Privacy and Cookies Statement

Effective Date: 12.12.2025

1. Introduction

This Privacy and Cookies Statement explains how [Your Store Name] ("we", "us", or "our") collects, uses, and protects your personal data when you visit our website or purchase our products.

2. Data Controller

The Data Controller responsible for processing your personal data in accordance with GDPR is:

  • Identity: Katja Marolt for Katja Marolt s.p.\
  • Contact: me@katjusa.jewelry

3. Personal Data We Collect

We may collect the following information:

  • Contact Details: name, email, phone, billing/shipping address.
  • Order Details: purchase history, returns personalization details (e.g. engraving text, design preferences, finger size, stone choice).
  • Payment Information: payment and refund details (Credit/debit card details are processed securely by our payment provider).
  • Account information (if you register): username, password (encrypted).
  • Communication Data: Emails, messages, or feedback you send us.
  • Newsletter sign‑ups: Email address and subscription preferences.
  • Website Analytics: Usage data (e.g. pages visited, time spent on site, clickstream data), and technical data (e.g. IP anonymization enabled, operating system, browser type, device information) collected via Google Analytics.

4. How We Use Your Data

We use your data for following purposes:

  • Order Processing: Fulfillment, delivery, and order updates.
  • Personalization: Custom jewelry design and recommendations.
  • Customer Support: Responding to your inquiries, complaints, and warranty claims.
  • Marketing: Sending promotional emails or offers (only with your consent).
  • Legal Compliance: Tax, accounting, and regulatory obligations.
  • Security: Fraud prevention and website security.
  • Improving Services: Analyzing usage data to enhance user experience.

5. Legal Basis for Processing

We process your personal data based on:

  • Contractual necessity (e.g. fulfilling your order).
  • Legal obligations (e.g. tax records, consumer law).
  • Consent (e.g. newsletter, cookies, marketing).
  • Legitimate interest (e.g. fraud prevention, improving our services).

6. Data Sharing

We only share your data with third parties necessary to perform our services:

  • Payment processors: Mollie (see https://www.mollie.com/legal/privacy).
  • Delivery services: Pošta Slovenije, DHL.
  • IT service providers: Google Analytics, newsletter services, hosting providers.
  • Legal: legal compliance (e.g., tax authorities, courts) and accounting/tax dvisors.

All providers act under GDPR‑compliant agreements.

7. Data Retention

We retain your data for as long as necessary to fulfill the purposes outlined in this statement, unless a longer retention period is required by law:

  • Order/invoicing data: retained for statutory periods (10 years under Slovenian law).
  • Marketing data: retained until you unsubscribe.
  • Customer Accounts: Until you request deletion.

8. Your Rights Under GDPR

You have the right to:

  • Access your personal data.
  • Rectify inaccuracies.
  • Erase your data (subject to legal obligations).
  • Restrict or object to processing.
  • Withdraw consent at any time.

To exercise these rights, contact us by email.

You may lodge a complaint with the Information Commissioner of Slovenia (ip-rs.si)

9. Data Security

We implement technical and organizational measures (e.g., encryption for data transmission, access controls) to protect your data from unauthorized access or breaches.

10. Cookies

Cookies are small files stored on your device to ensure our website functions properly, enhance your experience and help us analyze usage.

Types of Cookies We Use:

  • Technically required: Essential (strictly necessary) cookies required for website to function (e.g., shopping cart, checkout, login). These cannot be disabled.
  • Comfort Features: To enable/disable Youtube videos. These are only set with your consent.
  • Analytics Cookies: Help us understand how visitors use our site. We use Google Analytics with IP anonymization enabled. These are only set with your consent.
  • Third‑Party Cookies: We do not use third‑party advertising or marketing cookies.

Consent Management:

  • On your first visit, a cookie banner appears.
  • You can accept, reject, or customize your non‑essential cookie preferences.
  • You can change your preferences anytime via our cookie banner or your browser settings. Disabling cookies may affect site functionality.

Retention Periods:

  • Session cookies: Deleted when you close your browser.
  • Persistent cookies: Remain on your device until they expire or are deleted.
  • Google Analytics cookies: Default retention period of 14 months.

11. Changes to This Statement

We may update this statement from time to time. The latest version will always be available on our website.