Privacy Policy

1) Information on the Collection of Personal Data and Contact Details of the Controller

1.1 We are pleased that you are visiting our website and thank you for your interest. Below, we inform you about the handling of your personal data when you use our website. Personal data refers to any information that can be used to personally identify you.

1.2 The controller responsible for data processing on this website within the meaning of the General Data Protection Regulation (GDPR) is Victoria & Grace Jewels. The controller is the natural or legal person who alone or jointly with others decides on the purposes and means of processing personal data.

1.3 This website uses SSL or TLS encryption for security reasons and to protect the transmission of personal data and other confidential content (e.g., orders or inquiries to the controller). You can recognize a secure connection by the URL starting with “https://” and the padlock symbol in your browser’s address bar.

2) Data Collection When Visiting Our Website

When using our website for informational purposes only — i.e., without registering or providing us with information — we collect only the data that your browser sends to our server (so-called “server log files”). When you access our website, we record the following technically necessary data to display the site to you:

  • The website you visited

  • Date and time of access

  • Quantity of data transferred in bytes

  • Source or referral from which you reached the page

  • Browser type used

  • Operating system used

  • IP address used (possibly in anonymized form)

The processing is carried out pursuant to Article 6(1)(f) GDPR based on our legitimate interest in improving the stability and functionality of our website. The data is not passed on or used otherwise. However, we reserve the right to review server log files retrospectively if there are concrete indications of unlawful use.

3) Cookies

To make your visit to our website more attractive and to enable the use of certain functions, we use so-called cookies on various pages. These are small text files stored on your device. Some cookies we use are deleted after the browser session ends (session cookies). Others remain on your device and allow us or our partners (third-party cookies) to recognize your browser on your next visit (persistent cookies). Cookies collect and process certain user information such as browser and location data and IP addresses. Persistent cookies are automatically deleted after a predefined period, which may vary by cookie.

Some cookies simplify the ordering process by storing settings (e.g., saving the contents of a virtual shopping cart for a later visit). If any of our cookies process personal data, we do so under Article 6(1)(b) GDPR to fulfill the contract, or Article 6(1)(f) GDPR for our legitimate interests in providing a user-friendly and effective website.

We may work with advertising partners to make our site more engaging for you. In such cases, partner-set cookies may be stored on your device. You will be informed about their use and the data collected in the following sections.

You can configure your browser to notify you of cookie usage, consent to cookies selectively, or block cookies entirely. Each browser handles settings differently; refer to your browser’s help menu. Links for instructions:

  • Internet Explorer

  • Firefox

  • Chrome

  • Safari

  • Opera

Please note: disabling cookies may restrict website functionality.

4) Contact

When contacting us (e.g., via contact form or email), personal data is collected. Which data is collected is specified in the form. These data are used solely to respond to your inquiry and for technical administration. The legal basis is our legitimate interest (Article 6(1)(f) GDPR). If the contact aims to finalize a contract, the additional legal basis is Article 6(1)(b) GDPR. Your data is deleted after your inquiry is fully resolved, unless legal retention obligations apply.

5) Data Processing for Customer Account Opening and Contract Fulfilment

Pursuant to Article 6(1)(b) GDPR, personal data is processed when you provide it to execute a contract or open an account. Which data is collected is specified in the form. You can request account deletion at any time via the controller’s contact address. We use your data to process the contract. After full completion or account deletion, your data is archived with respect to tax and commercial retention obligations and then deleted, unless you consent to further use or we reserve the right to continue processing under legal allowances. You will be informed accordingly.

6) Use of Your Data for Direct Advertising

6.1 Newsletter Subscription

If you subscribe to our email newsletter, we regularly send you information about our offers. The only mandatory field is your email address; additional details are optional to allow personalized addressing. We use a double opt-in procedure: sending a confirmation email after subscription. You consent per Article 6(1)(a) GDPR by clicking the link. We log your IP and timestamp to prevent misuse. Data is used solely for the newsletter and deleted immediately upon unsubscribing, unless you have consented to further use or we are legally permitted to retain it.

6.2 Newsletter to Existing Customers

If you’ve provided your email during a purchase, we may email you about similar products. This is based on our legitimate interest under Article 6(1)(f) GDPR. You may object anytime without cost beyond standard message rates. Once you object, mailing stops immediately.

7) Data Processing for Order Fulfillment

7.1 Handling and Sharing for Delivery and Payments

Personal data needed for order processing is shared with the delivery company. Payment data is shared with the financial institution for payment execution. The legal basis is Article 6(1)(b) GDPR.

7.2 Use of Payment Service Providers

  • PayPal: For PayPal payments, we share necessary data with PayPal (Europe) S.a.r.l. et Cie, Luxembourg, under Article 6(1)(b) GDPR. PayPal may perform credit checks under Article 6(1)(f). See PayPal’s privacy policy.

  • SOFORT: If you choose SOFORT, data is shared with SOFORT GmbH (part of Klarna), Munich, for payment processing under Article 6(1)(b) GDPR. See Klarna’s privacy info.

8) Review Reminders

If you consent during or after your order, we may use your email once to remind you to leave a review. You can withdraw consent at any time via the controller.

9) Use of Social Media Plugins

We use shariff-style share buttons for Facebook, Google+, and Instagram. These are implemented as HTML links (not direct plugins), so no connection to social networks occurs unless clicked. The social networks may process data when you visit their pages. These entities are certified under the EU–US Privacy Shield.

  • Facebook: see Facebook privacy info

  • Google: see Google privacy info

  • Instagram: see Instagram privacy info

10) Online Marketing

10.1 DoubleClick by Google

We use Google’s DoubleClick for advertising, performance reports, and frequency capping. Cookies may track ad exposure. Based on our legitimate interest (Article 6(1)(f) GDPR). Google may link data to user accounts. You can opt out by blocking cookies from googleadservices.com or via [ads settings] or Digital Advertising Alliance.

10.2 Google AdWords Conversion Tracking

We use AdWords to track click–purchase conversions. A conversion cookie (valid ~30 days) tracks this non-identifiable data. Based on legitimate interest (Article 6(1)(f) GDPR). You can opt out via browser settings, the ads plugin, or Digital Advertising Alliance.

11) Web Analytics

We use Google Universal Analytics with IP anonymization (_anonymizeIp()) based on our legitimate interest (Article 6(1)(f) GDPR). Data includes usage stats, not personally identifiable. You can prevent tracking via browser settings, analytics opt-out plugin, or an opt-out cookie link. We also use cross-device User-ID (not identifiable) for behavior analysis, which you can opt out of similarly.

12) Retargeting/Remarketing

We use Facebook Pixel and Google AdWords Remarketing (based on our legitimate interest, Article 6(1)(f) GDPR, unless you consent to cross-device tracking for personalized ads).

Facebook Pixel tracks anonymized behavior after ad click to optimize campaigns. Data is anonymous to us but may link to your Facebook profile. Consent is required for users 13+. You can opt out via browser or DAA.

Google Remarketing uses pseudonymous cookie IDs to show interest-based ads. Cross-device tracking occurs only if you’re logged in and consented. You can opt out via ads plugin or DAA.

13) Data Subject Rights

You have comprehensive rights under GDPR:

  • Right to access (Art. 15): data, processing purposes, recipients, storage duration, rights, complaint avenues.

  • Right to rectification (Art. 16).

  • Right to erasure (Art. 17), unless legal grounds require retention.

  • Right to restriction (Art. 18).

  • Right to be informed (Art. 19).

  • Right to data portability (Art. 20).

  • Right to withdraw consent (Art. 7(3)): applies prospectively, without affecting prior processing.

  • Right to lodge a complaint (Art. 77) with a supervisory authority.

13.2 Right to object

You can object to data processing based on legitimate interest at any time for reasons related to your situation; unless we can demonstrate compelling legitimate grounds or legal claims require the data. If data is used for direct advertising, your objection halts processing for such purposes.

14) Data Retention Period

Data retention aligns with legal requirements (e.g., tax/commercial laws). After the retention period, data is routinely deleted if not needed for contract or our legitimate interests remain, unless you consent to further use.