Privacy policy

Privacy Policy

Last updated: 25 September 2025

This Privacy Policy explains how Rosé Fine Jewellery (the “Site,” “we,” “us,” or “our”) processes personal data when you visit www.rosefinejewellery.com (the “Site”), use our services, make a purchase, or otherwise interact with us (collectively, the “Services”). “You” refers to any individual whose data we process under this Policy (customers, visitors, prospects).

Please read this Policy carefully.

1. Changes to this Policy

We may update this Policy from time to time (e.g., if our practices or the law change). We will post the updated version on the Site, adjust the “Last updated” date, and take any additional steps required by law.

2. How we collect and use personal data

We process data to provide and improve the Services, comply with legal obligations, perform contracts, and protect our rights and those of our users.

2.1 What personal data we collect

A) Information you provide directly

  • Contact details (name, address, phone number, email)

  • Order information (billing/shipping addresses, payment confirmation, email, phone)

  • Account information (username, password, security details)

  • Support information (content of your communications with us)

Certain features require specific information. Without it, some functions may be unavailable.

B) Usage information collected automatically

We automatically collect information about your interaction with the Site (e.g., via cookies/pixels): device and browser data, IP address, network connection, pages viewed, interactions, and referral sources.

3. Analytics & advertising

3.1 Web analytics with Google Analytics 4

We use Google Analytics 4 (“GA4”) provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”). Legal basis: your consent (Art. 6(1)(a) GDPR).

GA4 uses cookies/similar technologies to analyze Site use (e.g., page views, interactions, approximate location from truncated IP, device/browser data, and sources).
We have enabled Consent Mode v2. Without consent, GA4 sends only aggregated, non-personal signals; no personalized analytics occur.
Recipient: Google Ireland Limited; transfers to Google LLC (USA) may occur. Basis: EU Standard Contractual Clauses (SCCs).
Retention: event data kept for up to 14 months (unless configured otherwise).
Withdrawal: you can withdraw consent at any time via “Cookie settings” in the footer, with future effect.

3.2 Google Ads (remarketing & conversion measurement)

We use Google Ads to serve ads and measure performance. Legal basis: your consent (Art. 6(1)(a) GDPR). With consent, cookies/similar tech may be used to measure conversions and show relevant ads (remarketing) on Google and partner sites.
Recipient: Google Ireland Limited (and possibly Google LLC, USA; SCCs).
Withdrawal: at any time via “Cookie settings”.

(Optional – if enabled) Enhanced Conversions

For more accurate measurement, we may use Enhanced Conversions. Certain order contact data (e.g., email address) is hashed (SHA-256) and sent to Google solely for measurement, and only with consent.

3.3 International transfers related to Google

Use of Google services may involve transfers to the United States. We rely on SCCs and data-minimization measures (e.g., IP anonymization in GA4, Consent Mode).

3.4 Opt-out / withdrawal

You can change your choices at any time via “Cookie settings” in the footer. Browser signals like Global Privacy Control (GPC) are honored where legally required.

4. Information from third parties

We also receive data from:

  • Service providers (hosting/IT, payment processing, fulfillment/shipping, analytics, support) – including Shopify

  • Payment providers (e.g., card/bank data, billing address to process your payment)

  • Tracking/marketing partners (with consent; e.g., pixels, web beacons, SDKs, third-party libraries, cookies)

We process such data in line with this Policy (see also “Third-party websites and links”).

5. Purposes of processing

  • Providing products & Services: payment processing, order fulfillment, account/order communications, shipping, returns, account management. (Shopify may match your account with other Shopify services; Shopify processes data under its own privacy policies.)

  • Marketing & advertising: email/SMS/postal communications and online advertising (personalization only with consent; in the EEA generally Art. 6(1)(a) GDPR; where permitted, legitimate interests under Art. 6(1)(f) GDPR may also apply).

  • Security & fraud prevention: detect/prevent fraudulent or abusive activity (Art. 6(1)(f) GDPR).

  • Support & service improvement: customer support and Service optimization (Art. 6(1)(f) GDPR).

6. Cookies

We use cookies to operate/improve the Site (e.g., remember preferences), run analytics, and—if consented—enable marketing. Details on Shopify cookies: shopify.com/legal/cookies.
You can delete/block cookies in your browser; this may limit certain features and does not necessarily prevent all third-party transmissions.

7. Sharing personal data

We share data in accordance with the GDPR, including with:

  • Processors/service providers (IT, payments, fulfillment/shipping, support, cloud, analytics)

  • Business & marketing partners (with consent; their own policies apply)

  • Group entities/affiliates (legitimate interests)

  • Authorities/legal proceedings (legal obligations)

  • Corporate transactions (e.g., merger/acquisition)

Categories of recipients & data (examples):
identifiers (contact/order/account data); commercial information (purchase/support data); internet/network activity (usage data); geolocation (from IP/technical means).

We do not sell or share your personal data for profiling/targeted advertising without your consent (to the extent such concepts apply).

8. Third-party websites and links

The Site may contain third-party links/plugins. Their privacy/security policies apply independently. We are not responsible for third-party content/practices.

9. Children’s data

The Services are not intended for children, and we do not knowingly collect data from individuals under 16. Parents/guardians may request deletion.

10. Security & retention

No method of transmission/storage is perfectly secure. Please do not send sensitive information via unsecured channels.
Retention depends on purpose, legal obligations, dispute resolution, and contract enforcement.

11. Your rights

Depending on your location and subject to legal limits, you may have rights to:
access/information, deletion, rectification, portability, objection (e.g., to “sale/sharing” or targeted advertising), restriction of processing, withdrawal of consent, and complaint/appeal.
You can unsubscribe from marketing emails at any time via the link in our messages. We may verify your identity before responding. Authorized agents must provide proof of authority.

12. Complaints

For questions/complaints, contact us (see “Contact”). You may also contact your supervisory authority (EU/EEA: national data protection authority).

13. International transfers

Data may be processed outside your country (by providers/partners). For transfers outside Europe, we use EU SCCs or equivalent mechanisms where no adequacy decision exists.

14. Contact & controller

For questions or to exercise your rights:
Phone: +43 681 81295103
Email: info@rosefinejewellery.com

Unless stated otherwise, Rosé Fine Jewellery is the controller under applicable data-protection laws.