Privacy Policy

Effective Date: 22 March 2026

AURRVIA ("we", "us", "our") is a brand operated by PNM Gems & Jewellery, with its registered address at Via Claudio Monteverdi 28, 50144 Firenze (FI), Italy. We are committed to protecting your personal data in accordance with the EU General Data Protection Regulation (GDPR, Regulation (EU) 2016/679), the Italian Legislative Decree 196/2003 (as amended by Legislative Decree 101/2018), and all other applicable data protection laws worldwide.

This Privacy Policy explains how we collect, use, store, and protect your personal data when you visit our website at https://www.aurrvia.com or make a purchase from our online store.

1. Data Controller

Legal Entity: PNM Gems & Jewellery
Brand Name: AURRVIA
Address: Via Claudio Monteverdi 28, 50144 Firenze (FI), Italy
Email: kaluhewapriyantha@gmail.com
Phone: +39 055 332555

2. Personal Data We Collect

We may collect the following categories of personal data:

- Identity data: first name, last name
- Contact data: email address, phone number, billing and shipping address
- Transaction data: order details, payment information (processed securely through third-party payment providers)
- Technical data: IP address, browser type and version, device type, operating system, time zone setting, cookie data
- Usage data: pages visited, time spent on pages, navigation paths, referral source
- Communication data: your preferences for receiving marketing communications, correspondence with us

3. How We Collect Your Data

We collect personal data through the following means:

- Directly from you: when you create an account, place an order, subscribe to our newsletter, contact us, or interact with our website
- Automatically: through cookies and similar tracking technologies when you browse our website
- From third parties: payment processors (such as Shopify Payments, PayPal, or Stripe), analytics providers (such as Google Analytics), and social media platforms

4. Legal Basis for Processing (GDPR, Article 6)

We process your personal data on the following legal grounds:

- Performance of a contract (Art. 6(1)(b)): to fulfil orders, process payments, and deliver products to you
- Legitimate interests (Art. 6(1)(f)): to improve our website, prevent fraud, and manage our business operations
- Consent (Art. 6(1)(a)): for marketing communications and non-essential cookies. You may withdraw consent at any time
- Legal obligation (Art. 6(1)(c)): to comply with tax, accounting, and regulatory requirements under Italian and EU law

5. How We Use Your Data

We use your personal data for the following purposes:

- To process and fulfil your orders, including shipping and delivery
- To manage your account and provide customer support
- To process payments securely through our third-party payment providers
- To send you order confirmations, shipping updates, and transactional communications
- To send marketing communications (only with your explicit consent)
- To improve our website, products, and services
- To detect, prevent, and address fraud or other illegal activities
- To comply with our legal and regulatory obligations

6. Data Sharing and Third Parties

We do not sell, rent, or trade your personal data. We may share your data with the following categories of third parties, solely for the purposes described in this policy:

- Shopify Inc.: our e-commerce platform provider, which processes data on our behalf
- Payment processors: such as Shopify Payments, PayPal, or Stripe, to securely process transactions
- Shipping and logistics providers: to deliver your orders
- Analytics providers: such as Google Analytics, to help us understand website usage
- Marketing platforms: such as Klaviyo or Mailchimp, for email marketing (with your consent)
- Legal and regulatory authorities: where required by law

Where data is transferred outside the European Economic Area (EEA), we ensure appropriate safeguards are in place, such as EU Standard Contractual Clauses (SCCs) or adequacy decisions by the European Commission.

7. Data Retention

We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected, or as required by law. Specifically:

- Order and transaction data: retained for 10 years in compliance with Italian tax and accounting regulations
- Account data: retained for as long as your account remains active, and for up to 2 years after closure
- Marketing data: retained until you withdraw your consent or unsubscribe
- Cookie data: retained in accordance with our Cookie Policy

8. Your Rights Under GDPR

As a data subject, you have the following rights under the GDPR:

- Right of access (Art. 15): to obtain a copy of your personal data
- Right to rectification (Art. 16): to correct inaccurate or incomplete data
- Right to erasure (Art. 17): to request deletion of your data ("right to be forgotten")
- Right to restriction of processing (Art. 18): to limit how we use your data
- Right to data portability (Art. 20): to receive your data in a structured, machine-readable format
- Right to object (Art. 21): to object to processing based on legitimate interests or for direct marketing
- Right to withdraw consent: at any time, without affecting the lawfulness of prior processing
- Right to lodge a complaint: with the Italian Data Protection Authority (Garante per la protezione dei dati personali) at www.garanteprivacy.it, or with any competent supervisory authority in your country of residence

To exercise any of these rights, please contact us at kaluhewapriyantha@gmail.com. We will respond within 30 days.

9. Data Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction. These measures include SSL/TLS encryption on our website, secure payment processing through PCI-DSS compliant providers, access controls, and regular security reviews. However, no method of transmission over the internet is 100% secure, and we cannot guarantee absolute security.

10. Children's Privacy

Our website and services are not directed at individuals under the age of 16. We do not knowingly collect personal data from children. If you believe that a child has provided us with personal data, please contact us immediately, and we will take steps to delete such information.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or applicable law. Any changes will be posted on this page with an updated effective date. We encourage you to review this policy periodically.

12. Contact Us

If you have any questions or concerns about this Privacy Policy or our data processing practices, please contact us:

Business Name: PNM Gems & Jewellery (trading as AURRVIA)
Address: Via Claudio Monteverdi 28, 50144 Firenze (FI), Italy
Email: kaluhewapriyantha@gmail.com
Phone: +39 055 332555