Terms, Conditions & Privacy

OVERVIEW

These website terms of use apply to your access to and use of the website www.rochajewellery.com of Rocha Jewellery, as well as to the information, recommendations and/or services made available to you through this Website. By using the Website you agree with the applicability of these website terms. Please note that these terms may be changed from time to time. We therefore advice you to regularly check these terms for amendments. 

Information

Rocha Jewellery gives constant care and attention to the content and composition of the Website in order to keep the information published correct and up-to-date. Nevertheless, it is possible that information that is published on the Website may be incomplete, incorrect and/or not up to date. The information on the Website is frequently supplemented and any changes can be made at any time.

Limitation of liability 

Rocha Jewellery is not liable for any direct or indirect loss or damage of any nature whatsoever arising from or in any way connected with information published on the Website that is incorrect, incomplete and/or not up to date. Nor can Rocha Jewellery be held liable for any errors or omissions as a result of the incorrect functioning of the Website.

Trademarks and trade names 

Rocha Jewellery is the rightholder of all trademarks, both word and device marks, and trademarks used on the Website, unless indicated otherwise. It is not permitted to use these trademarks and tradenames without the prior written permission of Jóia da Rocha. Any use that is not permitted will be regarded as trademark and/or tradename infringement and shall be opposed with legal measures.

Copyright 

All images, questionnaires, artworks, text and graphics on the Website are the copyright of Rocha Jewellery, unless indicated otherwise. It is not permitted to disclose and reproduce any of the copyrighted material for commercial use without the prior written permission of Rocha Jewellery. Any form of unauthorised use of the copyrighted material is considered an infringement of copyright and shall be opposed with legal measures.

Privacy Policy Rocha Jewellery

Introduction

Welcome to the website of Jóia da Rocha Jewellery. Your privacy and the security of your personal data are very important to us. We therefore collect and manage your personal data with the utmost care and take specific measures to keep them secure. Below, you will find the main information regarding our processing of your personal data in relation to your browsing on the website www.rochajewellery.com and the use of our services.

We process your personal data in accordance with the data protection regulations, including the General Data Protection Regulation (GDPR). In this privacy statement, we explain what personal data we process for what purpose. We encourage you to read it carefully. If you have any questions, please contact us via hello@rochajewellery.com

Data controller

The sole proprietorship Rocha Jewellery, with its registered office at Gerrit van der Veenstraat 33-H (1077 DN) in Amsterdam Rocha Jewellery is the party responsible for all data processing.

Collection and processing of personal data

Rocha Jewellery processes certain personal data to provide you with the products or services you request, for example when you make a purchase on the Website, join our Magic List to receive our newsletter or create an account with us. We only process personal data if we have a legal basis for doing so.

The categories of personal data that we collect and process are as follows:

  1. Personal data for processing your order on our Website. We process your name, e-mail address, address, payment details and (optional) phone number which is necessary to process and execute your order on the Website.
  2. Contact details for creating an account. We process your name and e-mail address if you create an account on our Website.  
  3. Personal data related to inquiries and requests. We process your name, e-mail address and inquiry or request if you contact our customer service via hello@rochajewellery.com.
  4. Contact details for non-commercial messages: We process your e-mail address for non-commercial messages, for example to inform you about changes in this privacy policy.
  5. Contact details for marketing activities. We process your name and e-mail address to send you commercial communications about our products and services, if you purchased a product on our Website. You can unsubscribe at any time by clicking the “unsubscribe” link included in each newsletter or other commercial communication. Furthermore, we may process your e-mail address if you have indicated that you would like to join the Magic List to receive our newsletters.     
  6. Browsing data. We may process information on how you use our Website with the device you use to access our Website, such as your IP address, device data, log data and other data about your usage of our Website.

Legal basis for processing

We only process your personal data in the presence of one of the legal requirements established by current legislation, and specifically:

  1. For the conclusion and execution of an agreement of which you are part or in order to take steps, at your request, prior to entering into an agreement. This legal basis legitimises the processing of personal data that takes place in the following activities:
  • Online purchase. We use your personal data to process and execute your online purchase.
  • Creating an account. We use your personal data to create a membership account with Jóia da Rocha.
  • Managing your inquiries. We use your personal data to manage your inquiries and requests which you have submitted via hello@rochajewellery.com.
  1. For compliance with legal obligations. We may process your personal data if we are required to do so in order to comply with a legal obligation, such as keeping records for tax purposes or providing information to a public body or law enforcement agency.

  2. For our legitimate interest. We process your personal data where it is in our legitimate interest to run a lawful business and to promote and innovate that business, as long it does not outweigh your interest, such as preventing fraud or criminal activities and marketing our services to existing customers to increase purchases.

  3. Based on your consent. In some cases, we will ask your express consent to process your personal data and we will only process your personal data if you agree to us doing so. This legal basis legitimises the processing of personal data that takes place in the following activities:
  • Marketing activities. If you are not an existing customer but gave us your consent to join the Magic List, we process your e-mail address and telephone number to send you our newsletter.
  • Analysis your browsing data. We only process your browsing data to gain insight into how you use our Website if you have given us your express consent.

Transfer to third parties

We may share your personal data with the following categories of third-parties for the purposes described in this privacy policy:

Service providers 

We may share your personal data with our service providers. We engage these parties to provide and support our services or assist in processing your order, e.g. delivery parties (PostNL) and payment service providers (Stripe, Mollie and PayPal). Moreover, we also share your personal data with Shopify Inc. (Shopify), as they provide us with the online e-commerce platform that allows us to sell out products and services to you.

We will ensure your data is only being used in a way similar to, or for a similar purpose as the purpose for which your personal data has been gathered, and only in accordance with this Privacy Policy and any legal obligation.

Competent law enforcement, regulatory or government bodies

We may share personal data with third-parties if we are obliged to do so pursuant to a statutory provision or a decision of the court or supervisory body, or if this is necessary in the interest of preventing, detecting or prosecuting criminal offences (such as fraud, fraud or scams).

Cookies

For you to get the most from the user experience on the Website, we collect certain information or “cookies”. Cookies are small text files that are placed on your device, e.g. a smartphone or computer, when you visit out Website. Because a cookie is placed on your device, your device could be recognised and information can be collected.

Cookies are placed by both Jóia da Rocha and Shopify. Only functional (necessary) and analytical cookies are placed on your device via our Website. We only place analytical cookies on your device if we have your prior permission.

You can change your choice for the use of cookies at any time by adjusting the cookie settings of your browser.

Security

We have taken technical and organisational security measures to protect your personal data from loss, destruction, manipulation and unauthorised access. All of our employees and all persons involved in data processing are obliged to comply with the data protection laws and to handle personal data confidentially. In the case of collection and processing of personal data, the information is transmitted in encrypted form to prevent misuse of the data by third parties (e.g. your credit card information is encrypted using secure socket layer technology (SSL) and stored with an AES-256 encryption. Our security measures are constantly being revised according to technological developments.

We draw your attention to the fact that data transmission over the internet (e.g. e-mail communication) may involve loopholes in security. It is not possible to protect such data completely from third-party access. We will, however, always process personal data in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures.

Storage

Your personal data is stored through Shopify’s data storage, databases and the general Shopify application. Shopify stores your personal data on a server located in Canada. Personal data within Shopify is protected under PIPEDA, Canada’s private sector privacy legislation, which is considered adequate under the GDPR pursuant to the European Commission.

We store your personal data for a limited period of time which period differs depending on the type of activity that involves the processing of your personal data. After this limited period, your data will be permanently erased or otherwise rendered anonymous in an irreversible way. Your personal data is stored in compliance with the terms and criteria specified below:

  • Order data. We store your personal data for up to six months after the checkout date of your last purchase with us. The billing data will be kept for ten years from the billing date.
  • Account data. If you have created an account with Jóia da Rocha, we store your personal information as long as you:
    • did not request us to delete your personal data or delete your account; or
    • are active at least once every 24 months.
  • Data related to your requests or questions: We store your personal data, including the contact details you enter in the e-mail, for six months after your request is processed or your questions have been answered, in order to be able to help you easily when you come back to us on the same issue.
  • Data used for commercial communications. We store your personal data for sending commercial communications, until you exercise opposition by unsubscribing from the mailing list, or within two years after your last purchase on our Website. 
  • Browsing data. We store your browsing data combined with other information from cookies for a maximum six months.

Changes to this privacy policy 

We reserve the right to modify this statement. We recommend that you consult this statement on a regular basis, so that you remain informed of any changes.

Your privacy rights 

You have the right to view and change the personal data that we have collected from you. You have the right to object to the processing of your personal data. In certain cases, you can also ask us to limit the processing of your personal data, erase your data, transfer your data to another data controller or have it deleted. If you wish to do any of these, please send a request to: hello@rochajewellery.com and indicate that it concerns a personal data request.

Please enclose a copy of your identity document so that we can be sure that you are the person submitting the request. Make sure that you conceal your passport photograph and citizen service number. This is to protect your privacy. Also provide your private address. You will receive an overview of your data or a response to your request within one month of your request. We store this information until we are sure that you are satisfied with our response.

Right to make a complaint 

You can submit a complaint about the processing of your personal data. If we do not meet your request for access, rectification, objection, restriction, erasure or transfer of your personal data, you can submit a complaint with the Data Protection Authority in your country. In the Netherlands, the relevant authority is the Autoriteit Persoonsgegevens (https://autoriteitpersoonsgegevens.nl/).

If you are not happy with how the complaint is resolved, you can lodge an appeal with the courts.

Contact details

Rocha Jewellery
Gerrit van der Veenstraat 33-h
1077 DN Amsterdam
The Netherlands
E: hello@rochajewellery.com