Privacy policy
1) Introduction and Contact Details of the Responsible Party
1.1 We are pleased that you are visiting our website and thank you for your interest. Below we inform you about the handling of your personal data when using our website. Personal data is all data by which you can be personally identified.
1.2 The responsible party for data processing on this website, in terms of the General Data Protection Regulation (GDPR), is Nano-Venture GmbH & Co. KG, Widmanngasse 42, 9500 Villach, Austria, Tel.: 0043 664 4424243, Email: shop@nur.jewelry. The responsible party for the processing of personal data is the natural or legal person who alone or jointly with others decides on the purposes and means of the processing of personal data.
2) Data Collection When Visiting Our Website
2.1 When using our website for information purposes only, i.e., if you do not register or provide us with information in any other way, we only collect data that your browser transmits to our server (so-called "server log files"). When you access our website, we collect the following data, which is technically necessary for us to display the website to you:
- The website visited
- Date and time at the time of access
- Amount of data sent in bytes
- Source/reference from which you came to the page
- Browser used
- Operating system used
- IP address used (if applicable: in anonymized form)
The processing is carried out in accordance with Art. 6 Para. 1 lit. f GDPR based on our legitimate interest in improving the stability and functionality of our website. The data is not passed on or used in any other way. However, we reserve the right to subsequently check the server log files if there are specific indications of illegal use.
2.2 This website uses SSL or TLS encryption for security reasons and to protect the transmission of personal data and other confidential content (e.g., orders or inquiries to the responsible party). You can recognize an encrypted connection by the string "https://" and the lock symbol in your browser line.
3) Cookies
To make the visit to our website attractive and to enable the use of certain functions, we use cookies, which are small text files that are stored on your device. Some of the cookies we use are deleted after the browser session ends, i.e., after you close your browser (so-called "session cookies"). Other cookies remain on your device and allow us to recognize your browser on your next visit (so-called "persistent cookies"). In the latter case, you can see the storage duration in the overview of the cookie settings of your web browser.
If individual cookies we use also process personal data, the processing is carried out in accordance with Art. 6 Para. 1 lit. b GDPR either for the execution of the contract, according to Art. 6 Para. 1 lit. a GDPR in the case of consent given, or according to Art. 6 Para. 1 lit. f GDPR to safeguard our legitimate interests in the best possible functionality of the website and a customer-friendly and effective design of the page visit.
You can set your browser so that you are informed about the setting of cookies and decide individually about their acceptance or exclude the acceptance of cookies for certain cases or in general.
Please note that if you do not accept cookies, the functionality of our website may be limited.
4) Contacting
4.1 WhatsApp Business
We offer visitors to our website the opportunity to contact us via the messaging service WhatsApp from WhatsApp Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland, using the so-called "Business version" of WhatsApp.
If you contact us via WhatsApp on the occasion of a specific transaction (e.g., a completed order), we store and use the mobile phone number you use on WhatsApp and, if provided, your first and last name according to Art. 6 Para. 1 lit. b GDPR to process and respond to your request. On the same legal basis, we may ask you via WhatsApp to provide further data (order number, customer number, address or email address) to assign your request to a specific process.
If you use our WhatsApp contact for general inquiries (such as about the range of services, availability, or our Internet presence), we store and use the mobile phone number you use on WhatsApp and, if provided, your first and last name according to Art. 6 Para. 1 lit. f GDPR based on our legitimate interest in providing the requested information efficiently and promptly.
Your data will always be used only to respond to your concerns via WhatsApp. There is no disclosure to third parties.
Please note that WhatsApp Business accesses the address book of the mobile device we use for this purpose and automatically transmits stored phone numbers to a server of the parent company Meta Platforms Inc. in the USA. We use a mobile device for the operation of our WhatsApp Business account, in whose address book only the WhatsApp contact details of those users are stored who have also contacted us via WhatsApp.
This ensures that each person whose WhatsApp contact details are stored in our address book has consented to the transmission of his WhatsApp phone number from the address books of his chat contacts according to Art. 6 Para. 1 lit. a GDPR when first using the app on his device. Data transmission of users who do not use WhatsApp and/or have not contacted us via WhatsApp is thus excluded.
In the context of the above-mentioned processing, data transfers to servers of Meta Platforms Inc. in the USA may occur.
For data transfers to the USA, the provider has joined the EU-US Data Privacy Framework, which ensures compliance with European data protection standards based on an adequacy decision by the European Commission.
4.2 As part of contacting us (e.g., via contact form or email), personal data are processed solely for the purpose of handling and answering your request and only to the extent necessary for this purpose.
The legal basis for processing these data is our legitimate interest in responding to your request according to Art. 6 Para. 1 lit. f GDPR. If your contact is aimed at concluding a contract, then additional legal basis for processing is Art. 6 Para. 1 lit. b GDPR. Your data will be deleted when it can be inferred from the circumstances that the relevant matter has been conclusively clarified and provided there are no statutory retention obligations to the contrary.
5) Data Processing When Opening a Customer Account
In accordance with Art. 6 Para. 1 lit. b GDPR, personal data continue to be collected and processed to the extent necessary when you provide them to us when opening a customer account. Which data is necessary for opening the account can be seen from the input mask of the corresponding form on our website.
Deleting your customer account is possible at any time and can be done by sending a message to the above-mentioned address of the responsible party. After deletion of your customer account, your data will be deleted, provided that all contracts concluded via the account have been completely processed, no legal retention periods are contrary, and there is no legitimate interest on our part in further storage.
6) Use of Customer Data for Direct Advertising
6.1 Subscription to our Email Newsletter
When you subscribe to our email newsletter, we will regularly send you information about our offers. The only mandatory information for sending the newsletter is your email address. The provision of further data is voluntary and is used to address you personally. For sending the newsletter, we use the so-called double opt-in procedure, which ensures that you will only receive a newsletter if you have expressly confirmed your consent to receive the newsletter by activating a verification link sent to the provided email address.
By activating the confirmation link, you give us your consent for the use of your personal data according to Art. 6 Para. 1 lit. a GDPR. We store your IP address entered by the Internet service provider (ISP) as well as the date and time of registration in order to be able to trace a possible misuse of your email address at a later date. The data collected by us when registering for the newsletter will be used strictly for the purpose of sending the newsletter.
You can unsubscribe from the newsletter at any time via the link provided in the newsletter or by sending a corresponding message to the person named at the beginning. After unsubscribing, your email address will be immediately deleted from our newsletter distribution list, provided you have not expressly consented to further use of your data or we reserve the right to further use data, which is legally allowed and about which we will inform you in this declaration.
6.2 Brevo
The dispatch of our e-mail newsletters is carried out by this provider: Sendinblue GmbH, Köpenicker Str. 126, 10179 Berlin, Germany
Based on our legitimate interest in effective and user-friendly newsletter marketing, we pass on the data provided during the newsletter registration according to Art. 6 Para. 1 lit. f GDPR to this provider so that they can carry out the newsletter dispatch on our behalf.
Subject to your express consent according to Art. 6 Para. 1 lit. a GDPR, the provider also carries out a statistical evaluation of newsletter campaigns using web beacons or counting pixels in the sent emails, which can measure opening rates and specific interactions with the content of the newsletters. End device information (e.g., time of access, IP address, browser type, and operating system) is also collected and evaluated, but not merged with other data sets.
You can revoke your consent to newsletter tracking at any time with effect for the future. We have concluded a data processing agreement with the provider that protects the data of our site visitors and prohibits its transfer to third parties.
7) Data Processing for Order Processing
7.1 As far as necessary for the processing of the contract for delivery and payment purposes, the personal data collected by us according to Art. 6 Para. 1 lit. b GDPR are passed on to the commissioned transport company and the commissioned credit institution.
If we owe you updates for goods with digital elements or for digital products based on a corresponding contract, we process the contact data you provided during the order (name, address, email address) to inform you personally about upcoming updates within the legally specified period via suitable communication channels (e.g., by mail or email). Your contact data is strictly used for the purpose of notifying you about updates we owe and is processed by us only to the extent necessary for the respective notification.
To process your order, we also work with the following service provider(s), which support us wholly or partly in the execution of concluded contracts. Certain personal data is transmitted to these service providers according to the following information.
7.2 Use of Payment Service Providers (Payment Services)
- Apple Pay
If you choose the payment method "Apple Pay" from Apple Distribution International (Apple), Hollyhill Industrial Estate, Hollyhill, Cork, Ireland, the payment is processed via the "Apple Pay" function of your end device operated with iOS, watchOS, or macOS by charging a payment card stored in "Apple Pay". Apple Pay uses security features integrated into the hardware and software of your device to protect your transactions. Therefore, the release of a payment requires the entry of a previously determined code and verification via the "Face ID" or "Touch ID" function of your end device.
For the purpose of payment processing, your information provided during the order process along with information about your order is transmitted in encrypted form to Apple. Apple then re-encrypts this data with a developer-specific key before the data is transmitted to the payment service provider of the payment card stored in Apple Pay for payment execution. The encryption ensures that only the website from which the purchase was made can access the payment data. After the payment is made, Apple sends your device account number and a transaction-specific, dynamic security code to the originating website to confirm the payment success.
If personal data is processed in the described transmissions, the processing is carried out exclusively for the purpose of payment processing according to Art. 6 Para. 1 lit. b GDPR.
Apple stores anonymized transaction data, including the approximate purchase amount, approximate date and time, and an indication of whether the transaction was successfully completed. The anonymization completely excludes any reference to a person. Apple uses the anonymized data to improve "Apple Pay" and other Apple products and services.
If you use Apple Pay on the iPhone or Apple Watch to complete a purchase that you made via Safari on the Mac, the Mac and the authorization device communicate via an encrypted channel on Apple's servers. Apple processes or stores none of this information in a format that could identify you. You can disable the ability to use Apple Pay on your Mac in the settings of your iPhone. Go to "Wallet & Apple Pay" and disable "Allow Payments on Mac".
Further information on data protection at Apple Pay can be found at the following internet address: https://support.apple.com/de-de/HT203027
- Klarna
One or more online payment methods of the following provider are available on this website: Klarna Bank AB, Sveavägen 46, 111 34 Stockholm, Sweden
If you select a payment method of the provider where you pay in advance (such as credit card payment), your payment data shared during the order process (including name, address, bank and payment card information, currency, and transaction number) as well as information about the content of your order are passed on to this provider according to Art. 6 Para. 1 lit. b GDPR. The transfer of your data in this case is exclusively for the purpose of payment processing with the provider and only to the extent necessary for this purpose.
If you select a payment method where the provider advances the payment (such as invoice or installment purchase or direct debit), you will also be asked during the order process to provide certain personal data (first and last name, street, house number, postal code, city, date of birth, email address, telephone number, possibly data on an alternative payment method).
To protect our legitimate interest in determining the creditworthiness of our customers, this data is forwarded by us to the provider according to Art. 6 Para. 1 lit. f GDPR for the purpose of a credit check. The provider checks based on the personal data you provided and other data (such as shopping cart, invoice amount, order history, payment experiences) whether the payment option you selected can be granted in terms of payment and/or default risks.
For decision-making during the application review, in addition to provider-internal criteria according to Art. 6 Para. 1 lit. f GDPR, identity and credit information from the following credit agencies may also be included:
https://cdn.klarna.com/1.0/shared/content/legal/terms/0/de_de/credit_rating_agencies
The credit report may contain probability values (so-called score values). Insofar as score values are included in the result of the credit report, they are based on a scientifically recognized mathematical-statistical procedure. The calculation of the score values includes, among other things, but not exclusively, address data.
You can object to this processing of your data at any time by sending a message to us or to the provider. However, the provider may still be entitled to process your personal data if this is necessary for contractual payment processing.
- PayPal
One or more online payment methods of the following provider are available on this website: PayPal (Europe) S.à r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg
If you select a payment method of the provider where you pay in advance, your payment data shared during the order process (including name, address, bank and payment card information, currency, and transaction number) as well as information about the content of your order are passed on to this provider according to Art. 6 Para. 1 lit. b GDPR. The transfer of your data in this case is exclusively for the purpose of payment processing with the provider and only to the extent necessary for this purpose.
If you select a payment method where we advance the payment, you will also be asked during the order process to provide certain personal data (first and last name, street, house number, postal code, city, date of birth, email address, telephone number, possibly data on an alternative payment method).
To protect our legitimate interest in determining your creditworthiness in such cases, this data is forwarded by us to the provider according to Art. 6 Para. 1 lit. f GDPR for the purpose of a credit check. The provider checks based on the personal data you provided and other data (such as shopping cart, invoice amount, order history, payment experiences) whether the payment option you selected can be granted in terms of payment and/or default risks.
The credit report may contain probability values (so-called score values). Insofar as score values are included in the result of the credit report, they are based on a scientifically recognized mathematical-statistical procedure. The calculation of the score values includes, among other things, but not exclusively, address data.
You can object to this processing of your data at any time by sending a message to us or to the provider. However, the provider may still be entitled to process your personal data if this is necessary for contractual payment processing.
- SOFORT
One or more online payment methods of the following provider are available on this website: SOFORT GmbH, Theresienhöhe 12, 80339 Munich, Germany
If you select a payment method of the provider where you pay in advance (such as credit card payment), your payment data shared during the order process (including name, address, bank and payment card information, currency, and transaction number) as well as information about the content of your order are passed on to this provider according to Art. 6 Para. 1 lit. b GDPR. The transfer of your data in this case is exclusively for the purpose of payment processing with the provider and only to the extent necessary for this purpose.
8) Web Analysis Services
Google (Universal) Analytics
This website uses Google (Universal) Analytics, a web analysis service of Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland ("Google"), which enables an analysis of your use of our website.
By default, cookies are set by Google (Universal) Analytics when you visit the website, which are stored as small text modules on your end device and collect certain information. The scope of this information also includes your IP address, which is however truncated by Google to exclude a direct personal reference.
The information is transmitted to Google servers and processed there. Transmissions to Google LLC based in the USA are also possible.
Google uses the collected information on our behalf to evaluate your use of the website, to compile reports on website activities for us, and to provide further services related to the use of the website and the internet. The IP address transmitted by your browser as part of Google Analytics and truncated will not be merged with other data from Google. The data collected in the context of the use of Google (Universal) Analytics is stored for a duration of two months and then deleted.
All of the above-described processing, especially the setting of cookies on the used end device, only occurs if you have given us your express consent according to Art. 6 Para. 1 lit. a GDPR.
Without your consent, the use of Google (Universal) Analytics during your site visit is omitted. You can revoke your given consent at any time with effect for the future. To exercise your right of revocation, please deactivate this service via the "Cookie-Consent-Tool" provided on the website.
We have concluded a data processing agreement with Google that ensures the protection of our site visitors' data and prohibits its unauthorized transfer to third parties.
Further legal information about Google (Universal) Analytics can be found at https://policies.google.com/privacy?hl=en&gl=en and at https://policies.google.com/technologies/partner-sites
Demographic Features
Google (Universal) Analytics uses the special function "demographic features" and can thus generate statistics that provide information about the age, gender, and interests of site visitors. This is done through the analysis of advertising and information from third-party providers. This can help identify target audiences for marketing activities. However, the collected data cannot be assigned to any specific person and is deleted after a storage duration of two months.
Google Signals
As an extension to Google (Universal) Analytics, Google Signals can be used on this website to create device-overlapping reports. If you have activated personalized ads and linked your devices with your Google account, Google can analyze your usage behavior across devices and create database models, including about device-overlapping conversions, subject to your consent to the use of Google Analytics according to Art. 6 Para. 1 lit. a GDPR. We do not receive personal data from Google, only statistics. If you want to stop the device-overlapping analysis, you can disable the "Personalized Advertising" function in the settings of your Google account. Follow the instructions on this page: https://support.google.com/ads/answer/2662922?hl=en Further information about Google Signals can be found at the following link: https://support.google.com/analytics/answer/7532985?hl=en
UserIDs
As an extension to Google (Universal) Analytics, the "UserIDs" function can be used on this website. If you have consented to the use of Google (Universal) Analytics according to Art. 6 Para. 1 lit. a GDPR, have set up an account on this website, and log in on various devices with this account, your activities, including conversions, can be analyzed across devices.
For data transfers to the USA, the provider has joined the EU-US Data Privacy Framework, which ensures compliance with European data protection standards based on an adequacy decision by the European Commission.
9) Tools and Miscellaneous
Cookie-Consent-Tool
This website uses a so-called "Cookie-Consent-Tool" to obtain effective user consents for consent-required cookies and cookie-based applications. The "Cookie-Consent-Tool" is displayed to users in the form of an interactive user interface upon page call-up, where consents for certain cookies and/or cookie-based applications can be given by setting check marks. By using the tool, all consent-required cookies/services are only loaded if the respective user has given the corresponding consents by setting check marks. This ensures that such cookies are only set on the respective user's end device in case of a given consent.
The tool sets technically necessary cookies to save your cookie preferences. Personal user data is generally not processed.
If personal data (such as the IP address) is processed in individual cases for the purpose of storing, assigning, or logging cookie settings, this is done according to Art. 6 Para. 1 lit. f GDPR based on our legitimate interest in a legally compliant, user-specific, and user-friendly consent management for cookies and thus in a legally compliant design of our internet presence.
Another legal basis for the processing is also Art. 6 Para. 1 lit. c GDPR. As responsible parties, we are legally obliged to make the use of technically non-essential cookies dependent on the respective user consent.
If necessary, we have concluded a data processing agreement with the provider that ensures the protection of our site visitors' data and prohibits its unauthorized transfer to third parties.
Further information about the operator and the setting options of the Cookie-Consent-Tool can be found directly in the corresponding user interface on our website.
10) Rights of the Data Subject
10.1 The applicable data protection law grants you the following rights of data subjects (rights of access and intervention) against the responsible party with regard to the processing of your personal data, whereby reference is made to the respective legal basis for the exercise requirements:
- Right of access according to Art. 15 GDPR;
- Right to rectification according to Art. 16 GDPR;
- Right to erasure according to Art. 17 GDPR;
- Right to restriction of processing according to Art. 18 GDPR;
- Right to notification according to Art. 19 GDPR;
- Right to data portability according to Art. 20 GDPR;
- Right to withdraw consent granted according to Art. 7 Para. 3 GDPR;
- Right to lodge a complaint according to Art. 77 GDPR.
10.2 RIGHT TO OBJECT
IF WE PROCESS YOUR PERSONAL DATA AS PART OF A BALANCING OF INTERESTS BASED ON OUR PREDOMINANTLY LEGITIMATE INTEREST, YOU HAVE THE RIGHT AT ANY TIME, FOR REASONS ARISING FROM YOUR PARTICULAR SITUATION, TO OBJECT TO THIS PROCESSING WITH EFFECT FOR THE FUTURE.
IF YOU MAKE USE OF YOUR RIGHT TO OBJECT, WE WILL STOP PROCESSING THE DATA CONCERNED. HOWEVER, WE RESERVE THE RIGHT TO FURTHER PROCESSING IF WE CAN DEMONSTRATE COMPELLING LEGITIMATE GROUNDS FOR THE PROCESSING THAT OVERRIDE YOUR INTERESTS, FUNDAMENTAL RIGHTS, AND FREEDOMS, OR IF THE PROCESSING SERVES TO ASSERT, EXERCISE, OR DEFEND LEGAL CLAIMS.
IF YOUR PERSONAL DATA IS PROCESSED BY US FOR DIRECT MARKETING PURPOSES, YOU HAVE THE RIGHT TO OBJECT AT ANY TIME TO THE PROCESSING OF PERSONAL DATA CONCERNING YOU FOR SUCH MARKETING. YOU CAN EXERCISE THE OBJECTION AS DESCRIBED ABOVE.
IF YOU MAKE USE OF YOUR RIGHT TO OBJECT, WE WILL STOP PROCESSING THE DATA CONCERNED FOR DIRECT MARKETING PURPOSES.
11) Duration of Storage of Personal Data
The duration of the storage of personal data is determined based on the respective legal basis, the processing purpose and – if relevant – additionally based on the respective statutory retention period (e.g., commercial and tax retention periods).
When processing personal data based on an express consent according to Art. 6 Para. 1 lit. a GDPR, the data concerned will be stored until you revoke your consent.
If there are statutory retention periods for data that is processed within the framework of legal business-like obligations based on Art. 6 Para. 1 lit. b GDPR, these data are routinely deleted after the retention periods expire, provided they are no longer required for the fulfillment or initiation of a contract and/or there is no legitimate interest on our part in further storage.
When processing personal data based on Art. 6 Para. 1 lit. f GDPR, these data will be stored until you exercise your right of objection according to Art. 21 Para. 1 GDPR, unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights, and freedoms, or the processing is for the establishment, exercise, or defense of legal claims.
When processing personal data for the purpose of direct marketing based on Art. 6 Para. 1 lit. f GDPR, these data will be stored until you exercise your right of objection according to Art. 21 Para. 2 GDPR.
Unless otherwise derived from the other information in this declaration about specific processing situations, stored personal data will otherwise be deleted when they are no longer necessary for the purposes for which they were collected or otherwise processed.