Last Updated: May 5, 2025
Summary
Goldshape, a Belgium-based custom jewelry designer, respects your privacy and processes personal data under the EU’s GDPR (as implemented by the Belgian Data Protection Act of 30 July 2018) , California’s CCPA , Brazil’s LGPD , Canada’s PIPEDA , and Australia’s Privacy Act 1988 . We collect only the information you provide—contact details, appointment preferences, and, for heartbeat jewelry orders, your exported heartbeat curve file—and use it solely to fulfil our services, communicate with you, and meet legal obligations. You have rights to access, correct, delete, or restrict your personal data, and we honour jurisdiction-specific rights under each applicable law.
1. Data Controller
Goldshape
Website: https://goldshape.be
Contact Email: hello@goldshape.be
2. Information We Collect
We collect the following personal data when you provide it:
Contact & Scheduling Data: name, email, phone number, appointment date/time.
Order Data: heartbeat-curve file you export and upload when purchasing custom heartbeat jewelry.
Payment Data: payment method identifiers (e.g., last four digits of your card), handled securely by third-party payment processors.
Technical Data: IP address, browser type, device identifiers, and cookies (see our Cookie Policy).
3. How We Use Your Information
Service Fulfillment: schedule appointments and craft custom jewelry per your specifications.
Order Processing: receive, process, and ship your heartbeat-curve jewelry worldwide.
Communications: send confirmations, updates, and respond to inquiries.
Legal Compliance: maintain records for accounting, tax, and regulatory obligations.
4. Legal Bases for Processing
Under the GDPR, our lawful bases include:
Contractual Necessity: to perform our contract with you.
Consent: when you opt in to marketing communications.
Legitimate Interests: to improve our website and services, provided this does not override your rights.
5. Sharing Your Data
We do not sell your personal information. We share data only with:
Service Providers: payment processors, hosting providers, and fulfillment partners bound by confidentiality agreements.
Legal Authorities: if required by law or to protect our rights.
6. Data Retention
Appointment & Order Records: retained up to 5 years per Belgian accounting and tax laws.
Heartbeat-Curve Files: kept until the order is processed.
Analytics & Cookies: retained according to our Cookie Policy.
7. International Data Transfers
When transferring data outside the EEA, we use:
Adequacy Decisions: only to countries recognized by the EU Commission.
Standard Contractual Clauses: to ensure EU-level protections under the GDPR.
8. Your Rights
Under the GDPR, you may access, correct, erase, restrict, or port your data, and object to processing at any time. You also have the right to lodge a complaint with the Belgian Data Protection Authority.
9. Jurisdiction-Specific Notices & Rights
9.1 Belgium (GDPR & Belgian Data Protection Act)
Belgium transposed the GDPR via the Data Protection Act of 30 July 2018, overseen by the Belgian Data Protection Authority.
9.2 California (CCPA)
California residents may request disclosure of categories of personal data collected, request deletion, and are protected from discrimination for exercising these rights.
California residents have the right to opt out of the sale or sharing of their personal information. While we do not sell your personal data for monetary value, some data may be considered ‘shared’ under California law (e.g., for analytics or personalization). If applicable, you may exercise your right to opt out by visiting our “Opt out preferences” page.
9.3 Brazil (LGPD)
Brazilian residents have ARCO rights—Access, Rectification, Cancellation, Opposition—and may complain to Brazil’s ANPD.
9.4 Canada (PIPEDA)
Under PIPEDA, you may withdraw consent, access your data, correct inaccuracies, and file complaints with the Privacy Commissioner of Canada.
9.5 Australia (Privacy Act 1988)
Australian APP entities must adhere to 13 Privacy Principles; you have the right to access, correct, and remain anonymous where practicable.
9.6 United States (General)
Residents of certain U.S. states may have rights similar to those provided under the CCPA/CPRA, including the rights to access, correct, or delete personal data, and to opt out of targeted advertising. Please contact us at hello@goldshape.be for more information or to exercise your rights.
10. Final Sale of Heartbeat Jewelry
All orders for custom heartbeat jewelry are Final Sale—they cannot be cancelled, returned, or exchanged, in accordance with Article 16(c) of the EU Consumer Rights Directive 2011/83/EU, which exempts goods made to the consumer’s specifications from withdrawal rights.
11. Changes to This Policy
We review and update this Policy regularly. This version’s Last Updated date appears at the top, and material changes will be communicated in advance where required by law.
12. Contact Information
For any questions or to exercise your data rights, contact us at:
Email: hello@goldshape.be