1. Information We Collect

We collect the following types of information to provide you with our services:

A. Personal Information (Provided by You)

• Full name
• Email address
• Phone number
• Billing and shipping addresses
• Identification documents (only if required for export compliance)
• Payment-related details (processed securely by third-party gateways; we do NOT store card numbers)

B. Order & Transaction Information

• Items purchased and order numbers
• Export documentation details
• Tracking information
• Communication records regarding your order

C. Automatically Collected Information

Through cookies and analytics tools, we may collect:

• IP address
• Browser type and version
• Device information
• Pages visited and time spent on site
• Referral sources

This information helps us improve the website and enhance your customer experience.

2. How We Use Your Information

We use your information only for legitimate business purposes:

3. Legal Basis for Processing (For EU/UK Customers)

Under GDPR (General Data Protection Regulation), we rely on the following legal bases:

• Contract necessity – to fulfill your order and provide services
• Legal obligation – for export and customs compliance requirements
• Legitimate interest – for fraud prevention and site improvement
• Consent – for optional newsletters (you may unsubscribe at any time)

4. Cookies & Tracking

We use essential and analytical cookies to:

• Maintain your shopping cart
• Improve website performance
• Analyze visitor behavior (using Google Analytics or similar tools)

You may disable cookies in your browser settings; however, please note that some features of the website may not function correctly without them.

5. How We Protect Your Data

We implement multiple layers of security to safeguard your personal information:

• SSL encryption for all data transmission
• Secure payment gateways (Stripe, PayPal, etc.)
• Password-protected internal systems
• Limited staff access on a need-to-know basis
• No storage of credit card information on our servers

6. Data Sharing

We share your information only when necessary with the following parties:

A. Couriers (DHL/FedEx)

For shipping labels, customs declarations, and tracking services.

B. NGJA & Sri Lanka Customs

Mandatory for gemstone export verification and regulatory compliance.

C. Payment Processors

To securely process your payments through trusted third-party services.

D. IT Providers & Hosting Services

For secure website operation and data storage.

7. International Data Transfers

Because we operate from Sri Lanka and ship globally, your data may be transferred internationally to fulfill your order.

We ensure protection through:

• GDPR-compliant processors
• Secure encrypted systems
• Standard contractual clauses where applicable

8. Your Rights (For EU/UK & Applicable Regions)

Under data protection laws, you have the right to:

• Access your personal data
• Correct any incorrect information
• Delete your data (if not required for legal compliance)
• Restrict processing of your data
• Request a copy of your data (data portability)
• Withdraw consent at any time

To exercise any of these rights, please contact us at: [email protected]

9. Data Retention

We retain your information for the following periods:

• Order records: 7 years (legal requirement)
• Export documentation: As required by mandatory compliance periods
• Email correspondence: Up to 24 months
• Marketing emails: Until you unsubscribe

10. Minors

We do not knowingly collect information from individuals under 18 years of age.

If you believe data has been collected from a minor unintentionally, please contact us immediately so we can take appropriate action.

11. Updates to This Policy

We may update this Privacy Policy periodically to reflect changes in our practices or legal requirements.

Any changes will be posted on this page with a new “Last updated” date. We encourage you to review this policy regularly.