Privacy Policy | Splendido e.U.
The protection of your personal data is important to us. In this privacy policy, we transparently inform you about the collection, processing, and use of your data when visiting and using our online shop at www.splendido.at, in accordance with the General Data Protection Regulation (GDPR), the Austrian Data Protection Act (DSG), and the Telecommunications Act 2021 (TKG).
1. Controller
Splendido e.U.
Dayana Bahchevanova
Neubaugasse 24, 8020 Graz, Austria
Phone: +43 681 20808264
Email: info@splendido.at
Web: www.splendido.at
VAT Number: ATU80669028
Company Register Number: FN 627740 y
Company Court: Regional Court for ZRS Graz
For questions about data protection or to exercise your rights, please contact info@splendido.at.
We have not appointed a data protection officer as the legal requirements under Art. 37 GDPR are not met.
2. Collection and Processing of Personal Data
2.1 Website Visit (Server Log Files)
When you visit our website, technical data is automatically collected and stored in server log files: IP address, date and time of access, pages and files accessed, amount of data transferred, referrer URL, browser type, operating system.
- Purpose: Ensuring technical functionality, system security (e.g., detection and prevention of attacks), and optimization of user-friendliness.
- Legal Basis: Art. 6 para. 1 lit. f GDPR (legitimate interest in a secure and functional online shop).
- Storage Duration: Usually 30 days. Longer storage only occurs in case of security-relevant incidents.
2.2 Orders / Online Shop
For order processing, we collect: first and last name, billing and delivery address, email address, phone number (if provided), and payment information. Payment data is processed solely for the execution of the purchase contract and passed on to the respective payment service providers (see section 5).
- Purpose: Contract fulfillment, invoicing, shipping, and customer support.
- Legal Basis: Art. 6 para. 1 lit. b GDPR (contract performance) and Art. 6 para. 1 lit. c GDPR (legal obligations, especially tax retention obligations under § 132 BAO).
- Storage Duration: Customer data will be deleted upon request after the contract relationship ends. Accounting-relevant data (invoices, order documents) will be retained for 7 years in accordance with § 132 para. 1 BAO.
2.3 Customer Account
Optionally, you can create a customer account to manage your orders, save delivery addresses, and speed up future orders.
- Collected Data: Email address, name, password (stored encrypted), optional delivery/billing addresses, order history.
- Legal basis: Art. 6 para. 1 lit. b GDPR (contract fulfillment).
- Storage duration: The customer account remains active until you request deletion. Deletion is possible at any time upon request at info@splendido.at.
2.4 Contact Form and Direct Email Communication
When using our contact form or email inquiries, we collect: name, email address, and other information you voluntarily provide to process your request.
- Legal basis: Art. 6 para. 1 lit. a GDPR (consent by submitting the request) or Art. 6 para. 1 lit. b GDPR (for pre-contractual inquiries).
- Storage duration: Until your request is finally processed, then deletion unless legal retention obligations prevent this.
2.5 Newsletter
When subscribing to the newsletter, we use your email address to send information about products, offers, and news from Splendido e.U.
- Procedure: Double opt-in (after registration, you will receive a confirmation email with an activation link).
- Unsubscribe: possible at any time via the unsubscribe link in every newsletter email or by email to info@splendido.at.
- Legal basis: Art. 6 para. 1 lit. a GDPR (consent) in conjunction with § 174 para. 5 TKG 2021.
- Storage duration: Until consent is withdrawn.
3. Cookies and Tracking Technologies
Our online shop uses cookies and similar technologies, divided into four categories. A complete, automatically updated overview of all cookies used (name, provider, storage duration, purpose) can be found in our Cookie Policy.
3.1 Technically Necessary Cookies
These cookies are necessary for the operation of the shop (e.g., shopping cart, security, checkout, language settings). They cannot be disabled.
Legal basis: § 165 para. 3 TKG 2021 in conjunction with Art. 6 para. 1 lit. f GDPR.
3.2 Functional Cookies
These cookies enable convenience features such as automatic translation, recently viewed products, or saved preferences.
Legal basis: Art. 6 para. 1 lit. a GDPR (consent) in conjunction with § 165 para. 3 TKG 2021.
3.3 Performance/Statistics Cookies
We use the following analytics tools only with your consent:
Google Analytics 4 (GA4)
Provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.
GA4 operates with Google Consent Mode v2 enabled and IP anonymization. Without your consent, no personal data is transmitted to Google (only aggregated, cookie-free pings for statistical modeling).
Storage duration of GA4 data records: 14 months.
Shopify Analytics
Provider: Shopify International Ltd., Dublin, Ireland (see section 4).
Microsoft Clarity
Provider: Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA. In the EU: Microsoft Ireland Operations Limited, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, Ireland.
Purpose: Analysis of user behavior through heatmaps, session recordings, scroll and click tracking to optimize usability and the checkout process.
Processed data: truncated IP address, device and browser information, approximate location (country/region), interactions on the website, page views, duration of stay, referrer URL. Sensitive form entries (passwords, payment data) are masked by default.
With consent, Microsoft Clarity sets cookies including _clck (1 year), _clsk (1 day), CLID (1 year), MUID (1 year), ANONCHK (10 minutes), MR (7 days), SM (session). Without consent, no cookies are set; Microsoft Clarity then operates in cookieless mode without processing identifying data.
Microsoft Clarity is operated within Microsoft cloud services certified according to ISO 27018 (protection of personal data in public clouds) and ISO 27701 (Privacy Information Management System).
Data transfer to the USA based on the EU-U.S. Data Privacy Framework (Microsoft Corporation is certified), supplemented by Standard Contractual Clauses (SCC) according to Art. 46 GDPR.
Note: Microsoft Clarity is currently not part of Microsoft’s EU Data Boundary. Processing mainly takes place on servers in the USA, secured by the aforementioned guarantees (DPF and Standard Contractual Clauses).
Storage duration: up to 13 months pseudonymized, unless revoked earlier.
Data processing agreement according to Art. 28 GDPR: Microsoft provides a unified Data Protection Addendum (DPA) for all commercial services, available at microsoft.com/licensing/docs/view/Microsoft-Products-and-Services-Data-Protection-Addendum-DPA.
More information: privacy.microsoft.com/de-de/privacystatement and clarity.microsoft.com.
Legal basis: Art. 6 para. 1 lit. a GDPR (consent) in conjunction with § 165 para. 3 TKG 2021.
3.4 Marketing and targeting cookies
We use the following marketing tools only with your consent:
Google Ads
Provider: Google Ireland Limited, Dublin, Ireland. Purpose: Conversion tracking, remarketing, optimization of advertisements.
Meta/Facebook Pixel (via Shopify Facebook & Instagram Channel)
Provider: Meta Platforms Ireland Ltd., 4 Grand Canal Square, Dublin 2, Ireland. Purpose: conversion tracking, remarketing, audience building for advertisements. The pixel is operated via the official Shopify Facebook & Instagram Channel using the Shopify Customer Privacy API and automatically respects your cookie consent.
Klaviyo (email marketing and pop-ups)
Provider: Klaviyo Inc., 125 Summer Street, Boston, MA 02110, USA.
EU representative according to Art. 27 GDPR: European Data Protection Office (EDPO), Ground Floor, 71 Lower Baggot Street, Dublin D02 P593, Ireland. Contact via the official request form: edpo.com/gdpr-data-request/
Purpose: Newsletter registration, lead generation pop-ups, email marketing campaigns, customer segmentation. Data transfer to the USA based on the EU-U.S. Data Privacy Framework (see item 8). Set cookies include, among others, __kla_id (visitor identification).
Legal basis: Art. 6 para. 1 lit. a GDPR (consent) in conjunction with § 165 para. 3 TKG 2021.
3.5 Consent and withdrawal
On your first visit to our website, you will have the option via our cookie banner to give your consent for each category individually, accept all cookies, or reject all marketing and analytics cookies.
- Consent management: Pandectes GDPR Cookie Consent (Pandectes Ltd., based in Cyprus), integrated with the Shopify Customer Privacy API.
- Withdrawal of consent: You can withdraw your consent at any time by clicking the cookie icon at the bottom left of each page and adjusting your selection.
- Validity: Consent is stored for 12 months from the time of granting; afterwards, you will be asked to make a decision again.
4. Platform: Shopify
Our online shop is operated via the Shopify platform.
- Provider for EU customers: Shopify International Ltd., 2nd Floor Victoria Buildings, 1-2 Haddington Road, Dublin 4, D04 XN32, Ireland.
- Parent company: Shopify Inc., 151 O’Connor Street, Ottawa, Canada. An adequacy decision by the EU Commission (Art. 45 GDPR) exists for Canada, ensuring an adequate level of data protection.
- Data processing agreement (DPA): exists according to Art. 28 GDPR.
- Categories of processed data: Shop data, order data, customer data, payment and analytics data.
Shopify Network Intelligence: Within the Shopify infrastructure, aggregated, pseudonymized usage data is used to improve AI functions (e.g., Shopify Magic), fraud detection, and marketing recommendations. Other merchants do not have access to your data.
Legal basis: Art. 6 para. 1 lit. f GDPR (legitimate interest in platform security and optimization).
5. Payment Service Providers
To process payments, we pass your payment data to the following service providers:
- Shopify Payments (Stripe): Stripe Payments Europe Ltd., 1 Grand Canal Street Lower, Dublin 2, Ireland.
- PayPal: PayPal (Europe) S.à r.l. et Cie, S.C.A., 22-24 Boulevard Royal, 2449 Luxembourg.
- Klarna: Klarna Bank AB (publ), Sveavägen 46, 111 34 Stockholm, Sweden.
- Apple Pay / Google Pay: Apple Distribution International Ltd., Ireland / Google Ireland Ltd., Ireland.
Legal basis: Art. 6 para. 1 lit. b GDPR (contract fulfillment).
6. Shipping Service Providers
For shipping your orders, we pass on your name and delivery address to the following shipping partners:
- Österreichische Post AG: Rochusplatz 1, 1030 Vienna.
- DHL: Deutsche Post DHL Group, 53113 Bonn, Germany.
Legal basis: Art. 6 para. 1 lit. b GDPR (contract fulfillment).
7. Apps and Third-Party Services Used
7.1 Google & YouTube Sales Channel
Integration with Google Merchant Center, Google Ads, and YouTube for product listing and advertising purposes.
- Provider: Google Ireland Limited, Dublin, Ireland.
- Legal basis: Art. 6 para. 1 lit. a GDPR (consent for marketing functions).
7.2 Translation App (Translation Lab)
Purpose: Automatic translation of our website content into your preferred language. Stores your language preference in a functional cookie.
- Legal basis: Art. 6 para. 1 lit. a GDPR (consent for functional cookies).
7.3 Email Marketing and Pop-ups (Klaviyo)
Purpose: Sending newsletters, automated email marketing campaigns, displaying pop-ups for lead generation (e.g., discount promotions), segmentation of customer groups.
- Provider: Klaviyo Inc., 125 Summer Street, Boston, MA 02110, USA.
- EU representative according to Art. 27 GDPR: European Data Protection Office (EDPO), Ground Floor, 71 Lower Baggot Street, Dublin D02 P593, Ireland. Contact via the official request form: edpo.com/gdpr-data-request/
- Processed data: Email address, name (optional), order history, interactions with our emails and our website.
- Data transfer to third countries: USA, based on the EU-U.S. Data Privacy Framework (Klaviyo Inc. is certified under DPF). Additionally, standard contractual clauses (SCC) according to Art. 46 GDPR are used.
- Legal basis: Art. 6 para. 1 lit. a GDPR (consent through newsletter registration or double opt-in), in conjunction with § 174 para. 5 TKG 2021.
- Storage duration: Until you withdraw your consent (you can unsubscribe at any time via the unsubscribe link in every email).
7.4 Cookie Consent Management (Pandectes)
See section 3.5.
7.5 Analysis and UX Tool (Microsoft Clarity)
See section 3.3.
7.6 EU revocation button (Revoq)
To fulfill the legal obligation to provide consumers with an easily accessible revocation button, we use the Revoq app. You can electronically submit your contract revocation via the form on the "Revoke contract" page.
Processed data: Order number, name, email address, and your information regarding the revocation.
Purpose: Receipt, processing, and documentation of your contract revocation.
Legal basis: Art. 6 para. 1 lit. c GDPR (fulfillment of a legal obligation) in conjunction with Art. 6 para. 1 lit. b GDPR (performance of the contract).
Processor: Processing is carried out by the provider of the Revoq app as a processor based on a data processing agreement (DPA). The data is hosted on servers within the EU; no transfer to third countries takes place.
Storage duration: The data is stored for the duration of processing as well as within the framework of legal retention and documentation obligations and then deleted.
8. Data transfer to third countries
Some of the services used transfer data to servers outside the European Union, especially to the USA and Canada. We ensure the protection of your data on the following bases:
- USA: Transfer based on the EU-U.S. Data Privacy Framework (Adequacy decision of the EU Commission dated July 10, 2023, C(2023)4745). Certified recipients: Google LLC, Meta Platforms Inc., Microsoft Corporation, Klaviyo Inc. Where additional guarantees are required, Standard Contractual Clauses (SCC) according to Art. 46 GDPR are concluded.
- Canada: Adequacy decision of the EU Commission according to Art. 45 GDPR (Decision 2002/2/EC).
9. Your rights as a data subject
Under the GDPR, you have the following rights:
- Information (Art. 15 GDPR): Information about the data stored about you.
- Correction (Art. 16 GDPR): Correction of incorrect or completion of incomplete data.
- Deletion (Art. 17 GDPR): Deletion of your data. Note: Data required for legal or tax obligations (e.g., invoices that must be retained for 7 years according to § 132 BAO) cannot be deleted before the retention period expires.
- Restriction of processing (Art. 18 GDPR).
- Data portability (Art. 20 GDPR): Provision of your data in a common, machine-readable format.
- Revocation of granted consents (Art. 7 para. 3 GDPR): at any time with effect for the future.
- Objection to processing based on legitimate interests (Art. 21 GDPR), especially against direct advertising.
To exercise your rights, you can contact us directly by email at info@splendido.at. We will respond to your request within 30 days (Art. 12 para. 3 GDPR).
10. Right to Complain to the Supervisory Authority
You have the right to file a complaint with the competent supervisory authority (Art. 77 GDPR):
Austrian Data Protection Authority (DSB)
Barichgasse 40-42, 1030 Vienna, Austria
Phone: +43 1 52 152-0
Email: dsb@dsb.gv.at
Web: www.dsb.gv.at
11. Data Security
We implement technical and organizational security measures to protect your data from unauthorized access, loss, or misuse:
- SSL/TLS Encryption (256-bit) for all data transmissions between your browser and our servers (HTTPS).
- Password Hashing for customer accounts.
- Access controls and regular updates of our security standards.
- Contractual obligation of all processors to comply with the GDPR.
12. Storage Duration — Overview
| Data Category | Storage Duration |
|---|---|
| Server Log Files | 30 days |
| Customer Account | until deletion by the customer |
| Order Data (Accounting) | 7 years according to § 132 BAO |
| Newsletter Subscription | until revocation |
| Contact Requests | until final processing |
| Cookie Consent | 12 months |
| Google Analytics 4 | 14 months |
| Microsoft Clarity | up to 13 months |
13. Changes to this Privacy Policy
This privacy policy may be updated due to legal changes, new service providers, or technical adjustments. The current version is always available at www.splendido.at/pages/datenschutz. We will inform you appropriately of any significant changes.
14. Packaging Licensing
As a distributor of packaging, we fulfill our legal obligations in the countries to which we deliver:
🇩🇪 Germany — Packaging Act (VerpackG):
LUCID Registration Number: DE4314073376548 (Central Packaging Register Foundation, ZSVR)
Dual System: Interzero Recycling Alliance (licensed via Activate by Lizenzero, contract number 102243)
All sales and shipping packaging we place on the market in Germany are licensed according to § 7 VerpackG with an approved dual system and reported to the ZSVR as part of the annual data submission according to § 10 VerpackG.
Public Register: https://oeffentliche-register.verpackungsregister.org
🇦🇹 Austria — Waste Management Act (AWG) and Packaging Ordinance 2014 (VerpackVO):
ARA License Number: 28148
Collection and Recycling System: Altstoff Recycling Austria AG (ARA), Mariahilfer Straße 123, 1062 Vienna
Portal: https://online.ara.at
All household packaging that we place on the market in Austria is licensed according to § 13g AWG with an approved collection and recycling system. The annual quantity report is submitted by January 15 of the following year.
🇳🇱 Netherlands:
Splendido e.U. is below the legal threshold of 50,000 kg of packaging per calendar year and is therefore exempt from registration and contribution obligations with Verpact (formerly Afvalfonds Verpakkingen). Packaging records are kept internally and can be presented upon official request.
15. Google Customer Reviews
We use the "Google Customer Reviews" service from Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland) to collect
Limited (Gordon House, Barrow Street, Dublin 4, Ireland), for the collection
and publication of reviews from our customers.
**Processed data after successful purchase:**
- Email address
- Order number
- Delivery country
- Estimated delivery date
- Product identifiers (SKU)
**Purpose:** Sending a voluntary customer satisfaction survey approx.
7–14 days after delivery. Participation is optional and only takes place after
active opt-in at checkout.
**Legal basis:** Consent according to Art. 6 para. 1 lit. a GDPR via
our cookie banner (category "Marketing"). Without consent, the
script not loaded.
**Third-country transfer:** Data may be transferred to servers of Google LLC in the
transferred to the USA. Google is certified under the **EU-US Data Privacy Framework**
certified. There is a data processing agreement with Google according to
Art. 28 GDPR.
**Storage duration:** According to Google's retention policies
(maximum 18 months for inactive users).
**Revocation:** You can revoke your consent at any time via the link
Revoke "Cookie Settings" in the footer.
**More information:**
- Google Privacy Policy: https://policies.google.com/privacy
- Google Customer Reviews Program: https://support.google.com/merchants/answer/7105653
16. Pinterest Tag and Conversions API
We use the Pinterest Tag and the Pinterest Conversions API from Pinterest Europe Ltd., Palmerston House, 2nd Floor, Fenian Street, Dublin 2, Ireland (hereinafter "Pinterest") on our website.
Tag ID: 2614237900906
Purpose: Collection of conversion data to measure the performance of our Pinterest campaigns, optimize ad delivery, and create targeted ads (e.g., retargeting).
Processed data:
- IP address (truncated)
- Browser and device information
- Pseudonymous identifiers (cookies, click IDs)
- Visited pages and performed actions (e.g., "Add to Cart," "Purchase")
- In case of server-side transmission via Conversions API: hashed email address and order information
Legal basis: Consent according to Art. 6 para. 1 lit. a GDPR via our cookie banner (category "Marketing"). Without active consent, the Pinterest tag will not be loaded and no data will be transmitted to Pinterest.
Third-Country Transfer: Data may be transferred to Pinterest, Inc. in the USA. Pinterest is certified under the EU-US Data Privacy Framework. Pinterest Europe Ltd. acts as a joint controller under Art. 26 GDPR for certain processing; a corresponding contract is in place.
Storage Duration: Pinterest stores the collected data according to their retention policies (cookies typically up to 1 year).
Revocation: You can revoke your consent at any time via the "Cookie Settings" link in the footer. Additionally, you can disable Pinterest advertising in your Pinterest account under "Settings → Privacy and Data."
More Information:
- Pinterest Privacy Policy: https://policy.pinterest.com/de/privacy-policy
- Pinterest Ad-Data Terms: https://policy.pinterest.com/de/ad-data-terms
- Contact Privacy Pinterest: privacy-support@pinterest.com
17. Special and Custom Orders (Made-to-Order Inquiries)
For selected jewelry pieces—especially rings that can be made to your size or as a custom order upon request—we provide an inquiry form ("Made to Your Size" or "Order Made to Measure") on the respective product page. Through this form, you can submit a non-binding inquiry for a custom order and request an individual indicative price offer.
Processed Data: First name, email address, desired ring size or a special size you specify, and the reference to the requested product (designation, item, and price as context of the inquiry). Technically, the time of the inquiry and your language setting are also processed.
Purpose: Processing your inquiry, creating an individual offer (indicative price), as well as related contact and correspondence.
Legal Basis: Art. 6 para. 1 lit. b GDPR (performance of pre-contractual measures carried out at your request). If a contract is subsequently concluded, further processing is governed by section 2.2 (Orders / Online Shop).
Recipients / Processors: For the technical handling of the inquiry and subsequent email communication, we use Klaviyo (see section 7.3). Klaviyo processes the data as a processor on our behalf; regarding third-country transfers and EU representation, the information in section 7.3 and section 8 applies.
Storage Duration: The data collected as part of a custom inquiry will be stored for 12 months from the last communication, unless a contract is concluded. If a contract is concluded, the statutory retention periods apply (see section 12). You can object to the processing at any time or request deletion (see section 9).
Status: June 24, 2026








