to safeguarding your personal information. We only collect, store, and use your data to fulfill orders, handle inquiries, or send you relevant offers, in compliance with the EU & UK GDPR and other applicable privacy laws. This policy explains what data we collect, how we use it, and your rights. It applies to all users of our services worldwide, including the UK, EU, US, and beyond. We strive to be transparent and fair, and to maintain a clear, professional, and trustworthy approach to your privacy.

​

Personal Information We Collect

We collect various types of personal data when you interact with our website or services. This includes information you provide directly (for example, when placing an order or creating an account) and data collected automatically (such as via cookies when you browse our site). The types of information we collect include:

• Contact Details: Your name, email address, postal/shipping address, and phone number, which we need to process orders and communicate with you.

• Account Information: If you choose to create an account, we collect login credentials (such as username and password) and maintain a record of your order history for your convenience. Creating an account is optional – you may also check out as a guest (see Account Registration and Guest Checkout below).

• Date of Birth (Optional): If you provide your date of birth, we will use it to send you special birthday offers or discounts. Providing this information is voluntary and used only for celebratory offers.

• Order and Transaction Data: When you make purchases, we record details of the orders (e.g. products purchased, order dates and values) and transaction history. This helps us fulfill your orders and provide customer service (like handling returns or inquiries).

• Payment Information: We collect necessary payment details to process your purchase (e.g. card type, billing address, and via our payment providers, your payment card details). However, we do NOT store your full credit/debit card numbers or security codes on our systems – all payments are handled securely by third-party processors (see Payment Processing & Security below).

• Marketing Preferences: If you subscribe to our newsletter or marketing communications, we record your preferences (e.g. that you wish to receive email updates) so we can send you relevant news or offers. You can unsubscribe at any time.

• Website Usage Data: When you visit our site, we automatically collect some technical and usage information via cookies and similar technologies. This may include your IP address, browser type, device information, pages viewed, time spent on pages, and how you reached our site. We use this data to understand user engagement and improve site performance (see Cookies and Analytics). This information is generally collected in aggregate and does not directly identify you.

​

We do not intentionally collect any sensitive personal data (such as race, religion, health information) or information from children under 13. Our website is intended for use by adults; we ask that minors do not provide personal data without parental consent. If we learn we have collected data from a child under 13, we will delete it promptly.

​

​

How We Use Your Information

We use your personal information for the following purposes, and only as permitted by law (for example, to perform a contract with you, with your consent, or for our legitimate business interests):

• To Process and Deliver Orders: We use your contact and order details to fulfill your purchases. This includes using your name and address to ship your jewellery to you (we share necessary details with our delivery partners to get your order to your door). We also use your contact details to send order confirmations, receipts, and shipping/tracking updates via email or text, and to notify you of any issues or updates with your order.

• To Provide Customer Service: If you contact us with questions, requests, or issues, we will use your information (like order history or contact info) to assist you and resolve any concerns. We keep records of customer communications to ensure continuity in support.

• Marketing Communications (With Consent): If you subscribe to our newsletter or opt in to receive marketing, we will use your name and email to send you our latest product news, exclusive offers, and updates. We may also send occasional personalised promotions, such as a special discount code around your birthday if you’ve provided your birth date. You can opt out at any time – every marketing email will include an “unsubscribe” link, or you can contact us to be removed from our mailing list. We will not send you promotional emails unless you have signed up or it is otherwise lawful to do so (for example, in some cases we may send offers to existing customers, but you will always have an easy way to opt out).

• Analytics and Improvement of Our Services: We use data about how visitors use our website to improve our products, website, and user experience. For instance, we monitor aggregate site traffic and behavior using tools like Google Analytics. This helps us understand which pages or products are most popular, how users navigate our site, and where we can make improvements. This usage information is collected in an anonymised or aggregated form – we look at trends and statistics, not at individual users.

• Personalisation: We may use your past purchase history or browsing behavior to personalise your experience on our site. For example, we might recommend products you may like based on what you’ve viewed or bought before. Any such profiling is intended to enhance your shopping experience, and you have the right to object to it if you wish.

• Fraud Prevention and Security: We may process personal data to protect our website, business, and customers from fraud and other illegal activities. For example, information like your billing address or device may be used in fraud detection systems to help verify legitimate transactions. This is to safeguard both you and us. We also use data to enforce our terms and conditions and to prevent misuse of our services.

• Legal Compliance: We will use or disclose your information where necessary to comply with applicable laws and regulations. For instance, we may retain transaction records for tax and accounting requirements, or disclose data in response to lawful requests by public authorities. We only process and disclose what is required by law or as needed to exercise or defend legal claims.

​

We will not use your personal data for entirely new, unrelated purposes without updating this policy and, if necessary, obtaining your consent.

​

Sharing Your Information with Third Parties

We treat your personal data with care and confidentiality. We do not sell or rent your personal information to third parties for their own marketing purposes.However, we do share certain data with trusted third parties who help us provide our services, as explained below, and always under appropriate safeguards:

• Service Providers (Processors): We share relevant information with companies that perform services on our behalf. These include, for example, our e-commerce platform/website host, courier and shipping companies (who need your name and address to deliver your order), email service providers (to send you order updates or newsletters), and payment processors (to handle your credit/debit card transactions). We only provide these partners with the data necessary for them to perform their specific services. They are contractually obligated to keep your information secure and use it only for the agreed purpose, in line with this Privacy Policy and data protection law. For instance, if you order a product, we will share your delivery address with our courier, and your payment details with Stripe or PayPal to process the payment, but the courier cannot use your info for anything except delivering your parcel, and the payment processors cannot use your data except to process the payment.

• Analytics and Advertising Partners: As noted in the Cookies section, we use Google Analytics to collect usage data. Google may process certain usage information (like your IP address and browsing events) for analytics on our behalf. This helps us understand website performance. We have configured Google Analytics in compliance with privacy requirements (for example, IP anonymisation where applicable). We may also work with advertising networks or social media platforms to show you relevant ads for our products on other sites (this might involve sharing hashed or pseudonymous identifiers, but not direct contact info, and only if we have the right to do so).

• Payment Processors: When you make a payment on our site, the transaction is handled by third-party payment providers such as Stripe and PayPal. These companies will receive your payment information in order to process the payment. We share with them the information required (like your card details, name, and order amount) for payment processing. We do not see or store your full card number or financial account data; that information goes directly to the payment processor via secure encryption. (See the section on Payment Processing & Security for more details.) All payment processors we use are PCI-DSS compliant, meaning they meet strict industry standards for protecting payment data.

• Legal and Safety Disclosures: We may also disclose personal information to third parties if we in good faith believe that such disclosure is necessary to (a) comply with a legal obligation, subpoena, or request from authorities, (b) enforce our Terms and Conditions or other agreements, (c) protect our rights, property or safety, or that of our customers or others, or (d) detect or prevent fraud or security issues. For example, we could share information when required by tax authorities or to law enforcement in the investigation of fraudulent activity.

• Business Transfers: In the unlikely event that our business is involved in a merger, acquisition, sale of assets, or other business transaction, personal data may be transferred to the new owner/partner as part of that deal. If that happens, we will ensure your data remains subject to the same protections outlined in this policy, and we will notify you of any significant changes.

• With Your Consent: Other than the above, we will specifically ask for your consent if we ever need to share your information with third parties for any other purpose. For instance, if we wanted to feature your testimonial or share your info with a partner for a new service, we would only do so with your knowledge and approval.

​

In all cases, we minimize the information we share and ensure that any third parties we work with are bound to protect your data. If you have questions about third parties we use, feel free to contact us.

​

​

Cookies and Analytics

Like many websites, we use cookies and similar technologies to improve your experience and to understand how our site is used. A cookie is a small text file that is placed on your computer or device when you visit a website. Cookies serve various functions: they can make the site work properly, remember your preferences, and collect information about your interactions with the site.

​

Why we use cookies: Some cookies are essential for the website to function – for example, keeping your shopping cart items saved, or enabling you to log in and move smoothly between pages. Without these necessary cookies, core features of the site (like the checkout process) would not work properly. We also use cookies to understand and improve site performance. Specifically, we use Google Analytics cookies (and similar analytic tools) to collect information about how visitors use our site, such as which pages are visited, how long people stay, and any issues encountered. This helps us identify ways to make our website better and more user-friendly. The data Google Analytics provides is aggregated and anonymous – it does not tell us who you are, just how the site is being used overall. (Google Analytics may collect your IP address, but we have configured it to anonymise IP addresses where required, and we do not allow Google to use or share our analytics data for their own purposes.) In addition, we may use cookies or pixels from advertising networks to assist with our marketing (for example, to remember if you’ve visited our site and then show you an ad for our products on another site). These advertising cookies, if used, track browsing in a way that does not directly identify you, but rather recognizes your browser or device.

​

Your choices: When you first visit our site, you will be given an opportunity to consent to non-essential cookies (e.g. analytics or advertising cookies) via our cookie banner. You can always adjust your cookie preferences through that banner or by changing your browser settings. Most web browsers allow you to refuse or delete cookies if you wish. However, please note that if you disable cookies entirely, some features of our site (especially the shopping cart and checkout) may not function properly.

​

Our cookies do not collect information that personally identifies you (such as your name or email) by themselves. They are mainly used for the purposes mentioned above. For more details on exactly which cookies we use and their duration, please see our separate Cookie Notice or contact us. By using our site with your browser set to accept cookies, you are effectively consenting to our use of cookies as described.

​

Payment Processing & Security

When you make a purchase on Rabbit Forest Jewellery, your payment is processed securely by third-party payment providers. We currently use Stripe and PayPal to handle payments. This means that when you enter your credit or debit card details at checkout, that information is transmitted directly to Stripe or PayPal over an encrypted connection. These companies specialize in payment processing and are compliant with the Payment Card Industry Data Security Standards (PCI-DSS), which are strict requirements for handling card information safely.

​

We do not store your full card details on our website or servers. For example, we do not keep your 16-digit card number or security code. Instead, Stripe or PayPal provides us with a secure token or confirmation of payment. We may retain limited information about the transaction – such as the last four digits of your card number (for identification of the card used on a given order), the card type (e.g. Visa or MasterCard), and the transaction ID – but this is only for record-keeping, handling refunds, and reconciliation purposes. The sensitive payment information (full card number, expiration date, CVV) is never visible to us; it is collected and processed by the payment provider on their secure systems. In this way, your financial data is given an extra layer of protection.

​

All payment transactions on our site are performed using Secure Sockets Layer (SSL) encryption. You can verify this by looking for the padlock symbol in your browser’s address bar and seeing that our URL begins with "https://". This indicates that data transmitted between your browser and our site (including payment details) is encrypted in transit. Additionally, Stripe and PayPal apply their own advanced security and fraud detection measures to each transaction.

If you choose an express payment option like Apple Pay, Google Pay, or similar, those services may likewise handle your payment information directly and simply pass us the payment confirmation. The same principles apply: your card data stays with the secure payment service.

​

In summary, your payment information is kept secure and private. We use reputable payment providers so that you can shop with confidence. If you have any questions about payment security, please contact us. (For further information, you can also refer to Stripe’s or PayPal’s own privacy policies, which describe how they handle your personal data.)

​

Account Registration and Guest Checkout

You have a choice to create a customer account on our website or to check out as a guest. We want you to have control over how you shop with us:

• Guest Checkout: If you prefer not to register an account, you may check out as a guest. In this case, we will still collect the necessary personal information to process your order (such as name, email, shipping address, and payment details), but we will not create a permanent account profile for you. Guest checkout means we use your data purely for handling that specific order and any related after-sales service (like returns). We will retain guest checkout information only as long as needed to fulfill your order and meet our legal or customer service obligations. For example, we keep guest order records for a reasonable period in case of issues like refunds or warranty claims, but not longer. After that, we will securely delete or anonymise guest data. Guest checkout users will still receive order confirmation and shipping updates via email, but will not be subscribed to marketing emails unless they explicitly opt in.

• Registered Account: If you choose to create an account with Rabbit Forest Jewellery, we will retain your personal information in an account profile for your convenience. This includes your contact details (which you don’t have to re-enter every time you shop), your order history, and preferences. Account holders can log in to view past orders, save items to a wishlist (if available), and enjoy a faster checkout experience. To register an account, we ask for some basic information such as your name, email address, and you will set a password. Your account information is protected by your password; please keep this password confidential and use a strong password to help keep your account secure.

  • If you have an account, any purchases you make while logged in will be tied to your account history. If you happen to use guest checkout but already have an account with the same email, our system might associate that order with your account for record-keeping (this helps us serve you better by consolidating your order history). If you would prefer that not to happen, you can use a different email for guest checkout or let us know to separate the records.

  • You can update your account information or close your account at any time. If you wish to delete your account, please contact us (see Contact Us below). Closing your account will remove your online profile; however, we may retain transactional records of past orders as required for legal and accounting reasons (those records will be kept securely and only for the necessary period).

​​

Whether you shop as a guest or as a registered user, your personal information is handled in accordance with this Privacy Policy. There is no obligation to create an account – we respect your choice and will never force you to register. The benefit of an account is convenience and access to your order history, but the guest option is always available for a quick one-time purchase.

​

Data Security

We take the security of your personal information very seriously. Rabbit Forest Jewellery has implemented a variety of technical and organisational measures to protect your data from unauthorised access, alteration, disclosure, or destruction. These measures include:

• Secure Infrastructure: Our website is hosted on secure servers with industry-standard encryption and security practices. We use HTTPS (SSL/TLS) across our site to ensure that all data transmitted between your browser and our site is encrypted.

• Access Controls: Personal data is accessible only to those in our team (or trusted service providers) who need it to perform their duties (for example, our customer service staff accessing your order to assist you). Access to administrative systems is protected by strong passwords and, where possible, multi-factor authentication. We regularly review who has access to what data to ensure least-privilege access.

• Encryption & Protection of Sensitive Data: As noted in the Payment section, any payment information is handled via encrypted channels. We do not store sensitive financial details. For any personal data that we do store, we use secure protocols for transfer and storage.

• Monitoring and Testing: We maintain up-to-date security software and firewalls to protect our website. Our systems are monitored for vulnerabilities and we apply security patches and updates promptly. We also periodically test our security measures and response plans.

• Third-Party Security: When we share data with third parties (like the service providers mentioned above), we ensure they are reputable and have their own strong security measures. For example, we require our payment processors to maintain PCI compliance and our data storage partners to have robust encryption and safeguards. We include contractual clauses with our processors to oblige them to protect your information.

​

While we strive to protect your data, it’s important to note that no method of transmission over the internet or electronic storage is 100% secure. We follow best practices and standards to protect your personal information, but we cannot guarantee absolute security. You can also play a part in keeping your data safe: please use a unique and strong password for your account, do not share your password with others, and log out of your account when using a shared device.

In the unlikely event of a data breach that affects your personal information, we will follow all applicable laws regarding notification (for example, informing you and any relevant regulatory bodies, such as the ICO, if required by law).

​

Data Retention

We will retain your personal information only for as long as necessary to fulfill the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.

• For example, we keep your order and purchase data while your account is active and for a period after, in case you have any queries or issues (such as returns) and to comply with record-keeping laws. Transaction records are generally kept for at least the minimum period required by tax law (which in the UK is 6 years). This is to have documentation for audits or financial reporting.

• If you are a guest customer, as noted earlier, we retain your details only as long as needed to complete your order and handle any follow-up issues, after which the data is removed or anonymised.

• If you are a newsletter subscriber but decide to unsubscribe, we will stop sending you emails. We may keep a suppressed copy of your email address to ensure we honor your opt-out (so we can block future mailings to that address), or as required to demonstrate compliance with regulations.

• When we have no ongoing legitimate business need to process your personal data, we will either delete it or anonymise it so that it can no longer be associated with you. For instance, we might retain anonymised analytics information (which no longer identifies any individual) to improve our services, but remove personal details from it.

​

Please note that in certain circumstances we might retain some information for longer if required (for example, if needed for legal claims or if we have to enforce an agreement). We always do so in accordance with data protection laws.

​

International Data Transfers

Rabbit Forest Jewellery is a UK-based business, but we serve customers around the world. The information we collect from you may be transferred to and stored in countries outside of your own country or the country in which it was originally collected. In particular, if you are located in the UK or EU, be aware that some of our service providers or partners are based outside the European Economic Area (for example, our website hosting or email servers might be in the United States). This means your personal data could be transferred to or accessed from a jurisdiction that may not have the same data protection laws as your home country.

​

Whenever we transfer personal data internationally, we take steps to ensure that appropriate safeguards are in place to protect it. For European and UK users, this typically means we rely on approved mechanisms such as Standard Contractual Clauses (SCCs) or an adequacy decision for the recipient country, as mandated by GDPR, to ensure your data has equivalent protection as it travels. We also ensure that recipients of the data commit to maintaining its security and confidentiality.

​

By using our services or providing us with your information, you acknowledge that your information may be transferred to other countries as explained in this policy. However, rest assured that we will always handle your personal data in accordance with this Privacy Policy and all applicable laws, no matter where it is processed. We will take reasonable measures to ensure your data is treated securely and lawfully in the country it is transferred to.

If you have questions about our international data practices, please contact us (see Contact Us below).

​

Your Rights

You have important rights under privacy and data protection laws. We respect these rights and have processes in place to help you exercise them. Your rights include (but are not limited to) the following:

• Right to Access: You have the right to request a copy of the personal information we hold about you. We will provide you with a copy of your data, usually within one month of your request, free of charge (unless the request is excessive or repetitive, in which case a small fee may apply as permitted by law).

• Right to Rectification: If any of your personal data is inaccurate or incomplete, you have the right to ask us to correct it. We encourage you to keep your information up to date (for example, you can update your contact details by logging into your account, or by contacting us for assistance).

• Right to Erasure: Also known as the "right to be forgotten," this allows you to request the deletion of your personal data. You can ask us to erase your information, for example, if it’s no longer necessary for us to have it, or if you initially consented to a use of your data but have now withdrawn consent. We will honour valid deletion requests, provided we do not have a compelling reason or legal obligation to retain the data (for instance, we might need to keep certain transaction records for legal compliance).

• Right to Restrict or Object to Processing: You have the right to object to certain types of processing of your data, or ask us to limit how we use it. For example, you can object to processing done on the basis of our legitimate interests, and we will comply unless we have an overriding legitimate reason not to. You can also request that we temporarily suspend processing if you contest the accuracy of the data or have a pending objection.

• Right to Data Portability: For data you provided to us and which we process by automated means based on your consent or to fulfill a contract, you have the right to obtain it in a structured, commonly used, machine-readable format. You can also request that we transmit that data to another service provider where technically feasible.

• Right to Opt Out of Marketing: You have the absolute right to opt out of direct marketing communications from us. If you no longer wish to receive marketing emails or newsletters, you can click the unsubscribe link in any email, or contact us to be removed. Once you opt out, we will cease using your data for marketing purposes. (Even if you opt out of marketing, we may still send you transactional messages about your orders or account.)

• Right to Withdraw Consent: In cases where we rely on your consent to process personal data (for example, sending marketing emails or using certain cookies), you have the right to withdraw that consent at any time. Withdrawing consent will not affect the lawfulness of any processing done before the withdrawal, and it may mean we can no longer provide certain services to you (for instance, if you withdraw consent for cookies, some site functionality might not work). We will make it as easy as possible to withdraw consent, just as it was to give it.

• Right to Complain: If you have a concern about how we are handling your personal data, you have the right to lodge a complaint with a supervisory authority. In the UK, this is the Information Commissioner’s Office (ICO). In the EU, you can contact your local Data Protection Authority. In the US or other countries, there may be equivalent regulators. We would appreciate the chance to address your concerns first, so please feel free to contact us directly, but you are within your rights to go to the relevant authority at any time.

​​

To exercise any of your rights, please contact us using the details in the Contact Us section below. We will respond to all legitimate requests as quickly as possible, and within the timeframe required by law (generally within one month). We may need to verify your identity before fulfilling certain requests, to ensure we don’t disclose or change data to the wrong person. This is for your security.

​

There are some exceptions to these rights under the law – for example, we might not be able to delete your data if we are required to keep it by law, or we might refuse a request for access if it adversely affects the rights and freedoms of others – but we will explain any such exceptions in our response. Rest assured, your rights are paramount, and our goal is to ensure you feel confident and in control of your personal information.

​

Updates to this Privacy Policy

We may occasionally update or modify this Privacy Policy, for example to reflect changes in our practices, services, or legal obligations. If we make significant changes, we will notify you by means appropriate to the significance of the change. For instance, we might post a prominent notice on our website or send an email notification for major updates. The “last updated” date at the top of this policy will always indicate when the latest changes were made.

​

Whenever we update the policy, we will treat your personal information in accordance with the version of the policy in effect at the time of use, unless we have your consent to apply the new version in other ways. We encourage you to review this Privacy Policy periodically to stay informed about how we are protecting your data.

​

Contact Us

Your privacy is important to us. If you have any questions, concerns, or requests regarding this Privacy Policy or how we handle your personal data, please do not hesitate to reach out:

• Email: You can email our privacy team at info@rabbitforestjewellery.co.uk. This is the fastest way to reach us for any privacy-related inquiries – whether you want to access, update or delete your information, or simply ask a question about our practices.

​

We will respond to your inquiries as soon as possible, and certainly within any timeframes required by law. For requests to exercise your data rights, we might need to verify your identity for security reasons (for example, by confirming you have access to the email associated with your account). This is to ensure that we don’t disclose your data to someone who isn’t you.

​

If you’ve contacted us and feel that we haven’t adequately addressed your concerns, you have the right to contact your local data protection authority (for UK customers, the ICO) for further assistance. However, we genuinely hope to resolve any issue directly and assure you that we take your privacy queries very seriously.

Thank you for reading our Privacy Policy. We value your trust and are dedicated to protecting your personal information while providing you with a luxury shopping experience.