Privacy Policy

Kind Collection
Public Privacy & Data Policy (GDPR-Aligned)

Your privacy is important to us. Please read this policy to learn more about our data practices and complaints procedure.


1. Purpose

Kind Collection protects personal data and respects privacy rights across customer, supplier, collaborator, and website interactions.

This Policy explains how Kind Collection collects, uses, stores, shares, and protects personal data in line with UK GDPR, the Data Protection Act 2018, and PECR where applicable. Kind Collection will process personal data lawfully, fairly, and transparently, use reasonable security measures proportionate to the business, and only collect data where relevant and necessary for lawful business purposes.

This Policy supports Kind Collection’s wider responsible business approach and provides a clear public statement on data use, storage, sharing, retention, rights, and contact details for data requests.


2. Scope
This Policy applies to personal data processed by Kind Collection in connection with:

  • website enquiries and contact forms

  • customer orders, including bespoke enquiries and commissions

  • made-to-order and bespoke order administration, customer communication, and approvals

  • payment, fulfilment, and delivery administration, including through relevant third-party providers

  • customer communications and aftercare support, including repairs or remodelling where offered

  • supplier and service-provider communications

  • collaborations, events, or community activity where relevant

  • business administration, record-keeping, and legal obligations

  • marketing communications, where a lawful basis applies, including consent where required

Kind Collection is responsible for data protection. Where relevant, Kind Collection uses third-party service providers, such as a website platform, accounting software, couriers, or an accountant, and shares personal data only where necessary for those services.

3. Legal & Rights-Based Commitments

Kind Collection will comply with applicable UK data protection and privacy law, including UK GDPR, the Data Protection Act 2018, and PECR where relevant.

Kind Collection will process personal data lawfully, fairly, and transparently; collect only data that is relevant and necessary; use it only for legitimate business purposes; keep it accurate where reasonably possible; retain it only for as long as needed or legally required; protect it with reasonable security measures proportionate to the business; and respond to valid data rights requests within legal timeframes.


As part of Kind Collection’s wider responsible business approach, this Policy is also consistent with dignity, fairness, non-discrimination, and respect for rights in business relationships, in line with the core principles reflected in the ILO Fundamental Principles and Rights at Work. Kind Collection does not sell personal data.


4. Data Protection Principles 

Kind Collection applies a rights-based approach to personal data. In practice, this means personal data will be processed lawfully, fairly, and transparently; limited to what is relevant and necessary for legitimate purposes; kept accurate where reasonably possible; retained only as long as needed or legally required; protected with reasonable security measures proportionate to the business; and handled in line with valid data rights and legal timeframes. Kind Collection does not sell personal data.


5. What Personal Data Kind Collection Collects 

Kind Collection collects only personal data that is relevant and necessary for lawful business purposes. Depending on the interaction, this may include:

  • Customer, enquiry, and order data: name, contact details, billing and delivery address, order details, bespoke project details, sizing, engraving, personalisation, recipient details for gift orders, customer-provided reference images or design information, transaction records, payment status, customer communications, and marketing preferences or consent status where applicable

  • Supplier and service-provider data: contact names, business contact details, company name, address, role, invoice and payment records, and due diligence or communication records relevant to sourcing or operations where applicable

  • Website and technical data: IP address, browser or device information, cookie preferences or consent choices, and website usage or analytics data where applicable

Full payment card details are typically processed by payment providers and are not stored by Kind Collection. Kind Collection does not intentionally collect special category personal data for standard jewellery sales and services. If such data is received unintentionally, it will be restricted and deleted where lawful and appropriate.


6. Lawful Bases for Processing

Kind Collection will only process personal data where a lawful basis applies. This may include:

  • Contract – to respond to enquiries, provide quotes, create and fulfil orders, and arrange delivery, repairs, or remodelling services

  • Legal obligation – to comply with tax, accounting, consumer, fraud-prevention, and other legal requirements

  • Legitimate interests – to operate and improve the business, maintain records, manage customer service, protect against fraud, and administer supplier relationships, balanced against individual rights

  • Consent – for certain marketing communications and cookie preferences where required

  • Vital interests / legal claims – where exceptionally relevant and lawful

Kind Collection will apply the lawful basis that is relevant to the purpose.

7. Why Kind Collects Personal Data and How It Is Used

Kind Collection collects and uses personal data only where relevant and necessary for lawful business purposes. This may include:

  • responding to enquiries, bespoke design requests, quotes, and order details or specifications

  • processing and fulfilling customer orders, including delivery, collection, repairs, remodelling, aftercare, and related customer support

  • communicating with customers about orders, timelines, approvals, bespoke project details, and related service information

  • using bespoke project information and customer-provided reference images or design information only as needed for the requested design, production, repair, remodelling, aftercare, and related communication, unless separate permission is given for another use

  • managing supplier and service-provider relationships

  • maintaining business records for accounting, tax, legal compliance, and fraud prevention

  • sending marketing communications only where lawful and, where required, consent-based, with a clear unsubscribe option where applicable

  • supporting responsible business governance and impact tracking while minimising personal data and limiting access appropriately


    Kind Collection will not use personal data for unrelated purposes without a lawful basis.


8. Data Storage, Access and Sharing
Kind Collection stores personal data using systems appropriate to a sole trader business, such as website, email, payment, accounting, and other business software or cloud tools used for operations.

Kind Collection will use reasonable security measures proportionate to the business, limit personal data to what is necessary where reasonably possible, and restrict access to the Founder and trusted service providers where needed to deliver services or operate the business lawfully.

Personal data may be shared where necessary and lawful, including with payment processors, couriers, website or communications providers, accounting support, and legal or regulatory authorities where required. Kind Collection does not sell personal data and aims to use third-party providers with appropriate privacy and security controls.

Where relevant, Kind Collection aims to use service providers that support lawful international transfers under UK GDPR

9. Data Retention
Kind Collection retains personal data only for as long as needed for the purpose collected, and to meet legal, accounting, tax, consumer, dispute-resolution, and legitimate business record requirements.

This may include records relating to customer orders and fulfilment, aftercare, repair or remodelling, supplier and service-provider records, marketing consent or unsubscribe records, and privacy requests or complaints where applicable.

For handmade, bespoke, repair, and remodelling services, Kind Collection may retain relevant order specifications, sizing or personalisation details, and related customer communication for a reasonable period to support production records, aftercare, repeat service, and customer support, subject to legal and business record requirements.

When personal data is no longer required, Kind Collection will take reasonable steps to delete or anonymise it where reasonably possible, subject to legal retention obligations.


10. Data Security Commitments
Kind Collection will use reasonable security measures proportionate to a sole trader business to help protect personal data. This includes password-protected systems and devices, use of reputable service providers where relevant, limited access to personal data, careful handling of customer and supplier information, and secure deletion or anonymisation where data is no longer needed, subject to legal retention requirements.

Where a material data protection issue or personal data incident arises, Kind Collection will record and review it, take proportionate follow-up action, and, where legally required, act in line with UK GDPR requirements.


11. Customer Rights and Data Requests 

Under UK GDPR, and subject to legal limitations, individuals may have the right to access, correct, delete, restrict, or object to the processing of personal data, withdraw consent where relevant, request data portability where applicable, and complain to the UK Information Commissioner’s Office (ICO).

Kind Collection will respond to valid requests within legal timeframes, may verify identity where needed, and may limit or refuse a request where a lawful exemption applies. Kind Collection will keep proportionate records of requests and outcomes where relevant.

Privacy or personal data requests, including those connected to customer orders, bespoke work, repairs, or remodelling where relevant, can be made using the contact details published on the Kind Collection website, including the website contact form.

If you have a complaint relating to our handling of your data then please contact Tansy Haak directly hello@kindjewellery.com with details. We will respond within the legal timeframe and escalate the complaint to the UK Information Commissioner’s Office (ICO) if the matter can not be resolved.


12. Marketing Communications and Cookies
Kind Collection sends marketing communications only where lawful and provides an option to unsubscribe or withdraw consent where required. Where cookies or similar technologies are used on the website, Kind Collection provides information about their use and, where required by law, offers cookie choices/consent options through the website’s cookie banner or platform settings (where available).

13. Accountability and Governance
Tansy Haak, Founder and Sole Trader, is responsible for applying and reviewing this Policy, making lawful processing decisions, handling privacy rights requests, overseeing relevant providers or platforms where applicable, and recording any material issue or follow-up action in a way that is proportionate to the business.

This Policy forms part of Kind Collection’s wider responsible business approach. Kind Collection will keep privacy and data protection record-keeping proportionate to business size, primarily through routine platform, provider, and operational records, with separate internal notes kept only where a material change, request, issue, or follow-up action arises. This approach is also consistent with dignity, fairness, non-discrimination, and respect for rights in business relationships, in line with the core principles reflected in the ILO Fundamental Principles and Rights at Work.

14. Policy in Use, Metrics and Tracking
This public policy is supported by proportionate implementation records showing privacy and data protection in use. Kind Collection retains evidence mainly through the routine platforms and systems used to operate the business, such as website or e-commerce records, communications systems, consent or unsubscribe records where applicable, and provider or operational records. Separate internal notes are usually created only where a privacy request, issue, incident, or follow-up action arises.

Where relevant, Kind Collection may retain records of privacy requests and outcomes, marketing consent or unsubscribe status, material data issues and the steps taken, and periodic checks of key privacy settings such as cookie or consent controls. Evidence is kept in relevant operational systems and, where appropriate, referenced through the Impact Master.

This Policy should be read alongside Kind Collection’s Terms & Conditions, cookie information, and related policies where relevant.