Payment & Security
The purpose of this privacy and security policy is to inform you, as a welcomed user of Orchira website services, what kind of information we may gather about you, how we may use that information, whether we disclose it to anyone, and the choices you have regarding our use of, and your ability to correct, the information. While this policy applies to the Orchira website and all of the other Internet-accessible Orchira branded services, we will refer here only to Orchira.co.uk to make reading this policy easier.
Orchira website (www.orchira.co.uk) (referred to as "we/our/us/Orchira"). Orchira is committed to ensuring the best standards of practice in all its activities. Visitors to Orchira website, can be assured that the protection of privacy and confidentiality are given the highest priority.
Our goal is to maintain your trust and confidence when handling personal information about you. As a Orchira website user you have the opportunity to make choices about how personal information about you may be shared. As you consider this, we encourage you to make choices that enable us to provide you with quality products and services that help you meet your jewellery needs and objectives. You can be assured that the protection of your privacy and confidentiality are given the highest priority. Orchira website is a UK-based website and is in accordance with the requirements of the UK Data Protection Act 1998 relating to personal information you supply on the website.
The information we learn from you helps us personalise and continually improve your shopping experience at Orchira. We use the information to handle orders, deliver products and services, process payments, answer your enquires and notify you about promotional offers, update our records, maintain your account with us, display specific content such as your saved jewellery item lists, jewellery reviews and recommend jewellery and or jewellery related services that might be of interest to you. We also use this information to improve our store, prevent and detect fraud or abuses of our website and enable third parties to carry out technical, logistical or other functions on our behalf.
Under the UK Data Protection Act 1998, we follow strict security procedures in storage and disclosure of information, which you have given us to prevent unauthorised access. Our security procedures mean that we may occasionally request proof of identity before we are able to disclose sensitive information to you. Please note that some information you enter may be transferred outside the European Economic Area for the purposes of processing by Orchira and its affiliates and partners. By submitting your order, you consent to this transfer. Your personal data may have to be disclosed if we are required to disclose it by law, or as a result of a lawful request by a governmental or law enforcement authority.
Orchira website is tested regularly to ensure that high security standards are maintained. Orchira website is 100% compliant with Payment Card Industry Data Security Standard (PCI DSS). PCI DSS governs the security requirements of both solution providers and individual merchants such as Orchira. PCI DSS offers specific guidelines governing six areas of system design and operation: build and maintain a secure network, protect cardholder data, maintain a vulnerability management program, implement strong access control measures, regularly monitor and test networks and maintain an information security policy.
Collecting information about website visitors
Our service automatically gathers certain usage information like the numbers and frequency of visitors to our website and its areas, very much like television ratings that tell the networks how many people tuned in to a program. We only use such data in the aggregate. This collective data helps us determine how much our users use parts of the website, so we can improve our website to assure that it is as appealing as we can make it for as many of you as possible. For example, Orchira uses a technology nicknamed "cookies" that tells us how and when pages in the website are visited, and by how many people.
Orchira cookies do not collect personally identifiable information and we do not combine information collected through cookies with other personally identifiable information to tell us who you are or even what your account login or e-mail address is. We also may provide statistical "ratings" information, never information about you personally, to our Orchira partners about how our users, collectively, use Orchira. We do this so they too can understand how many people use specific areas on our website in order for them to provide you with the best possible web experience as well.
Sometimes, we may specifically ask for information about you when you sign up to use a service, like "Your Account", or when you order a product. We will need certain information such as name, delivery address, billing address, credit card number in order to provide that product to you. We may also use that information to let you know of additional products and services about which you might be interested. You can choose not to receive such information if you don´t want to by letting us know on the registration page when you sign up for the product or service. We may ask you for information about your interests so that both you and we can take advantage of the interactivity of the online medium, but you may always choose to respond or not. Additionally, we may provide you with an opportunity to be listed in a directory, but these listings are also optional and you can make changes to or eliminate this information when you want to.
A cookie is a piece of data stored on the user(s) hard drive containing information about the user. Usage of a cookie is in no way linked to any personally identifiable information while on our website. Once the user closes their browser, the cookie simply terminates. For instance, by setting a cookie on the website, the user would not have to log in a password more than once, thereby saving time while on our website. If a user rejects the cookie, they may still use the website.
We use IP addresses to analyse trends, administer the site, track user´s movement, and gather broad demographic information for aggregate use. IP addresses are not linked to personally identifiable information.
Share by Email
If a user elects to use our referral service for informing a friend about our website, we ask them for the friend´s name and e-mail address. Orchira will automatically send the friend a one time e-mail message inviting them to visit the website. Orchira stores this information for the sole purpose of sending this one time e-mail message. The recipient may always contact Orchira to request the removal of this information from our database.
In order to use some parts of our website or gained information of some product or/and services, user must first complete the registration form. During registration user is required to give their contact information (such as name, address, phone number and email address). This information is used to contact the user about the services or products on our website for which they have expressed interest. It is optional for the user to provide demographic information (such as gender), and unique identifiers (such as social personal interests), but encouraged so we can provide a more personalised experience on our website.
Online payment, Shopping basket
We request information from the user in our product order form and/or service payment form. Here user must provide contact information (name and shipping address) and financial information (credit card number, expiration date). This information is used for billing purposes and to fill user(s) orders. If we have trouble processing an order, this contact information is used to get in touch with the user.
Surveys & Contests
From time to time Orchira website requests information from users via surveys or contests. Participation in these surveys or contests is completely voluntary and the user therefore has a choice whether or not to disclose this information. Information requested may include contact information (such as name and shipping address), and demographic information (such as zip code, age level). Contact information will be used to notify the winners and award prizes. Survey information will be used for purposes of monitoring or improving the use and satisfaction of Orchira website, services and products.
Newsletters & Notifications
If the user wishes to subscribe to our newsletter(s) or notifications such as: Special Offer, Product and Service Alerts, etc -- we ask for contact information such as name and e-mail address. The user will always be able to unsubscribe from such Newsletter(s) or/and Notifications by using the appropriate function clearly shown on the according subscription page.
Protection of information via established security procedures
Orchira collects, retains and uses only the information about our user's that is required by law to administer Orchira business and provide high-level services to our user´s. We retain this information no longer than necessary to meet these objectives.
All Orchira employees are educated about the importance of privacy and confidentiality. Only those employees having a business reason for knowing such information have access to personally identifiable information.
Orchira has established procedures so that a user´s financial and personally identifiable information is accurate, current and complete in accordance with reasonable commercial standards. Any request to correct inaccurate information is responded to within a timely manner.
Orchira maintains rigorous security standards and procedures regarding unauthorised access to user information. Therefore we do not intend to send or receive any sensitive information such as all kinds of passwords, credit card information, etc in an unprotected way, such as not-encrypted email communications.
Orchira takes appropriate measures to safeguard the information it holds from unauthorised access or improper use. Specifically, all personal information on its database is stored in an encrypted form. Orchira has a strict security policy with which members of staff must comply as a condition of employment and no external access to the system is permitted. Orchira continually reviews and up-dates its security procedures as new technologies become available and new activities are introduced.
Any third parties to whom information is transferred are made aware of these security practices and are also required to take reasonable precautions to protect the transferred information. Orchira uses SSL/128-bit encryption protection when receiving and transmitting credit card information. Such information is also stored in an encrypted form in it's database.
Maintaining user privacy in business relationships with third parties
We do not use or disclose information about your individual visits to Orchira website or information that you may give us, such as your name, address, email address or telephone number, to any outside companies. But sometimes it is necessary to provide personally identifiable user information to a third party, Orchira shall insist that the third party adheres to similar privacy principles that are provided for keeping such information confidential and user authorisation should be requested.
Orchira provides information about user´s accounts or other personally identifiable data to third parties only when:
- The information is provided to help complete a user initiated transaction. For example, we can pass your details to our payment service provider, Protx or Paypal, to validate credit/debit card payment;
- It is necessary to process transactions and provide our services. For example, we give shipping companies this information so they can deliver products efficiently. The information they receive is for shipping and delivery purposes only;
- The disclosure is required by/or allowed by law. For example, we may be required by law or legal process to disclose customer information.
Platform of Privacy Preferences
Data encryption and physical security
Orchira website is secured using a SSL certificate. This ensures that in certain areas like "Order Checkout" and "Your Account" we use industry-standard SSL-encryption to protect data transmissions via the World Wide Web and provides many security features, including: authentication, encryption and data integrity. If any other Internet user intercepts the communication he/she will only be able to see it in an encrypted (garbled) form. Certificate technology allows us to decrypt the information, and view it in plain text form.
While we use SSL encryption to protect sensitive information online, we also do everything in our power to protect user information offline. All of our user information, not just the sensitive information mentioned above, is restricted in our offices. Only employees who need the information to perform a specific job are granted access to personally identifiable information. Furthermore, all employees are kept up to date on our security and privacy practices. Every quarter, as well as any time new policies are added, our employees are notified and/or reminded about the importance we place on privacy, and what they can do to ensure our customers information is protected. And finally, the servers that we store personally identifiable information on are kept in a secure environment, behind a locked cage.
Controllers of personal information