Login

Language

Cart

Your cart is empty

PRIVACY POLICY

Last updated: 20/09/2024

Thank you for visiting our website. The protection and confidentiality of your personal data is of particular importance for us.

With this policy, we aim to inform you about the processing of personal data that we collect from users and customers of our website (www.celestiafinejewelry.com), hereinafter referred to as “Celestia” or “the website”.
www.celestiafinejewelry.com is a site belonging to the company Celestia Group Ltd registered under number 207460583 and domiciled at the address Svoboda 41, Sofia,1220, Bulgaria (hereinafter referred to as the “ Data Controller ”).

www.celestiafinejewelry.com is very concerned about the confidentiality of your personal data as Users visiting and browsing our Online Store. This is why we, Online Store, www.celestiafinejewelry.com, strive to respect your rights, set out in the General Data Protection Regulation 2017/679 (GDPR), the ePrivacy directives of the European Parliament and the Council and the national data protection laws in Bulgaria.

Article 1 – Definitions

  1. “ Personal data ” or “ personal data ”: any information relating to an identified or identifiable natural person (hereinafter referred to as “data subject”); is deemed to be an “identifiable natural person” a natural person who can be identified, directly or indirectly, in particular by reference to an identifier, such as a name, an identification number, location data, an online identifier, or to one or more specific elements specific to their physical, physiological, genetic, psychological, economic, cultural or social identity;
  2. “ processing ” means any operation or set of operations whether or not carried out by automated means and applied to personal data or sets of data, such as collection, recording, organization, processing, structuring, conservation, adaptation or modification, extraction, consultation, use, communication by transmission, dissemination or any other form of making available, reconciliation or interconnection, limitation, erasure or destruction;
  3. “ controller ” means the natural or legal person, public authority, service or other body which, alone or jointly with others, determines the purposes and means of the processing; where the purposes and means of such processing are determined by Union law or the law of a Member State, the controller may be designated or the specific criteria applicable to its designation may be provided for by the law of the processing party. Union or by the law of a Member State;
  4. “ processor ” means the natural or legal person, public authority, service or other body which processes personal data on behalf of the controller;
  5. “ recipient ” means the natural or legal person, public authority, service or other body which receives communication of personal data, whether or not a third party. However, public authorities 4.5.2016 L 119/33 Official Journal of the European Union EN who are likely to receive communication of personal data in the context of a particular fact-finding mission in accordance with Union law or under the law of a Member State are not considered recipients; the processing of these data by the public authorities in question complies with the applicable data protection rules depending on the purposes of the processing;
  6. “ consent ” of the data subject means any free, specific, informed and unambiguous expression of will by which the data subject accepts, by a declaration or by a clear positive act, that personal data concerning him or her are subject to 'a treatment;
  7. “ personal data breach ” means a breach of security resulting, accidentally or unlawfully, in the destruction, loss, alteration, unauthorized disclosure of personal data transmitted, stored or processed by another manner, or unauthorized access to such data;
  8. “ Cookie ”, a cookie is a text file automatically saved in the browser of any User when visiting a website. This text file may contain personal data and/or information relating to the User's navigation.

Article 2 – Purpose
The current Privacy and Cookies Policy (hereinafter the “ Policy ”) aims to define the methods of collection, storage, processing and deletion of personal data (hereinafter “ personal data ”) of any natural person (hereinafter the “Policy”). “ User ”) who, in the context of a strictly personal or domestic activity, simply uses or browses this Online Store.
The Data Controller assures the User that it implements all the necessary means to ensure compliance with the provisions of the General Data Protection Regulation 2017/679 of the European Parliament and of the Council dated April 14, 2016 by ensuring compliance with retention periods, the need to collect the aforementioned personal data, and the confidentiality of the personal data collected (hereinafter the “ Regulation ” or the “ GDPR ”).

Article 3 – User Consent
This Policy must be read and accepted by any User visiting the Online Store. By clicking on the box stating “ read and accepted ” referring to this Policy at the time of arrival on the Online store , the User acknowledges having read and given his free, informed and unambiguous consent to the processing of his personal data.
The User may, at any time, and without justification or prejudice, withdraw their consent to this Privacy and Cookies Policy. The User may exercise his right to withdraw consent to this Policy by notifying the Data Controller at the following email address: office@celestiafinejewelry.com.
This withdrawal of consent will take effect at the time the Data Controller receives notification of the withdrawal of the User's consent.


Article 4 – Data collected
As part of the visit and use of the Online Store, certain personal data of Users may be collected by the Data Controller, in its capacity as Data Controller or by one or more subcontractors acting in the name and for the account of the Data Controller.


1 – Collection means
The User's personal data is collected by the following means:

  • When the User communicates them
    Either by (1) filling out the billing and delivery address form; (2) by filling out payment information, (3) by filling out the contact form; (4) by creating a personal account on the Publisher's Site or (5) by completing the newsletter registration form.
  • By automated collection
    When the User browses the Online store, the Data Controller automatically records certain information relating to preferences and use of the Online Store by the User. Cookies are used in particular during the User's navigation on the Online Store to collect this information automatically

2 – Type of data collected
The personal data that may be collected are:

  • Information about you: First name, last name
  • Contact details: Email, mobile number
  • Personal identification: Personal Identification Number (PIN) or other type of unique identification, required only for invoicing upon request of the customer
  • Address details: Billing address, country, city, ZIP and/or postcode
  • Bank data: Partial data about your bank account
  • Purchase history: Data about orders you have made on the Celestia website
  • Cookies’ data: Data collected by Cookies to identify your browser or device
  • Other data: Other types of personal information, which you may provide by contacting us and/or making a request / inquiry
  • Inferences or profile data: Inferences drawn from any personal data collected about you and used to create a profile reflecting your preferences

    Celestia Group Ltd. does not collect any special categories of personal data as such are not required for the use of our website and / or for the purchase of products using www.celestiafinejewelry.com. If sensitive categories of personal data are provided by you in the course of your communication with the Company or use of our web site, it will be deleted as soon as possible after the processing of such data is established.

3 – Data recipients
The recipients of personal data are:
• the Data Controller
• internal employees of the Data Controller acting on its behalf
• the subcontractor of the Data Controller in charge of hosting the domain of the Online Store
• any legally or administratively authorized person (judicial authorities for example)


Article 5 – Data processing
1 – Legal bases for processing
The processing of Users’ personal data via the Online Store must necessarily be justified by one of the conditions provided for in Article 6 §1 of the Regulations. In accordance with the Regulations, Users’ personal data will only be processed if one of the following conditions is met:
The User has given consent: the User concerned has consented to the processing of their personal data for one or more specific purposes.
The execution of the contract requires: the processing is necessary for the execution of a contract to which the User concerned is a party or for the execution of pre-contractual measures taken at the User’s request.
Compliance with the law requires: the processing is necessary for compliance with a legal obligation to which the data controller is subject.
A legitimate interest justifies it: the processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, unless the interests or fundamental freedoms and rights of the User concerned which require data protection prevail. Of a personal nature, in particular when the User concerned is a minor.


2 – Purposes of processing and duration of data retention
In accordance with Article 13 of the Regulation, the reason and duration of storage and processing of personal data must be justified by a valid purpose, in addition to one of the legal bases cited below.
The processing of user data is based on the following purposes, legal bases, and durations:

  • Commercial prospecting by the Editor:
    Purpose: Consent
    Duration: 3 years from communication by the User
    Archiving: N/A
  • Registration for the Publisher's newsletter:
    Purpose: Consent
    Duration: 3 years from communication by the User
    Archiving: N/A
  • Internal statistics of the Publisher (not shared outside):
    Purpose: Consent
    Duration: 3 years from communication by the User
    Archiving: N/A
  • Management and payment of orders, access to dematerialized content sold, and invoicing:
    Purpose: Execution of the contract
    Duration: 3 years from communication by the User
    Archiving: 5 years
  • Fraud prevention:
    Purpose: Legitimate interest
    Duration: 13 months from communication by the User
    Archiving: 5 years
  • Accounting and tax obligations:
    Purpose: Compliance with the law
    Duration: 3 years from communication by the User
    Archiving: 7 years
  • Facilitation of user navigation and product promotion related to Customer preferences:
    Purpose: Consent
    Duration: 13 months from placing advertising cookies on the User's browser
    Archiving: N/A

Article 6 – Means of data protection
In accordance with Article 5 and Article 32 of the Regulation, the Data Controller is bound by an obligation to guarantee the security of the personal data of Users that it stores and processes.

The Data Controller ensures the maintenance of a register containing all the collected personal data of Users. The Data Controller affirms that it implements all necessary security means to protect the personal data of Users contained in this register and to avoid any violation of the User's personal data.
To do this, the Data Controller affirms that it has undertaken a study of the risks linked to the storage and processing of Users' personal data in order to implement adequate security measures as follows:
– By allowing the pseudonymization and encryption of the User's personal data;
– By implementing means to guarantee the constant confidentiality, integrity, availability and resilience of processing systems and services;
– By implementing means to restore the availability of personal data and access to them within appropriate time frames in the event of a physical or technical incident;
– By guaranteeing the use of a procedure aimed at regularly testing, analyzing and evaluating the effectiveness of technical and organizational measures to ensure the security of the processing.

The Data Controller assures Users that the data it stores and processes is stored within the European Union, in a member state subject to the Regulation.
In the event of a violation of the User's personal data, the Data Controller undertakes to notify the competent supervisory authority of this violation within 72 hours in accordance with Articles 33 and 34 of the Regulation.

Article 7 – Cookies
1 – Purpose of using cookies
As explained above, a cookie is a text file automatically saved in any User's browser when visiting a website. This text file may contain personal data and/or information relating to the User's navigation.
Cookies used on the Online Store have the sole objective of improving your browsing experience as a User. The cookies used facilitate your navigation by memorizing some of your personal data when you access and browse the Online Store. Three types of cookies are used on the Online Store, their purpose varying depending on their type:

  • Functional cookies : these cookies allow you to memorize your data entered during authentications or searches carried out on the shop
  • Advertising cookies : these cookies make it possible to identify the consumption and search habits and preferences of Users in order to offer them advertising content related to their personal preferences.
  • Security cookies : these cookies allow the security of Users' personal data by guaranteeing the encryption of data contained in other cookies.


2 – Cookies used, lifespan, and function
Each cookie used on the Online Store is identifiable by a name. Each cookie has a lifespan, i.e. a period after which it disappears and ceases to be active, forgetting any personal data is stored. Each cookie also has a function, i.e. a utility which justifies its placement on the Online Store.

Here is the list of cookies used on the Online Store with their name, lifespan and function:
m:
Lifetime: 2 years
Function: Determines the device used to access the website for appropriate formatting.
Supplier: m.stripe.com

__stripe_mid:
Lifetime: 1 year
Function: Necessary for completing credit card transactions on the website.
Supplier: m.stripe.com

__stripe_sid:
Lifetime: 1 day
Function: Necessary for completing credit card transactions on the website.
Supplier: m.stripe.com

elementor:
Lifetime: Persistent
Function: Used in the WordPress theme context for real-time content modifications.
Supplier: www.celestiafinejewelry.com

wc_cart_hash_#:
Lifetime: Persistent
Function: Manages basket during navigation based on selected items.
Supplier: www.celestiafinejewelry.com

wc_fragments_#:
Lifetime: Session
Function: Manages basket during navigation based on selected items.
Supplier: www.celestiafinejewelry.com

Cookie Consent:
Lifetime: 1 year
Function: Stores the User's cookie consent state for the current domain.
Supplier: www.celestiafinejewelry.com

o2s-chl:
Lifetime: 14 days
Function: Distinguishes humans from robots.
Supplier: www.celestiafinejewelry.com

ga#:
Lifetime: 2 years
Function: Collects data on the number of User visits and dates of first and most recent visits.
Supplier: www.celestiafinejewelry.com

_ga:
Lifetime: 2 years
Function: Registers a unique identifier for generating statistical data on website usage.
Supplier: www.celestiafinejewelry.com

_gid:
Lifetime: 1 day
Function: Registers a unique identifier for generating statistical data on website usage.
Supplier: www.celestiafinejewelry.com

_gat:
Lifetime: 1 day
Function: Reduces request rate for Google Analytics.
Supplier: www.celestiafinejewelry.com

tk_ai:
Lifetime: 5 years
Function: Records User behavior for internal analysis and website optimization.
Supplier: www.celestiafinejewelry.com

tk_qs:
Lifetime: 1 day
Function: Records User behavior for internal analysis and website optimization.
Supplier: www.celestiafinejewelry.com

tk_tc:
Lifetime: Session
Function: Collects data on User preferences and behavior to make content and ads more relevant.
Supplier: www.celestiafinejewelry.com


3 – Manage cookies: activation and deactivation
It is possible for the User to manage Cookies at any time on the browser they use. The User can activate or deactivate them at any time. The ways to manage cookies depend on each browser. To facilitate the management of Users' cookies, below is explanatory help for managing cookies on the main browsers used by Users:

Google Chrome: https://support.google.com/accounts/answer/61416?co=GENIE.Platform%3DDesktop&hl=en
Safari: https://support.apple.com/fr-fr/guide/safari/sfri11471/mac
Mozilla Firefox: https://support.mozilla.org/fr/kb/activate-or-deactivate-cookies on-firefox-for-android
Internet Explorer: https://support.microsoft.com/fr-fr/help/17442/windows-internet-explorer-delete-manage-cookies

Article 8 – User Rights
The User has the right to request from the Data Controller access to his personal data, the rectification or erasure thereof, or a limitation of the processing relating to the User concerned, or the right to object to the processing and the right to data portability.

The User has the right to withdraw their consent to the processing of their personal data at any time. This withdrawal of consent will take effect at the time the Data Controller receives notification of the withdrawal of the User's consent.

You can exercise any of the above rights by submitting a formal request to the following address: Svoboda 41, Sofia, 1220, Bulgaria, or email: office@celestiafinejewelry.com. In order to exercise your rights, it is mandatory to establish the identity of the claimant when submitting a request for exercising your rights.

You also have the right to file a complaint with the Bulgarian Commission for Protection of Personal Data when the relevant prerequisites are in place.

Article 9 – Updating this Privacy & Cookies Policy
This policy may be updated periodically to reflect changes in personal data protection legislation and best practices. Celestia Group Ltd. will notify you of any significant changes to this privacy policy. When we make changes to this policy, we will change the "last updated" date above.