Privacy Policy

Privacy Policy

Privacy Policy

for the Processing of Personal Data ex art. 13 EU Regulation 2016/679

Who are we and who will process your personal data?

Welcome to our website http://www.ufinejewels.com. This website is managed by Ufine Jewels Snc di Lara May Villa e Christine Joyce Tolentino (C.F./P.Iva 13757050961), with registered office in via dei Benedettini, 14, 20146 – MILAN, Peo contactus@ufinejewels.com, Pec ufinejewels@pec.it, as the Data Controller of the personal data acquired. UFINE JEWELS SNC considers of paramount importance the protection of the personal data of its Users (also called “Data Subjects”) and ensures that the relevant processing will be carried out in full compliance with the European Data Protection Regulation No. 2016/679 (General Data Protection Regulation, hereinafter “GDPR”) and further applicable regulations on the matter, with the adoption of the appropriate and necessary security measures to keep them safe.

What is meant by “personal data”?

The GDPR provides a very broad concept, referring to “any information relating to an identified or identifiable natural person; an identifiable person is any natural person who can be identified, directly or indirectly, with particular reference to an identifier such as a name, an identification number, data relating to location, an online identifier, or to one or more characteristic features of his or her physical, physiological, genetic, mental, economic, cultural or social identity” (hereinafter “Personal Data”).

What is meant by “processing of personal data”?

Again, the GDPR refers to a very broad concept covering “any operation or set of operations, performed with or without the help of automated processes and applied to personal data or sets of data personal data, such as collection, recording, organization, structuring storage, adaptation or modification, extraction, consultation, use, communication by transmission, dissemination or any other form of making available, comparison or interconnection, restriction, erasure or destruction” (hereinafter the “Processing”).

GDPR obligations

The GDPR requires us, as well as all Data Controllers, to provide Data Subjects Users of the site (which includes You) with a number of important pieces of information, including why your Personal Data are being processed, how they will be used, to whom they may be used and how long they will be kept, as well as the rights you can exercise. For this reason, this privacy policy (“Policy”) is intended to provide, in a simple and transparent manner, all the useful and necessary information so that the interested User can give his or her Personal Data in an informed manner, requesting and obtaining, at any time, clarifications and/or rectifications of the Processing. This Policy is, therefore, related exclusively to the processing of data processed as a result of browsing the website www.ufinejewels.com, or communicated by the User through e-mail or telephone calls or otherwise obtained as a result of using the services offered, but not also for other websites that may be consulted through links. Some services may be subject to different legal terms, in which case we will be sure to give you all the relevant information from time to time. Regarding the use of cookies, we encourage you to read the Cookie Policy, which contains detailed information regarding the use of cookies in conditions of our services and while using the site.

What personal data are processed?

Ufine Jewels, as the Data Controller, collects, therefore, the Personal Data provided by the Users of the site:
  • We collect the personal information you provide when you request to register on our website ufinejewels.com (e-mail and password); once registered, you can, optionally, enrich your profile by storing the data necessary for purchases and create your own special Wishlist of favorite products;
  • We collect the personal information you provide when you subscribe to our newsletter service (e-mail);
  • We collect the necessary data in the case of online purchase, related to the type of user (individual or company), name/company name, country/region, street and number, ZIP code, city, province, and telephone, as well as any saved payment methods (card number, expiration date, and security code);
  • We collect the data provided in the event of a request for information, through e-mails and/or when calls are made to the Holder’s contacts;
  • We collect information that is eventually and voluntarily made known or posted on our social pages (Facebook, Instagram, Youtube, Tik Tok);
  • Finally, we collect navigation data: the computer systems and software procedures used to operate the Site acquire, during their normal operation, some data whose transmission is implicit in the use of Internet communication protocols. This data is used for the sole purpose of obtaining information for the proper functioning of the Site: this is information that is not collected to be associated with identified interested parties, but which by its very nature could, through processing and association with data held by third parties, allow Users to be identified (e.g. IP addresses, domain names of computers used by Users who connect to the Site, browser used and its version, time of the request, size of information flows, etc.). This data is used for the sole purpose of obtaining anonymous statistical information on the use of the Site, to check its correct functioning, to ensure that it is updated and secure, to provide Users with a user-friendly browsing experience and, in any case, to identify anomalies and/or abuses.
The above data are processed only to the extent that they are necessary to achieve the purposes described in the next paragraph of this Notice. In relation to data collected through cookies, including those related to plugins and/or buttons linking to the Owner’s social network pages, see the Cookies Policy.

What is the purpose and legal basis for processing personal data?

The Controller will process Users’ Personal Data for:
  1. Pre-contractual / contractual purposes: respond to requests submitted, allow registration to the site, use the services made available by the Owner including online purchasing, as well as allow browsing the Site itself – Legal basis: Art. 6, co. 1, lett. b) GDPR.It should be noted that the subjects appointed by the Data Controller to carry out the maintenance of the Site may accidentally have access to personal data present on the data processing systems of the Data Controller: these are entirely occasional and unforeseeable events, in any case devoid of any purpose of identification of the User and of a duration limited to the execution of the maintenance intervention – Legal basis: Art. 6, co. 1(f) GDPR.
  2. Purposes of establishment, exercise and/or defense of rights: the personal data we acquire through this Site may be necessary to assert and protect the rights of defense of the Owner in any competent forum – Legal basis: Art. 6, co. 1, lett. f) GDPR.
  3. Legal purposes: personal data acquired through this Site may be used in order to comply with legal obligations including tax (in the case of online purchases) and regulatory obligations, as well as to give effect to legitimate requests (e.g., requests for access) or transmission of information by Authorities and persons authorized to do so – Legal basis: Art. 6, co. 1, lett. c) GDPR.
  4. Marketing: only with free consent, the sending of commercial, promotional and advertising communications by the Data Controller, through electronic means, relating to the services and activities carried out by the same – Legal basis: Art. 6 co. 1 lett. a) GDPR and art. 130 “Privacy Code” (Legislative Decree 196/2003).
  5. Newsletter: only with free consent, the periodic sending of informative communications about the activities we carry out and the products we offer, via electronic means – Legal basis: Art. 6 co. 1 lett. a) GDPR.
  6. Soft spam: the User’s email address that you have provided to us in connection with a purchase, may be used by us, as the Data Controller in order to send communications regarding products similar to those already purchased – Legal basis: Art. 6, co. 1, lett. f GDPR and art. 130 co. 4 “Privacy Code” (Legislative Decree 196/2003).

To whom may your personal data be disclosed and processed?

Users’ Personal Data may be disclosed by us, in order to properly perform all Processing activities necessary to pursue the purposes set forth in this Notice, to:
  • Our employees and/or collaborators, expressly authorized;
  • consultants and service providers of a professional and technical nature, who may also carry out Processing activities on our behalf (by way of example and not limited to: consultants and professionals, IT service providers, management service providers, newsletters, third parties who collaborate with the Controller for direct marketing activities, service providers for Site maintenance, Banks/intermediaries/payment platforms in case of online purchases);
  • where required by law or by the Authorities, the data may be communicated to public subjects and entities or to the Judicial Authority.
Personal Data is not otherwise disclosed to other third parties, except as required by law, in connection with legal action or proceedings, or when otherwise necessary to protect the rights or interests of the Data Controller. Personal Data will not be subject to dissemination. In addition, unless expressly consented, they will not be subject to profiling.

How long will personal data be processed?

We will process Users’ Personal Data for the period necessary to fulfill the Purposes – listed above – for which it was collected, as stated in this Policy. Specifically:
  • For the “pre-contractual / contractual purposes” mentioned in point a), with specific reference to potential customers (mere request for information or unfinished purchase and failure to complete the registration to the site), data will be kept for the time strictly necessary to provide the requested information, unless further retention is necessary to fulfill contractual or legal obligations in the specific case of any subsequent online purchase; with reference to browsing data will be deleted when the browsing session ceases, unless they are necessary for the exercise or defense of rights. In the case of online purchases, the data will be kept for 10 years from the conclusion of the purchase, for reasons of our fiscal and legal protection, while for the hypothesis of site registration, the data entered in the profile, including the Wishlist, will be kept until your request to cancel the registration;
  • For the “purposes of ascertaining, exercising and/or defending rights” referred to in (b) above, in the event of any litigation, the data will be retained for 10 years from the end of the judicial/court dispute, without prejudice to further retention in the event of the interruption of the statute of limitations, as per law.
  • For the “legal purposes” mentioned in (c), data will be kept for as long as necessary on the basis of the legal obligation in question, including tax regulations.
  • For “marketing” in (d), data are retained until the User expressly withdraws consent.
  • For “newsletters” referred to in (e), the data are retained until the User expressly withdraws consent.
  • For “soft spam” referred to in (f), the data are retained until expressly refused by the User.
Following the expiration of the terms of retention of Personal Data, according to the criteria indicated above, Ufine Jewels Snc, as the Data Controller, will take measures prearranged for the deletion or anonymization of data that should not be retained for further and specific legal obligations.

Is it possible to revoke the consent given?

The User, in accordance with Art. 7 co. 3 GDPR, has the right to revoke, at any time, any consent provided for one or more specific purposes, without affecting the lawfulness of the processing based on the consent given prior to revocation. The ways to revoke consent are very simple: simply contact us using the contact channels provided within this Notice (e.g., . by writing to the email contactus@ufinejewels.com or, where provided, by selecting the option to “unsubscribe” from services based on consent in the emails received by the User.

What are the user’s rights?

You have the right to ask the Data Controller, in accordance with Articles 15-22 GDPR, for access to your personal data (you may contact us to find out whether your personal data is being processed and the legal information about the processing), rectification (correction of inaccurate data or supplementation of incomplete data), deletion – oblivion – of the same (obtain the cancellation of personal data, in cases of law), the limitation of processing (obtaining the submission of data to storage only, with the exclusion of other activities in cases of law), to object to their processing (to stop further processing of your personal data for reasons related to your particular situation, subject to the prevalence of compelling legitimate reasons, in cases of law), as well as portability (where applicable in this case, obtaining the data in a structured, commonly used, machine-readable format and also obtaining direct transmission of the data to another Data Controller, in the cases provided by law). The relevant claims may be sent to the contacts of the Controller, indicated above, enclosing Your identity document, for the purpose of correct identification by us. For more information, you can visit the Guarantor’s Site. Without prejudice to the right of recourse in any other administrative or jurisdictional forum, You have the right to lodge a complaint with the Garante, the Data Protection Supervisory Authority, in the known location(see here), if You believe that the Processing of Your Personal Data conducted by the Data Controller has taken place in violation of the GDPR and/or applicable legislation. The contact details of the Data Controller for the exercise of the aforementioned rights are: Ufine Jewels Snc di Lara May Villa e Christine Joyce Tolentino (C.F./P.Iva 13757050961), with registered office in via dei Benedettini, 14 20146 – MILAN, Peo contactus@ufinejewels.com – Pec ufinejewels@pec.it.

Where and how are your personal data processed?

The Personal Data will be processed by the Data Controller within the territory of the EU; should it become necessary, for technical and/or operational issues, or for the pursuit of legitimate interests, to make use of entities located outside the EU, because perhaps some of the entities listed in the paragraph “To Whom May Your Personal Data Be Disclosed and Who May Process Your Personal Data?” are located outside the European Union, you are hereby informed that the transfer of Personal Data to such entities will be limited to the performance of specific activities. Any transfer to non-EU countries, in addition to cases where this is guaranteed by adequacy decisions of the European Commission, will be carried out in such a way as to provide appropriate and adequate safeguards in accordance with Articles 45, 46, 47, 49 GDPR. Personal Data will not be subject to dissemination or fully automated decision-making. Your Personal Data will be processed by automated and non-automated means, with logic strictly related to the purposes themselves and, however, in such a way as to ensure the security and confidentiality of the data. In order to ensure the security of your Personal Data, in fact, we will take adequate and appropriate technical and organizational measures, in accordance with the provisions of Art. 32 GDPR.

Does the user have an obligation to provide personal data?

The User must provide the Personal Data for the “Pre-contractual / Contractual Purposes” referred to in the paragraph on the Purposes of processing, letter a), as well as for the consequent and related purposes (letter b, c), as they are necessary to receive the requested information and to be able to obtain the requested service (purchase or registration). In the event that the User does not want personal data to be processed for these purposes, he/she will not be able to benefit from the requested services and/or information. Instead, the provision of Personal Data for the Purposes referred to in letter (d) and e), is always optional: any failure to provide and/or consent, will only result in the inability of the Owner to carry out the marketing activity and the sending of the newsletter.

Minors

Without the consent of a parent or guardian, we will not, to the best of our knowledge, collect personal data from children under the age of 14. You must, in fact, be at least 14 years of age to provide us with personal information and 18 years of age to perform any transactions on the Site, unless expressly authorized by Your parents. If we become aware and/or learn that you are under the age of 14 and have provided us with Your Personal Data through our contact channels, we will delete it immediately.

Changes and updates

Please note that this Policy may be subject to change due to the introduction of new data protection regulations and, consequently, Users are encouraged to check this page periodically.

Take advantage of our Christmas offer!

🎁 Free delivery if you order by 12/23 to receive your items in time for Christmas.

🎁 Plus, an additional 5% discount automatically applied in the cart for a limited time

Don’t miss this opportunity to make your Christmas gifts stress-free!

BLACK FRIDAY 30% OFF

ON EARRINGS CIRCLE, OVAL, HEXAGON
AND ON ALL müds.

*OFFER VALID FROM NOV. 28-29 UNTIL 11:59 P.M.

Sign up for our Newsletter

Get the latest news and lots of discount codes!