1) Information on the Collection of Personal Data and Contact Details of the Controller

1.1

We are pleased that you are visiting our website and thank you for your interest. Below, we inform you about how your personal data is handled when you use our website. Personal data refers to any data that can be used to personally identify you.

1.2

The controller responsible for data processing on this website within the meaning of the General Data Protection Regulation (GDPR) is: Ava´s Jewelry.
The controller is the natural or legal person who alone or jointly with others determines the purposes and means of processing personal data.

1.3

For security reasons and to protect the transmission of personal data and other confidential content (e.g., orders or inquiries), this website uses SSL or TLS encryption. You can recognize an encrypted connection by the string “https://” and the lock symbol in your browser’s address bar.

2) Data Collection When Visiting Our Website

When you use our website for informational purposes only (i.e., if you do not register or otherwise provide information), we only collect data that your browser transmits to our server (so-called “server log files”). When you access our website, we collect the following data, which is technically necessary to display the website:

• Visited website

• Date and time of access

• Amount of data sent in bytes

• Source/reference from which you accessed the page

• Browser used

• Operating system used

• IP address used (possibly in anonymized form)

Processing is carried out in accordance with Art. 6(1)(f) GDPR based on our legitimate interest in improving the stability and functionality of our website. The data will not be shared or used for other purposes. However, we reserve the right to review server log files retrospectively if there are concrete indications of unlawful use.

3) Cookies

To make your visit to our website more attractive and to enable certain functions, we use cookies on various pages. Cookies are small text files stored on your device.

Some cookies are deleted after the browser session ends (session cookies). Other cookies remain on your device and allow us or our partner companies (third-party cookies) to recognize your browser on your next visit (persistent cookies).

If cookies are set, they collect and process certain user information such as browser data, location data, and IP address values. Persistent cookies are automatically deleted after a specified period, which may vary depending on the cookie.

Some cookies are used to simplify the ordering process by saving settings (e.g., remembering the contents of a shopping cart for a later visit). If personal data is processed by individual cookies, processing is carried out either:

• in accordance with Art. 6(1)(b) GDPR for contract performance, or

• in accordance with Art. 6(1)(f) GDPR based on our legitimate interest in ensuring optimal website functionality and a user-friendly experience.

We may work with advertising partners to make our online offering more interesting for you. In this case, cookies from partner companies (third-party cookies) may also be stored on your device. You will be informed separately about the use of such cookies where applicable.

You can configure your browser to notify you about the setting of cookies and decide individually whether to accept them, or to exclude cookies in specific cases or generally. Please note that disabling cookies may limit the functionality of our website.

4) Contacting Us

When you contact us (e.g., via contact form or email), personal data is collected. The data collected via a contact form can be seen from the respective form.

This data is stored and used exclusively for the purpose of responding to your inquiry and for related technical administration. The legal basis is our legitimate interest in responding to your request (Art. 6(1)(f) GDPR). If your inquiry is related to the conclusion of a contract, the additional legal basis is Art. 6(1)(b) GDPR.

Your data will be deleted after your request has been fully processed, provided there are no statutory retention obligations.

5) Data Processing When Opening a Customer Account and for Contract Processing

Personal data is collected and processed in accordance with Art. 6(1)(b) GDPR if you provide it to us for contract performance or when opening a customer account.

You may delete your customer account at any time by sending a message to the controller. We store and use the data you provide for contract processing. After full contract completion or account deletion, your data will be restricted in accordance with tax and commercial retention periods and deleted after those periods expire, unless you have expressly consented to further use.

6) Use of Your Data for Direct Marketing

6.1 Email Newsletter Subscription

If you subscribe to our email newsletter, we will regularly send you information about our offers. The only mandatory information required is your email address.

We use the double opt-in procedure. You will receive a confirmation email and must confirm your subscription by clicking a link.

The legal basis is your consent (Art. 6(1)(a) GDPR). You may unsubscribe at any time via the link in the newsletter or by contacting us. Your email address will then be removed unless you have consented to further use.

6.2 Newsletter for Existing Customers

If you provided your email address when purchasing goods or services, we may send you offers for similar products based on our legitimate interest in direct marketing (Art. 6(1)(f) GDPR).

You may object to this use at any time with future effect.

7) Data Processing for Order Fulfillment

7.1 Shipping and Payment

Personal data required for delivery will be passed to the shipping provider. Payment data will be passed to the payment institution as necessary. Legal basis: Art. 6(1)(b) GDPR.

8) Review Reminder

If you have given your consent (Art. 6(1)(a) GDPR), we may use your email address to send a one-time reminder to review your order. You may withdraw your consent at any time.

9) Social Media Plugins (Shariff Solution)

This website uses social plugins for:

• Facebook

• Google+

• Instagram

To enhance data protection, these plugins are integrated as HTML links. A connection to the respective platform is only established when you click the button.

Further information:

• Facebook: https://www.facebook.com/privacy

• Google: https://www.google.com/privacy

• Instagram: https://help.instagram.com/

10) Online Marketing

10.1 DoubleClick by Google

Used to display relevant ads and measure campaign performance based on our legitimate interest (Art. 6(1)(f) GDPR).

Privacy policy:
https://policies.google.com/privacy

10.2 Google Ads Conversion Tracking

Tracks user actions after clicking ads to evaluate effectiveness. You can disable tracking via your browser settings or Google Ads settings.

11) Web Analytics

Google (Universal) Analytics

This website uses Google Analytics with IP anonymization (“_anonymizeIp”). Data is used for statistical analysis and website optimization based on our legitimate interest (Art. 6(1)(f) GDPR).

You may prevent data collection using the browser add-on:
https://tools.google.com/dlpage/gaoptout

12) Retargeting / Remarketing

Facebook Pixel

Tracks user behavior after interacting with Facebook ads, based on your consent (Art. 6(1)(a) GDPR).

Google Ads Remarketing

Displays interest-based ads based on your browsing behavior, based on our legitimate interest (Art. 6(1)(f) GDPR).

13) Data Subject Rights

You have the following rights under GDPR:

• Right of access (Art. 15)

• Right to rectification (Art. 16)

• Right to erasure (Art. 17)

• Right to restriction of processing (Art. 18)

• Right to notification (Art. 19)

• Right to data portability (Art. 20)

• Right to withdraw consent (Art. 7(3))

• Right to lodge a complaint with a supervisory authority (Art. 77)

Right to Object

If your data is processed based on legitimate interests, you may object at any time for reasons arising from your particular situation.
If your data is processed for direct marketing, you may object at any time.

14) Storage Period of Personal Data

Personal data is stored for the duration required by applicable legal retention periods (e.g., tax or commercial law). After the retention period expires, the data will be routinely deleted unless it is still required for contract fulfillment or there is a legitimate interest in further storage.