Privacy Policy

1. Introduction

MGR Jewelry S.r.l. ("MGR Jewelry," "we," "our," or "us"), with registered offices in Milan, Italy, is committed to protecting your privacy and ensuring the security of your personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website (www.mgrjewelry.com) or use our jewelry manufacturing and marketing services.

This policy is designed to comply with the European Union General Data Protection Regulation (GDPR), the UK General Data Protection Regulation (UK GDPR), the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA), Brazil's Lei Geral de Proteção de Dados (LGPD), and other applicable international data protection laws.

Please read this privacy policy carefully. By accessing our website or using our services, you acknowledge that you have read and understood this policy. If you do not agree with the terms of this privacy policy, please do not access the site or use our services.

2. Data Controller Information

For the purposes of applicable data protection laws, the data controller responsible for your personal data is:

MGR Jewelry
2D23 BIS Building
119 Mahaesak Rd.
Bangrak, Bangkok 10500
Thailand
Email: info@mgr.jewelry

3. Information We Collect

3.1 Personal Information You Provide

We collect personal information that you voluntarily provide to us when you:

• Fill out a contact form or request a quote for our services
• Subscribe to our newsletter or marketing communications
• Communicate with us via email, phone, or other channels
• Enter into a business relationship or contract with us
• Apply for employment or partnership opportunities
• Participate in surveys, promotions, or events

Categories of personal information we may collect include:

• Identity Data: Full name, title, job position
• Contact Data: Email address, telephone number, business address, country of residence
• Business Data: Company name, industry, brand information, project requirements
• Financial Data: Bank account details, payment card information, billing address (for transactions)
• Communication Data: Content of emails, messages, and other correspondence
• Professional Data: Resume, portfolio, work history (for employment applications)

3.2 Automatically Collected Information

When you visit our website, we automatically collect certain technical information through cookies and similar technologies:

• Device Data: IP address, browser type and version, operating system, device type
• Usage Data: Pages visited, time and date of visit, time spent on pages, clickstream data
• Location Data: Approximate geographic location based on IP address (country/city level)
• Referral Data: Website or source that referred you to our site

3.3 Information from Third Parties

We may receive personal information about you from third parties, including:

• Business partners and referral sources
• Social media platforms (if you interact with us through these channels)
• Marketing and analytics providers
• Credit reference and fraud prevention agencies (for business verification)

4. Legal Basis for Processing (GDPR/UK GDPR)

Under GDPR and UK GDPR, we must have a valid legal basis to process your personal data. We rely on the following legal bases:

• Contract Performance: Processing necessary to perform a contract with you or take steps at your request before entering into a contract (e.g., providing quotes, manufacturing services, fulfilling orders)
• Legitimate Interests: Processing necessary for our legitimate business interests, provided these do not override your fundamental rights (e.g., marketing our services to existing clients, improving our website, fraud prevention)
• Consent: Where you have given clear consent for us to process your personal data for specific purposes (e.g., newsletter subscriptions, marketing communications, non-essential cookies)
• Legal Obligation: Processing necessary to comply with legal or regulatory obligations (e.g., tax records, responding to lawful requests from authorities)

You have the right to withdraw consent at any time where we are relying on consent to process your personal data. This will not affect the lawfulness of any processing carried out before you withdraw your consent.

5. How We Use Your Information

We use the information we collect for the following purposes:

5.1 Service Delivery

• Processing inquiries and providing quotes for manufacturing services
• Fulfilling contracts and delivering jewelry manufacturing and marketing services
• Managing client relationships and project communications
• Processing payments and maintaining financial records

5.2 Communication

• Responding to your inquiries, requests, and customer support needs
• Sending transactional emails (order confirmations, project updates)
• Sending marketing communications (with your consent where required)
• Notifying you of changes to our services or policies

5.3 Website Operations and Analytics

• Operating, maintaining, and improving our website
• Analyzing website traffic and user behavior to enhance user experience
• Personalizing content and recommendations
• Ensuring website security and preventing fraud

5.4 Legal and Compliance

• Complying with applicable laws, regulations, and legal processes
• Protecting our rights, privacy, safety, or property
• Enforcing our terms and conditions

6. Cookies and Tracking Technologies

We use cookies and similar tracking technologies (pixels, beacons, scripts) to collect and store information about your interactions with our website. A cookie is a small text file placed on your device that helps us recognize you on subsequent visits.

6.1 Types of Cookies We Use

• Strictly Necessary Cookies: Essential for the website to function properly. These enable core functionality such as security, network management, and accessibility. You cannot opt out of these cookies as they are necessary for the website to operate.
• Analytics Cookies: Help us understand how visitors interact with our website by collecting and reporting information anonymously. We use this data to improve website performance and user experience. Provider: Google Analytics (with IP anonymization enabled).
• Marketing/Advertising Cookies: Used to track visitors across websites to display relevant advertisements. These cookies may be set by us or by third-party advertising partners. They help measure the effectiveness of advertising campaigns.
• Functional Cookies: Enable enhanced functionality and personalization, such as remembering your preferences and settings. These cookies are not strictly necessary but improve your browsing experience.

6.2 Cookie Management

When you first visit our website, you will be presented with a cookie consent banner allowing you to accept or customize your cookie preferences. You can change your preferences at any time by clicking the "Cookie Settings" link in the footer or by adjusting your browser settings.

Most web browsers allow you to control cookies through their settings preferences. However, limiting cookies may impact your experience on our website. For more information about cookies and how to manage them, visit www.allaboutcookies.org.

6.3 Do Not Track Signals

Some browsers have a "Do Not Track" feature that signals to websites that you do not want to have your online activity tracked. Our website currently does not respond to DNT signals, but you can manage your tracking preferences through our cookie consent tools.

7. Information Sharing and Disclosure

We may share your personal information in the following circumstances:

7.1 Service Providers and Business Partners

We share information with trusted third parties who provide services on our behalf, including:

• Cloud hosting and IT infrastructure providers
• Payment processors and financial institutions
• Email marketing and communication platforms
• Analytics and marketing service providers
• Professional advisors (lawyers, accountants, auditors)
• Manufacturing partners in Thailand (for order fulfillment)

These service providers are contractually obligated to protect your information and may only use it for the specific purposes we authorize.

7.2 Legal Requirements

We may disclose your information when required to:

• Comply with applicable laws, regulations, or legal processes
• Respond to lawful requests from public authorities, including law enforcement
• Protect the rights, privacy, safety, or property of MGR Jewelry, our clients, or others
• Enforce our terms of service and other agreements

7.3 Business Transfers

In the event of a merger, acquisition, reorganization, bankruptcy, or sale of all or a portion of our assets, your personal information may be transferred as part of that transaction. We will notify you of any such change and your choices regarding your information.

7.4 With Your Consent

We may share your information in other ways if you have given us explicit consent to do so.

7.5 No Sale of Personal Information

We do not sell, rent, or trade your personal information to third parties for monetary consideration. For California residents, this constitutes our notice that we do not sell personal information as defined under the CCPA/CPRA.

8. International Data Transfers

MGR Jewelry operates internationally with offices in Italy and manufacturing facilities in Thailand. Your personal information may be transferred to, stored, and processed in countries outside your country of residence, including:

• Italy (European Union) - Our headquarters
• Thailand - Our manufacturing facility
• United States - Where some of our service providers are located

These countries may have data protection laws that differ from those in your country. When we transfer personal data outside the European Economic Area (EEA) or the United Kingdom, we ensure appropriate safeguards are in place, including:

• Transfers to countries with an adequacy decision from the European Commission or UK government
• Standard Contractual Clauses (SCCs) approved by the European Commission
• Binding Corporate Rules for intra-group transfers
• Your explicit consent where other safeguards are not available

You may request a copy of the safeguards we use for international transfers by contacting us at info@mgr.jewelry.

9. Data Retention

We retain your personal information only for as long as necessary to fulfill the purposes for which it was collected, including to satisfy legal, accounting, or reporting requirements. The retention period depends on the nature of the information and the purposes for which it is used:

• Client and Transaction Data: 10 years after the end of the business relationship (to comply with Italian tax and commercial law requirements)
• Marketing and Communication Data: Until you unsubscribe or withdraw consent, plus an additional 2 years for record-keeping
• Website Analytics Data: 26 months (aggregated and anonymized)
• Cookie Data: Varies by cookie type (see our cookie consent tool for specific durations)
• Job Application Data: 2 years after the application process concludes (or longer with your consent for future opportunities)
• Inquiry Data: 3 years from your last interaction with us

When we no longer need your personal information, we will securely delete or anonymize it. In some cases, we may anonymize your data for research or statistical purposes, in which case we may use this information indefinitely without further notice to you.

10. Your Privacy Rights

Depending on your location and applicable laws, you may have the following rights regarding your personal information:

10.1 Rights Under GDPR and UK GDPR (EEA and UK Residents)

• Right of Access: Request a copy of the personal data we hold about you and information about how we process it
• Right to Rectification: Request correction of inaccurate or incomplete personal data
• Right to Erasure ("Right to be Forgotten"): Request deletion of your personal data in certain circumstances
• Right to Restriction: Request that we temporarily or permanently stop processing some or all of your personal data
• Right to Data Portability: Receive your personal data in a structured, commonly used, machine-readable format and transmit it to another controller
• Right to Object: Object to processing based on legitimate interests, direct marketing, or profiling
• Right to Withdraw Consent: Withdraw consent at any time where processing is based on consent
• Rights Related to Automated Decision-Making: Not be subject to decisions based solely on automated processing that produce legal or similarly significant effects

10.2 Rights Under CCPA/CPRA (California Residents)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA):

• Right to Know: Request disclosure of the categories and specific pieces of personal information we have collected, the sources, business purposes, and third parties with whom we share it
• Right to Delete: Request deletion of your personal information, subject to certain exceptions
• Right to Correct: Request correction of inaccurate personal information
• Right to Opt-Out of Sale/Sharing: We do not sell your personal information, but you have the right to opt out if we ever do
• Right to Limit Use of Sensitive Personal Information: Direct us to limit use of sensitive personal information to specific purposes
• Right to Non-Discrimination: Not receive discriminatory treatment for exercising your privacy rights

10.3 Rights Under Other Laws

Residents of other jurisdictions may have additional or different rights under applicable laws, including:

• Brazil (LGPD): Similar rights to GDPR, including access, correction, anonymization, portability, and deletion
• Canada (PIPEDA): Right to access, challenge accuracy, and withdraw consent
• Australia (Privacy Act): Right to access and correct personal information

10.4 How to Exercise Your Rights

To exercise any of these rights, please contact us using the information in Section 16 below. We will respond to your request within the timeframe required by applicable law (generally 30 days for GDPR, 45 days for CCPA). We may need to verify your identity before processing your request.

If you are not satisfied with our response or believe we are processing your personal data unlawfully, you have the right to lodge a complaint with your local data protection supervisory authority.

11. Data Security

We implement appropriate technical and organizational security measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction. Our security measures include:

• Encryption of data in transit using SSL/TLS protocols (HTTPS)
• Encryption of sensitive data at rest
• Secure access controls and authentication mechanisms
• Regular security assessments and vulnerability testing
• Employee training on data protection and security practices
• Physical security measures at our offices and facilities
• Incident response procedures for potential data breaches

While we strive to protect your personal information, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security but are committed to promptly addressing any breach in accordance with applicable law.

12. Children's Privacy

Our website and services are intended for businesses and individuals who are at least 18 years of age. We do not knowingly collect, use, or disclose personal information from children under 16 years of age (or the applicable age of consent in your jurisdiction).

If we become aware that we have collected personal information from a child without verification of parental consent, we will take steps to delete that information promptly. If you believe we may have collected information from a child, please contact us immediately at info@mgr.jewelry.

13. Marketing Communications

With your consent (where required by law), we may send you marketing communications about our services, industry news, and special offers. You have the right to opt out of marketing communications at any time by:

• Clicking the "unsubscribe" link in any marketing email
• Contacting us at info@mgr.jewelry
• Updating your communication preferences in your account settings

Please note that even if you opt out of marketing communications, we may still send you transactional or service-related communications (e.g., order confirmations, project updates, policy changes).

14. Third-Party Links and Services

Our website may contain links to third-party websites, services, or applications that are not operated by us. This includes social media platforms, payment processors, and other external services.

We are not responsible for the privacy practices, content, or security of these third-party sites. We encourage you to review the privacy policies of any third-party sites you visit. The inclusion of a link does not imply endorsement of the linked site by MGR Jewelry.

15. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or other factors. When we make changes, we will:

• Update the "Last Updated" date at the top of this policy
• Post the revised policy on our website
• For material changes, provide notice through email or a prominent website notice

We encourage you to review this Privacy Policy periodically to stay informed about how we protect your information. Your continued use of our website or services after any changes constitutes acceptance of the updated policy.

16. Contact Us and Supervisory Authorities

Supervisory Authorities

If you are located in the European Union or United Kingdom and believe we have not adequately addressed your privacy concerns, you have the right to lodge a complaint with your local data protection authority:

• Italy: Garante per la protezione dei dati personali - www.garanteprivacy.it
• United Kingdom: Information Commissioner's Office (ICO) - ico.org.uk
• Other EU Countries: Visit EDPB member list to find your local authority

We would appreciate the opportunity to address your concerns directly before you contact a supervisory authority.