Privacy policy

Doyle & Doyle Ventures Inc, DBA Doyle & Doyle
PRIVACY POLICY
Effective Date: March 20, 2026
Business Structure: Corporation
Applicable Regions: United States • European Union • United Kingdom • Canada

This Privacy Policy describes how Doyle & Doyle Ventures Inc, DBA Doyle & Doyle, a Corporation duly incorporated and existing under the laws of the State of New York ("Company," "we," "us," or "our"), collects, uses, discloses, and protects the personal information of visitors and customers who access our website at www.doyledoyle.com (the "Site") or purchase our jewelry products and services.

BY USING OUR SITE OR MAKING A PURCHASE, YOU ACKNOWLEDGE THAT YOU HAVE READ, UNDERSTOOD, AND AGREE TO THIS PRIVACY POLICY. If you do not agree, please discontinue use of our Site immediately.
1. INFORMATION WE COLLECT
1.1 Information You Provide Directly
As a jewelry retailer processing customer accounts, purchases, and correspondence, we collect the following categories of personal information you voluntarily provide:
• Name & Contact Information: Full name, email address, phone number, billing address, and shipping address
• Account Login Information: Username, encrypted password, security questions, and account preferences
• Payment & Billing Information: Credit/debit card numbers, expiration dates, CVV (processed exclusively through PCI-DSS compliant third-party payment processors — we do not store full card data on our servers), billing address, and transaction history
• Order & Purchase Data: Items purchased, order history, wish lists, gift recipient details, ring sizes, engravings, custom order specifications, and return/exchange requests
• Communications: Customer service inquiries, live chat transcripts, product reviews, survey responses, and any correspondence you send us

1.2 Information Collected Automatically
When you visit our Site, we and our authorized service providers automatically collect the following technical and behavioral data:
• Browsing Behavior: Pages viewed, products browsed, time spent on pages, items added to or removed from your cart, search queries, and clickstream data
• Device & Browser Information: IP address, browser type and version, operating system, device type and identifiers, screen resolution, and referral URL
• Cookies & Tracking Technologies: See Section 5 for full details on our use of cookies, pixels, web beacons, and similar tracking tools
• Approximate Location: General geographic location inferred from your IP address (not precise GPS location)

1.3 Information from Third Parties
We may receive information about you from third-party sources including payment processors, shipping carriers, social media platforms (where you connect your account or interact with our social content), fraud detection services, and advertising partners. We may combine this with information we already hold to improve accuracy and personalize your experience.
2. HOW WE USE YOUR INFORMATION
As a Corporation, we process your personal information for the following business and commercial purposes, each grounded in a lawful basis as required by applicable law:
• Order Fulfillment & Customer Service: To process purchases, arrange shipping and delivery, handle returns, exchanges, and warranty claims, and respond to inquiries
• Account Management: To create, authenticate, and maintain your customer account and preferences
• Payment Processing: To authorize and complete transactions through our third-party payment processor
• Marketing & Promotions: To send promotional emails, catalogs, seasonal offers, and personalized product recommendations where you have opted in or where permitted by applicable law. You may opt out at any time (see Section 7)
• Personalization: To tailor the Site experience, product recommendations, and advertisements based on your browsing and purchase history
• Cookies & Analytics: To analyze website traffic, improve Site performance, measure marketing campaign effectiveness, and understand customer behavior
• Fraud Prevention & Security: To detect, investigate, and prevent fraudulent transactions, unauthorized account access, and other illegal activities
• Legal & Regulatory Compliance: To comply with applicable laws, respond to lawful government requests, enforce our Terms of Service, and resolve disputes
• Corporate Operations: For internal record-keeping, financial reporting, auditing, and other legitimate corporate functions
3. SHARING AND DISCLOSURE OF INFORMATION
We do not sell your personal information to third parties. As a Corporation, we may share your information in the following circumstances:
• Service Providers & Processors: We engage vetted third-party vendors — including payment processors (e.g., Stripe, PayPal), shipping and fulfillment partners, email marketing platforms, web hosting providers, customer service tools, and analytics providers — who process data strictly on our behalf under written data processing agreements
• Corporate Affiliates: We may share information with our subsidiaries and corporate affiliates for legitimate business purposes, subject to this Privacy Policy
• Corporate Transactions: In connection with a merger, acquisition, financing, reorganization, bankruptcy, or sale of Company assets, your personal information may be transferred to a successor entity. We will provide notice of any such transfer and material changes to data practices
• Legal Requirements & Protection of Rights: We may disclose information when required by law, regulation, court order, or valid legal process, or to protect the rights, property, safety, and interests of our Company, customers, employees, or the public
• With Your Consent: We may share information with additional third parties when you have given explicit, informed consent
• De-Identified or Aggregated Data: We may share information that has been anonymized or aggregated in a manner that cannot reasonably be used to re-identify you
4. DATA RETENTION
We retain personal information only as long as necessary to fulfill the purposes described in this Policy and to comply with our legal, accounting, and regulatory obligations. Our general retention periods are:
• Transaction & Order Records: Minimum seven (7) years to comply with tax, accounting, and corporate record-keeping requirements
• Customer Account Data: For the duration your account is active, plus three (3) years following account closure, or longer if required by law
• Marketing Preferences & Opt-Out Records: Retained indefinitely to honor your preferences
• Browsing & Cookie Data: As specified in our Cookie settings, generally 12–24 months
• Legal Hold Data: Indefinitely where subject to litigation, investigation, or legal hold

When personal information is no longer required, we securely destroy or anonymize it in accordance with our data disposal procedures.
5. COOKIES AND TRACKING TECHNOLOGIES
Our Site uses cookies, pixel tags, web beacons, local storage, and similar tracking technologies to provide a seamless shopping experience and gather analytics. We use the following categories:
• Strictly Necessary Cookies: Essential for Site functionality — including maintaining your shopping cart, processing checkout, and session authentication. These cannot be disabled without breaking core Site features
• Functional Cookies: Remember your preferences such as saved addresses, currency settings, and wishlist items
• Analytics Cookies: Help us understand how visitors navigate and interact with our Site (e.g., Google Analytics). Data collected is aggregated and used to improve our Site
• Marketing & Advertising Cookies: Used to deliver targeted jewelry advertisements, track campaign performance, and support retargeting across third-party platforms (e.g., Meta Pixel, Google Ads)
• Third-Party Cookies: Set by our service providers as described above

You may manage cookie preferences through your browser settings or our cookie consent banner. We honor Global Privacy Control (GPC) signals where required by applicable law (including California). Note that disabling certain cookies may impair Site functionality and checkout experience.
6. INTERNATIONAL DATA TRANSFERS
As a Corporation serving customers in the United States, European Union, United Kingdom, and Canada, we may transfer your personal information across international borders. Where we transfer personal data outside of your home jurisdiction, we implement appropriate safeguards in accordance with applicable law, including:
• EU/UK to U.S. Transfers: We rely on Standard Contractual Clauses (SCCs) approved by the European Commission and UK adequacy regulations, or other lawful transfer mechanisms, to protect EU/UK personal data transferred to the United States
• Canada: Where data is transferred outside Canada, we take steps to ensure it receives comparable protection as required by PIPEDA and applicable provincial law
• Intra-Corporate Transfers: Data shared among our corporate affiliates is governed by intra-company data processing agreements incorporating appropriate safeguards

By using our Site, you acknowledge that your personal information may be processed in the United States or other jurisdictions that may have different data protection laws than your country of residence.
7. YOUR PRIVACY RIGHTS BY REGION
7.1 United States — Federal & State Rights
Depending on your state of residence, you may have the following rights under applicable U.S. privacy law (including CCPA/CPRA for California residents, VCDPA for Virginia, CPA for Colorado, CTDPA for Connecticut, and other state laws):
• Right to Know: Request disclosure of the categories and specific pieces of personal information we have collected, used, disclosed, or sold about you
• Right to Access: Obtain a copy of your personal information in a portable format
• Right to Delete: Request deletion of your personal information, subject to certain legal exceptions
• Right to Correct: Request correction of inaccurate personal information
• Right to Opt Out: Opt out of the sale or sharing of personal information for targeted advertising (we do not sell personal information; we may share for cross-context behavioral advertising)
• Right to Non-Discrimination: We will not deny you goods or services, charge different prices, or provide a lesser quality of service because you exercised your privacy rights

To submit a request, use the contact details in Section 11. We will verify your identity before processing requests and respond within 45 days (extendable by an additional 45 days with notice).

7.2 European Union — GDPR Rights
For individuals in the European Economic Area (EEA), we process personal data as a data controller under the EU General Data Protection Regulation (GDPR). Our lawful bases for processing include: performance of a contract (order fulfillment), compliance with legal obligations, our legitimate interests (fraud prevention, security, corporate operations), and consent (marketing communications). You have the right to:
• Access your personal data and receive a copy
• Rectify inaccurate or incomplete data
• Erasure ("right to be forgotten") where processing is no longer necessary or lawful
• Restriction of processing in certain circumstances
• Data portability in a structured, machine-readable format
• Object to processing based on legitimate interests or for direct marketing
• Withdraw consent at any time (without affecting the lawfulness of processing before withdrawal)
• Lodge a complaint with your national Data Protection Authority (DPA)

Our EU Representative (if applicable): [Name and Contact of EU Representative, if required under Article 27 GDPR].

7.3 United Kingdom — UK GDPR Rights
For individuals in the United Kingdom, we process personal data in accordance with the UK GDPR and the Data Protection Act 2018. Your rights mirror those described under Section 7.2 above. You have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk. Our UK Representative (if applicable): [Name and Contact of UK Representative].

7.4 Canada — PIPEDA & Provincial Privacy Rights
For individuals in Canada, we process personal information in accordance with the Personal Information Protection and Electronic Documents Act (PIPEDA) and applicable provincial privacy legislation. You have the right to access personal information we hold about you, to challenge its accuracy, to withdraw consent subject to legal and contractual restrictions, and to understand how your personal information is being used and disclosed. To submit a request or direct a privacy complaint, please contact our Privacy Officer at the details in Section 11. If your concern is not resolved, you may contact the Office of the Privacy Commissioner of Canada at priv.gc.ca.
8. DATA SECURITY
As a Corporation, we maintain a comprehensive information security program that includes commercially reasonable administrative, technical, and physical safeguards designed to protect your personal information from unauthorized access, disclosure, alteration, or destruction. These measures include:
• SSL/TLS encryption for all data transmitted between your browser and our servers
• PCI-DSS compliant payment processing — full payment card data is handled exclusively by our certified third-party payment processors
• Access controls and role-based permissions limiting employee access to personal data on a strict need-to-know basis
• Regular security assessments, vulnerability scans, and penetration testing
• Employee training on data privacy and security practices
• Incident response procedures, including breach notification protocols

Despite these measures, no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security, and you transmit information at your own risk. In the event of a data breach that affects your rights or freedoms, we will notify you and applicable regulatory authorities as required by law.
9. CHILDREN'S PRIVACY
Our Site and services are not directed to children under the age of 13 in the United States (or under 16 in the European Union, United Kingdom, and where required by applicable law). We do not knowingly collect personal information from children below the applicable age threshold. If we become aware that we have inadvertently collected personal information from a child, we will take prompt steps to delete such information. If you believe we may have collected information from a child, please contact us immediately using the details in Section 11.
10. THIRD-PARTY LINKS AND INTEGRATIONS
Our Site may contain links to third-party websites, social media platforms, and integrated services (such as payment processors or shipping tracking tools) that are not operated or controlled by us. This Privacy Policy does not apply to those third-party services. We are not responsible for the privacy practices, content, or security of any third-party website and encourage you to review their privacy policies before providing personal information.
11. LIMITATION OF LIABILITY
TO THE FULLEST EXTENT PERMITTED BY APPLICABLE LAW, THE COMPANY AND ITS OFFICERS, DIRECTORS, SHAREHOLDERS, EMPLOYEES, AGENTS, AND SERVICE PROVIDERS SHALL NOT BE LIABLE FOR ANY INDIRECT, INCIDENTAL, CONSEQUENTIAL, SPECIAL, PUNITIVE, OR EXEMPLARY DAMAGES ARISING OUT OF OR RELATED TO ANY UNAUTHORIZED ACCESS TO, DISCLOSURE OF, OR LOSS OF PERSONAL INFORMATION, PROVIDED THE COMPANY HAS IMPLEMENTED COMMERCIALLY REASONABLE SECURITY PRACTICES AS DESCRIBED IN SECTION 8.

Applicable laws in certain jurisdictions, including EU member states, the United Kingdom, and Canada, may not permit the exclusion or limitation of certain damages. In such jurisdictions, our liability is limited to the greatest extent permitted by law.

Nothing in this Section limits the Company's liability for fraud, gross negligence, willful misconduct, or any liability that cannot be lawfully excluded. This Privacy Policy does not create contractual rights beyond those required by applicable law. The Company makes no representation that its privacy practices satisfy the legal requirements of every jurisdiction in which customers are located.
12. CHANGES TO THIS PRIVACY POLICY
We reserve the right to update this Privacy Policy at any time to reflect changes in our practices, applicable law, or business operations. When we make material changes, we will post the revised policy on this page with an updated effective date. Where required by applicable law (including GDPR and CCPA), we will provide you with advance notice of material changes — such as via email to your registered address or a prominent banner on our Site — and, where required, seek your renewed consent.

Your continued use of our Site after the effective date of a revised Privacy Policy constitutes your acceptance of the updated terms. We encourage you to review this Policy periodically.
13. CONTACT US
For questions, concerns, access requests, or complaints regarding this Privacy Policy or our data practices, please contact us:

Doyle & Doyle Ventures Inc, DBA Doyle & Doyle, a Corporation
41 Union Square West, New York, NY 10003
Email: info@doyledoyle.com
Phone: 212-677-9991
Website: www.doyledoyle.com

We will respond to all verified inquiries within the timeframe required by applicable law. For EU/UK individuals, we aim to respond within 30 days. For California residents, within 45 days. For Canadian residents, within 30 days.