Privacy Policy

C.O.D Limited and its affiliates (collectively “C.O.D”, “we” and “us”) take your data and privacy very seriously.

This Data & Privacy Policy describes the types of Personal Data we collect through our platform (“Platform”), including our website Colour of Diamonds.net. This policy also describes how we use Personal Data, with whom we share it and your rights and choices.

We are the data controller responsible for your personal data and we are registered with the Information Commissioner’s Office with reference number ZA436707.

We have appointed a data protection officer (“DPO”). Our DPO has a number of important responsibilities including: monitoring Dr Ice Enterprise’s compliance with the GDPR and other data protection laws, raising awareness of data protection issues, training C.O.D staff and conducting internal audits, and cooperating with supervisory authorities such as the ICO on our behalf. If you have any questions about this privacy notice, including any requests to exercise your legal rights, please contact us.

Complaints

You have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk). We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance.

Personal Data We Collect

A. Personal Data that we collect about you

To access the Platform you need to have an Account. When you register an account at C.O.D, you provide us with the following information:

  • Your Full Name
  • Your Email Address
  • Your Phone Number
  • Your chosen Password (note: we store an encrypted version of your password and are never able to see your plaintext password)
  • (optional) Your Profile Image

 

In order to register your Business on the Platform you provide us with the following information:

  • Registered Company Address, including Country, Postal Code and City
  • Website
  • Company Registration information, including Registration Number, Registration Date and Entity Type
  • Applicable Tax Number (e.g. VAT number)

 

To comply with our AML and KYC policy you provide us with the following information:

  • List of Directors
  • Identity Proof of Directors
  • Address Proof of Directors
  • Certificate of Incorporation
  • Business Address Proof

 

For each additional Office you register to the Platform you provide us with the following information:

  • Registered Address, including country, postal code and city
  • Office Email Address
  • Business Address Proof
  • (optional) Office Website

 

When you add your Bank Account to the Platform you provide us with the following information:

  • Bank Account Number
  • Bank Account Holder
  • BIC or SWIFT number

 

When you make purchases on the Platform we store information about each order, including:

  • Date and Time
  • Delivery Office
  • Delivery Deadline
  • Amount

 

B. Information that we collect automatically

The Platform uses cookies and other technologies to function effectively. These technologies record information about your use of the Platform, including:

Browser and Device Data

IP address, device type, operating system and Internet browser type, screen resolution, operating system name and version, device manufacturer and model and language.

Usage Data

Time spent on the Platform, pages visited, links clicked, language and Account preferences, and the pages that led or referred you to the Platform.

How We Use Personal Data

A. Our Platform

We rely upon a number of legal grounds to ensure that our use of your Personal Data is compliant with applicable law. We use Personal Data to facilitate use of the Platform, to comply with our financial regulatory and other legal obligations and to pursue our legitimate business interests. We also use Personal Data to complete Transactions and to provide payment-related services.

Use of the Platform

Allowing you to do the following (but not limited to): Register an Account, Access the Platform, Search for Goods, Manage Account Settings, Make and Manage Purchases, Send and Manage Transactions, Exchange Currencies, Manage Bank Accounts.

Legal and Regulatory Compliance

We use Personal Data to verify the identity of our Users in order to comply with fraud monitoring, prevention and detection obligations, laws associated with the identification and reporting of illegal and illicit activity, such as AML (Anti-Money Laundering) and KYC (Know-Your-Customer) obligations, and financial reporting obligations. For example, we may be required to record and verify a User’s identity for the purpose of compliance with legislation intended to prevent money laundering and financial crimes. These obligations are imposed on us by the operation of law, industry standards, and by our financial partners, and may require us to report our compliance to third parties, and to submit to third party verification audits.

Legitimate Business Interests

We rely on our legitimate business interests to process Personal Data. The following list sets out the purposes that we have identified as legitimate. We:

  • Monitor, prevent and detect fraud and unauthorized Transactions
  • Mitigate financial loss, claims, liabilities or other harm to Users and C.O.D
  • Respond to queries, send Platform notices and provide support
  • Promote, analyze, modify and improve our Platform, systems and tools, and develop new features and tools
  • Monitor, operate and improve the performance of the Platform by understanding their effectiveness
  • Analyze and advertise our Platform
  • Conduct aggregate analysis and develop business intelligence that enables us to operate, protect, make decisions and report on the performance of our business
  • Share Personal Data with Third Party service providers that provide services on our behalf
  • Ensure Security throughout C.O.D

 

BMarketing and events-related communication

We may send you communications through email about C.O.D’s Platform or new features and/or products, invite you to participate in Events or Surveys, or other Marketing purposes in accordance with the consent requirements imposed by applicable law.

How We Disclose Personal Data

C.O.D does not sell or rent Personal Data to anyone. We share your Personal Data with trusted entities, as outlined below:

Service Providers

We share Personal Data with a limited number of Service Providers. We have service providers that provide services on our behalf, such as identity verification services, website hosting, data analysis, information technology and related infrastructure, customer service, email delivery, and auditing services. These service providers may need to access Personal Data to perform their services. We authorize such service providers to use or disclose the Personal Data only as necessary to perform services on our behalf or comply with legal requirements. We require such service providers to contractually commit to protect the security and confidentiality of Personal Data they process on our behalf. Our service providers are predominantly located in the European Union and the United States of America.

Business Partners

We share Personal Data with third party business partners when this is necessary to provide our Platform functionality. Examples of third parties to whom we may disclose Personal Data for this purpose are banks and payment method providers (such as credit card networks) when we provide Transaction processing services.

Compliance and Harm Prevention

We share Personal Data as we believe necessary: (i) to comply with applicable law, or payment method rules; (ii) to enforce our contractual rights; (iii) to protect the rights, privacy, safety and property of Dr Ice Enterprise, you or others; and (iv) to respond to requests from courts, law enforcement agencies, regulatory agencies, and other public and government authorities, which may include authorities outside your country of residence.

Buy Now Pay Later/Extended Payment Providers

If you use our buy now, pay later function or we otherwise provide extended payment terms to you (“BNPL Service”), the Personal Data you provide will be processed by our third party credit and payment service provider, MarketFinance Limited ( the “BNPL Service Provider”) to assess your eligibility for the BNPL Service and for other purposes including fraud prevention and identity verification.

The BNPL Service Provider may share your Personal Data with credit reference agencies (“CRA”) they work with such as Experian, and may use Personal Data about you, and anyone with a financial association to you (a financial association is a link that’s created when you apply for a financial agreement with someone else); the BNPL Service Provider may also collect this information from other credit reference agencies in order to assist in assessing your eligibility for credit and payment services in connection with the BNPL Service. The data accessed contains publicly held data including the electoral roll, and shared credit performance data.

When a CRA receives a search from us or a BNPL Service Provider to assess your eligibility for the BNPL Service, the CRA will place a soft quotation search footprint on your credit report, regardless of whether you progress any application. This search will not affect your ability to gain credit.

If you choose to pursue an application for the BNPL Service, any Personal Data that you provide will be shared with our BNPL Service Provider. Upon you making a purchase for goods or services using the BNPL Service, the BNPL Service Provider may undertake a search with a CRA which will leave a hard search footprint on your credit report. The BNPL Service Provider may also continue to exchange information about your business with CRAs on an ongoing basis, including about your settled accounts and any debts not fully repaid on time. CRAs may share your Personal Data with other organisations.

Further information about each CRA and what it does with Personal Data is available at the following locations:

 

You can contact any of the CRAs if you wish to obtain a copy of your personal or business credit report.

Your Rights and Choices

You have choices regarding your Personal Data:

Opting out of Electronic Communication

If you no longer want to receive Marketing-related emails from us, you can tell us by clicking the unsubscribe link provided at the bottom of each email. We may still send you important administrative messages that are required to provide our Platform functionality.

See or Change your Personal Data

You can see and change your Personal Data by going to the Settings section on the Platform. You can also contact us to inform us of changes.

Data Protection Rights

You have the following rights:

  • The right to request confirmation of whether C.O.D processes Personal Data relating to you, and if so a copy of that Personal Data
  • The right to request C.O.D to update Personal Data that is incorrect, inaccurate or outdated
  • The right to request C.O.D to delete your Personal Data
  • The right to request C.O.D to stop processing your Personal Data
  • The right to request manual review of automated decisions (including but not limited to KYC checks)
  • Wherever the processing of your Personal Data is based on your given consent, you have the right to revoke that consent at all times

 

Security & Data Retention

A. Security

We make reasonable efforts to ensure a level of security appropriate to the risk associated with the processing of Personal Data. We maintain organizational, technical and administrative measures designed to protect Personal Data within our organization against unauthorized access, destruction, loss, alteration or misuse. Your Personal Data is only accessible to a limited number of personnel who need access to the information to perform their duties. Unfortunately, no data transmission or storage system can be guaranteed to be 100% secure. If you have reason to believe that your interaction with us is no longer secure (for example, if you feel that the security of your account has been compromised), please let us know immediately.

All Personal Data is stored in the European Union, stored on secure servers, and transmitted and encrypted using Secured Sockets Layer technology.

B. Retention

We retain your Personal Data as long as we are providing Platform access to you. We retain Personal Data after we cease providing Platform access to you, even if you close your C.O.D account, to the extent necessary to comply with our legal and regulatory obligations, and for the purpose of fraud monitoring, detection and prevention. We also retain Personal Data to comply with our tax, accounting, and financial reporting obligations, where we are required to retain the data by our contractual commitments to our financial partners, and where data retention is mandated by the payment methods that we support. Where we retain data, we do so in accordance with any limitation periods and records retention obligations that are imposed by applicable law.

C. Data Breach

We will inform the ICO and other relevant local authorities of any occurrence of a Data Breach, and will notify affected users if applicable.

Use By Minors

Access to the Platform is not directed to individuals under the age of thirteen (13) and we request that they not provide Personal Data through the Platform.

Updates to the Data & Privacy Policy

We may change this Policy from time to time to reflect changes in our practices or relevant laws. Any changes are effective when we publish the updated Policy on the Platform. We will provide you with disclosures and alerts regarding the Policy or Personal Data collected by posting them on our website and by contacting you through the Platform and email address of your Account.

Questions

If you have any questions about this policy, please contact us.