2. Data we collect
We collect the following personal data:
- Browsing data — IP address, browser type, pages visited, session duration. Collected automatically by the server and, with consent, by Google Analytics.
- Data provided voluntarily — name, email address, message, entered via the site's contact forms.
- Anonymous session data — anonymous session recordings via Microsoft Clarity (only with consent).
3. Purposes and legal basis
- Responding to contact requests — legal basis: performance of pre-contractual measures (Art. 6.1.b GDPR).
- Statistical traffic analysis — legal basis: consent (Art. 6.1.a GDPR). You may withdraw consent at any time.
- Improving site usability — legal basis: consent (Art. 6.1.a GDPR).
- Legal obligations — legal basis: legal obligation (Art. 6.1.c GDPR).
4. Data recipients
Data may be shared with:
- Google LLC — via Google Analytics GA4, for anonymous statistical analysis. Servers in the USA with adequate safeguards (Standard Contractual Clauses). Google Privacy Policy.
- Microsoft Corporation — via Microsoft Clarity, for anonymous session recordings. Microsoft Privacy Policy.
- Hostinger International Ltd — hosting provider, with servers in Europe.
Data is never sold or shared with third parties for commercial purposes.
5. Retention periods
- Contact data — retained for as long as necessary to handle the request and, where a commercial relationship arises, for 10 years for tax purposes.
- Analytics data (GA4) — retained for 14 months, per Google Analytics default settings.
- Session data (Clarity) — retained for 30 days.
- Consent cookie — stored on the user's device for 365 days.
6. Your rights
Under Arts. 15–22 of the GDPR, you have the right to:
- Access — obtain confirmation that your data is being processed and receive a copy.
- Rectification — obtain correction of inaccurate data.
- Erasure — obtain deletion of your data (right to be forgotten).
- Restriction — obtain restriction of processing in certain cases.
- Portability — receive your data in a structured, machine-readable format.
- Objection — object to processing on legitimate grounds.
- Withdrawal of consent — withdraw consent at any time, without affecting the lawfulness of prior processing.
To exercise your rights, write to: Privacy@teoremafinejewellery.com
We will respond within 30 days. You also have the right to lodge a complaint with the Italian Data Protection Authority (garanteprivacy.it) or the supervisory authority of your country of residence.
7. International transfers
Google Analytics and Microsoft Clarity process data in the United States. Transfers take place in compliance with GDPR safeguards via Standard Contractual Clauses adopted by the European Commission.
8. Security
We implement appropriate technical and organisational measures to protect personal data against unauthorised access, loss, destruction or disclosure. The site uses HTTPS encrypted connections.
9. Cookies
For detailed information about the cookies we use, please read our Cookie Policy. You can manage your preferences at any time via the cookie preferences panel available at the bottom of every page.
10. Changes to this policy
We reserve the right to update this policy. Changes will be published on this page with an updated date at the top. We encourage you to review it periodically.
