Privacy Policy

At Stardial, we care about your privacy. This Policy explains how we collect, use and protect your personal data when you visit our website, contact us, or use our services (including valuations, consignments, purchases, VIP access to Stardial+ and private viewings).

1. Data Controller

The data controller is Stardial, operating in Spain. For any privacy-related inquiries, you can contact us at northside.business23@gmail.com.

2. Data We Collect

• Identification & contact: name, email, phone/WhatsApp, city/country.
• Transaction data: watch/diamond details, valuation info, pricing, documents you provide (e.g., certificates).
• Access data (Stardial+): login, activity within the VIP area.
• Technical data: IP address, device/browser, pages visited, cookies (see our Cookies Policy).
• Communications: messages via forms, email, WhatsApp, calls or video meetings.

3. Purposes & Legal Bases (GDPR)

• Respond to inquiries and provide services (valuations, appointments, VIP access). Legal basis: performance of a contract or pre-contractual steps (Art. 6.1.b GDPR).
• Manage customer relationships and consignments/sales. Legal basis: performance of a contract (Art. 6.1.b) and legitimate interest (Art. 6.1.f).
• Marketing communications (e.g., dossiê downloads, newsletters) only if you opt in. Legal basis: consent (Art. 6.1.a). You can withdraw consent at any time.
• Security, fraud prevention and legal compliance (including KYC when needed). Legal basis: legal obligation (Art. 6.1.c) and legitimate interest (Art. 6.1.f).
• Analytics & website improvement. Legal basis: consent for analytics cookies (where required) and legitimate interest for basic security/operations.

4. Data Retention

We retain personal data only as long as necessary for the purposes described above and to comply with legal obligations. Typical retention: inquiries and contact data up to 24 months; contractual/transaction data up to 6–10 years pursuant to accounting/tax laws.

5. Data Sharing

We may share data with trusted providers strictly for the purposes above, such as: hosting, CRM, email/pixel, analytics, payment and logistics/insurance partners, ID verification (KYC) when applicable. All providers are bound by confidentiality and data processing agreements.

6. International Transfers

When service providers are located outside the EEA, we ensure appropriate safeguards under GDPR (e.g., Standard Contractual Clauses, adequacy decisions).

7. Your Rights

Under GDPR you may have the right to: access, rectify, erase, restrict processing, object, and data portability. You may also withdraw consent at any time for processing based on consent.

To exercise your rights, email us at northside.business23@gmail.com. Please include sufficient information to verify your identity.

8. Cookies

We use cookies for basic site functionality and (with consent) analytics/marketing. See our separate Cookies Policy for details and management options.

9. Security

We implement technical and organizational measures appropriate to the risk, including TLS encryption, access controls, and secure backups. No method of transmission or storage is 100% secure; however, we continuously improve our safeguards.

10. Minors

Our services are intended for adults. We do not knowingly collect data from children under 16. If you believe a minor has provided data to us, please contact us to remove it.

11. Updates

We may update this Policy from time to time. Material changes will be indicated on this page. Continued use of our services after changes means you accept the updated Policy.

Last updated: August 2025