ACL t/a Bullionjoy as Bullionjoy (“Bullionjoy”, “we”, “us”, or “our”) operates the website
www.bullionjoy.com (“our site”).
We are a UK-based coin and bullion retailer. The purpose of our site is to provide information about our products and services for prospective, current, and former customers.
This Privacy Policy explains how we collect and use personal information supplied by you on our website, in person, and over the telephone. We are the “data controller” for the purposes of data protection legislation, which means we decide how we use your personal information.
We are committed to protecting and respecting your privacy and ensuring that personal and sensitive information is collected and processed in compliance with this Privacy Policy.
Important: Our site and our products and services are not intended for children. We do not knowingly collect data relating to children.
How to Contact Us
Company name: ACL t/a Bullionjoy as Bullionjoy
Company number: 10965297
Registered office: The CIBA Building, 146 Hagley Road, Birmingham, B16 9NX, United Kingdom
Website: www.bullionjoy.com
If you have any questions about this Privacy Policy, please contact us.
The Data We Collect About You
“Personal data” means any information relating to an identified or identifiable individual. It does not include anonymous data or information relating solely to a business or organisation.
“Processing” includes collecting, storing, using, organising, amending, disclosing, and deleting data.
Depending on how you interact with us, we may collect, use, store, and transfer the following categories of personal data:
- Identity Data – name, username, title, date of birth.
- Contact Data – billing and delivery address, telephone numbers, email address.
- Profile Data – account credentials, preferences, interests, feedback, and communications with us.
- Verification Data – date of birth, address, passport or other identification data.
- Financial Data – bank account and payment card details.
- Transaction Data – payments to and from you and details of products and services purchased.
- Social Media Data – social media handle, photograph, location, occupation, interests, and other content you make available via social media platforms.
- Marketing & Communication Data – your preferences for receiving marketing from us.
- Customer Service Data – emails, online chats, and telephone records.
- Usage Data – how you use our site and services, including navigation and error events.
- Technical Data – IP address, login data, browser type and version, time zone and location, browser plug-ins, operating system and platform, device identifiers.
- Recorded Data – CCTV, where applicable, and recordings of incoming and outgoing telephone calls (see our Recording Policy if applicable).
How We Collect Information
Direct interactions
We collect personal data when you:
- Place an order for products or services;
- Fill out a form (e.g., contact form) on our site;
- Make an enquiry or use live chat;
- Create a customer account;
- Connect with, follow, or like our social media accounts;
- Subscribe to our newsletter or marketing communications.
This may include Identity, Contact, Profile, Verification, Financial, Social Media, Transaction, and Marketing & Communication Data.
Automated technologies or interactions
When you use our site, we automatically collect Technical and Usage Data via cookies, server logs, tracking pixels, and similar technologies.
Please see our Cookies Policy for details. Where applicable, CCTV and telephone systems may capture Recorded Data.
Third parties and publicly available sources
We may receive personal data from:
- Payment and delivery providers (e.g., payment gateways and couriers) for Identity, Contact, Financial, and Transaction Data.
- Directory and verification services (e.g., Royal Mail) for Identity, Contact, and Verification Data.
- Social media platforms for Identity, Contact, and Social Media Data.
- Analytics providers (e.g., Google) for Technical and Usage Data.
- Advertising networks for Technical and Usage Data.
- Live chat providers for Identity, Contact, Profile, Verification, Usage, and Technical Data.
- Public sources such as Companies House and the Electoral Register for Identity, Contact, and Verification Data.
How and Why We Use Your Personal Information
We only process your personal data where we have a lawful basis, which may include:
- Contract – to perform a contract with you or take steps at your request before entering into one;
- Legal obligation – to comply with applicable laws and regulations;
- Legitimate interests – for our business interests, provided your rights do not override those interests;
- Consent – where you have given consent (you may withdraw consent at any time).
Examples of processing
| Purpose | Data Types | Lawful Basis |
|---|---|---|
| Provide customer service, liaise on orders, and updates | Identity, Contact, Profile, Social Media, Customer Service, Transaction | Legitimate interests; Contract |
| Process and fulfil orders and payments | Identity, Contact, Profile, Financial, Customer Service, Transaction | Legitimate interests; Contract |
| Prevent and detect fraud and comply with AML obligations | Identity, Contact, Profile, Financial, Customer Service, Transaction | Legal obligation; Legitimate interests |
| Manage our relationship with you (including policy/terms updates) | Identity, Contact, Profile, Social Media, Customer Service, Marketing & Communications | Legitimate interests; Legal obligation |
| Set up and secure your online account | Identity, Contact, Profile, Technical, Customer Service, Usage | Legitimate interests; Consent (at registration) |
| Administer and protect our business and site (troubleshooting, security, hosting) | Identity, Contact, Usage, Verification, Technical | Legitimate interests |
| Use analytics to improve our site, services, and marketing | Identity, Contact, Technical, Social Media, Usage | Legitimate interests |
| Send news, offers, market updates (according to your preferences) | Identity, Contact, Profile, Social Media, Customer Service, Usage, Marketing & Communications | Legitimate interests; Consent (at subscription) |
| Respond to queries via site, email, phone, live chat, or social media | Identity, Contact, Profile, Verification, Social Media, Customer Service, Marketing & Communications | Consent; Legitimate interests |
| Record customer calls (where applicable) | Identity, Contact, Profile, Customer Service, Recorded | Legitimate interests (training, fraud prevention, accurate records) |
| Invite feedback and reviews | Identity, Contact, Profile, Usage, Customer Service, Marketing & Communications | Legitimate interests |
| Operate CCTV on premises (where applicable) | Identity, Recorded | Legitimate interests (security and loss prevention) |
Marketing
If you opt in, we may send you marketing communications, including news, updates, and offers.
Our email provider may use a tracking pixel to understand open rates and clicks so we can tailor content.
You can update your preferences in your account or via our Contact page.
Opting out: You can unsubscribe at any time using the link at the bottom of our emails or by contacting us.
Change of Purpose
We will only use your personal data for the purposes we collected it for, unless we reasonably consider we need to use it for another compatible reason.
If we need to use your data for an unrelated purpose, we will notify you and explain the legal basis.
We may process your personal data without your knowledge or consent where required or permitted by law.
If You Fail to Provide Personal Data
Where we need personal data to comply with law or perform a contract and you fail to provide it, we may be unable to provide products or services and may have to cancel your order.
How We Protect Your Personal Data
We use appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction.
Where appropriate (e.g., for Financial Data) we use SSL-secured channels and encryption.
However, transmission of information over the internet is not completely secure; any transmission is at your own risk.
Access to your personal information is limited to authorised personnel who process it under our instructions and are subject to confidentiality obligations.
We maintain procedures for suspected data breaches and will notify you and regulators where legally required.
When no longer required, we take reasonable steps to securely destroy personal information.
How Long We Keep Your Personal Data
We retain personal data only as long as necessary for the purposes collected, considering the amount and sensitivity of data, potential risk from unauthorised use, and legal requirements.
We may anonymise data for research and statistical purposes and use it indefinitely without further notice.
If we have a contractual relationship with you, we retain data for its duration and thereafter only what is needed to meet legal, regulatory, audit, and record-keeping obligations, or to establish, exercise, or defend legal claims.
In particular, Verification Data together with Identity and Transaction Data may be kept for five years from the date of the relevant transaction (e.g., AML requirements).
Sharing Your Personal Information
We do not sell your personal data.
We may share personal data with:
- Service providers (hosting, IT, payments, order processing, stock control, analytics, marketing, advertising) under contractual safeguards;
- Professional advisers (lawyers, bankers, auditors, insurers);
- Authorities and regulators (e.g., HMRC, police) where required by law, fraud prevention, or credit risk reduction;
- Third parties in connection with a business sale, transfer, merger, or acquisition.
Some recipients may act as independent data controllers. Please refer to their privacy notices for details of their processing.
We only share personal data as outlined in this Privacy Policy.
International Transfers
Some of our providers may be located outside the UK/EEA. Where we transfer personal data internationally, we ensure appropriate safeguards are in place, such as:
- Transfers to countries with an adequacy decision; or
- Appropriate Standard Contractual Clauses approved by relevant authorities.
Please contact us if you would like more information on the safeguards for specific transfers.
Cookies
Our site uses cookies and similar technologies to improve services and enhance your experience. You can set your browser to refuse all or some cookies or to alert you when websites set or access cookies.
Disabling cookies may affect site functionality (e.g., basket and checkout).
For details, please see our Cookies Policy.
Links to Third-Party Websites
Our site may contain links to third-party websites. We are not responsible for their content or privacy practices.
If you access such websites, your information will be used according to their privacy policies. We encourage you to read those policies.
Your Rights
You have the following rights regarding your personal data (subject to conditions and exemptions in law):
- Access your personal data and receive related information;
- Rectification of inaccurate or incomplete data;
- Data portability to you or a third party (for certain automated processing under consent or contract);
- Erasure where there is no good reason for continued processing;
- Object to processing based on legitimate interests;
- Restrict processing in certain circumstances;
- Withdraw consent where processing is based on consent (this will not affect prior lawful processing but may affect our ability to provide certain services).
To make a subject access request, please contact us or write to:
ACL t/a Bullionjoy, The CIBA Building, 146 Hagley Road, Birmingham, B16 9NX, United Kingdom.
To exercise other rights, please call us or contact us via our Contact page. We may need to verify your identity and may request additional information to expedite your request.
You will not usually have to pay a fee. We may charge a reasonable fee or refuse to comply if a request is unfounded, repetitive, or excessive.
Complaints
You have the right to complain to the UK Information Commissioner’s Office (ICO) at www.ico.org.uk.
We would appreciate the chance to address your concerns first, so please contact us in the first instance.
Changes to This Privacy Policy
We review this Privacy Policy regularly and will post any updates on this page. Please check back frequently to stay informed about how we process your personal information.