Back

Privacy Policy

Who is the Responsible Party of my data?

Our Site (“Our Site”) is operated by De Beers UK Limited (“Company”, “we” or “us” or “our”). We are registered in England and Wales under company number 08597754 and have our registered office at 17 Charterhouse Street, London, EC1N 6RA, UK.

We are committed to protecting and respecting your privacy and we comply with data protection legislation and other applicable local laws.

If redirected to this site, you can find out more about our Group at www.debeersgroup.com or by contacting us using the information in the contact us section.

This privacy notice (together with our Terms and Conditions which can be found here: https://www.debeersgroupservices.com/terms-conditions and any other documents referred to in it) sets out how we will use any personal data which you provide through our Site. Please read it carefully before you proceed. Unless you have carefully reviewed and completely understand all the contents in this privacy notice, you will not be entitled to access or use Our Site or any services therein.

Our Site is not intended for children and we do not knowingly collect data relating to children.

Third Party Websites

You might find external links to third party websites on our Site. This privacy notice does not apply to your use of a third-party site. We are not responsible for the privacy practices of such third-party websites.

What personal data we collect, when and why we use it

Personal data is any information capable of identifying a natural person, directly or indirectly, in particular by reference to an identification number or to one or more factors specific to their his or her physical, physiological, mental, economic, cultural or social identity. Data is considered personal when it enables anyone to link information to a specific person, even if the person or entity holding that data cannot make that link.

We collect personal data about you collectively (“you”) if you register with or use our Site or request our services.

What personal data will we collect?

We may collect the following personal information from you:

  • your full name
  • email address
  • time and activity logged on our websites
  • messages which you submit to us via our site
  • cookies (please see our cookie notice for further information)
  • user log-in and device information
  • opt-in consent for marketing

Where do we get personal information from?. If you request our services

  • If you engage our services through our Site, we will process your personal data in order to provide you with such services.
  • The personal data that we process to do so will be the personal data that you provide to us, such as your name and your contact details (such as your email address).
  • The source of your personal data will be you

We also collect, use and share aggregated data such as statistical or demographic data for any purpose. Aggregated data may be derived from your personal data but is not considered personal data in law as this data does not directly or indirectly reveal your identity. For example, we may aggregate your usage data to calculate the percentage of users accessing a specific website feature. However, if we combine or connect Aggregated data with your personal data so that it can directly or indirectly identify you, we treat the combined data as personal data which will be used in accordance with this privacy notice.

We do not seek to collect any Special Categories of Personal Data about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data). Nor do we collect any 1 / 4 information about criminal convictions and offences. However, if you enter this information into messages which you submit to us via our site, such data will be collected and processed.

We also may acquire information about you, from publicly available sources, social media platforms, and other parties that may share information as permitted in their privacy policies.

Legal basis for using your personal data

We will only collect, use and share your personal data where we are satisfied that we have an appropriate legal basis to do this. This may be because:

We need to use your personal data to perform a contract or take steps to enter into a contract with you; or

We have your consent to using your personal data for a particular activity; or

It is in our Legitimate Interest to process your personal data.

In particular:

What we use your information for Legal basis for using personal data
To register your account Performance of a contract
To provide services Performance of a contract
Marketing Consent

To manage our relationship with you which will include:

What we use your information for Legal basis for using personal data
Notifying you about changes to our terms or privacy policy Performance of a contract
Asking you to leave a review or take a survey Consent

To consider and respond to queries and feedback that you provide to us.

In particular:

What we use your information for Legal basis for using personal data
Defending legal claims and investigation of complaints Legitimate interests
To manage our Site/Services and improve your user experience Legitimate interests
To keep our systems secure; investigate fraud or regulatory breaches Legitimate interests

If you would like to find out more about the legal basis for which we process personal data please contact us.

How do we share the personal information we collect?

We may share your personal information within the Anglo American group, and with the following third parties:

  • service providers
  • government organisations and agencies, law enforcement and regulators
  • insurers
  • bankers
  • IT administrators
  • lawyers
  • auditors
  • investors
  • consultants and other professional advisors, and
  • business counterparties

We share your personal data in the manner and for the purposes described below:

  • within the Anglo American Group, where such disclosure is necessary to provide you with our products or services or to manage our business
  • with government organisations and agencies, law enforcement, supervisory authorities and regulators, which may include the Information Commissioner’s Office or the Cyberspace Administration of China, to comply with all applicable laws, regulations and rules, and requests of law enforcement, regulatory and other governmental agencies

we may share in aggregate, statistical form, non‑personal data regarding the visitors to our Site, traffic patterns, and website usage with our partners, affiliates or advertisers

  • to protect and defend the rights or property of the company recover debts and liaise with our attorneys in connection with any potential, threatened or actual litigation
  • audit accounts
  • restructure or sell any of our businesses or assets
  • process payments
  • connect with customers on social media
  • understand customer characteristics and produce customer segmentation models

We expect these third parties to process any data disclosed to them in accordance with the contractual relationship we have with them and applicable law, including with respect to data confidentiality and security. Where appropriate, the third parties set out above have agreed to confidentiality restrictions and use any personal information we share with them or which they collect on our behalf solely for the purpose of providing the contracted service to us.

How we protect and store your personal information

We have implemented and maintain appropriate technical and organisational security measures, policies and procedures designed to reduce the risk of accidental destruction or loss, or the unauthorised disclosure or access to such information appropriate to the nature of the personal data concerned.

While we have implemented reasonable technical and organisational precautions to protect the security and integrity of personal data provided to our Site, due to the inherent nature of the internet as an open global communications vehicle, we cannot guarantee that information, during transmission through the internet or while stored on our system or otherwise in our care, will be absolutely safe from intrusion by others.

Where we have given you (or where you have chosen) a password which enables you to access our services, you are responsible for keeping this password confidential. We ask you to use a unique password; not to share your password with anyone; to use a complex password featuring letters, numbers and punctuation; and to successfully log-out when you are accessing our services form a device used by multiple users.

You agree to immediately notify us of any unauthorised use of your password or account or any other breach of security. It is your responsibility to control the dissemination and use of your password, control access to and use of your account, and notify us when you desire to cancel your account on this Site. To the extent permitted by law, we are not responsible or liable for any loss or damage arising from your failure to comply with this provision.

In the unlikely event that we believe that the security of your personal information in our possession or control may have been compromised, we may seek to notify you of that development. If a notification is appropriate, we would endeavour to do so as promptly as possible under the circumstances, and, to the extent we have your e-mail address, we may notify you by e-mail.

Data Retention

We will store your personal data for as long as is reasonably necessary for the purposes for which it was collected, as explained in this privacy notice. Where your information is no longer needed, we will ensure that it is disposed of in a secure manner. Unless otherwise required to do so in accordance with legal, regulatory, tax or accounting requirements “Origin Story related” data is held for 7 years, with messaging data deleted daily.

In specific circumstances we may store your personal data for longer periods of time so that we have an accurate record of your dealings with us in the event of any complaints or challenges, or if we reasonably believe there is a prospect of litigation relating to your personal data or dealings.

International transfers

We share your personal information within the Anglo American group of companies or with any third parties as set out in this Notice.  However, some personal information is transferred to different jurisdictions whose privacy laws may not be equivalent to the laws in your country, and this includes transfers outside the UK and European Economic Area (EEA).  In addition, some of the external organisations we share your personal information with may not be in the same country as you. We will always use adequate safeguards to ensure that the level of protection for international transfers meets the requirements of relevant data protection regulations, and take steps to ensure that any transfer of information outside your country is carefully managed to protect your privacy rights:

Transfers within the Anglo American Group, to service providers and other third parties operating in different jurisdictions will be protected by contractual commitments, certification schemes, or other legally acceptable mechanisms as required by applicable laws and regulations that ensure an adequate level of protection; and

Any requests for information we receive from law enforcement, authorities, or regulators will be carefully checked and complied with according to applicable laws and regulations before personal information is disclosed.

Your rights

Subject to certain exemptions, and in some cases dependent upon the processing activity we are undertaking, you have certain rights in relation to your personal data.

To access personal data

You have a right to request that we provide you with a copy of your personal data that we hold and you have the right to be informed of; (a) the source of your personal data; (b) the purposes, legal basis and methods of processing; (c) the data controller’s identity; and (d) the entities or categories of entities to whom your personal data may be transferred.

To rectify / erase personal data

You have a right to request that we rectify inaccurate personal data. We may seek to verify the accuracy of the personal data before rectifying it.
You can also request that we erase your personal data in limited circumstances where:

  • it is no longer needed for the purposes for which it was collected; or
  • you have withdrawn your consent (where the data processing was based on consent); or
  • following a successful right to object (see right to object section); or
  • it has been processed unlawfully; or
  • to comply with a legal obligation to which the Company is subject.

To the extent permitted by law, we are not required to comply with your request to erase personal data if the processing of your personal data is necessary:

  • for compliance with a legal obligation; or
  • for the establishment, exercise or defence of legal claims

Right to restrict the processing of your personal data

You can ask us to restrict your personal data, but only where:

  • its accuracy is contested, to allow us to verify its accuracy; or
  • the processing is unlawful, but you do not want it erased; or
  • it is no longer needed for the purposes for which it was collected, but we still need it to establish, exercise or defend legal claims; or
  • you have exercised the right to object, and verification of overriding grounds is pending.

We can continue to use your personal data following a request for restriction, where:

  • we have your consent; or
  • to establish, exercise or defend legal claims; or
  • to protect the rights of another natural or legal person.

Right to transfer your personal data

You can ask us to provide your personal data to you in a structured, commonly used, machine‑readable format, or you can ask to have it transferred directly to another data controller, but in each case only where:

  • the processing is based on your consent or on the performance of a contract with you; and
  • the processing is carried out by automated means.

Right to object to the processing of your personal data

  • You can object to any processing of your personal data which has our legitimate interests as its legal basis, if you believe your fundamental rights and freedoms outweigh our legitimate interests.
  • If you raise an objection, we have an opportunity to demonstrate that we have compelling legitimate interests which override your rights and freedoms.

Right to object to how we use your personal data for direct marketing purposes

  • You can request that we change the manner in which we contact you for marketing purposes.
  • You can request that we not transfer your personal data to unaffiliated third parties for the purposes of direct marketing or any other purposes.

Right to obtain a copy of personal data safeguards used for transfers outside your jurisdiction

  • You can ask to obtain a copy of, or reference to, the safeguards under which your personal data is transferred outside of the European Union.
  • We may redact data transfer agreements to protect commercial terms.

Right to lodge a complaint with your local supervisory authority

  • You have a right to lodge a complaint with your local supervisory authority if you have concerns about how we are processing your personal data. We ask that you please attempt to resolve any issues with us first, although you have a right to contact your supervisory authority at any time.
  • If you wish to access any of the above mentioned rights, we may ask you for additional information to confirm your identity and for security purposes, in particular before disclosing personal data to you. We reserve the right to charge a fee where permitted by law, for instance if your request is manifestly unfounded or excessive.
  • You can exercise your rights by contacting us. Subject to legal and other permissible considerations, we will make every reasonable effort to honour your request promptly or inform you if we require further information in order to fulfil your request.

Your rights under CCPA

If you are a California resident, you are entitled to the following rights under the California Consumer Privacy Act (CCPA).  You can exercise these rights at any time by contacting us at (insert email address)

  • To be informed about the personal information that the business collects and shares, including the categories and specific pieces of personal information
  • To request from us access to personal information that we collect and share to services providers and third parties.
  • To opt-out of the sale of your personal information to third parties.
  • To request the deletion of your personal information
  • To not be discriminated against for exercising any of your consumer rights.

There is not charge for exercising your consumer rights.

“Do not sell my information”

If you are a Californian resident and have provided personal information to a business, you may be entitled by California law to opt-out of selling of your personal information by a business to a third party. The CCPA broadly defines the term “sale”, where it may include when we share your personal information to a third party for a value, where it is not for a business purpose, you have not directed us to sharing the personal information with a third party or is not pursuant to a written contract. To opt-out of the sale of your personal information, please email us at (insert email address)

Please not that we have also adopted a policy (“Third Party Opt-Out Policy”) of not sharing your personal information with third parties for their direct marketing purposes if you request that we do not do so.

Sale and Disclosure for Business Purposes

At De Beers Origin, we do not sell any personal data that we collect. We do disclose personal details as detailed in “How we share the personal information we collect”, the categories of data that is disclosed for business purposes.

Contact us

The primary point of contact for all issues arising from this privacy notice is our Data Protection Team. The Data Protection Team can be contacted in the following ways:
Email address: [email protected]
Telephone number: +44 (0)20 7968 8888
Postal address: 17 Charterhouse Street, London, EC1N 6RA, UK
If you have any questions, concerns or complaints regarding our compliance with this privacy notice, the information we hold about you or if you wish to exercise your rights, we encourage you to first contact our Data Protection Team. We will investigate and attempt to resolve complaints and disputes and make every reasonable effort to honour your wish to exercise your rights as quickly as possible and in any event, within the timescales provided by data protection laws.

To contact your data protection supervisory authority

You have a right to lodge a complaint with your local data protection supervisory authority (i.e. the regulatory authority in your place of habitual residence, place or work or place of alleged infringement) at any time. We ask that you please attempt to resolve any issues with us before your local supervisory authority.

 

5/20/2025, 10:11:11 AM | V5.0

© De Beers 2023-2025™ Terms and Policies