Privacy Policy

Effective Date: 16/03/2025
Last Updated: 16/03/2025

1. Introduction
Welcome to Norbu Design. We are committed to protecting your personal data and ensuring your privacy. This Privacy Policy explains how we collect, use, store, and protect your personal data in compliance with the General Data Protection Regulation (GDPR) and other applicable privacy laws.

By using our website (www.norbudesign.com) or purchasing our products, you agree to the terms outlined in this Privacy Policy.

2. Data We Collect
We collect and process the following types of personal data:

• Personal Information: Name, email address, phone number, billing and shipping address.
• Payment Information: We do not store credit card details. Payments are processed securely by third-party payment processors.
• Account Information: If you create an account, we store your login details and purchase history.
• Communication Data: Messages sent via email, contact forms, or customer service inquiries.
• Technical Data: IP address, browser type, device information, and cookies (see our Cookie Policy for details).

We do not collect any sensitive personal data (such as race, religion, or health information).

3. How We Use Your Data
We use your personal data for the following purposes:

• To process and fulfill orders, including shipping and delivery.
• To communicate with you about your purchases and provide customer support.
• To send promotional offers, newsletters, and marketing communications (only with your consent).
• To improve our website, products, and customer experience through analytics.
• To comply with legal obligations and prevent fraudulent transactions.

4. Legal Basis for Processing Data
Under the GDPR, we process personal data based on the following legal grounds:

• Contractual Necessity: When processing your orders and managing customer support.
• Legitimate Interests: For improving our services, security, and fraud prevention.
• Consent: For marketing communications and cookies (where applicable).
• Legal Obligations: When complying with applicable laws.

5. Data Sharing and Third Parties
We do not sell, rent, or trade your personal data. However, we may share your data with trusted third parties for the following purposes:

• Payment Processors: To process transactions securely.
• Shipping Providers: To fulfill and deliver orders.
• Marketing Platforms: To send promotional emails (with your consent).
• Analytics Services: To monitor website performance and user behavior.
• Legal Authorities: If required by law or to protect our rights.

All third-party service providers comply with GDPR and implement security measures to protect your data.

6. Data Storage and Security
We implement technical and organizational measures to protect your personal data, including:

• Secure servers with encryption protocols.
• Restricted access to personal data.
• Regular security audits and updates.

Your data is stored within the European Economic Area (EEA) or other locations with adequate data protection standards.

7. Data Retention
We retain your personal data only for as long as necessary to fulfill the purposes outlined in this policy:

• Order and transaction data: 6 years (for tax and accounting purposes).
• Marketing communications: Until you unsubscribe.
• Customer support inquiries: 2 years.

After this period, your data will be securely deleted or anonymized.

8. Your Rights Under GDPR
As a user, you have the following rights regarding your personal data:

• Right to Access: Request a copy of your personal data.
• Right to Rectification: Request corrections to inaccurate or incomplete data.
• Right to Erasure (Right to be Forgotten): Request deletion of your data (subject to legal obligations).
• Right to Restrict Processing: Request limitations on how we use your data.
• Right to Data Portability: Request a copy of your data in a structured format.
• Right to Object: Opt-out of marketing communications and automated decision-making.
• Right to Withdraw Consent: If we rely on consent to process your data, you can withdraw it at any time.

To exercise your rights, contact us at [email protected]. We will respond within 30 days as required by GDPR.

9. Cookies and Tracking Technologies
We use cookies to enhance user experience, analyze website performance, and personalize content. By using our website, you consent to our use of cookies. For more details, please review our Cookie Policy.

10. International Data Transfers
Since Norbu Jewelry is based in Israel, your data may be transferred outside the European Economic Area (EEA). We ensure adequate protection through standard contractual clauses and secure transfer mechanisms.

11. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect legal changes or business updates. Any modifications will be posted on this page with a revised “Last Updated” date.

12. Contact Information
For any questions, concerns, or requests regarding your privacy rights, contact us at:

• Business Name: Norbu Jewelry
• Website: www.norbudesign.com
• Email: [email protected]
• Address: HaHermon 5, Oranit, Israel

If you believe your data protection rights have been violated, you may file a complaint with your local Data Protection Authority (DPA).

Thank you for trusting Norbu Design with your personal data. Your privacy matters to us!