Privacy policy
Privacy Policy – WithMe BV
Last updated: 28 october 2025
This Privacy Policy explains how WithMe BV (“WithMe”, “we”, “our”, or “us”) collects, uses, and protects your personal data when you visit withme-jewelry.com, make a purchase, or otherwise interact with us.
We are committed to processing all personal data lawfully, fairly, and transparently in accordance with the EU General Data Protection Regulation (GDPR – Regulation (EU) 2016/679) and the Belgian Data Protection Act.
1. Data Controller
WithMe BV
Halmaalweg 123, 3800 Sint-Truiden, Belgium
Company number: BE1026641565
Email: info@withme-jewelry.com
WithMe BV acts as the data controller responsible for the processing of your personal data.
For all privacy-related questions or requests, you can contact our Data Protection Contact Person at privacy@withme-jewelry.com.
2. Categories of Personal Data We Collect
We may collect and process the following categories of data:
-
Identity and contact details: name, address, phone number, email address
-
Order and payment data: order details, payment status (processed securely via Shopify Payments)
-
Shipping information: delivery address and tracking details (via Sendcloud)
-
Personalization details: such as engraving text, symbolic references, or information related to a deceased person (processed with explicit consent)
-
Technical data: IP address, browser type, device information, operating system, cookies, and usage logs
-
Marketing and communication data: newsletter preferences, consent records, and message history (via Klaviyo and WhatsApp Business)
-
Social and advertising data: interaction with ads on Meta, TikTok, Pinterest, and Google Ads (based on consent)
3. Legal Bases and Purposes of Processing
We process your personal data only when a lawful basis under Article 6 GDPR applies:
| Purpose | Legal Basis |
|---|---|
| Processing and fulfilling your order | Contractual necessity |
| Customer service and support | Contractual necessity |
| Accounting and tax compliance | Legal obligation |
| Website analytics, performance, and security | Legitimate interest |
| Personalized marketing and remarketing | Consent |
| Storage of engraving or symbolic data | Explicit consent (Article 9(2)(a) GDPR) |
We do not process sensitive data without your explicit and informed consent.
4. Data Sharing and Processors
We only share your data with trusted partners necessary to operate our business.
Each partner either acts as a processor (under Article 28 GDPR) or an independent/joint controller under their own privacy framework.
| Category | Partner | Role under GDPR |
|---|---|---|
| Website & hosting | Shopify Inc. | Processor |
| Payment processing | Shopify Payments | Processor |
| Shipping & logistics | Sendcloud BV | Processor |
| Email marketing | Klaviyo Inc. | Processor |
| Customer communication | WhatsApp Business | Independent controller |
| Advertising & analytics | Meta, Google, TikTok, Pinterest | Independent or joint controllers |
All processors operate under Data Processing Agreements (DPAs) compliant with Article 28 GDPR. We maintain an up-to-date Processing Register documenting all such relationships.
5. International Data Transfers
Some partners may process data outside the European Economic Area (EEA) (e.g., the United States).
In such cases, transfers occur only when one of the following safeguards is in place:
-
Adequacy decision (e.g., EU–U.S. Data Privacy Framework)
-
Standard Contractual Clauses (SCCs) approved by the European Commission
-
Binding corporate rules ensuring equivalent protection
6. Data Retention
We retain your personal data only as long as necessary for its purpose, or as required by law.
| Type of Data | Retention Period |
|---|---|
| Order and invoicing data | 7 years (legal obligation) |
| Customer account data | 3 years after last interaction |
| Marketing and newsletter data | Until consent withdrawn or after 2 years of inactivity |
| Support correspondence | 2 years |
| Personalization (engraving, symbolic info) | Until order fulfillment, unless explicit consent for longer storage |
After these periods, data will be securely deleted or anonymized.
7. Data Security
We implement appropriate technical and organizational measures to protect your data against loss, misuse, or unauthorized access, including:
-
SSL/TLS encryption
-
Secure hosting via Shopify
-
Limited internal access based on role
-
Regular security updates and monitoring
While no system can be 100% secure, we take all reasonable precautions to minimize risk.
8. Cookies and Tracking Technologies
We use cookies and similar technologies for website functionality, analytics, and advertising.
Types of cookies used:
-
Essential cookies: required for core functionality (cart, checkout, language)
-
Analytical cookies: to analyze visitor behavior (Google Analytics)
-
Marketing cookies: for personalized ads (Meta Pixel, TikTok Pixel, Pinterest Tag, Google Ads)
-
Functional cookies: to remember preferences
Consent for non-essential cookies is collected through our Cookie Consent Banner, in accordance with the ePrivacy Directive and IAB TCF v2.2 standards.
You can manage or withdraw your consent anytime via our Cookie Settings or browser options.
9. Profiling and Automated Decision-Making
We do not make legal or similarly significant decisions based solely on automated processing. However, we use analytics and advertising algorithms to personalize content and measure campaign performance. If you believe such profiling affects you, you may request human review in accordance with Article 22(3) GDPR.
10. Your Data Protection Rights
Under the GDPR, you have the right to:
-
Access your personal data (Article 15)
-
Rectify inaccurate data (Article 16)
-
Erase data (“right to be forgotten”, Article 17)
-
Restrict processing (Article 18)
-
Object to processing (Article 21)
-
Withdraw consent at any time (Article 7(3))
-
Data portability (Article 20)
To exercise these rights, contact us at privacy@withme-jewelry.com.
We will respond within 30 days as required by law.
Right to lodge a complaint:
You may file a complaint with your national Data Protection Authority.
In Belgium: Gegevensbeschermingsautoriteit (GBA).
11. Minors
Our website is not intended for individuals under 16 years of age.
We do not knowingly collect data from minors.
If such data is found, it will be promptly deleted.
12. Liability and Limitations
While we take all reasonable measures to safeguard your personal data, WithMe BV cannot be held liable for security incidents or data loss caused by events beyond our reasonable control, including unauthorized third-party access or force majeure.
13. Updates to This Policy
We may update this policy periodically to reflect changes in law or business operations. The latest version will always be available on our website, with the “Last updated” date shown at the top.
14. Governing Law and Jurisdiction
This Privacy Policy and all related disputes are governed by Belgian law.
Any disputes shall fall under the exclusive jurisdiction of the Courts of Limburg, Belgium.