1. Data Controller
Who is responsible for your data
The data controller for all personal information processed through this website is Synarava Jewelry(hereafter “Synarava”, “we”, “us”).
Contact address: studio@synarava.com
We are committed to protecting your privacy and handling your data in full compliance with the General Data Protection Regulation (GDPR) and applicable national data protection laws.
2. Data We Collect
What information we process
We collect only the information necessary to provide our services:
Account data
Name, email address, hashed password — provided when you register.
Order data
Shipping address, phone number, order contents, payment status — collected at checkout.
Payment data
We do not store card details. Payments are processed by Stripe, Inc., who acts as an independent data controller under their own privacy policy.
Usage data
Anonymous analytics (page visits, device type, browser) collected only with your cookie consent.
Communication data
Content of messages you send us directly via email.
3. Legal Basis
Why we are allowed to process your data
We process your data on the following legal bases under Article 6 GDPR:
- Contractual necessity — to fulfil your order and provide customer support.
- Legitimate interests — to improve the website, prevent fraud, and ensure security.
- Consent — for optional analytics cookies and marketing communications, which you may withdraw at any time.
- Legal obligation — to comply with applicable tax, accounting, and consumer-protection laws.
4. How We Use Your Data
Purposes of processing
Your information is used solely for the following purposes:
- Processing and fulfilling your orders
- Managing your account and authentication
- Sending order confirmations and shipping notifications
- Responding to your enquiries and support requests
- Preventing fraudulent transactions and maintaining site security
- Complying with legal and regulatory obligations
- Sending marketing emails only if you have explicitly opted in
We do not sell, rent, or trade your personal data to third parties for their own marketing purposes.
6. Retention
How long we keep your data
We retain personal data only as long as necessary for the purposes it was collected for, or as required by law:
- Account data — retained for the lifetime of your account, plus 30 days after deletion.
- Order data — 7 years, as required for accounting and tax compliance.
- Analytics data — aggregated and anonymised after 14 months.
- Support communications — 2 years from last contact.
7. Your Rights
Rights under GDPR
Under the GDPR you have the following rights, which you may exercise free of charge:
Access
Request a copy of the personal data we hold about you.
Rectification
Ask us to correct inaccurate or incomplete data.
Erasure
Request deletion of your data where there is no lawful reason to retain it.
Restriction
Ask us to limit processing of your data in certain circumstances.
Portability
Receive your data in a structured, machine-readable format.
Objection
Object to processing based on legitimate interests or for direct marketing.
To exercise any right, contact us at studio@synarava.com. We will respond within 30 days. You also have the right to lodge a complaint with your national supervisory authority.
9. Security
How we protect your data
We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, accidental loss, destruction, or damage. These include:
- Encrypted data transmission via HTTPS (TLS 1.2+)
- Bcrypt password hashing — we never store plain-text passwords
- Payment card data never touches our servers (handled by Stripe)
- Database access restricted to application layer only
- Regular security reviews and dependency updates
10. Contact
Get in touch
For any questions about this Privacy Policy or your personal data, please contact us:
Synarava Jewelry
Email: studio@synarava.com
We reserve the right to update this Privacy Policy. Material changes will be communicated via email to registered users. Continued use of our services after any changes constitutes acceptance of the updated policy.