Specialists in Fine Jewellery since 1952
Legal
Last updated: 1 July 2026
Your privacy matters to us. This policy explains what personal data we collect, why we collect it, and the choices you have — written as plainly as a legal document allows.
This Privacy Policy applies to alistergrant.com and to any personal data we collect through our showroom, over the phone, or by email. Alister Grant Fine Jewellery Ltd is the data controller responsible for your personal data.
We process personal data in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
We collect information you provide directly, information collected automatically when you use our site, and information from third parties such as payment processors.
| Category | Examples |
|---|---|
| Identity & Contact Data | Name, email address, phone number, delivery and billing address |
| Order Data | Products purchased, order value, ring size, engraving details, commission notes |
| Payment Data | Processed by our payment provider; we do not store full card details |
| Technical Data | IP address, browser type, device information, pages visited |
| Marketing Preferences | Newsletter subscription status and communication preferences |
We rely on the following legal bases under UK GDPR: performance of a contract (processing your order), legitimate interest (improving our services and preventing fraud), consent (marketing communications), and legal obligation (accounting and tax records).
We share personal data only where necessary, with trusted third parties who are contractually bound to protect it:
We do not sell your personal data to third parties.
Our website uses cookies to operate correctly, remember your preferences, and understand how visitors use our site. You can control or disable cookies through your browser settings; disabling certain cookies may affect site functionality.
We retain personal data only as long as necessary for the purposes described in this policy — typically for the duration of our client relationship plus a period required for tax, warranty, and legal record-keeping, after which it is securely deleted or anonymised.
We use appropriate technical and organisational measures — including encryption in transit, restricted access controls, and secure payment processing — to protect your personal data against unauthorised access, loss, or misuse.
Under UK GDPR, you have the right to:
To exercise any of these rights, contact us using the details below. You also have the right to lodge a complaint with the Information Commissioner’s Office (ICO) at ico.org.uk.
Where personal data is transferred outside the UK — for example, to a service provider based abroad — we ensure appropriate safeguards are in place, such as Standard Contractual Clauses, to protect your data to UK GDPR standards.
Our website and services are intended for adults. We do not knowingly collect personal data from anyone under the age of 16. If you believe a child has provided us with personal data, please contact us so we can remove it.
We may update this policy from time to time to reflect changes in our practices or legal requirements. Material changes will be communicated via our website or, where appropriate, by email.
For any questions about this policy or how we handle your personal data, please contact our Data Protection point of contact.