Kove Jewelry
Privacy Policy
Effective from 2 May 2026.
1. Data Controller
Kove Jewelry s.r.o. Registered office: Radlická 2343/48, Smíchov, 150 00 Praha 5, Czech Republic Company ID (IČO): 274 84 611 VAT ID (DIČ): CZ27484611 Registered with the Municipal Court in Prague, file C 387225 We are the controller of the personal data collected through this website. Contact for privacy matters: info@kove.jewelry
2. What Data We Collect
We collect the following categories of personal data: • Identification data — first name, last name. • Contact data — email address, phone number, shipping address. • Order data — selected products, configurations, references to specific stones, order amounts and currencies, order history. • Payment data — for card payments, the payment is processed entirely by Stripe; we receive only a transaction reference and never see your full card number. For bank transfers, we record the proforma reference and the bank account number from which the payment arrived (this is provided to us by our bank). • Custom-order inquiry data — the information you submit through the custom-order form (description of your request, references, budget range). • Technical data — IP address, browser, basic device information, captured for security and fraud-prevention purposes. • Cookie and analytics data — see Section 8 for details.
3. Why We Collect Data
We collect and process your personal data for the following purposes: • Processing and fulfilling your orders • Handling stone-selection inquiries and custom-order requests • Communicating about your orders and providing customer support • Issuing invoices and order confirmations • Detecting and preventing fraud, abuse, and security incidents • Complying with our legal obligations under accounting, tax, and AML legislation
4. Legal Basis
We process your data based on: • Performance of contract — order processing, fulfilment, customer support (GDPR Art. 6(1)(b)) • Legal obligations — accounting, tax, and AML compliance (Art. 6(1)(c)) • Legitimate interest — fraud prevention, network security, internal analytics for service improvement (Art. 6(1)(f)) • Your consent — analytics and marketing cookies (Art. 6(1)(a)), withdrawable at any time via the Cookie Settings link in the footer
5. Data Retention
We retain your personal data only as long as necessary for the purpose it was collected: • Accounting records (orders, invoices, payment data): 10 years from the end of the accounting period (Czech Accounting Act, No. 563/1991 Coll., §31). • Customer accounts: while the account is active, plus 3 years after the last login. • Marketing preferences and consents: 3 years from the date of consent or until withdrawn. • Custom-order inquiries that did not result in a purchase: 3 years from submission. • Technical / security logs: typically 6 months, longer only if required to investigate a specific incident. After these periods, the data is deleted or fully anonymised.
6. Service Providers and Data Transfers
We do not sell your personal data. We share necessary data with the following service providers (subprocessors), each bound by data-processing agreements compliant with the GDPR: • Stripe Payments Europe Ltd. — payment processing (card details never reach our servers) • Resend — transactional email delivery (order confirmations, proforma invoices) • Vercel Inc. — website hosting • Supabase — database and authentication • Railway — search index and background jobs • Plausible Insights ehf. — privacy-friendly website analytics (no personal identifiers, no tracking cookies) Some of these providers operate infrastructure outside the European Economic Area (notably Stripe, Vercel, and Railway, which use US data centres). Where personal data is transferred outside the EEA, the transfer is protected by Standard Contractual Clauses approved by the European Commission and, where applicable, by the EU–US Data Privacy Framework. We do not transfer your data to any other third party except where required by law (e.g., tax authorities, courts, AML authorities under Act No. 253/2008 Coll.).
7. Your Rights
Under the GDPR, you have the right to: • Access your personal data and receive a copy • Rectify inaccurate or incomplete data • Request deletion of your data ("right to be forgotten"), subject to our retention obligations under accounting and tax law • Restrict or object to processing based on legitimate interest • Data portability — receive your data in a machine-readable format • Withdraw consent for analytics and marketing cookies at any time, via the Cookie Settings link in the footer • Lodge a complaint with the Czech Office for Personal Data Protection (Úřad pro ochranu osobních údajů, www.uoou.cz) To exercise any of these rights, email info@kove.jewelry. We respond within 30 days.
8. Cookies and Analytics
This website uses essential cookies necessary for the cart, checkout, currency selection, and login session to function. These do not require consent. With your consent, we also use: • Analytics — to understand how visitors use the site. We use Plausible, a privacy-friendly analytics tool that does not set tracking cookies and does not collect personal identifiers. • Marketing — to measure the performance of advertising campaigns. These trackers are loaded only after you accept them in the cookie banner. You can change your cookie preferences at any time via the "Cookie Settings" link in the footer. Withdrawing consent is as easy as giving it; we never penalise users who decline analytics or marketing cookies.