Privacy policy

Updated as of January 2025

PRIVACY POLICY

1. Introduction

LUXOIA Webshop Ltd (“Company,” or “we,” “us” and “our”) values your privacy and is committed to maintaining your trust. We provide this Privacy Policy to inform website visitors, customers, suppliers, and other interested parties (hereinafter “you”) with whom we have business contact of our policies and procedures regarding the collection, use, and disclosure of personally identifiable information received from visitors to and/or users of the Company’s website located at https://helen-kirchhofer.com/ (the "Website") and provision of services online. Specifically, the Company provides high-quality watches, jewelry, and accessories through its Website (collectively, the "Services").

II. Use, Processing, and Sharing of Personal Information

 

The following information applies to anyone who shares with us his, her, or a third-party’s ^[1] Personal Information ^[2]. We may use, process, ^[3] and/or share your Personal Information:

• To respond to your inquiries and your requests regarding our Website or Services.
• To send you information regarding our Services and changes to our terms, conditions, and policies.
• To complete your account registration, process your payments, and communicate with you regarding your purchase of our Services.
• To send you marketing communication and newsletters about our Services.
• To personalize your experience on our Website.
• To inform you and allow you to participate in our Company’s promotions.
• To facilitate social sharing functionality.
• To collaborate with business affiliates, partners, vendors, or service providers to provide you with our Services.
• In connection with our business purposes, including but not limited to data analysis, audits, fraud monitoring and prevention, developing or enhancing new and existing products and/or services, expanding our business activities, etc.

We will not use and/or share your Personal Information:

• With anyone except for our Group Companies, Company’s authorized service providers,[4] business affiliates,[5] and business partners,[6] including YouTube, Vimeo, Google, Criteo, Meta, Microsoft, Nosto, Bunny Net, DataDog, and Zendesk, domestic and foreign authorities, official bodies and courts, other parties in the context of administrative and court proceedings, and strictly for business purposes; or unless we specifically inform you and give you an opportunity to opt out of sharing your Personal Information. You herein agree that you have visited the websites of the aforementioned entities and agreed to their Privacy Policies and Terms of Service.
• To run interest-based advertising campaigns that collect Personal Information such as email addresses, telephone numbers, and credit card numbers.
• To use or associate Personal Information with remarketing lists, cookies, data feeds, or other anonymous identifiers.
• To use or associate targeting information, such as demographics or location, with any Personal Information collected from the ad or its landing page.
• To share any Personal Information with Google or third-party companies through our remarketing tag or any product data feeds which might be associated with our ads.
• To send Google or third-party companies precise location information without obtaining your consent.

We obtain your explicit consent before collecting, using, or disclosing your personal information, except where permitted by applicable law. You can withdraw your consent at any time, subject to legal or contractual restrictions. However, we reserve the right to disclose Personal Information that we believe, in our sole discretion, to be necessary or appropriate in the following circumstances:

• As required by law, such as to comply with a subpoena or similar legal process.
• When we believe in good faith that disclosure is necessary to protect our rights, protect your safety or the safety of others, facilitate investigative efforts by law enforcement, or respond to a government request.

We process and store personal information in Switzerland and the European Economic Area (EEA). In certain cases, however, we may also disclose personal information to service providers and recipients located outside this area or process personal data outside this area, in principle in any country in the world. You must expect personal information to be disclosed to all countries in which we offer our products and services and in which the service providers we use and their subcontractors are located (in particular the USA and Canada). By taking appropriate measures, we ensure compliance with the legal requirements. Specifically, there is an adequacy decision by the competent authority. In the absence of such a decision, the transfer of personal data takes place on the basis of suitable guarantees (in particular standard contractual clauses) or there are exceptions for certain situations (contract processing, law enforcement abroad, etc.) or we obtain your express consent.

III. Collection of Other Information

Personally Non-Identifiable Information:

We may collect personally non-identifiable information, including but not limited to demographic data, age, education level, profession, geographic location, or gender, from you at the time of registration on our Website or app, or when you choose to use our Services. This information is not, by itself, sufficient to identify or contact you. The Company may store such information, or it may be included in databases owned and maintained by partners, affiliates, agents, or service providers of the Company. The Company may use such information and pool it with other information to track data related to growing the business, such as the total number of visitors to our Website and the domain names of our visitors' Internet service providers.

Location-Based Information.

Our Service may use location-based services in order to locate you so we may verify your location, deliver you relevant content based on your location, as well as to share your location with our vendors as part of the location-based services we offer. We may, from time to time, provide settings in the Services that permit you to disable location-based services. Changing setting options may not result in immediate changes to the settings, which are subject to our operations and maintenance schedules. Users should carefully consider the use of such settings to improve information display options and to ensure the settings are properly set and functioning in the manner desired. Notwithstanding the availability of privacy preference settings, you should be aware that these settings are for convenience only, do not employ complex data security protection, and may not be error free. However, please note that we will only directly provide third parties we work with access to your exact location information if you first give us permission to do so. You should consider the risks involved in disclosing your location information to other people.

Passively Collected Information:

Your visit to our Website may allow us to obtain certain additional, personally non-identifiable information that is collected passively using various technologies. This information includes but is not limited to, for example, IP addresses, browser types, date and time of page views, location information associated with your IP address, domain names, your interactions with an ad delivered by us or our ad technology partners, and other anonymous statistical data involving your use of the Website and/or our services. This information cannot presently be used to specifically identify you.

Aggregated Personal Data:

If required to provide Services, the Company may analyze your Personal Information provided through the Website or in connection with rendering the Services, in aggregate form. This aggregate information does not identify you personally. We may share this aggregate data with our partners, affiliates, agents, or service providers for business purposes. We may also disclose aggregated statistics to explain our Services to current and prospective business partners, and to other third parties for other lawful, business-related purposes.

Customer Credit Card Information.

The Company uses a Third-Party Payment Processor, as that term is defined in the Privacy Policy which is incorporated by reference herein, to keep a protected copy of your credit card number. The Third-Party Payment Processor is Shopify Inc. This billing data belongs to you, and by utilizing the Service, you grant the Company a license to use this data to bill you for services rendered. By purchasing the Services of the Company, you herein agree to the Terms of Service and Privacy Policy of Shopify Inc., located at https://www.shopify.com/legal/terms and https://www.shopify.com/legal/privacy.

Additionally, the Company uses PayPal Holdings, Inc. as another Third-Party Payment Processor. This billing data belongs to you, and by utilizing the Service, you grant the Company a license to use this data to bill you for services rendered. By purchasing the Services of the Company, you herein agree to the Terms of Service and Privacy Policy of PayPal Holdings, Inc., located at https://www.paypal.com/us/legalhub/pocpsa-full?locale.x=en_US and https://www.paypal.com/us/legalhub/privacy-full.

IV. Website Tracking

We may, either directly or through third-party companies and individuals we engage to provide services to us, also:

• Track your use of the Website and the Services to enable you to use and access the Services and pay for your activities on the Website and through the Services.
• Track your behavior on our own Website and use of the Services to market and advertise our services to you on our Website platform and third-party websites. You may opt out of receiving advertisements by visiting the Network Advertising Initiative (http://www.networkadvertising.org/choices/) and/or the Digital Advertising Alliance (http://www.aboutads.info/choices/). Please note that even if you choose to opt out of receiving targeted advertising, you may still receive advertising on the Services generally. The advertising will simply not be targeted or specific to your interests.

V. Tracking Technologies on our Website

The Company may use the foregoing technologies to track your activity on our Website:

Cookies.

When you visit our Website or otherwise interact with the Service, we may send one or more “cookies” to your computer or other devices. Cookies are alphanumeric identifiers stored on your computer through your web browser and are used by most websites to help personalize your web experience. Some cookies may facilitate additional site features for enhanced performance and functionality such as remembering preferences, allowing social interactions, analyzing usage for site optimization, providing custom content, allowing third parties to provide social sharing tools, and serving images or videos from third-party websites. Some features on this site will not function if you do not allow cookies. We may link the information we store in cookies to any Personal Information that you submit while visiting our Website.

We may use both session ID cookies and persistent cookies. A session ID cookie expires when you close your browser. A persistent cookie remains on your hard drive for an extended period of time. Persistent cookies enable us to track and target the interests of our users to enhance the experience on our site.

Functional cookies, persistent and session type, store information to enable core site functionality, such as Live Chat and Client ID remembrance.

Analytics cookies allow us to count page visits and traffic sources so we can measure and improve the performance of our site and our marketing campaigns.

Advertising cookies may be set through our Website by our advertising partners. Data may be collected by these companies that enable the companies to serve up advertisements on other sites that are relevant to your interests.

If you do not want information collected through the use of cookies, there is a simple procedure in most browsers that allows you to automatically decline cookies, or be given the choice of declining or accepting the transfer to your computer of a particular cookie (or cookies) from a particular site. You may also wish to refer to http://www.allaboutcookies.org/manage-cookies/index.html.

If you reject cookies, you may still use our site, but some features on the site will not function properly. By continuing to use our Website after being notified about our use of cookies, you consent to our cookie practices as described in this Privacy Policy. You can manage your cookie preferences at any time through your browser settings.

Web Beacons.

Log Files.

A Log File is a file that records either events that occur in an operating system or other software runs, or messages between different users of a communication software. Log file information is automatically reported by your browser or mobile application each time you access the Website or our Services. Along with cookies and web beacons, log files help provide additional functionality to the Website and Services and help us analyze Website and Services usage more accurately. We and our third-party tracking-utility partners may use log files on our Service to automatically gather and store information including, but not limited to, internet protocol (“IP”) addresses, browser type, internet service provider (ISP), referring/exit pages, operating system, date/time stamp, and clickstream data, for business purposes. We may use Google Analytics, which uses cookies and other similar technologies to collect and analyze information about the use of the Service and report on activities and trends. This service may also collect information regarding the use of other websites, apps, and online resources. You can learn about Google’s practices by going to www.google.com/policies/privacy/partners/, and opt out of them by downloading the Google Analytics opt-out browser add-on, available at https://tools.google.com/dlpage/gaoptout.

Embedded Scripts.

An embedded script is programming code that is designed to collect information about your interactions with the Service, such as the links you click on. The code is temporarily downloaded onto your Device from our web server or a third-party service provider, is active only while you are connected to the Service, and is deactivated or deleted thereafter.

Browser Fingerprinting.

Collection and analysis of information from your Device, such as, without limitation, your operating system, plugins, system fonts, and other data, for purposes of identification.

ETag, or entity tag.

A feature of the cache in browsers. It is an opaque identifier assigned by a web server to a specific version of a resource found at a URL. If the resource content at that URL ever changes, a new and different ETag is assigned. Used in this manner, ETags are a form of Device Identifier. ETag tracking may generate unique tracking values even where the consumer blocks HTTP, Flash, and/or HTML5 cookies.

VI. Children

The Children’s Online Privacy Protection Act of 1998 (COPPA) and its accompanying FTC regulation protect the privacy of American children aged 13 and under, who are using the Internet.

The Website and our related Services are not intended for anyone under 16 or the applicable age of majority based on your province of residence, and we do not knowingly collect information from anyone under the age of 16. Anyone aged 16 or under should not submit any Personal Information without the permission of their parents or guardians, and you represent that you have the consent of a parent or legal guardian (if applicable) to use our Services and to provide any personal information. Parents or guardians may, on behalf of their children, submit their children’s Personal Information. By using the Website and our related Services, you are representing that you are at least 16 years old and that you have the relevant legal authority to submit your Personal Information or that of a third-party minor to the Company or on the Company’s Website.

VII. Links to Other Websites

This Privacy Policy does not address, and we are not responsible for, the privacy, information, or other practices of any third parties. This Privacy Policy applies only to this Website and the Company’s Services. It does not apply to any third-party sites, and the inclusion of a link does not imply endorsement of the linked site or service by us or by our affiliates.

We are not responsible for the collection, usage, and disclosure policies and practices (including the data security practices) of other organizations, such as ram.watch, LinkedIn, Meta/Facebook, Google, Microsoft, Pinterest, Instagram, TikTok, YouTube, Vimeo, or any other app developers, app providers, social media platform providers, operating system providers, wireless service providers, or device manufacturers, including any Personal Information you disclose to other organizations through or in connection with the Website or Services.

VIII. Security

We maintain reasonable and appropriate, although not infallible, security precautions to protect your personal information against unauthorized access, disclosure, alteration, or destruction. However, we cannot guarantee that hackers or unauthorized personnel will not gain access to your Personal Information, despite our reasonable efforts. You should note that in using the Website, app, and/or our related Services, your information will travel through third-party infrastructures which are not under our control. Please feel free to raise any questions, concerns, or specific directions you may have regarding the privacy and security of your information to dataprotection@luxoia.com.

IX. Data Retention

We will retain your Personal Information for only as long as needed to provide the applicable Services or as required by law (up to 10 years). Our data retention period may change in the future if a longer retention period is required or permitted by law.

X. Do Not Track

Your browser setting may allow you to automatically transmit a "Do Not Track" signal to websites you visit. The Company’s Website does not respond to "Do Not Track" signals or other mechanisms from a visitor's browser. If, in the future, we create a program or protocol to respond to such web browser "Do Not Track" signals, we will inform you of the details of that protocol in this Privacy Policy. To find out more about "Do Not Track," please visit https://www.allaboutdnt.com.

XI. Third Party Advertising and Analytics Services

Our advertising and analytics partners, such as Google Ads, Google Analytics, and Facebook Analytics, help us develop targeted advertisements, assist with our online services, assist us with analyzing website traffic, and improve the performance of our Website and Services (“Providers”). These Providers may use technologies such as cookies, web beacons, and log files to help us analyze how you use our online services. We may disclose site-use information (including IP address, browser type, ISP, referring/exit pages, operating system, date/time stamp, and clickstream data) to these Providers to help us determine how you and others use our online services. You herein agree to the following Providers' Privacy Policy and Terms of Use, all of which are incorporated herein by reference:

• Google Ads. To learn how Google uses your data for Google Advertising and the applicable data protection provisions, please visit https://www.google.com/intl/en/policies/privacy/.
• Google Analytics. For more information on Google Analytics and the applicable data protection provisions of Google, please visit https://www.google.com/intl/en/policies/privacy/ and http://www.google.com/analytics/terms/us.html. Google Analytics is further explained under the following link: https://www.google.com/analytics/. To opt out, please visit https://support.google.com/analytics/answer/181881?hl=e.
• Google Tag Manager. For more information on Google Tag Manager and the applicable data protection provisions, please visit https://marketingplatform.google.com/about/analytics/tag-manager/use-policy/ and https://www.google.com/intl/en/policies/privacy/.
• Facebook Analytics, Instagram Analytics, and Meta Business Tools (Meta Ads Manager, Meta Pixel, Meta Attribution, Meta SDK, and Meta Conversions API). For more information on how Meta uses your data, please visit https://www.facebook.com/privacy/policy/. To understand more about Facebook advertising, please see here: https://www.facebook.com/about/ads. To learn more about the Meta Business Tools, please visit https://www.facebook.com/help/331509497253087.
• Microsoft Ads. For information on how Microsoft uses your data, please visit https://www.microsoft.com/en-us/privacy/privacystatement.
• Criteo. For information on how Criteo uses your data, please visit https://www.criteo.com/de/privacy/.
• Nosto. For information on how Nosto uses your data, please visit https://help.nosto.com/manuals/legal-documentation.

XII. Disclosures Regarding U.S. State Data Privacy and Protection Acts

Several United States jurisdictions, including California and others, provide users with certain rights regarding their personal information, including the right to access, delete, correct, and/or opt out of the “sale” or "sharing" of their personal information (“State Laws”).

Based on the size of the Company and/or our activities, we are not currently subject to these State Laws but may become subject to them in the future. Nonetheless, the different State Laws, if applicable, would provide certain rights to residents of those states. While not subject to those laws, we are committed to transparency with respect to the collection and use of your personal data, so we provide the information below so that residents of those states, and all of our Users, understand how we interact with their personal information in the context of what would be required under those laws.

California “Shine the Light” Law

Under California Civil Code Section 1798.83, California customers are entitled to request information relating to whether a business has disclosed Personal Information to any third parties for the third parties’ direct marketing purposes. This code section applies to businesses with 20 or more full or part-time employees. At this time, the Company does not need to comply with this law, but does so voluntarily in an effort to assure you that we value your privacy.

You may request and obtain from us once a year, free of charge, certain information about the Personal Information (if any) we disclosed to third parties for direct marketing purposes in the preceding calendar year. If applicable, this information would include a list of the categories of Personal Information that was shared and the names and addresses of all third parties with which we shared information in the immediately preceding calendar year. If you are a California resident and would like to make such a request, please submit your request in writing to dataprotection@luxoia.com.

California Consumer Privacy Act

Organizations who are subject to the California Consumer Privacy Act (CCPA) must provide a clear and conspicuous link titled “Do Not Sell My Personal Information” on their homepage and in their privacy policy in order to meet the requirements of the new CA privacy law effective as of January 1, 2020. The law applies to businesses with over $25 million in revenue, those handling information from 100,000 consumers, or deriving 50%+ annual revenue from selling consumer personal information. At this time, the Company does not need to comply with this law, but does so voluntarily in an effort to assure you that we value your privacy.

You may opt out of the Company’s sale of your personal information at any time by emailing us at dataprotection@luxoia.com. Under the CCPA, “personal information” is defined to include information that identifies or relates to a particular consumer or household including, but not limited to, name, postal address, email address, IP address, social security number, personal property records, purchasing histories, biometric information, internet activity such as browsing or search history, geolocation data, employment information, education information, and inferences drawn from this information, in so far as it is not publicly available information. The Company’s “sale” of personal information is broadly defined by the law to include selling, renting, releasing, disclosing, disseminating, making available, transferring, or otherwise communicating orally, in writing, or by electronic or other means, a consumer’s personal information by the business to another business or a third party for monetary or other valuable consideration. In other words, most business-to-business transfers of personal information will fall within the definition of a sale.

The Company has provided visitors to our Website with a link to an Internet Web page on our Website enabling visitors to opt out of the “sale” of their “personal information.” Our Website also contains a recognizable and uniform opt-out logo or button to promote consumer awareness of the option to opt out. Please feel free to access both for more information and to effectively opt out.

Additionally, if you are a California resident age 16 or older, as of January 1, 2020, the CCPA gives you certain rights with respect to the processing of your personal information.

(1) RIGHT TO KNOW REQUEST – Under the CCPA, you may have a right to request information about our collection, use, and disclosure of your personal information over the prior 12 months, and ask that we provide you with the following information:

• Categories of and specific pieces of personal information we have collected about you.
• Categories of sources from which we collect personal information.
• Purposes for collecting, using, or selling personal information.
• Categories of third parties with which we share personal information.
• Categories of personal information disclosed about you for a business purpose.
• If applicable, categories of personal information sold about you and the categories of third parties to which the personal information was sold, by category or categories of personal information for each third party to which the personal information was sold.

(2) RIGHT TO DELETE REQUEST – You may also have a right to request that we delete personal information, subject to certain exceptions. They can be invoked if it is necessary for the Company to maintain the personal information pursuant to the exception.

• Transactional: Complete the transaction for which the personal information was collected, provide a good or service requested by the consumer, or reasonably anticipated within the context of a business’s ongoing business relationship with the consumer, or otherwise perform a contract between the business and the consumer.
• Security: Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity; or prosecute those responsible for that activity.
• Errors: Debug to identify and repair errors that impair existing intended functionality.
• Free Speech: Exercise free speech, ensure the right of another consumer to exercise his or her right of free speech, or exercise another right provided for by law.
• CalECPA Compliance: Comply with the California Electronic Communications Privacy Act.
• Research in the Public Interest: Engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when the business’s deletion of the information is likely to render impossible or seriously impair the achievement of such research, if the consumer has provided informed consent.
• Expected Internal Uses: To enable solely internal uses that are reasonably aligned with the expectations of the consumer based on the consumer’s relationship with the business.
• Legal Compliance: Comply with a legal obligation.
• Other Internal Uses: Otherwise use the consumer’s personal information, internally, in a lawful manner that is compatible with the context in which the consumer provided the information.

Absent an exception, under the CCPA, we have 45 days to comply with your request.

(3) DISCLOSURES OF PERSONAL INFORMATION FOR BUSINESS PURPOSE – We may have disclosed certain personal information to the categories of recipients listed in Section III of this Privacy Policy for one or more business purposes. If you are a California resident 16 years of age or older and would like to make a verifiable request for information about the personal information we have collected about you or a request for deletion of such personal information, please submit your request in writing to dataprotection@luxoia.com.

XIII. Changes

This Privacy Policy may be updated from time to time for any reason, at our sole discretion. We will notify you of any material changes to our Privacy Policy by posting the new Privacy Policy on our Website, and emailing you a copy of the revised Privacy Policy or a link to it. You are advised to consult our Website regularly for any changes.

XIV. Incorporation into Terms of Service

By using or accessing the Website or the Services, you are accepting the practices described in this Privacy Policy, and you are consenting to our processing of your information as set forth in this Privacy Policy and as amended by us. This Privacy Policy is incorporated into, and considered a part of, the Company’s Terms of Service.

XV. Opt-Out Policy

If, at any time after registering, you change your mind about receiving information from us or about the use of information volunteered by you, or if you prefer that we do not share your Personal Information with third parties for marketing purposes, please contact us at dataprotection@luxoia.com.

XVI. Contact Us

If you have any questions or concerns relating to our use of your Personal Information, please email dataprotection@luxoia.com. Additionally, you may reach us by postal mail at:

LUXOIA Webshop Ltd
Seestrasse 108
CH-9326 Horn
Switzerland

---

^[1] Third Party Personal Information. We may obtain your Personal Information from third parties, such as third parties with whom we affiliate in providing the Company’s services. If you provide the Company with Personal Information about third parties, you warrant to the Company that any Personal Information that you provide to the Company about any third party individuals was obtained by you with full consent, that you have the legal authority to provide us with such information, and that the individual has not communicated to you that they wish to opt out of receiving communications from the Company or having the Company collect information about him or her.

^[2] Personal Information. “Personal Information” may include, but is not limited to, information that identifies you as an individual or relates to an identifiable person, such as name, postal address, telephone number, email address, etc. The Company does not collect any Personal Information from visitors to its website that is not voluntarily provided. The Company only collects your Personal Information if you register for an account with the Company’s Website, when you use the Company’s Services, and when you send the Company communications in connection with your use of the Services. We collect only the personal information necessary for the identified purposes herein. We retain personal information only as long as necessary to fulfill these purposes or as required by law.

^[3] Process. “Processing” covers a wide range of operations performed on personal data, including by manual or automated means. It includes the collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction of personal data.

^[4] Authorized service providers are companies that perform certain services including, but not limited to, fulfilling orders, processing credit card payments, delivering packages, providing customer service and marketing assistance, performing business and sales analyses, supporting the functionality of the Services, and supporting contests, sweepstakes, surveys and other features we offer, on our behalf. These service providers may have access to your Personal Information, but only to the extent necessary to perform or fulfill their business purpose. We do not permit them to share or use any of your Personal Information for any other purpose.

^[5] Affiliate businesses are those businesses with whom we may affiliate to sell our products or Services. We may share information we collect, including Personal Information, with affiliated businesses. Sharing such information with our affiliates enables us to provide you with information about a variety of products and Services that might interest you. We instruct all affiliated businesses to comply with applicable privacy and security laws and, at a minimum, in any commercial email they send to you, to give you the opportunity to choose not to receive such email messages in the future.

^[6] Business partners are typically merchants offering the products, services, promotions, contests and/or sweepstakes in connection with or related to our own products and Services. We will not share your Personal Information with business partners unless you choose to participate in their offer or program. When you choose to engage in a particular offer or program, you authorize us to share your email address and other Personal Information with the relevant business partners.