LAST UPDATED 03.04.2024

Privacy Policy

1. Introduction

This Privacy Policy governs the use of Diamore Services provided by Diamore Limited, located at 2nd Floor College House, 17 King Edwards Road, Ruislip, London, United Kingdom, HA4 7AE, registered under company number 15596401 (“We” or “Company”). It encompasses all related sites, applications, and services (“Diamore Services”), including instances where users provide information to us in connection with their use of Diamore Services.

To deliver Diamore Services, fulfill regulatory requirements, and mitigate online fraud risks, Diamore Limited, acting as a data controller, requests users to provide personal information such as customer identification details, payment preferences linked to Diamore Services usage, address information for purchases, and other specified data outlined in this Policy.

This Policy serves to inform about the collection and processing of personal data by the Company, including information provided directly or received through other means.

Diamore Services are not directed at minors (individuals under 18 years of age or the applicable age of majority), and we do not knowingly collect personal data from minors.

By signing up for, accessing, or using our Services, you acknowledge and consent to this Privacy Policy. You recognize that our data processing primarily serves contractual obligations and legal compliance purposes. Where no other legal basis for data processing exists, you agree to our processing of your data as described in this Privacy Policy.

We handle your personal data with utmost care and solely in accordance with this Privacy Policy, which adheres to the Data Protection Act 2018 and the EU General Data Protection Regulation (EU 2016/679). For the purposes of this Privacy Policy, the term “personal data” means any information relating to an identified or identifiable natural person (“data subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

We do not sell or rent your information to third parties for marketing purposes without your explicit consent. However, to provide and improve Diamore Services and protect user interests, we may share limited information with third parties under strict conditions, as elaborated in this Policy.

It is essential to review this Privacy Policy. Unless otherwise stated, terms used herein carry the same meaning as defined in the Data Protection Act 2018.

This Privacy Policy outlines how your information is collected, used, and disclosed, and establishes the principles under which we process personal data when delivering our Services. Additionally, it provides insights into our obligations in responsibly and securely processing personal data, data protection rights, and legal protections afforded to data subjects.

2. Administrative Information

  • Company name: Diamore Limited
  • Registered code: 15596401
  • Address: 2nd Floor College House, 17 King Edwards Road, Ruislip, London, United Kingdom, HA4 7AE 
  • Email address: support@diamore.co.

Diamore Limited is the controller and responsible for customer’s personal data. Controller is the natural or legal person, which, alone or jointly with others, determines the purposes and means of the processing of personal data.

3. Information we collect

In adherence to our commitment to privacy and transparency, we meticulously collect specific categories of data to ensure the seamless provision of our Services while safeguarding the privacy and security of our users. Below are the comprehensive details of the information we collect:

  • wallet address - as part of our registration process, users are required to integrate with the use of their wallets, such as MetaMask. This necessitates the collection of wallet addresses, an essential step to initiate and authenticate user accounts;
  • account information - in the user account setup, individuals are prompted to furnish their email addresses and usernames. The email addresses serve as a pivotal communication channel, enabling us to relay crucial information, updates, and notifications. Meanwhile, usernames function as unique identifiers within our system, facilitating personalized interactions and ensuring seamless user experiences;
  • KYC information - while we are not obligated by law to collect KYC information, we prioritize the protection of our users and the prevention of fraudulent activities. Our proactive approach aims to deter malicious actors from exploiting our services and to safeguard our users from potential deception or harm. Therefore, we request Know Your Customer (“KYC”) information under specific circumstances. This occurs when users opt to transfer diamonds into or out of storage facilities. The KYC process entails the collection of identification data, including high-quality photographs of identification documents and proof of address. For more details, please refer to our AML Notice;
  • delivery address - for users opting for physical product delivery, we gather pertinent details to facilitate accurate and timely shipment. This encompasses country of residence, contact phone number, city of residence, state or region, postal code, and street name;
  • profile picture - recognizing the significance of personalization, users are offered the option to upload profile pictures. This feature is discretionary;
  • communication data - our commitment to exceptional customer service extends to our support channels. Consequently, we gather information shared by users during interactions with our support team (for example, the video/photo you uploaded, screenshots, etc.). This includes queries, feedback, concerns, and any additional details provided to facilitate prompt and effective assistance.

4. Purpose of processing and legal basis

We only collect essential personal data necessary to provide the services you request, aiming to ensure secure, efficient, and seamless Diamore Services delivery. Understanding the reasons behind the collection of your personal data empowers you to make informed decisions regarding your privacy and data sharing practices on our website. We prioritize transparency and accountability in our data processing, striving to adhere to the highest standards of data protection and privacy compliance.

Our collection and processing of personal data are solely for specific and legitimate purposes, including:

  • supporting, maintaining, and improving our website;
  • communicating with you, responding to your requests, and informing you about relevant security issues, upgrades, suggestions, or other information;
  • sending promotional content based on your marketing preferences;
  • fulfilling our legal obligations and protecting your rights;
  • monitoring and managing the efficiency of our business activities, analyzing productivity, and generating internal reports;
  • safeguarding and maintaining the integrity of our website and services by enhancing security measures, verifying identity or access to services, addressing malware or security risks, and ensuring compliance with relevant security laws.

We rely on the following legal bases for processing your personal data:

  • your consent - when you voluntarily provide consent for the processing of your personal data;
  • performance of a contract - when processing your personal data is necessary to fulfill our contractual obligations to you;
  • compliance with a legal obligation - when processing your personal data is required to comply with a legal obligation;
  • legitimate interests - when processing your personal data is necessary for our own business needs or to protect legitimate interests, ensuring a balance of interests is achieved.

We are happy to clarify the specific legal basis for processing in any particular case upon request.

5. Sources of personal data

We may collect personal data from various sources, including:

  • voluntary provision - usually we obtain personal data directly from you when you voluntarily provide information through our website, forms, or other communication channels. This may include contact details (email, phone), identification details, address details, etc.
  • website usage - we may collect personal data through the use of cookies and similar technologies when you interact with our website. This may include browsing history, IP addresses, device information, and other usage data. For more information, please refer to our Cookie Policy;
  • third-party sources - we may receive personal data from third-party sources, such as service providers, business partners, or publicly available sources. This may include contact information and other relevant information obtained from reputable sources.

It is important to note that we only collect personal data from lawful sources and adhere to the principles of transparency, fairness, and accountability outlined in the Data Protection Act 2018 and the GDPR. We take appropriate measures to ensure that the personal data we collect is accurate, relevant, and limited to the purposes for which it was obtained.

6. Your rights 

As a data subject you have certain rights regarding your personal data. These rights empower you to exert control over how your data is processed and ensure that your privacy is respected. 

  • the right to be informed about the collection and the use of their personal data - you have the right to be informed about the collection and use of your personal data. This includes knowing the purposes for which your data is being processed, who it will be shared with, and how long it will be retained. This right ensures transparency and empowers you to make informed decisions about your data privacy;
  • the right to access personal data and supplementary information - you have the right to obtain confirmation as to whether your personal data is being processed and access to that data. This allows you to be aware of and verify the lawfulness of the processing;
  • the right to have inaccurate personal data rectified, or completed if it is incomplete - you have the right to request the rectification of inaccurate or incomplete personal data. This ensures that your data is kept accurate and up-to-date;
  • the right to erasure (to be forgotten) in certain circumstances - you have the right to (under certain circumstances) ask for your personal data to be erased where:some text
    1. your personal data is no longer necessary in relation to the purpose for which it was collected/processed;
    2. you withdraw your consent or object to the processing and there is no overriding legitimate interest to continue processing;
    3. you object to the processing and there are no overriding legitimate grounds for the processing;
    4. you object to the processing and your personal data was processed for direct marketing purposes;
    5. your personal data was unlawfully processed or should be erased to comply with a legal obligation;
    6. your personal data is processed in relation to the offer of information society services to a child.

However, we can refuse to erase your personal data where it is processed:

  1. to comply with a legal obligation;
  2. for the exercise or defense of legal claims;
  • the right to restrict processing in certain circumstances - you have the right to restrict the processing of personal data held, wheresome text
    1. you have contested its accuracy;
    2. you have objected to the processing and we are considering whether we have a legitimate ground which overrides this;
    3. processing is unlawful;
    4. we no longer need the data but you require it to establish, exercise or defend a legal claim;
  • the right to data portability, which allows the data subject to obtain and reuse their personal data for their own purposes across different services - this right allows you to move, copy or transfer personal data easily from one IT environment to another in a safe and secure way, without hindrance to usability. This enables you to obtain and reuse your personal data across different services. The right to data portability only applies:some text
    1. to personal data that you have personally provided to us;
    2. where the processing is based on consent or the performance of a contract;
    3. where processing is carried by automated means;
  • the right to object to processing in certain circumstances - you have the right to object to processing of your personal data in certain circumstances and have an absolute right to stop your data being used for direct marketing. In such a case you must give us written notification of your objection to the processing of personal data. We shall no longer process the personal data unless we demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defense of legal claims;
  • rights in relation to automated decision making and profiling - automated decision-making takes place when an electronic system uses personal information to make decisions without human intervention. We could use automated decision-making in the following circumstances:some text
    1. where we have notified you of the decision and given you 21 days to request a reconsideration;
    2. where it is necessary to perform the contract and appropriate measures are in place to safeguard your rights;
  • the right to withdraw consent at any time (where relevant) - you have the right to withdraw your consent at any time. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal. To withdraw your consent, please contact us: support@diamore.co;
  • the right to complain to the Information Commissioner - if you are dissatisfied with the way we have handled your complaint or request and want to make a complaint, you may write to the Information Commissioner, who is an independent regulator. Any complaint to the Information Commissioner is without prejudice to your right to seek redress through the courts. The Information Commissioner can be contacted at: Information Commissioner Wycliffe House Water Lane Wilmslow Cheshire, SK9 5AF. Tel: 08456 30 60 60 or 01625 54 57 45. Fax: 01625 524510.

7. Disclosure of personal data

We treat the personal information outlined in this Privacy Policy with utmost confidentiality and handle it accordingly. Disclosure to third parties occurs only when compelled by law, court orders, or legal proceedings, or when necessary to enforce our agreements or protect our rights, unless you have provided explicit consent. Furthermore, we may share your data with third parties for purposes such as facilitating your use of Diamore Services, processing your inquiries, sending marketing communications, analyzing user behavior, and other specified processing purposes mentioned earlier. Any data shared with third parties is strictly limited to these designated purposes.

We ensure that third parties receive only the minimal amount of personal data required to fulfill the specific service requested. 

Personal data may be disclosed to the following parties:

  • our parent companies, subsidiaries, affiliates;
  • business partners with whom we jointly offer products or services as allowed by law;
  • suppliers;
  • sub-contractors;
  • our advertising partners.

We also ensure we have appropriate contractual protections in place with these third parties.

Our website may contain links to other third party websites which are regulated by their own privacy policies. We are not responsible for these third party websites or any content posted on them including policies, advertising, products, services or activities and/or any losses, damages, failures or problems arising from or related to these sites. 

We recommend you to review the policies, terms and conditions of each website you visit.

8. International transfer of personal data

We may transfer your data to third-party service providers located abroad for the purposes outlined in this Privacy Policy. These providers are contractually bound to uphold the same standards of privacy protection as we do. In instances where the level of data protection in a country does not align with UK or European standards, we ensure through contractual agreements that your personal data receives equivalent protection to that in the UK or EU. This may involve implementing additional technical and organizational measures as necessary and agreeing to EU standard contractual clauses with our partners.

It's important to note that some of these third-party service providers are based in the USA. For users residing in the UK or EU, it's essential to be aware that US authorities have surveillance measures in place that allow for the storage of personal data transferred from the UK or EU to the USA. This storage is done without differentiation or limitation based on the purpose and lacks objective criteria to restrict access and use of the data by US authorities.

Furthermore, for UK residents, the UK government has enacted the Data Protection (Adequacy) (United States Of America) Regulations 2023, establishing a UK-US ‘data bridge’ by formally recognizing transfers of personal data to certain US organizations as having an adequate level of data protection.

We carefully select partners from US companies covered by and compliant with the Framework. For those partners not covered by the Framework, we ensure adequate contractual arrangements and additional guarantees to protect your data at an appropriate level. For instance, we utilize the International Data Transfer Agreement to provide the necessary legal protections for your personal data.

9. Data retention

We retain your personal data for the duration necessary to fulfill the purpose(s) outlined in this Privacy Policy. The duration of retention is determined on a case-by-case basis, taking into consideration factors such as the type of the personal data, the purpose of its collection and processing, and compliance with relevant legal or operational retention requirements.

10. Data security

Ensuring the security of your personal data is paramount to us. We implement robust technical and organizational measures to safeguard against unauthorized access, disclosure, alteration, or destruction of your information. Here's how we prioritize data security:

  • encryption - we utilize industry-standard encryption protocols to protect data transmission and storage. This ensures that your information remains confidential and secure, both during transit and while stored on our servers;
  • access control - access to your personal data is strictly limited to authorized personnel who require it to fulfill their duties. We enforce strict access controls and regularly review access permissions to prevent unauthorized access;
  • data minimization -we collect and retain only the minimum amount of personal data necessary to fulfill the purposes outlined in this Privacy Policy. This reduces the risk associated with storing excessive or unnecessary data;
  • regular audits and assessments - we conduct regular audits and assessments of our data security practices to identify and address potential vulnerabilities. This proactive approach ensures that our security measures remain effective and up-to-date;
  • employee training - our employees undergo comprehensive training on data protection and security practices. This ensures that they understand their responsibilities and adhere to strict security protocols when handling personal data.
  • incident response - in the event of a data breach or security incident, we have established procedures in place to respond promptly and effectively. This includes notifying affected individuals and relevant authorities as required by the Data Protection Act 2018.

By implementing these measures, we strive to maintain the confidentiality, integrity, and availability of your personal data, thereby fostering trust and confidence in our services.

11. Marketing

We will only send you marketing communications if you have explicitly consented to receive such communications. These communications may include, but are not limited to, newsletters, promotional materials and announcements related to our new products. The content of these communications is designed to enhance your overall experience and keep you informed about the latest offerings.

In addition, we may share your personal data with our marketing partners for the purposes of targeting, analytics, as well as for advertising activities.

You can ask us or our partners to stop sending you marketing messages at any time by following the opt-out links on any marketing message sent to you or by contacting us at: support@diamore.co.

12. Changes to this Privacy Policy

This Privacy Policy is subject to periodic revisions, such as when new features are integrated into Diamore Services or when incorporating feedback from our users. Changes to this Privacy Policy may occur as necessary to accommodate

  • business advancements; and/or 
  • legal or regulatory requirements under applicable law that impact our operations. 

Customers will be notified of significant changes. We encourage customers to regularly review the Privacy Policy whenever accessing our Services or engaging with us to stay informed about our privacy and data protection practices and to understand how they can safeguard their privacy. 

Notifications regarding changes may be posted on our website and/or sent via email to the address provided in your account settings. Upon sending, an email is considered received by the recipient when it enters their designated email server or inbox. However, the actual time of receipt may vary depending on factors such as email server delays or individual email client settings. Therefore, for the purpose of notification, the time of receipt is generally deemed to be when the email is successfully delivered to the recipient's email server.