At John H Lunn (Jewellers) Limited, we want you to feel confident that when you use our organisation, you can trust us with your information. We are dedicated to ensuring that we never undermine your trust or infringe upon your rights.

The security and privacy of our clients and their personal information are of prime importance to us. This page has been created to inform you of the information we need to collect, why we need to collect such information and how we use the information we collect.

We are the sole owner of the information collected on our website. We may retain personally identifiable information for accounting purposes and general record-keeping. Clients can opt to deactivate their accounts and have their details removed from our database by sending an email to concierge@lunns.com.

We are registered as a Data Controller with the Information Commissioner’s Office (ICO). As a Data Controller, we shoulder the highest level of compliance responsibility and are bound to uphold all UK GDPR requirements. Our registered address is 7-21 Queen’s Arcade, Belfast, BT1 5FE our registration number is Z5260390.

This Privacy Policy outlines what information we collect about you, how it is used and shared, and your rights regarding it.

2. O

The General Data Protection Regulation (GDPR) requires all organisations that process personal data to have a Lawful Basis for doing so. The Lawful Bases identified in the GDPR are:

  1. Consent: the data subject has given clear consent for their personal data to be processed;
  2. Contract: where processing personal information is necessary for a contract with the data subject or to take steps before entering into a contract;
  3. Legal Obligation: where the processing of personal information is necessary for compliance with a legal obligation;
  4. Vital Interests: where the processing of personal information is necessary to protect the vital interests of the data subject or another person
  5. Public Task: where the processing of personal information if necessary to perform a task carried out in the public interest or for official functions under the authority vested in the controller
  6. Legitimate Interests: where the processing of personal information is necessary for the legitimate interests of ourselves, or a third party, except where such interests are overridden by the interests, rights or freedoms of the data subject.

  6.1 Examples of legitimate interests include:

  • Where the data subject is a client or in the service of the controller;
  • Transmission within a group for internal administrative purposes;
  • To ensure network and information security, including preventing unauthorised access;
  • Processing for direct marketing purposes;
  • To prevent fraud, or report possible criminal acts or threats to public security.

At John H Lunn (Jewellers) Ltd., our Lawful Basis for processing your information is to undertake the performance of a contract, and our Legitimate Interest is that you are, or have been, a client of John H Lunn (Jewellers) Ltd. 


The General Data Protection Regulation gives you specific rights around your personal data. 

For example:

  • You have to be informed about the information we hold about you and what we use it for;
  • You can ask for a copy of the personal information we hold about you;
  • You can ask us to correct any inaccuracies with the personal data we hold;
  • You can ask us to stop sending you direct mail, or emails, or in some circumstances ask us to stop processing your details;
  • Finally, if we do something irregular or improper with your personal data you can seek compensation for any distress you are caused or loss you have incurred.

You can find out more information from the ICO’s website https://ico.org.uk/your-data-matters/; this is the organisation where you can make a complaint if you are unhappy about your treatment.

By using this site you agree to the use of cookies including Google Analytics in order to improve your browsing experience.

By authorising third-party services, you allow the placement and the reading of cookies and the use of tracking technologies required to keep our website reliable and secure.


We collect and process both personal data and special categories of personal data as defined by GDPR.

These include, but are not limited to:

  • Name;
  • Email;
  • Phone number;
  • Address;
  • Payment or bank details*;
  • Date of birth;
  • Gender;
  • Location details;
  • Device IP address;
  • Details of your internet connection and browser;
  • Details of your interactions with us in-store or, online;
  • Billing and delivery address;
  • Details of orders, repairs, valuations, insurance estimates and receipts;
  • Copies of documents you provide to prove your age or identity where the law requires this;
  • Details of your visits to our websites;
  • Information gathered using cookies in your web browser;
  • Personal details which help us to recommend items of interest;
  • Payment card information;
  • Your comments and product reviews;
  • Your image may be recorded on CCTV when you visit a store;
  • Your social media username, if you interact with us through social channels, to help us respond to your comments, questions, or feedback.

*Your Credit Card information is only entered at the payment processing stage when you decide to make a purchase. This is provided securely by SagePay. We do not hold any credit card details from online clients. SagePay will use your personally identifiable information to detect and prevent fraud and process your card payment in a secure and confidential manner.


We may primarily use the Personal Information you provide and any General Information we receive from you to provide you with products and services, including, but not limited to, the following: 

  • Provide goods, services, deliveries, quotations, and information (for example, newsletters);
  • Process or support payments and deposits for goods, special orders and services;
  • Conduct data analysis, testing, and research (including for product development);
  • Monitor and analyse usage and activity trends;
  • Maintain the safety, security, and integrity of our services and protect our business and your account from fraud and other illegal activities;
  • Direct your enquiries to the appropriate department, sales professional, service, or customer support staff;
  • Investigate, address and respond to any queries or concerns raised by you;
  • Communicate with you about products, services, promotions, studies, surveys, news, updates, and events;
  • Fulfil promotions or competitions, including prizes, and send you information about our services and those of our business partners;
  • Investigate or address legal proceedings relating to your use of our services and products, or as otherwise allowed by applicable law;
  • Process any exchange or refund requests; 
  • Protect our customers, premises, assets, and staff from crime, through the operation of CCTV systems in our stores which record images for security. We do this based on our legitimate business interests;
  • Send you communications required by law, or which are necessary to inform you about our changes to the services we provide you. For example, updates to this Privacy Policy, product recall notices, and legally required information relating to your orders;
  • Send you communications required as part of our legitimate business interests to inform you of product(s) becoming available for collection.

We will never sell, trade or rent your personally identifiable information to third parties under any circumstances unless we are required to do so by law or to enable us to complete your order.


6.1 Personal Information We May Share

We sometimes share your personal data with trusted third parties for legitimate purposes.

In these instances, we demand these organisations keep your data safe and protect your privacy:

  • We provide only the information they need to perform their specific services.
  • They may only use your data for the exact purposes we specify in our contract with them.
  • We work closely with them to ensure that your privacy is respected and protected at all times.
  • If we stop using their services, any of your data held by them will either be deleted or rendered anonymous.

Third parties we may share your data with are:

  • Operational companies such as delivery partners (e.g Royal Mail and FedEx);
  • Business Partners, such as individual brands;
  • The general public when we contribute to a public forum such as Facebook, Instagram or Twitter;
  • Our legal advisors in the event of a dispute or other legal matter;
  • Law enforcement officials, government authorities, or other third parties to meet our legal obligations;
  • Any other party where we ask you and you consent to share;
  • IT companies who support our website and other business systems;
  • Direct marketing companies who help us manage our electronic communications with you;
  • Data insight companies to ensure your details are up-to-date and accurate; · 
  • Our payment processing companies process payments on our behalf.

Sharing your data with third parties for their own purposes:

We will only do this in very specific circumstances.

For example:

  • For fraud management, we may share information about fraudulent or potentially fraudulent activity in our premises or systems. This may include sharing data about individuals with law enforcement bodies.
  • We may be asked to share data with our suppliers. We will only do so with your prior consent.

Most of the information that we hold about you is provided to us by you when you seek to use our services. We will specify why we need the information and how we will use it.

6.2 Transfers to International Organisations and Third Countries

In certain circumstances, such as registering your watch guarantee, we may transfer personal data to third countries such as Switzerland or international organisations using the identified safeguards. We are satisfied that such transferred data is fully protected and safeguarded as required by the General Data Protection Regulation.

We retain your personal data while you remain a customer unless you specifically ask us to delete it. Our Retention and Disposal Policy (a copy of which is available on request) details the length of time that we hold data for and how we dispose of it when it is no longer needed. We will delete or anonymise your information at your request unless:

  • There is an unresolved issue, such as a claim or dispute;
  • We are legally required to; or
  • There are overriding legitimate business interests, including but not limited to fraud prevention and protecting customers' safety and security.


You may request access to, correction of, or a copy of your information by contacting us at John H Lunn Jewellers, 7-21 Queen’s Arcade, Belfast, BT1 5FE; by phone at 028 9032 9799 or via email at shop@lunns.com.

7.1 Marketing Opt Outs

You may opt out of receiving emails and other messages from our organisation by following the instructions in those individual messages.

Please click here to opt out of Lunn's marketing communications at any time.


Like most websites, our websites use cookies to collect information. Cookies are small text files that are stored on your browser or device by websites, apps, online media, and advertisements. They are used to ‘remember’ when your computer or device accesses our websites. They allow us to remember whether you are logged in to the site and to remember what items you had in your shopping bag. Cookies are essential for the effective operation of our websites and to help you shop with us online. They are also used to tailor the products and services offered and advertised to you, both on our websites and elsewhere.

We use cookies to:

  • Validate users;
  • Remember user preferences and settings;
  • Determine the frequency with which our content is accessed;
  • Measure the effectiveness of advertising campaigns;
  • Analyse site visits and trends.

You can Configure your Cookie Settings here.


Whilst navigating the Rolex section of our website, you may interact with an embedded website from www.rolex.com. In this case, the Privacy Notice and Cookies Policy of www.rolex.com are solely applicable.

9.1 Rolex Section Cookies

Whilst navigating on the Rolex section of our website, some cookies are controlled by ROLEX SA, which applies the following Cookies Policy.

We will occasionally update our Privacy Notice. When we make significant changes, we will notify you of these through either mail or email. We will also publish the updated Notice on our websites.


This website may provide links to other third-party sites which are not under our control. We are not responsible for the practices, content or availability of any such websites. A link does not imply endorsement of, sponsorship of, or any affiliation with the linked site. We provide the link as a convenience only. If you decide to access linked third-party websites, you do so at your own risk and we will not be held responsible or liable for any loss or damage caused by the use of or reliance on any third-party websites.