Privacy policy
We are pleased that you are visiting our website/online shop and that you are interested in our company and our products. We take the protection of your personal data seriously and want you to feel comfortable when visiting our website. Protecting your privacy when processing personal data is an important concern for us, which we take into account in our business processes. We process personal data collected during your visit to our website in accordance with the applicable data protection regulations. Personal data is any information relating to an identified or identifiable natural person.
This Privacy Policy explains how your personal data is collected, used, and disclosed when you visit www.amadia.eu (“Website”, “Site(s)”), use our services, make a purchase, or otherwise communicate with us (together, the “Services”). For the purposes of this Privacy Policy, “you” and “your” refer to you as a user of the Services, regardless of whether you are a customer, a website visitor, or another person whose information we have collected under this Privacy Policy.
The controller responsible for data processing on this website within the meaning of the General Data Protection Regulation (GDPR) is:
amadia – young diamonds e.U.
Owner: Bela Romandy
Claudiastraße 12, 6020 Innsbruck, Austria
Phone: +43 670 6506990
Email: office@amadia.eu
Company details can be found in our Legal Notice (Impressum).
1. Access Data and Hosting
You may visit our website without providing any personal information. Each time you access a page, the web server automatically saves what is known as a server log file, which contains, for example, the name of the requested file, your IP address, date and time of access, the amount of data transferred, and the requesting provider (access data), and records the retrieval.
These access data are evaluated solely for the purpose of ensuring the smooth operation of the website and improving our services. This serves to safeguard our overriding legitimate interests in the correct presentation of our services pursuant to Art. 6(1)(f) GDPR. There is no further disclosure or use of the data.
1.1 Hosting and Content Delivery Network
Our website is hosted by Shopify (Shopify International Limited, Victoria Buildings, 2nd Floor, 1-2 Haddington Road, Dublin 4, D04 XN32, Ireland). Shopify collects and processes personal data regarding your access to and use of the services in order to provide and improve the services. Data is also transferred to: Shopify Inc., 150 Elgin St, Ottawa, ON K2P 1L4, Canada.
To protect, expand, and improve our business, we also use certain enhanced Shopify features that include data and information from your interactions with our shop, with other merchants, and with Shopify. To provide these enhanced features, Shopify may use personal data collected through your interactions with our shop, other merchants, and Shopify. In these circumstances, Shopify is responsible for processing your personal data, including responding to your requests regarding your rights related to the use of your personal data for these purposes.
Further information on how Shopify uses your personal data and what rights you have can be found in Shopify’s Consumer Privacy Policy: https://privacy.shopify.com. Depending on where you reside, you may exercise certain rights regarding your personal data as outlined there.
2. Security
We are committed to ensuring that your information is secure. To prevent unauthorized access or disclosure, we have implemented suitable physical, electronic, and managerial procedures to safeguard and secure the information collected online. For example, when we transmit sensitive personal data (such as credit card information) over the Internet, we protect it using Secure Sockets Layer (SSL) encryption technology. You can recognize an encrypted connection by the character string “https://” and the lock symbol in your browser’s address bar.
3. Data Processing
3.1 Data Processing for Contract Execution and Customer Account Registration
We collect personal data pursuant to Art. 6(1)(b) GDPR if you voluntarily provide such data to us during your order, when contacting us (e.g., via contact form or email), or when registering for a customer account. The data collected is evident from the respective input forms. We use the data you provide for contract processing and handling your inquiries.
After full execution of the contract or deletion of your customer account, your data will be blocked from further use and deleted upon expiration of statutory tax and commercial retention periods, unless you have expressly consented to further use of your data or we reserve the right to use data beyond this as permitted by law and about which we inform you in this Privacy Policy.
The deletion of your customer account is possible at any time, either by sending a message directly to office@amadia.eu or via the function provided in your customer account.
3.2 Data Sharing for Contract Fulfillment
For the fulfillment of the contract pursuant to Art. 6(1)(b) GDPR, we disclose your data to the shipping company entrusted with the delivery and the financial institution entrusted with the payment, insofar as this is necessary for delivery and payment of the ordered goods.
3.3 Use of Payment Service Providers
Our website offers various online payment methods provided by Shopify (Shopify International Limited, Victoria Buildings, 1-2 Haddington Road, Dublin 4, D04 XN32, Ireland).
When you select a payment method from this provider that requires advance payment (e.g., credit card payment), the payment data you provided during the order process (including name, address, bank and card details, currency, and transaction number), as well as information about the content of your order, will be transmitted to the provider in accordance with Art. 6(1)(b) GDPR. The transfer of your data takes place exclusively for the purpose of payment processing with the provider and only to the extent necessary for this purpose.
3.4 Data Processing for Electronic Withdrawal
If the customer uses our electronic withdrawal form, we process name, email address, and order number. The processing is carried out on the basis of Art. 6(1)(c) GDPR (compliance with a legal obligation) and Art. 6(1)(b) GDPR (performance of the contractual relationship).
The processing is carried out by our processor Revoq. Further information can be found in the Data Processing Agreement (DPA) at www.consumer-withdrawal.eu/dpa.
4. Cookies
To make visiting our website attractive and to enable the use of certain functions, we use cookies, which are small text files stored on your device. Some of these cookies are automatically deleted after you close your browser (“session cookies”), while some remain stored on your device for a longer period of time and allow you to save site settings (“persistent cookies”). You can view the storage duration in the overview of your browser’s cookie settings.
More information about the cookies we use, as well as how to deactivate them, can be found at http://www.allaboutcookies.org.
We use cookies to operate and improve our website and services (including storing your actions and preferences), to conduct analytics, and to better understand user interaction with the services (in our legitimate interest to manage, improve, and optimize the services). We may also allow third parties and service providers to use cookies on our website to better tailor services, products, and advertising on our website and other websites.
If personal data is also processed by cookies we use, the processing takes place either pursuant to Art. 6(1)(b) GDPR for the execution of the contract or pursuant to Art. 6(1)(f) GDPR to safeguard our legitimate interests in the best possible functionality of the website and a customer-friendly and effective design of the site visit.
Most browsers accept cookies automatically by default, but you can configure your browser to remove or reject cookies. Please note that removing or blocking cookies may negatively affect your user experience and cause some services, including certain functions and general functionality, to not work properly or to become unavailable. Blocking cookies may also not fully prevent how we share information with third parties such as our advertising partners.
5. Use of Google Services
We use the technologies described below provided by Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland (“Google”). Information automatically collected through Google technologies about your use of our website is generally transmitted to a server of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, and stored there. Unless stated otherwise for the individual technologies, data processing is based on an agreement between joint controllers pursuant to Art. 26 GDPR. Further information about data processing by Google can be found in Google’s Privacy Policy.
5.1 Google Analytics
For website analysis purposes, Google Analytics automatically collects and stores data (IP address, time of visit, device and browser information, and information about your use of our website), from which user profiles are created using pseudonyms. Cookies may be used for this purpose. If you visit our website from within the EU, your IP address will be stored on a server located in the EU for deriving location data and then immediately deleted before the traffic is forwarded for further processing on Google servers. Data processing is carried out on the basis of a data processing agreement with Google.
Through the Google Analytics add-on function “Google Signals”, cross-device tracking is also enabled. If your Internet-enabled devices are linked to your Google account and you have activated the “personalized advertising” setting in your Google account, Google can create reports about your usage behavior (especially cross-device user numbers), even if you change devices. We do not process personal data in this context; we only receive statistics created on the basis of Google Signals.
5.2 Google Maps
For the visual display of geographical information, Google Maps collects data on your use of the Maps functions, in particular your IP address and location data, transmits them to Google, and subsequently processes them. We have no influence on this subsequent data processing.
5.3 Google Tag Manager
With Google Tag Manager, we can manage various codes and services on our website. In the implementation of individual tags, Google may also process personal data (e.g., IP address, online identifiers including cookies). Data processing takes place based on a data processing agreement with Google.
By using Google Tag Manager, we can integrate various services/technologies. If you have deactivated the use of individual tracking services, this deactivation remains in place for all affected tracking tags implemented via Google Tag Manager.
6. Social Media
6.1 Social Plugins from Instagram (by Meta)
Our website uses social buttons from social networks. These are only embedded as HTML links, so that when you access our website, no connection is made to the servers of the respective provider. If you click on one of the buttons, the website of the respective social network opens in a new window of your browser. There you can, for example, use the Like or Share button.
6.2 Our Profiles on Social Media Platforms
amadia – young diamonds e.U. maintains profiles/accounts/company pages on the following social media platforms:
6.2.1 Facebook
When you visit or follow our Facebook company page, Facebook processes personal data in order to provide us with insights into anonymized statistics (“Facebook Insights”). This allows us to gain insight into the types of actions people take on our page. Facebook processes information about how you interact with our Facebook company page, e.g., whether you are a follower. This processing of personal data within the framework of Facebook Insights is carried out by Facebook and us as joint controllers.
We have entered into an agreement with Facebook regarding joint responsibility, which governs the division of data protection obligations between us and Facebook. This agreement is available here: https://www.facebook.com/legal/controller_addendum.
6.2.2 Instagram
When you visit or follow our Instagram company page, Facebook processes personal data in order to provide us with insights into anonymized statistics (“Instagram Insights”). This allows us to gain insight into the types of actions people take on our page. Facebook processes information about how you interact with our Instagram company page, e.g., whether you are a follower. This processing of personal data within the framework of Instagram Insights is carried out by Facebook and us as joint controllers.
We have entered into an agreement with Facebook regarding joint responsibility, which governs the division of data protection obligations between us and Facebook, and in our opinion also applies to data processing within Instagram Insights. This agreement is available here: https://www.facebook.com/legal/controller_addendum.
Further information on data processing on Instagram can be found here: https://help.instagram.com/.
7. Customer Reviews
To verify and publish customer reviews, we use the following service provider: Judge.me Ltd., c/o Buckworths, 2nd Floor, 1-3 Worship Street, London, EC2A 2AB, United Kingdom. When submitting a review on amadia.eu, the following data are collected:
- First and last name
- Email address
- Order date and number
- Product information including international references (e.g., GTIN/ISDNF)
Judge.me processes this information in order to verify the authenticity of the customer review. Processing takes place pursuant to Art. 6(1)(f) GDPR on the basis of our legitimate interest in ensuring authentic customer reviews and preventing misuse. The data will be published after the review has been checked and approved, and the data transmitted to Judge.me will then be deleted.
If you have expressly consented during or after your order pursuant to Art. 6(1)(a) GDPR, we will transmit your email address to Judge.me for the purpose of reminding you to submit a review of your order. Judge.me may then send you an email reminding you of the opportunity to leave a review. You may revoke this consent at any time by sending a message to office@amadia.eu or directly to Judge.me.
8. Rights of Data Subjects
8.1 Right of Access
Pursuant to Art. 15 GDPR, you have the right to request access to your personal data processed by us. In particular, you may request information about the purposes of processing, the categories of personal data, the categories of recipients to whom your data has been or will be disclosed, the intended storage period, the existence of a right to rectification, erasure, restriction of processing, or objection, the existence of a right to lodge a complaint, the origin of your data if it was not collected from us, as well as the existence of automated decision-making including profiling and, where applicable, meaningful information about its details.
8.2 Right to Rectification
Pursuant to Art. 16 GDPR, you have the right to request the immediate rectification of inaccurate personal data concerning you or the completion of your personal data stored by us.
8.3 Right to Erasure
Pursuant to Art. 17 GDPR, you have the right to request the erasure of your personal data stored by us, unless processing is required for exercising the right of freedom of expression and information, for fulfilling a legal obligation, for reasons of public interest, or for the establishment, exercise, or defense of legal claims.
8.4 Right to Restriction of Processing
Pursuant to Art. 18 GDPR, you have the right to request the restriction of processing of your personal data where you contest the accuracy of the data, the processing is unlawful but you oppose the erasure, we no longer need the data but you require it for the establishment, exercise, or defense of legal claims, or you have objected to processing pursuant to Art. 21 GDPR.
8.5 Right to Data Portability
Pursuant to Art. 20 GDPR, you have the right to receive the personal data you have provided to us in a structured, commonly used, and machine-readable format, or to request transmission to another controller.
8.6 Right to Withdraw Consent
Pursuant to Art. 7(3) GDPR, you have the right to withdraw your consent at any time. This means that we will no longer continue the data processing that was based on this consent in the future.
8.7 Right to Lodge a Complaint
Pursuant to Art. 77 GDPR, you have the right to lodge a complaint with a supervisory authority if you believe that the processing of your personal data violates data protection regulations. As a rule, you can contact the supervisory authority of your habitual residence or place of work, or the authority of our company’s registered office.
8.8 Right to Object
Where your personal data is processed on the basis of legitimate interests pursuant to Art. 6(1)(f) GDPR, you have the right to object to the processing of your personal data pursuant to Art. 21 GDPR, provided that there are grounds relating to your particular situation, or if the objection is directed against direct marketing. In the latter case, you have a general right to object which we will implement without requiring you to specify a particular situation.
If you would like to exercise your right of withdrawal or objection, simply send an email to: office@amadia.eu
9. Contact
If you have any questions about the collection, processing, or use of your personal data, or if you wish to request access, rectification, restriction, or deletion of data, withdraw consent, or object to a particular data use, please contact us directly at: office@amadia.eu
