Data Protection

1. Introduction and Contact Details of the Person Responsible

1.1

We are pleased that you are visiting our website and thank you for your interest. Below, we will inform you about how your personal data is handled when you use our website. Personal data is all data with which you can be personally identified.

1.2

The person responsible for data processing on this website within the meaning of the General Data Protection Regulation (GDPR) is Riviera Diamonds Limited.

The person responsible for the processing of personal data is the natural or legal person who, alone or jointly with others, decides on the purposes and means of processing personal data.

1.3

The person responsible has appointed a data protection officer, who can be reached as follows: [Insert Contact Details Here]

2. Data Collection When You Visit Our Website

If you use our website for informational purposes only (i.e., you do not register or otherwise provide us with information), we only collect data that your browser transmits to the site server (so-called "server log files").

The following data is collected and is technically necessary to display the website to you:

• Our visited website
• Date and time of access
• Amount of data sent (in bytes)
• Source/reference from which you accessed the page
• Browser used
• Operating system used
• IP address used (if necessary, in anonymized form)

3. Cookies

To make visiting our website attractive and to enable certain functions, we use cookies. These are small text files stored on your device:

• Session cookies - deleted after you close the browser.
• Persistent cookies - remain on your device and allow saving of preferences.

Legal Basis:

• Article 6 Para. 1 lit. b GDPR (contract implementation)
• Article 6 Para. 1 lit. f GDPR (legitimate interest in functionality and user-friendly design)

4. Contacting Us

When you contact us (e.g., via contact form or email), we process your personal data only as needed to respond to your inquiry.

Legal Basis:

• Article 6 (1) (f) GDPR (legitimate interest in responding to inquiries)
• Article 6 (1) (b) GDPR (if contact relates to contract)

Data Retention:

Your data will be deleted once your inquiry has been conclusively addressed, provided there are no legal retention obligations.

5. Data Processing When Opening a Customer Account

When you open a customer account, we collect and process your personal data in accordance with Article 6 Paragraph 1 Letter b of the GDPR as necessary.

What is collected:

Details entered in the account creation form.

6. Use of Customer Data for Direct Advertising

6.1 Registration for Our Email Newsletter

If you sign up for our email newsletter, we will regularly send you information about our offers.

The only mandatory information required is your email address. Providing additional data is optional and used for personal addressing.

We use the double opt-in procedure, meaning you will only receive the newsletter after confirming your subscription via a verification link sent to your email.

Legal Basis:

• Art. 6 Para. 1 lit. a GDPR - your explicit consent through confirmation.

We also store the IP address, date, and time of registration to detect potential misuse.

Your newsletter registration data is used solely for that purpose.

Unsubscribe Option:

You may unsubscribe at any time via the unsubscribe link in the newsletter or by contacting us directly.

Upon unsubscription, your email address will be immediately deleted unless you have agreed to further use, or we are legally allowed to retain it (as specified in this policy).

6.2 Sending the Email Newsletter to Existing Customers

If you have given us your email address when purchasing goods or services, we may send you email offers for similar products or services.

Legal Basis:

• Section 7 Para. 3 UWG
• Article 6 (1) (f) GDPR - legitimate interest in personalized direct advertising.

Right to Object:

You may object to the use of your email address for such advertising at any time by notifying us.

You will only incur standard transmission costs. Once we receive your objection, your email will no longer be used for advertising.

6.3 Advertising by Post

We may use your name, postal address, and, if available from you, title, academic degree, year of birth, and business/profession, to send you promotional content by post.

Legal Basis:

• Article 6 Para. 1 lit. f GDPR - legitimate interest in personalized direct marketing.

Right to Object:

You can object to this use of your data for postal advertising at any time.

7. Data Processing for Order Fulfillment

7.1 Transmission of Image Files via Email

We allow customers to send image files via email for product personalization.

The image serves as a template for the ordered product.

Files sent are collected, stored, and used only to fulfill the order.

If third-party service providers are involved, this will be stated explicitly.

If the image includes personal data (e.g. a person's photo), processing is done solely to fulfill the contract.

Legal Basis:

• Article 6 Paragraph 1 Letter b GDPR.

After order completion, the files are automatically and completely deleted.

7.2 Upload of Image Files via Website

Customers may also upload image files via our website upload function to personalize products.

Files are transferred using encrypted, automated data transfer.

Data is used exclusively to fulfill the personalization service as described on our site.

If passed to third-party processors, this will be clearly stated.

Personal data in images is processed only for the purpose of fulfilling your order.

Legal Basis:

• Article 6 Paragraph 1 Letter b GDPR.

After fulfillment, files are automatically and completely deleted.

7.3 Transfer of Data for Delivery and Payment

To fulfill your order, we may transmit necessary personal data to:

• Delivery service providers, and
• Credit institutions involved in payment processing.

Legal Basis:

• Article 6 Paragraph 1 Letter b GDPR.

If updates are required (e.g., digital goods), we will use your name, address, and email to meet our legal obligations to inform you.

This data will only be used to provide necessary updates.

7.4 Transfer of Personal Data to Shipping Providers

Shipping Partner: Deutsche Post AG

Charles-de-Gaulle-Straße 20, 53113 Bonn, Germany

With your explicit consent (Art. 6 Para. 1 lit. a GDPR), we may provide your email and/or phone number to Deutsche Post for delivery coordination.

Without consent, only name and delivery address will be shared, strictly for delivery purposes (Art. 6 Para. 1 lit. b GDPR).

Withdrawal of Consent:

Consent can be revoked at any time with effect for the future—either via the responsible party or directly with the provider.

Shipping Partner: DHL Paket GmbH

Sträßchensweg 10, 53113 Bonn, Germany

With your explicit consent (Art. 6 Para. 1 lit. a GDPR), we may provide your email and/or phone number to DHL Paket for delivery coordination.

Without consent, only your name and delivery address will be shared, strictly for delivery purposes (Art. 6 Para. 1 lit. b GDPR).

Withdrawal of Consent:

Consent can be revoked at any time with effect for the future—either through us or directly with DHL Paket.

Shipping Partner: United Parcel Service Deutschland Inc. & Co. OHG

Görlitzer Straße 1, 41460 Neuss, Germany

With your explicit consent (Art. 6 Para. 1 lit. a GDPR), we may provide your email and/or phone number to UPS for delivery coordination.

Without consent, only your name and delivery address will be shared, strictly for delivery purposes (Art. 6 Para. 1 lit. b GDPR). In this case, delivery coordination or notification will not be possible.

Withdrawal of Consent:

Consent can be revoked at any time with effect for the future—either through us or directly with UPS.

7.5 Use of payment service providers (payment services)

Payment Provider: PayPal (Europe) S.a.r.l. et Cie, S.C.A.

22-24 Boulevard Royal, L-2449 Luxembourg

This website offers payment methods via PayPal. Depending on the selected method, different data processing may occur:

When You Pay in Advance (Your Side) - Art. 6(1)(b) GDPR

If you select a payment method where you pay in advance:

We transmit necessary payment data (e.g. name, address, card/bank info, currency, transaction number, and order details) to PayPal.

Data is shared solely for processing the payment and only as necessary.

When We Pay in Advance (e.g., invoice, installment) - Art. 6(1)(f) GDPR

If you choose a method where we pay in advance (e.g., buy now, pay later):

You may be asked to provide personal details (e.g. name, address, date of birth, email, phone).

This data is used to conduct a credit check with PayPal to assess payment/default risk.

Credit Check & Scoring

The credit assessment may include score values based on statistical models.

Address data and other relevant info (e.g. order history) may influence these scores.

Right to Object:

You can object to this data processing at any time by contacting us or PayPal. However, PayPal may still process your data if required for payment execution.

8. Web analytics services

Web Analytics with Google (Universal) Analytics

Provider: Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland

Purpose and Functionality

This website uses Google (Universal) Analytics to analyze user behavior and improve site performance.

Cookies are used to collect data such as IP address, device info, and usage behavior.

IP addresses are anonymized by Google (shortened) before processing.

Data may be transferred to Google LLC in the USA.

Legal Basis and Consent - Art. 6(1)(a) GDPR

Google Analytics is only used if you give your explicit consent via our cookie consent tool.

You can withdraw consent at any time via the same tool.

Collected data is stored for 2 months before deletion.

Use of Data by Google

Google processes the data on our behalf to:

• Evaluate site usage
• Generate reports
• Provide related services

Data is not merged with other Google information.

Special Features Used

a. Demographics & Interests

Google may analyze visitor age, gender, and interests based on third-party data.

This data is non-personal and deleted after 2 months.

b. Google Signals

Enables cross-device tracking if you are logged into your Google account and have personalized ads enabled.

We only receive aggregated reports, not personal data.

You can opt out via your Google Ad Settings.

c. UserIDs

If you create an account and log in across devices, activities can be tracked across those devices.

Requires your consent under Art. 6(1)(a) GDPR.

Data Transfer to the USA

Google LLC participates in the EU-US Data Privacy Framework, ensuring adequate data protection for transfers to the USA.

Data Protection Agreement

We have a data processing agreement with Google to ensure secure and lawful handling of your data.

9. Page functionalities

9.1 Apple Music

Provider: Apple Distribution International, Hollyhill Industrial Estate, Cork, Ireland

This website includes Apple Music features to play music tracks.

When visiting the site, your browser may connect directly to Apple's servers—even without an Apple account or login.

Information such as your IP address may be transmitted and stored by Apple.

If you're logged into your Apple account and play a track, your visit may be linked to your account.

To prevent this, log out of your Apple account before using the playback function.

Legal basis:

Art. 6(1)(f) GDPR - based on our legitimate interest in providing engaging, multimedia content.

Opt-out:

You can block Apple Music functionality using browser add-ons like NoScript.

9.2 ShopSync for Shopify & Mailchimp Integration

Provider: ShopSync LLC, PO Box 252, Jefferson City, TN 37760, USA

ShopSync connects our Shopify store with the Mailchimp newsletter service to synchronize customer data:

a. Data Updates (Unsubscribes etc.)

Changes in Mailchimp (e.g., unsubscribes) are synced to Shopify.

Legal basis: Art. 6(1)(f) GDPR - legitimate interest in consistent, legally compliant contact management.

b. New Customer Data

Contact and purchase data (e.g., email, order amount/date) are sent from Shopify to Mailchimp.

Legal basis: Art. 6(1)(a) GDPR - based on your explicit consent.

c. Security & Data Handling

Data is encrypted via SSL during transfer and not stored by ShopSync.

Data is transmitted via secure connections to Amazon Web Services (USA).

More info: ShopSync Privacy Policy

10. Tools and miscellaneous

Cookie Consent Tool

This website uses a cookie consent tool to manage user permissions for cookies that require consent.

Functionality

When accessing the website, users see an interactive interface to select and approve certain cookies.

Only cookies that require consent are activated after user approval (via checkbox).

This ensures cookies are only set if consent is given.

Technically Necessary Cookies

The tool sets essential cookies to save your preferences.

Personal data is usually not processed.

Data Processing (if applicable)

If personal data (e.g., IP address) is processed—for logging or assigning cookie settings—this is done:

• Under Art. 6(1)(f) GDPR - our legitimate interest in legally compliant and user-specific cookie management.
• Under Art. 6(1)(c) GDPR - our legal obligation to manage cookie consent.

Data Protection & Provider

A data processing agreement may be in place with the tool provider to ensure protection of your data and prevent unauthorized sharing.

More Information

Details about the provider and cookie settings can be found directly in the cookie consent interface on our website.

11. Rights of the person concerned

11.1 Your Rights Under Data Protection Law

According to the GDPR, you have the following rights regarding the processing of your personal data:

• Right of access - Art. 15 GDPR
• Right to rectification - Art. 16 GDPR
• Right to erasure ("right to be forgotten") - Art. 17 GDPR
• Right to restriction of processing - Art. 18 GDPR
• Right to notification - Art. 19 GDPR
• Right to data portability - Art. 20 GDPR
• Right to withdraw consent - Art. 7(3) GDPR
• Right to lodge a complaint with a supervisory authority - Art. 77 GDPR

11.2 Right to Object

You have the right to object to the processing of your personal data:

On Grounds of Legitimate Interest - Art. 21(1) GDPR:

If we process your data based on legitimate interests, you can object at any time for reasons relating to your particular situation. We will stop processing unless we can demonstrate compelling legitimate grounds that override your interests, rights, and freedoms, or the processing serves the establishment, exercise, or defense of legal claims.

For Direct Marketing - Art. 21(2) GDPR:

If your data is used for direct advertising, you can object at any time. Once you object, we will no longer use your data for this purpose.

12. Duration of storage of personal data

Storage Duration of Personal Data

The retention period of your personal data depends on:

• The legal basis for processing
• The purpose of processing
• Any applicable legal retention periods (e.g. tax or commercial laws)

Data Based on Consent - Art. 6(1)(a) GDPR

Stored until you revoke your consent.

Data Based on Legal Obligations - Art. 6(1)(c) GDPR

Stored for the duration of the statutory retention period.

Deleted when no longer needed for compliance and no other legal basis exists.

Data Based on Legitimate Interests - Art. 6(1)(f) GDPR

Stored until you object under Art. 21(1) GDPR, unless we can demonstrate overriding legitimate reasons or the data is needed to assert or defend legal claims.

Data for Direct Marketing - Art. 6(1)(f) GDPR

Stored until you object under Art. 21(2) GDPR.

General Rule

Unless otherwise specified, personal data is deleted when it is no longer needed for its original purpose.