Privacy Policy

Privacy Policy

Last updated: August 15, 2025

At Sosna Gems, we value your trust. This Privacy Policy explains how we collect, use and protect your personal information when you shop with us, whether from the USA, EU, or anywhere in the world.

1. Introduction & Scope

This Privacy Policy explains how we collect, use, disclose, transfer and safeguard personal data when you interact with our website, online store, customer support and marketing communications (the “Services”).

1.1 Who We Are (Controllers)

  • For customers outside the European Union (Non-EU):
    SOSNA Gems Investments Inc., 7901 4th St N, Ste 300, 337-02 St. Petersburg, Florida, USA,
    Email: sale@sosnagems.com
  • For customers residing in the European Union (EU):
    SOSNA Gems Investments a.s., Školská 689/20, Nové Město, 110 00 Praha 1, Czech Republic,
    Email: sale@sosnagems.com

Each entity acts as a data controller for the processing activities related to its respective customer group and legal obligations. Personal data may be shared within the SOSNA Gems group where necessary (e.g., fraud prevention, accounting, logistics), in accordance with applicable law.

1.2 When This Policy Applies

This Policy applies when you:

  • browse or purchase through sosnagems.com,
  • create or use an account,
  • contact us (email, phone, chat, social media),
  • receive our transactional or marketing communications,
  • participate in surveys, events, or promotions.

This Policy does not apply to third-party websites, apps, payment providers, logistics or certification laboratories we link to or use (e.g., Shopify Payments, Lunu, carriers, GIA/IGI). Their privacy practices are governed by their own policies.

1.3 Regional Applicability

We comply with applicable data protection laws, including:

  • EU/EEA: General Data Protection Regulation (GDPR) and national implementations,
  • United Kingdom: UK GDPR (as applicable),
  • United States (e.g., California): CCPA/CPRA and other state laws where applicable.

Region-specific rights and disclosures are provided in the dedicated sections below.

1.4 Relationship with Other Documents

This Privacy Policy complements (and does not replace) our Terms & Conditions and Cookie Policy. If there is any conflict, this Privacy Policy governs the processing of personal data, while the Terms & Conditions govern the sale of products.

1.5 Updates to This Policy

We may update this Policy from time to time to reflect legal, technical or business developments. We will post the updated version with a new “Last updated” date and, where required by law, notify you via email and/or an in-service notice.

2. Definitions

For the purposes of this Privacy Policy:

  • “Company”, “we”, “us”, “our” refers to:
    - SOSNA Gems Investments Inc., 7901 4th St N, Ste 300, 337-02 St. Petersburg, Florida, USA (for Non-EU customers), and
    - SOSNA Gems Investments a.s., Školská 689/20, Nové Město, 110 00 Praha 1, Czech Republic (for EU customers).
  • “Website” or “Service” means the online store and related services accessible at www.sosnagems.com.
  • “Personal Data” means any information relating to an identified or identifiable natural person, as defined by GDPR (EU), and any information that identifies, relates to, or could reasonably be linked with a consumer or household, as defined by CCPA/CPRA (California, USA).
  • “Usage Data” means information collected automatically when using the Service, such as IP address, browser type, device information, pages visited, time spent, and interactions.
  • “Account” means a unique account created by a user to access or purchase through the Website.
  • “Cookies” means small files stored on a user’s device to help operate the Website, enable certain functions, and analyze usage. Details are set out in our Cookie Policy.
  • “Data Controller” means the legal entity that determines the purposes and means of processing Personal Data. For EU customers, this is SOSNA Gems Investments a.s.; for Non-EU customers, this is SOSNA Gems Investments Inc.
  • “Service Providers” means third-party companies or individuals engaged to support the operation of the Website (e.g., Shopify, Lunu, logistics partners, payment processors, analytics providers).
  • “You”, “User”, or “Buyer” means any individual accessing or using the Website, or the company or entity on behalf of which such individual is acting.

3. Types of Data Collected

We collect different categories of information in order to provide, improve and secure our Services.

3.1 Personal Data provided by you

When you interact with our Website or Services, you may provide us with information that identifies you directly. This may include:

  • Contact details: first name, last name, email address, phone number, billing and shipping address.
  • Account details: login credentials, preferences, saved items, order history.
  • Payment information: payment method details (processed securely by third-party providers; we do not store full credit card data).
  • Communication records: any correspondence with our customer support, marketing subscriptions, or participation in surveys/events.

Purpose: to process and deliver your orders, manage your account, provide customer support, comply with legal obligations, and send communications (where consented).

3.2 Usage Data (collected automatically)

When you use the Website, certain data is collected automatically. This may include:

  • Device information: IP address, browser type and version, operating system, device identifiers.
  • Website interactions: pages visited, time spent, referring/exit pages, search queries, clicks and interactions.
  • Transactional logs: order activity, fraud prevention data, error logs.
  • Mobile use: device type, OS, app/browser version, network provider.

Purpose: to ensure website functionality, security, analytics, fraud prevention, and service improvement.

3.3 Cookies and Tracking Technologies

We use cookies and similar tracking technologies (pixels, tags, beacons) to operate our Website, personalize user experience, and measure performance.

  • Necessary cookies: required for website functionality (checkout, login, security).
  • Preference cookies: remember your settings (language, currency, login preferences).
  • Analytics cookies: help us understand how users interact with our Website.
  • Marketing cookies: may be used to deliver personalized offers or advertising, depending on your consent (where required by law).

More details, including cookie duration and management options, are available in our Cookie Policy.

3.4 Sensitive Data

We do not intentionally collect or process sensitive personal data (such as data revealing racial or ethnic origin, political opinions, religious beliefs, health information, or biometric data) unless you voluntarily provide it and consent to its processing, or unless required by law.

3.5 Data from Third Parties

We may receive additional personal data about you from trusted partners, for example:

  • From payment providers (Shopify Payments, Lunu) for transaction verification.
  • From logistics providers (FedEx, UPS, DHL) for delivery tracking.
  • From certification laboratories (GIA, IGI) where you request certified gemstones.
  • From analytics and advertising providers (Google, Meta) where legally permitted.

4. How We Use Your Data

We use the information we collect for the following purposes:

4.1 Performance of Contract and Service Delivery

  • To process and deliver your orders, including payment processing, fraud prevention, logistics, and customer communication.
  • To provide and manage your account on the Website.
  • To issue invoices, confirmations, and other transactional documents.

4.2 Customer Support

  • To respond to inquiries, provide after-sales support, handle complaints and resolve disputes.
  • To maintain records of your communications with us for training and quality assurance.

4.3 Marketing and Personalization

  • To send newsletters, product updates, promotional offers and event invitations, where you have consented or where permitted by law.
  • To personalize your shopping experience, recommend relevant products and display tailored advertising (subject to cookie consent in the EU).
  • To analyze how customers use our Website, improve content, design and user experience.

4.4 Legal and Compliance

  • To comply with tax, accounting, customs and other legal obligations.
  • To respond to lawful requests by authorities, courts or regulators.
  • To protect and defend our rights, property, and security, or the rights of our customers and partners.

4.5 Security and Fraud Prevention

  • To detect, prevent and investigate fraud, unauthorized transactions or other illegal activities.
  • To ensure the integrity and security of our IT systems.

4.6 Business Development

  • To evaluate or conduct business transfers such as mergers, acquisitions, restructuring or sale of assets.
  • In such cases, personal data will be handled in accordance with this Privacy Policy.

5. Legal Basis for Processing (EU Customers)

If you are located in the European Union or the European Economic Area, we process your Personal Data only where we have a valid legal basis under the General Data Protection Regulation (GDPR). Depending on the context, this may include:

  • Performance of a contract (Art. 6(1)(b) GDPR):
    To process and deliver your orders, manage your account, provide customer support, and fulfill any contractual obligations.
  • Consent (Art. 6(1)(a) GDPR):
    For sending marketing communications, newsletters, personalized offers, or for the use of non-essential cookies. You may withdraw your consent at any time.
  • Compliance with legal obligations (Art. 6(1)(c) GDPR):
    To comply with applicable laws, including tax, accounting, customs, anti-fraud and consumer protection requirements.
  • Legitimate interests (Art. 6(1)(f) GDPR):
    To improve our services and user experience, ensure IT security, prevent fraud and abuse, and to defend or exercise legal claims. We always balance our interests with your fundamental rights and freedoms.
  • Vital interests (Art. 6(1)(d) GDPR):
    In rare cases, to protect your vital interests or those of another person (e.g., urgent safety issues).

6. Your Rights (EU Customers)

If you are located in the European Union or the European Economic Area, you have the following rights under the General Data Protection Regulation (GDPR):

  • Right of access (Art. 15 GDPR):
    You can request confirmation of whether we process your personal data and obtain a copy of that data, along with information about how it is used.
  • Right to rectification (Art. 16 GDPR):
    You can request correction of inaccurate or incomplete personal data.
  • Right to erasure (Art. 17 GDPR):
    You can request deletion of your personal data (“right to be forgotten”) where there is no overriding legal reason for its retention.
  • Right to restriction of processing (Art. 18 GDPR):
    You can request that we restrict processing of your personal data in certain circumstances (e.g., pending verification of accuracy).
  • Right to data portability (Art. 20 GDPR):
    You can request that we provide your personal data in a structured, commonly used, and machine-readable format, and transfer it to another controller where technically feasible.
  • Right to object (Art. 21 GDPR):
    You can object to processing based on legitimate interests, including profiling. We will stop processing unless we have compelling legitimate grounds that override your interests or rights.
  • Right to withdraw consent (Art. 7(3) GDPR):
    Where processing is based on consent (e.g., marketing communications), you may withdraw your consent at any time without affecting the lawfulness of processing before withdrawal.
  • Right to lodge a complaint (Art. 77 GDPR):
    You have the right to file a complaint with your local data protection authority. A list of EU supervisory authorities is available here: https://edpb.europa.eu/about-edpb/about-edpb/members_en.

To exercise any of these rights, please contact us at:
📩 privacy@sosnagems.com

We may request proof of identity before responding to your request to protect your privacy and security.

7. Your Rights (California Customers)

If you are a resident of California, you have specific privacy rights under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA). These rights include:

  • Right to Know: You may request that we disclose the categories and specific pieces of personal information we have collected, used, disclosed, or shared about you.
  • Right to Delete: You may request deletion of personal information we collect and maintain, subject to certain exceptions (e.g., legal obligations).
  • Right to Correct: You may request correction of inaccurate personal information we maintain about you.
  • Right to Opt-Out of Sale/Sharing: If applicable, you may opt out of the sale or sharing of your personal information with third parties.
  • Right to Limit Use of Sensitive Personal Information: If we process sensitive information (as defined by CPRA), you may restrict its use to only what is necessary to perform the services or provide goods.
  • Right to Non-Discrimination: You have the right not to be treated differently or discriminated against for exercising any of your CCPA/CPRA rights.

Exercising Your Rights

To exercise your rights under the CCPA/CPRA, you can contact us by:

Only you, or a person authorized to act on your behalf, may submit a verifiable consumer request. We may need to verify your identity before fulfilling your request.

We do not sell or share personal information of consumers under the age of 16.

8. Retention & Transfer of Data

8.1 Data Retention

We retain your Personal Data only for as long as necessary to fulfill the purposes outlined in this Privacy Policy, including:

  • order processing and delivery,
  • compliance with legal, tax, and accounting requirements,
  • dispute resolution and enforcement of agreements,
  • fraud prevention and security monitoring.

When we no longer need your Personal Data, we securely delete or anonymize it.

  • EU Customers: In accordance with GDPR, retention periods are limited to what is necessary for the purposes for which the data was collected. For example, transaction records are generally retained for 10 years to comply with tax and accounting laws.

  • Non-EU Customers: We follow applicable national laws and industry standards for data retention.

8.2 Data Transfer (Cross-Border)

Your Personal Data may be transferred to, and stored on, servers located outside your country of residence, including in the United States.

  • EU Customers: Where data is transferred outside the European Economic Area (EEA), we ensure that appropriate safeguards are in place in accordance with GDPR, such as:
    - transfers to countries with an adequacy decision by the European Commission, or
    - use of Standard Contractual Clauses (SCCs) approved by the European Commission.
  • Non-EU Customers: By using our Services, you consent to the transfer of your Personal Data to the United States or other jurisdictions where we or our service providers operate.

8.3 Safeguards

We take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this Privacy Policy, including encryption, access controls, and contractual protections with our service providers.

9. Disclosure of Data

We do not sell or rent your Personal Data. We may share your information only in the limited circumstances described below:

9.1 Service Providers

We share Personal Data with trusted third parties who perform services on our behalf, such as:

  • E-commerce platform: Shopify (store hosting, checkout, payment gateway).
  • Payment processors: Shopify Payments, Lunu (crypto), and banks for transaction verification.
  • Logistics partners: FedEx, UPS, DHL, and other carriers for shipping and delivery.
  • Certification laboratories: GIA, IGI, HRD for gemstone grading where requested.
  • Analytics & marketing tools: Google Analytics, Meta Ads, subject to cookie consent where required.

All service providers are bound by contractual obligations to keep data secure and use it only for the agreed purposes.

9.2 Affiliates

We may share Personal Data within the SOSNA Gems group (USA Inc. and EU a.s.) where necessary for operations, compliance, fraud prevention, or customer service.

9.3 Business Transfers

In the event of a merger, acquisition, restructuring, or sale of assets, your Personal Data may be transferred as part of the business transaction. In such cases, data will continue to be protected by this Privacy Policy.

9.4 Legal Obligations

We may disclose Personal Data where required by law or legal process, for example:

  • to comply with applicable tax, customs or regulatory requirements,
  • in response to lawful requests by courts, regulators, or government authorities.

9.5 Protection of Rights

We may disclose Personal Data if necessary to:

  • protect and defend our rights, property, and brand reputation,
  • investigate or prevent potential fraud or security issues,
  • ensure the safety of our customers and the public,
  • protect against legal liability.

10. Cookies & Tracking Technologies

We use cookies and similar tracking technologies (such as tags, pixels, and web beacons) to operate our Website, personalize your experience, and analyze performance.

10.1 Types of Cookies We Use

  • Necessary cookies: required for basic site functionality, checkout, login, and fraud prevention.
  • Preference cookies: remember your settings (e.g., language, currency, login).
  • Analytics cookies: help us understand how users interact with our Website and improve performance.
  • Marketing cookies: may be used to deliver personalized offers and advertising, subject to your consent where required by law.

10.2 EU/EEA Customers (GDPR, ePrivacy)

If you are located in the EU/EEA, non-essential cookies (analytics, marketing) are only placed on your device after you have given consent via our cookie banner. You can withdraw or change your cookie preferences at any time.

10.3 US Customers (CCPA/CPRA)

If you are located in California or other US states with similar laws, cookies and tracking technologies may be considered “personal information.” You have the right to opt out of certain sharing, which you can exercise via our Cookie Policy.

10.4 Managing Cookies

Most browsers allow you to manage cookies through settings (block, delete, or restrict). Please note that disabling cookies may affect website functionality.

For detailed information on the cookies we use, their duration, and your options for managing them, please see our Cookie Policy.

11. Security of Data

We are committed to protecting your Personal Data and apply appropriate technical and organizational measures to safeguard it against unauthorized access, alteration, disclosure, or destruction.

11.1 Our Security Measures

  • Encryption of data in transit (SSL/TLS) and, where applicable, at rest.
  • Access controls and authentication procedures to limit access to Personal Data to authorized personnel only.
  • Regular monitoring, testing, and updating of our IT systems.
  • Contracts with service providers (e.g., Shopify, payment processors, logistics partners) requiring them to apply comparable security standards.

11.2 Limitations

While we implement industry-standard security measures, no method of transmission over the Internet or method of electronic storage is completely secure. Therefore, we cannot guarantee absolute security of your Personal Data.

11.3 Your Responsibility

You are responsible for maintaining the confidentiality of your account credentials and for taking reasonable measures to secure your devices and connections when using our Services.

12. Children’s Privacy

Our Services are not directed to, and we do not knowingly collect Personal Data from, children.

  • EU Customers (GDPR):
    If you are located in the EU/EEA, you must be at least 16 years old to provide consent for the processing of your Personal Data. If you are under 16, your parent or guardian must provide consent on your behalf.
  • US Customers (COPPA):
    If you are located in the United States, our Services are not intended for individuals under the age of 13. We do not knowingly collect Personal Data from anyone under 13.

If we become aware that we have collected Personal Data from a child without proper consent, we will take immediate steps to delete such data.

Parents or guardians who believe that their child has provided Personal Data to us may contact us at privacy@sosnagems.com to request deletion.

13. Changes to this Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or for other operational reasons.

When we make material changes, we will notify you by:

  • posting the updated version on this page,
  • updating the “Last updated” date at the top of the Policy, and
  • where legally required, providing additional notice (e.g., by email or through our Website).
  • We encourage you to review this Privacy Policy periodically to stay informed about how we protect your Personal Data.

14. Contact Information

If you have any questions, concerns, or requests related to this Privacy Policy or to the processing of your Personal Data, you may contact us at:

  • 📩 Email (global): privacy@sosnagems.com
  • 📞 Phone (USA): +1 (727) 383-6970
  • 📞 Phone (EU): +420 735 511 811
  • For EU Customers (Data Controller):
    SOSNA Gems Investments a.s.
    Školská 689/20, Nové Město, 110 00 Praha 1, Czech Republic
  • For Non-EU Customers (Data Controller):
    SOSNA Gems Investments Inc.
    7901 4th St N, Ste 300, 337-02 St. Petersburg, Florida, USA

If you are located in the EU/EEA and believe that we have not handled your Personal Data in accordance with applicable law, you also have the right to lodge a complaint with your local data protection authority. A list of EU supervisory authorities is available here: https://edpb.europa.eu/about-edpb/about-edpb/members_en.

 

Custom jewelry sketch

About Gemstones

All you need to know

All informations about gemstones

GEMSTONES INFORMATION