Privacy Policy

Privacy Policy (GDPR)

1) Information on the Controller & How to Contact Us

We’re pleased that you’re visiting our website. This Privacy Policy explains how we handle your personal data when you use our site or interact with us. “Personal data” means any information that can identify you directly or indirectly.

Controller (Data Controller):
Sophia-Jewelry
Email: info@sophia-jewelry.com

The “controller” is the natural or legal person who determines the purposes and means of processing personal data.

Security (SSL/TLS):
For security and to protect the transmission of personal data (e.g., orders or enquiries), our website uses SSL/TLS encryption. You can recognize an encrypted connection by “https://” and the padlock icon in your browser.

2) Data Collection When Visiting Our Website (Server Log Files)

If you use our website for information only (i.e., without creating an account or otherwise submitting data), we collect the data your browser transmits to our server (so-called server log files) to display the website and ensure stability/security. This may include:

  • The pages visited on our website

  • Date and time of access

  • Amount of data transmitted

  • Referrer URL (source/link you used to reach the page)

  • Browser type and version

  • Operating system used

  • IP address (possibly in anonymised form)

Legal basis: Art. 6(1)(f) GDPR (legitimate interests in improving stability, security, and functionality).
We do not pass this data on except where required for technical operation or legal obligations. We reserve the right to review log files retrospectively if there are concrete indications of unlawful use.

3) Cookies

We use cookies to make our website attractive and to enable certain functions. Cookies are small text files stored on your device.

  • Session cookies are deleted after your browser session ends.

  • Persistent cookies remain on your device and allow us or selected partners to recognize your browser on your next visit. Persistent cookies auto-delete after a defined period.

Cookies may capture data such as browser and device information, approximate location, and abbreviated IP address. Some cookies simplify ordering by saving settings (e.g., items left in your cart).

Legal bases:

  • Art. 6(1)(b) GDPR for cookies necessary to perform a contract or pre-contract steps (e.g., cart).

  • Art. 6(1)(f) GDPR for cookies supporting functionality and a user-friendly, effective website.

  • Where required by law (e.g., for marketing/analytics cookies), Art. 6(1)(a) GDPR (your consent).

We may work with advertising partners who set third-party cookies. Where applicable, you will be informed separately (e.g., within our cookie banner) about those cookies and the data they collect.

Cookie control:
Most browsers let you get notified about cookies, accept them only in certain cases, block them generally, or delete them. Please note that disabling cookies can limit functionality.

4) Contacting Us

If you contact us (e.g., via form or email), we collect the data you provide to handle your enquiry and for technical administration.

Legal bases:

  • Art. 6(1)(f) GDPR (our legitimate interest in responding to enquiries).

  • Art. 6(1)(b) GDPR if the enquiry aims at contract initiation or performance.

We delete your data once your enquiry is fully resolved, unless statutory retention duties apply.

5) Customer Accounts & Contract Processing

When you open a customer account or place an order, we process the personal data you provide to perform the contract and manage your account.

Legal basis: Art. 6(1)(b) GDPR.

You may request deletion of your account at any time by emailing info@sophia-jewelry.com. After the contract is fulfilled, we restrict processing of your data to comply with tax and commercial retention periods and delete it when those periods expire unless you’ve consented to further use or the law permits us to retain it longer.

6) Direct Marketing (Newsletter & Existing-Customer Emails)

Newsletter Sign-Up (Double Opt-In):
If you subscribe to our newsletter, we send periodic updates about offers. Required field: your email address; other fields are optional. We use double opt-in: after subscribing you must confirm via a link we email to you.

Legal basis: Art. 6(1)(a) GDPR (your consent).

We store your IP address, date, and time of registration to document consent and detect misuse.

You can unsubscribe at any time via the link in each newsletter or by emailing info@sophia-jewelry.com. After unsubscribing, we delete your email from the newsletter list unless you consent to other uses or the law allows further retention.

Emails to Existing Customers:
If you provided your email during a purchase, we may email you offers for similar products/services.

Legal basis: Art. 6(1)(f) GDPR (our legitimate interest in personalized direct advertising).

You can opt out any time by emailing info@sophia-jewelry.com; you’ll incur only transmission costs at the basic rates.

7) Order Fulfilment & Payments

To deliver your order and process payments, we share necessary data with service providers (e.g., logistics, payment processors, banks).

Legal basis: Art. 6(1)(b) GDPR.

Payment Service Providers:

  • PayPal: If you pay via PayPal (incl. PayPal Credit Card, Direct Debit, Pay Later/Installments if offered), we transmit payment data to PayPal (Europe) S.à r.l. et Cie, S.C.A., 22–24 Boulevard Royal, L-2449 Luxembourg, as needed for payment processing (Art. 6(1)(b) GDPR). For certain methods, PayPal may perform a credit check (Art. 6(1)(f) GDPR). See PayPal’s privacy policy for details.

  • SOFORT / Klarna: If you choose SOFORT (Klarna), processing is carried out by Sofort GmbH (Klarna Group). We transmit order and payment details to Sofort/Klarna as required to complete the payment (Art. 6(1)(b) GDPR). See Klarna’s privacy information for details.

8) Review Requests

With your express consent (Art. 6(1)(a) GDPR), we may send you a one-time reminder to review your purchase. You can withdraw consent at any time by emailing info@sophia-jewelry.com.

9) Social Media (Shariff Solution)

To better protect your data, our website may use Shariff links instead of directly embedded plugins for certain networks. With Shariff, no connection to the provider is made until you click the button; a new window opens where you can interact with the platform.

  • Facebook (Meta Platforms, Inc.) – see Facebook’s Privacy Policy.

  • Instagram (Meta) – see Instagram’s Privacy Policy.

Note: Platforms may process data outside the EU/EEA. Appropriate safeguards (e.g., Standard Contractual Clauses) may apply.

10) Online Marketing (Google Services)

We may use Google advertising tools to measure performance and show relevant ads.

Google Ads / Google Ads Conversion Tracking:
When you click one of our Google Ads, Google may set a conversion cookie that expires after about 30 days and does not personally identify you. We receive aggregate stats (e.g., number of people who clicked and reached a conversion page).
Legal basis: Art. 6(1)(f) GDPR.

Google Marketing Platform (formerly DoubleClick):
This may set cookies to prevent repeated displays of the same ad, to improve reporting, and to measure conversions.

Your choices for Google ads:

  • Adjust ad settings in your Google account.

  • Use browser settings to block/clear cookies.

  • Use industry opt-out tools (e.g., “About Ads” / YourAdChoices).

11) Web Analytics (Google Analytics)

We use Google Analytics to understand how visitors use our site.

We use IP anonymization, so Google abbreviates your IP address within the EU/EEA before transfer. Google processes this information on our behalf to evaluate usage, compile reports, and provide related services.

Legal basis: Art. 6(1)(f) GDPR.

Opt-out options:

  • Browser add-on for opting out of Google Analytics.

  • Set an opt-out cookie.

  • Disable cookies in your browser.

12) Remarketing / Retargeting

Facebook Pixel (Meta):
With your consent (Art. 6(1)(a) GDPR), we may use the Facebook Pixel to measure ad effectiveness and build audiences.

Google Ads Remarketing:
Google may set a cookie to enable interest-based ads based on pages you visited.

Legal basis: Art. 6(1)(f) GDPR, plus Art. 6(1)(a) GDPR where consent is required.

13) Your Rights (Data Subject Rights)

Under the GDPR you have the following rights:

  • Right of access (Art. 15)

  • Right to rectification (Art. 16)

  • Right to erasure (Art. 17)

  • Right to restriction (Art. 18)

  • Right to notification (Art. 19)

  • Right to data portability (Art. 20)

  • Right to withdraw consent (Art. 7(3))

  • Right to lodge a complaint (Art. 77)

  • Right to object (Art. 21)

To exercise your rights, contactinfo@sophia-jewelry.com.

14) International Transfers

Where personal data is transferred outside the EU/EEA (e.g., to service providers), we rely on appropriate safeguards such as Standard Contractual Clauses (SCCs).

15) Retention Periods

We store personal data only as long as necessary for the purposes stated here, including legal, accounting, or reporting requirements. After statutory retention periods expire, data is deleted unless further processing is legally permitted.

16) Changes to This Policy

We may update this Privacy Policy from time to time. The current version is always available on this page. Continued use of the website after changes take effect constitutes acceptance of the updated Policy.

17) Contact

If you have questions about this Privacy Policy or about how we process your data, please email info@sophia-jewelry.com.