Privacy policy

Privacy Policy

1) Information on the collection of personal data and contact details of the data controller

1.1 Thank you for visiting our website. This policy provides information on how your personal data is processed when you use this site. Personal data is information that identifies you as an individual.


1.2 The data controller for this website, in accordance with the European General Data Protection Regulation (GDPR), is Candace & Chloe Jewelry. The data controller is the natural or legal person who determines the purposes and means of the processing of personal data, either alone or jointly with others.


1.3 For security reasons and to protect confidential content, including the transmission of personal data, this website uses SSL or TLS encryption. An encrypted connection can be recognized by the “https://” prefix in the address bar of your browser and the lock icon.

2) Data collection when you visit our website


When you visit our website for informational purposes only (i.e., without registering or submitting information), the data transmitted by your browser to our server (“server log files”) is collected:

Pages visited

Date and time of access

Amount of data transferred (in bytes)

Referring URL

Browser used

Operating system

IP address (possibly anonymized)

This data is processed on the basis of our legitimate interest in improving the stability and functionality of the website (Article 6(1)(f) of the GDPR). This data is not shared with third parties, except in cases of suspected misuse. 3) Cookies

We use cookies, which are stored on the user's device, to improve the user experience and enable certain functions. Some cookies are temporary (they are deleted when you close your browser), while others are persistent and are automatically deleted after a certain period of time.


These cookies may collect data such as browser type, location, or IP address. Some cookies facilitate the purchasing process (e.g., by remembering the contents of your shopping cart).


The processing of personal data is based on:

GDPR Article 6(1)(b): Performance of a contract

GDPR Article 6(1)(f): Legitimate interest - providing a functional web experience

Our advertising partners may also use third-party cookies. In this case, clear information will be provided.


You can disable cookies in your browser settings, but this may limit the functionality of the website.

4) Contacting us

When you contact us (e.g., via a form or email), the personal data you provide will only be used to respond to your request.


This processing is carried out on the basis of our legitimate interests (Article 6(1)(f) of the GDPR). If the purpose is the performance of a contract, Article 6(1)(b) of the GDPR applies.


Your data will be deleted after your request has been resolved, unless there are legal retention obligations.

5) Data processing for account registration and contract execution

When you open an account or place an order, the data you provide is processed on the basis of Article 6(1)(b) of the GDPR.


To delete your account, please send an email to: info@candacechloejewelry.com

After the contract has been fulfilled or the account has been deleted, the data will be blocked until the statutory retention period has expired and then deleted. 6) Use of data for direct marketing

6.1 Newsletter subscription

If you subscribe to our newsletter, you will receive offers at your email address. Only your email address is required.


After registration, you will receive a confirmation link via email (double opt-in system). Your consent is provided in accordance with Article 6(1)(a) of the GDPR.

You can unsubscribe at any time via the link in the newsletter or by sending an email to info@candacechloejewelry.com


6.2 Sending to existing customers

The email address you provided during the purchase may be used to send you offers for similar products (legitimate interest - GDPR Article 6(1)(f)). You can object to this use at any time.7) Data transfer in the context of order processing

7.1 If necessary for delivery, your data will be transferred to the carrier.

 

For payment processing, the data will be transferred to the relevant payment service provider.


7.2 Payment service providers include:

PayPal: The data is transferred to PayPal (Europe) S.a.r.l. If necessary, a credit check may be carried out (GDPR Article 6(1)(f)).

SOFORT: Your data, including order details, will be transferred to SOFORT GmbH, part of the Klarna Group.8) Review reminders

Order review reminders will only be sent if you give your explicit consent (GDPR Article 6(1)(a)). Consent can be revoked via info@candacechloejewelry.com

9) Social media plugins


Links to Facebook, Instagram, and Google+ are integrated using the Shariff solution. These links are only active when clicked. This service complies with the Privacy Shield framework.

10) Online marketing

10.1 Google DoubleClick

Used to provide more relevant advertising (GDPR Article 6(1)(f)). Cookies are used for anonymous tracking.


10.2 Google Ads Conversion Tracking

Used to track conversions from advertisements. No user identification is made. You can deactivate these cookies in your browser. 11) Web analysis

Google Analytics (Universal) is used to analyze user behavior. IP addresses are anonymized (_anonymizeIp()). This processing is based on legitimate interests (GDPR Article 6(1)(f)).


You can deactivate tracking by downloading the browser plugin.

12) Retargeting

12.1 Facebook Custom Audiences

With your consent, your behavior can be analyzed using the Facebook pixel. This data is anonymous, but can be linked to your personal profile by Facebook.


12.2 Google Ads remarketing

Used to target advertisements based on previous visits. Can be linked to your Google account. You can deactivate this via AboutAds.info or the Google Ads settings.

13) Rights of the data subject

Under the GDPR, you have the following rights:

Access (Article 15)

Rectification Right to lodge a complaint (Article 77) – for example, with the Malaysian Data Protection Authority.

  • (Article 16)
  • Erasure (Article 17)
  • Restriction of processing (Article 18)
  • Information (Article 19)
  • Data portability (Article 20)
  • Withdrawal of consent (Article 7(3))

13.2 Right to object

If the processing is based on legitimate interests, you may object (GDPR Article 6(1)(f)). Please contact us at info@candancechloejewelry.com to submit an objection. 14) Data retention period

Data is retained for the period required by law (e.g., for tax or accounting purposes). After this period, the data will be deleted, unless it is necessary for contractual or legitimate interests.