Last Updated: 2 May 2026  

Before you read the full policy, here is our promise to you in plain English:

 

Commitment 1: Transparency & Trust We are fully open about what personal data we collect through our website and online channels, and exactly why we need it. You will always know how your information is used, and we will notify you if anything material changes.

 

Commitment 2: Protecting Your Information We use SSL encryption and secure servers to protect all data you share with us online. We will never sell your personal data to third parties. If there is ever a data security incident that affects your information, we will notify you and the ICO promptly and within the legal 72-hour window.

 

Commitment 3: Your Choices & Your Rights You are in control. You can access, correct, delete, or move your data at any time. You can unsubscribe from marketing with one click. We will always respond to your requests within 30 days.

 

1.1  Chrysus Gold Ltd (the "Company", "we", "us", or "our") is an online gold and jewellery retailer operating exclusively through our website at www.chrysusgolds.com. We are committed to protecting your personal data and handling it lawfully, transparently, and securely, in full compliance with:

•       The UK General Data Protection Regulation (UK GDPR);

•       The Data Protection Act 2018 (DPA 2018);

•       The Privacy and Electronic Communications Regulations 2003 (PECR);

•       All other applicable data protection legislation (collectively, "Data Protection Legislation").

 

1.2  This Privacy Policy explains how we collect, use, store, protect, and share your personal data when you shop with us online, create an account, or contact us. It is our Data Promise to you.

 

1.3  We are registered as a data controller with the Information Commissioner's Office (ICO). Our ICO registration number is: [INSERT YOUR ICO REG NO].

 

1.4  For all privacy-related queries or to exercise your rights, please contact our Privacy Lead at: privacy@chrysusgolds.com

 

1.5  Terms such as "personal data", "data subject", and "processing" have the meanings given in the UK GDPR.

 

2.1  As an online retailer, we collect personal data through the following digital channels only:

•       Our website (www.chrysusgolds.com) — including account registration, checkout, and contact forms;

•       Email correspondence;

•       Social media platforms (where you interact with our business accounts);

•       Online customer service — by email or telephone;

•       Newsletter and marketing subscription sign-ups;

•       Anti-Money Laundering (AML) identity verification, where required by law for certain transactions.

 

2.2  The categories of personal data we may collect include:

•       Identity data: your name and, where required by AML law, date of birth and proof of identity;

•       Contact data: email address, phone number, and delivery/billing address;

•       Transaction data: details of products purchased, order history, and delivery information;

•       Financial data: payment is handled entirely by our third-party payment processors; we do not store or see your full card details;

•       Technical data: IP address, browser type, device information, and website usage data collected via cookies;

•       Marketing & preferences: your communication preferences and subscription status.

 

2.3  We do not collect or process sensitive personal data ("special category data") such as health, racial or ethnic origin, religion, or sexual orientation.

 

2.4  We do not knowingly collect personal data from children under the age of 13. Our website is not directed at children. If you believe a child has submitted personal data to us, please contact info@chrysusgolds.com and we will delete it promptly.

 

3.1  We only process your personal data when we have a lawful basis to do so under UK GDPR Article 6. Depending on the purpose, we rely on the following bases:

 

•       Contract:

To process your online orders, handle payments, arrange delivery, manage your account, and deal with returns or complaints. Without this data we cannot complete your purchase.

 

•       Legal Obligation:

To comply with Anti-Money Laundering (AML) regulations, HMRC requirements, and other applicable laws. For certain high-value gold transactions we may be legally required to verify your identity.

 

•       Legitimate Interests:

To operate and improve our website, prevent fraud, maintain security, and send relevant service updates to existing customers. We conduct a balancing test to ensure our interests do not override your privacy rights.

 

•       Consent:

For marketing emails, newsletters, and promotional communications. You can withdraw your consent at any time by clicking "Unsubscribe" in any email or by contacting info@chrysusgolds.com. Withdrawal does not affect the lawfulness of any prior processing.

 

4.1  We use your personal data solely for the following purposes:

•       To process and fulfil your online orders and manage returns or refunds;

•       To process payments securely through our third-party payment providers;

•       To manage your online account;

•       To send you order confirmations, delivery updates, and service notifications by email;

•       To respond to your enquiries and resolve complaints via email or telephone;

•       To send you marketing communications and promotions (only with your consent);

•       To personalise your experience on our website and show relevant product recommendations;

•       To comply with Anti-Money Laundering regulations and verify identity where legally required;

•       To detect and prevent online fraud and other criminal activity;

•       To analyse website usage and improve our online store and customer experience;

•       To comply with all applicable legal and regulatory obligations.

 

4.2  We will never sell your personal data to any third party for their own marketing or commercial purposes.

 

5.1  We do not sell, rent, or trade your personal data. We share it only where strictly necessary, as follows:

 

•       Online Payment Processors:

We use trusted, PCI-DSS compliant payment providers (such as Stripe or PayPal) to process card payments securely online. They receive only the data needed to authorise your transaction.

 

•       Delivery & Logistics Partners:

We share your name and delivery address with our courier or postal service to fulfil your order.

 

•       IT & Website Service Providers:

We work with hosting, email, and analytics providers who may process data on our behalf. All are bound by data processing agreements requiring GDPR-compliant handling.

 

•       Email Marketing Platforms:

If you have consented to marketing, your name and email may be held on our email marketing platform. You can unsubscribe at any time.

 

•       Legal & Regulatory Authorities:

We may disclose data where required by law, court order, HMRC, the National Crime Agency (for AML purposes), or other regulatory authorities.

 

•       Business Transfers:

In the event of a merger, acquisition, or sale of our business assets, your data may be transferred to the new owner. We will notify you before this occurs.

 

6.1  Some of our online service providers (such as cloud hosting or email platforms) may be based outside the United Kingdom or the European Economic Area (EEA). Where we transfer personal data internationally, we ensure appropriate safeguards are in place, including:

•       UK-approved Standard Contractual Clauses (SCCs);

•       Transfers to countries with a UK adequacy decision;

•       Other appropriate legal safeguards permitted by Data Protection Legislation.

 

6.2  For more information about international transfer safeguards, please contact info@chrysusgolds.com.

 

7.1  We retain your personal data only for as long as necessary for the purpose it was collected and to comply with our legal obligations. Our retention schedule is:

 

Data Category	Retention Period	Legal Basis
Order & transaction records	7 years	HMRC / legal obligation
Customer account data	Until deletion requested	Contract / consent
Marketing preferences	2 years from last interaction	Consent
Customer service records	3 years	Legitimate interests
Payment data	Not stored (third-party processor)	N/A
Website usage / cookies	Up to 13 months	Consent / legitimate interests

 

7.2  After the applicable retention period, data is securely deleted or anonymised. If you request deletion of your data before a period expires, we will comply unless we are legally obliged to retain it.

 

8.1  We take the security of your online data seriously. The following measures are in place to protect it:

•       SSL (Secure Socket Layer) encryption for all data transmitted via www.chrysusgolds.com — look for the padlock icon in your browser;

•       Secure servers with firewall protection and restricted access controls;

•       Only authorised staff with a legitimate business need can access your personal data;

•       PCI-DSS compliant payment processing — we never store or handle your full card details;

•       Regular security reviews and staff data protection training.

 

8.2  In the event of a personal data breach that poses a risk to your rights and freedoms, we will notify the ICO within 72 hours as required by UK GDPR Article 33. Where the breach is likely to result in a high risk to you personally, we will also contact you directly without undue delay.

 

9.1  Under UK Data Protection Legislation you have the following rights:

 

•       Right of Access (Subject Access Request):

Request a free copy of the personal data we hold about you. We will respond within 30 days.

•       Right to Rectification:

Request correction of any inaccurate or incomplete data we hold about you.

•       Right to Erasure:

Request deletion of your personal data where there is no compelling reason for continued processing, subject to legal obligations.

•       Right to Restriction:

Request that we limit processing of your data in certain circumstances.

•       Right to Data Portability:

Request your personal data in a structured, machine-readable format (e.g. CSV) for transfer to another organisation.

•       Right to Object:

Object to processing based on legitimate interests or direct marketing. We will stop unless we can demonstrate compelling grounds.

•       Right to Withdraw Consent:

Withdraw marketing consent at any time without affecting prior lawful processing.

•       Rights re Automated Decisions:

You have the right not to be subject to solely automated decisions that produce significant legal or similar effects.

 

9.2  To exercise any right, email privacy@chrysusgolds.com or write to us at the address below. We respond within 30 days and may need to verify your identity first.

 

10.1  We will only send you marketing emails, newsletters, or promotional messages if you have given your explicit consent when registering or subscribing on our website.

 

10.2  You can opt out at any time by:

•       Clicking the "Unsubscribe" link in any marketing email;

•       Emailing info@chrysusgolds.com with the subject line "Unsubscribe";

 

10.3  Opting out of marketing will not affect transactional emails such as order confirmations and delivery updates, which we need to send to fulfil your purchase.

 

11.1  When you visit www.chrysusgolds.com, we use cookies and similar technologies. As an online retailer, cookies are essential to the operation of our website. We use the following types:

 

•       Essential Cookies:

Necessary for the website to function — shopping basket, secure checkout, and login sessions. These cannot be disabled without breaking site functionality.

•       Analytics Cookies:

Help us understand how visitors use our site (e.g. Google Analytics) so we can improve the online shopping experience. IP addresses are anonymised.

•       Marketing / Advertising Cookies:

Used to show relevant ads on other platforms. These are placed only with your explicit consent.

•       Preference Cookies:

Remember your settings such as currency, language, and display preferences.

 

11.2  When you first visit our website you will see a cookie consent banner. You can manage or withdraw your cookie preferences at any time via the Cookie Settings link in our website footer.

 

11.3  For full details of every cookie used on our website, please see our separate Cookie Policy, available at www.chrysusgolds.com/cookie-policy.

 

12.1  Our website may contain links to external websites. We are not responsible for the privacy practices or content of those sites. We encourage you to review the privacy policy of any third-party website before providing your personal data.

 

13.1  We review this Privacy Policy at least once a year and whenever there is a material change to how we process personal data online. The version number and effective date are shown at the top of this document.

 

13.2  Where changes are material, we will notify you by email (if you have an account or are subscribed to our newsletter) and by a prominent notice on our website homepage.

 

14.1  For any questions, requests, or concerns about this policy or how we handle your data online, please contact:

 

Chrysus Gold Ltd — Privacy Lead

Suite 9670, 321-323 High Road, Chadwell Heath, Essex RM6 6AX, UK

Email: info@chrysusgolds.com

Website: www.chrysusgolds.com

 

14.2  We will acknowledge your request within 5 working days and provide a full response within 30 days.

 

14.3  If you are not satisfied with our response, you have the right to complain to the UK supervisory authority:

 

Information Commissioner's Office (ICO)

Website: www.ico.org.uk/make-a-complaint

Helpline: 0303 123 1113

Address: Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF

 

14.4  We always encourage you to contact us first so we can resolve any concern directly and quickly.

 

This Privacy Policy reflects the commitment of Chrysus Gold Ltd to protecting the personal data of every customer who shops with us online. We value your trust and are dedicated to handling your information responsibly, transparently, and in accordance with UK law.