Privacy policy

  1. Introduction 1.1 Important Information and Who We Are

Gemma’s Jewelry Edit (“we,” “us,” or “our”) is committed to protecting your personal data and privacy in compliance with the General Data Protection Regulation ("GDPR"), the California Consumer Privacy Act ("CCPA"), and all applicable data protection laws.

This Privacy Policy outlines how we collect, use, store, and protect your data. It applies to all customers, website visitors, suppliers, and third parties interacting with our platform.

1.2 Data Controller Gemma’s Jewelry Edit is the controller and responsible for your personal data. If you have any questions or wish to exercise your rights, contact us at info@gemmasjewelryedit.com. You also have the right to lodge a complaint with a supervisory authority, though we encourage you to contact us first.

1.3 Responsibilities As a controller, Gemma’s Jewelry Edit ensures lawful processing, secure storage, and confidentiality of personal data. All third parties acting on our behalf are bound by contractual obligations to protect and handle your data appropriately.

  1. Legal Basis for Processing We collect data only when necessary and under one or more of the following legal bases:

  • Consent (e.g., for marketing communications)

  • Contractual necessity (e.g., to fulfill your purchase)

  • Legal obligation (e.g., to comply with tax law)

  • Legitimate interests (e.g., fraud prevention, customer service)

  1. Types of Data Collected

  • Identity: name, date of birth

  • Contact: email, phone, billing/shipping address

  • Payment: last 4 digits of card (processed via third-party payment platforms)

  • Technical: IP address, browser type, device ID

  • Usage: site behavior and interaction history

  • Marketing: email preferences (opt-in only)

  • Account: login data and order history

We do not collect special category data or criminal background information.

  1. How We Use Your Data We use your data to:

  • Process and ship orders

  • Communicate shipping and order updates

  • Respond to service requests

  • Provide account functionality

  • Send marketing if opted in

  • Comply with legal and regulatory obligations

  1. Marketing Communications Marketing emails are only sent with your explicit consent. You may unsubscribe at any time via the link in each message or by contacting info@gemmasjewelryedit.com.

  2. Data Security and Infrastructure We use secure, third-party platforms with SSL encryption, password protection, and restricted access. Data may be hosted or processed outside your country but always in compliance with applicable laws.

  3. Your Rights You may request to:

  • Access the personal data we hold

  • Correct, delete, or restrict use of your data

  • Withdraw consent

  • Object to processing based on legitimate interest

To exercise your rights, email info@gemmasjewelryedit.com.

  1. Data Retention Your data is retained only as long as necessary to fulfill purchases, meet legal obligations, and resolve disputes. We may retain certain transaction and tax records as required by law.

  2. Sharing and Disclosure Your data may be shared with:

  • Payment processors (e.g., Stripe, PayPal)

  • Shipping partners (e.g., USPS, UPS, FedEx)

  • Marketing platforms (with consent only)

Data may be disclosed to comply with legal obligations or in the event of business acquisition or restructuring.

  1. Cookies We use cookies to enhance your site experience, analyze traffic, and support marketing activities. You can manage cookie preferences through your browser settings.

  2. CCPA Notice California residents have the right to:

  • Know what categories of personal data we collect

  • Know how it’s used and shared

  • Request deletion of personal data

To exercise CCPA rights, contact info@gemmasjewelryedit.com.