§ 1. GENERAL INFORMATION

1. This Privacy Policy sets out the rules for the collection, storage, and use of personal data obtained from Users by the online store aurumfidesgold.com.
2. The Administrator of your personal data is: LUXURY ORIGINAL PARTS OÜ Registry code: 14797249 Address: Harju maakond, Tallinn, Lasnamäe linnaosa, Lõõtsa tn 5, 11415, Estonia E-mail: info@aurumfidesgold.com (hereinafter referred to as the “Administrator”).
3. The legal basis for processing personal data is Regulation (EU) 2016/679 (GDPR).
4. The Administrator ensures that data is processed lawfully, collected for specified purposes, and not subjected to further processing incompatible with those purposes.

§ 2. AUTOMATICALLY COLLECTED INFORMATION (COOKIES)

1. The Service does not collect any data automatically, except for information contained in cookies during the use of the Website.
2. Cookies are used for:
   • Managing the shopping cart during the ordering process.
   • Adjusting the Website content to User preferences and optimizing site usage.
   • Creating statistics (e.g., via Google Analytics) to understand how Users interact with the Website.
   • Maintaining the User’s session after logging in.
3. Users can block or delete cookies at any time through their browser settings. However, disabling cookies may affect the functionality of the Store.

§ 3. PROFILING AND RETARGETING

1. The Administrator may use retargeting technologies to display relevant advertisements to Users who have previously visited the Store while they browse other websites.
2. Personal data may be processed in an automated manner, including profiling, to analyze or predict User preferences and behavior.
3. Users have the right to object to profiling by sending an e-mail to: info@aurumfidesgold.com.

§ 4. DATA COLLECTED DURING REGISTRATION AND PURCHASE

1. To process orders and registration, the Administrator collects:
   • Name and surname.
   • Residential/Shipping address.
   • E-mail address.
   • Phone number.
   • For AML/KYC purposes: Tax ID (where applicable) and identity document data (if a transaction exceeds EUR 15,000 or based on risk assessment).
2. Providing this data is voluntary but necessary to complete a purchase or register an account.

§ 5. DATA SHARING AND TRANSFERS

1. To fulfill the Sales Agreement, data may be shared with:
   • Courier and postal companies (for delivery).
   • Payment operators (to process transactions).
   • IT service providers (hosting, newsletter systems).
2. For analytical and marketing purposes, data may be transferred outside the European Economic Area (EEA) to entities that guarantee compliance with GDPR standards (e.g., Google, Tawk).

§ 6. USE OF STORED INFORMATION

The Administrator uses your data to:

1. Process and fulfill orders, including payment processing and status updates.
2. Verify identity (especially for high-value transactions involving precious metals).
3. Provide customer support and respond to inquiries.
4. Send Newsletters (only with explicit consent).
5. Comply with legal obligations, including Anti-Money Laundering (AML) regulations and tax laws.

§ 7. DATA SECURITY

1. The Administrator uses technical and organizational measures to ensure the security of processed data, including SSL (Secure Socket Layer) encryption for sensitive information.
2. Users are responsible for keeping their login and password confidential.
3. Private financial information (such as credit card numbers) is not stored by the Administrator after the transaction is completed.

§ 8. YOUR RIGHTS

Under GDPR, you have the right to:

1. Access your personal data and receive a copy.
2. Rectify (correct) inaccurate or incomplete data.
3. Erasure (“Right to be forgotten”) – if the data is no longer necessary or the legal basis has expired.
4. Restrict processing of your data.
5. Data portability to another administrator.
6. Object to the processing of data based on legitimate interest or for direct marketing.
7. Withdraw consent at any time (without affecting the lawfulness of processing before withdrawal).
8. Lodge a complaint with a supervisory authority (In Estonia: Andmekaitse Inspektsioon / Data Protection Inspectorate).

§ 9. DATA RETENTION PERIOD

1. Data related to orders is stored for the period necessary to fulfill the contract and for the duration required by tax and accounting laws.
2. In the case of investment metals, data may be stored longer to comply with AML (Anti-Money Laundering) requirements.
3. Marketing data (Newsletter) is stored until the User withdraws consent.

§ 10. FINAL PROVISIONS

The Administrator reserves the right to update this Privacy Policy. Users will be informed of any significant changes.

The Website may contain links to other websites; the Administrator is not responsible for their privacy policies.