Privacy policy

OrLume Jewelry
Last updated: Oct 13, 2025
Privacy

We care about protecting your personal data. Below we explain how we process personal data when you visit our website, place orders, use a customer account, or communicate with us.

1. Controller

OrLume Jewelry (sole proprietorship)
Owner: Rainer Buchhöcker
Schützenberg 13, 3970 Schützenberg, Austria
GISA: 38814853 · VAT: ATU77682919

2. Data Categories & Purposes

  • Website usage (server logs, IP, timestamps, browser/device data): site operation, security, error analysis.
  • Order & account data (name, billing/shipping address, email, items ordered, payment/transaction data): order processing, account, customer service, legal obligations (tax/books).
  • Communication (emails, support requests): handling inquiries, complaints, withdrawal/returns.
  • Google Sign-In (OAuth 2.0): depending on your Google settings, we receive email address, name and optionally profile image — used solely to create/sign you in (no password sharing; no profiling beyond that).
  • Marketing (with consent): newsletter/offers; revocable at any time.
  • Analytics/Statistics (e.g., Shopify Analytics; optionally external tools): shop improvements (aggregated/pseudonymised where possible).

3. Legal Bases (Art. 6 GDPR)

Art. 6(1)(b) – contract/performance (orders, account, support, Google Sign-In); Art. 6(1)(c) – legal obligation (e.g., tax/commercial retention); Art. 6(1)(f) – legitimate interests (secure and efficient shop operation, fraud prevention, internal analysis); Art. 6(1)(a) – consent (e.g., newsletter, non-essential cookies/tracking). You may withdraw consent at any time with future effect.

4. Shop Hosting, Payments, Shipping

  • Shop platform/hosting: Shopify International Ltd. (Ireland) / Shopify Inc. (Canada/USA) provides infrastructure, checkout, security and core shop functions.
  • Payment services (depending on your selection): e.g., credit card, Klarna, PayPal, Apple Pay/Google Pay. The respective provider’s privacy notices apply.
  • Shipping/fulfilment & logistics: fulfilment partners and parcel services (e.g., DHL, DPD, UPS) for delivery and tracking.
  • Email/transactional mail: via Shopify or connected mail services.

Where required, we have processor agreements in place pursuant to Art. 28 GDPR.

5. Google Sign-In (OAuth 2.0)

Provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Depending on your Google settings, we receive your email address, name and optionally profile image. We use this data solely to create/sign you in (authentication) and for fraud prevention. Passwords are not transmitted to us. Legal basis: Art. 6(1)(b) GDPR. More info: policies.google.com/privacy. You can delete your account with us or revoke access in your Google Account (“Apps with access to your account”), or email us at office@orlume.eu.

6. Cookies & Analytics

We use cookies and similar technologies to operate the website (necessary) and — only with consent — for statistics/marketing. On first visit you can choose your preferences in the banner and change them anytime in the cookie settings.

7. Recipients & Categories of Recipients

Internal units (order processing, support, accounting); processors (shop platform, IT services, fulfilment, shipping, payment services, email services); authorities where legally required.

8. International Transfers

Depending on the provider, data may be transferred to third countries outside the EU/EEA (e.g., Canada/USA). In such cases we rely on recognised safeguards (e.g., EU Standard Contractual Clauses) and additional measures to ensure an adequate level of protection.

9. Storage Periods

  • Order/contract data: until completion; thereafter according to statutory retention (Austria typically 7 years under BAO).
  • Communication/support: until resolved and in line with legal duties/limitation periods.
  • Marketing data (e.g., newsletter): until consent is withdrawn.
  • Server logs: short-term (rotation-based) to ensure operation/security.

10. Your Rights (Art. 15–22 GDPR)

Subject to the legal requirements: right of access, rectification, erasure, restriction, data portability, objection (to processing based on legitimate interests), and withdrawal of consent with future effect. To exercise your rights, email office@orlume.eu. We may request additional information to verify your identity.

11. Right to Lodge a Complaint

If you believe your data is processed unlawfully, you may complain to a supervisory authority (Art. 77 GDPR). In Austria: Austrian Data Protection Authority (DSB), Barichgasse 40–42, 1030 Vienna — dsb.gv.at · dsb@dsb.gv.at.

12. Minors

Our offering is not directed at children. Orders require legal age.

13. Automated Decisions/Profiling

No fully automated decision-making with legal effect. Fraud-prevention mechanisms (e.g., by payment/shop providers) may include risk-based checks to prevent abusive orders.

14. Security

We implement organisational and technical measures to protect your data (e.g., access controls, encryption in transit, role-based permissions).

15. Updates to This Policy

We may update this Privacy Policy if processes, services or legal requirements change. The current version is available here; where required, we will inform you of material changes.

16. Contact

Questions? office@orlume.eu