Your cart
Atelier visit is by appointment only | Wednesday - Saturday 12.00 -19.00

Privacy Policy

1. Introduction

Thank you for your interest in our website and online shop. In this Privacy Policy, we inform you about how we process personal data when you visit our website, contact us, place an order, subscribe to our newsletter or otherwise use our services.

Personal data means any information relating to an identified or identifiable natural person, such as name, address, email address, order details, payment information, IP address or communication data.

We process personal data in accordance with the General Data Protection Regulation (GDPR), the German Federal Data Protection Act (Bundesdatenschutzgesetz – BDSG), the German Telecommunications Digital Services Data Protection Act (Telekommunikation-Digitale-Dienste-Datenschutz-Gesetz – TDDDG) and other applicable data protection laws.

We process your personal data only where there is a legal basis for doing so, in particular where processing is necessary for the performance of a contract, compliance with legal obligations, our legitimate interests, or where you have given your consent.

2. Controller

The controller responsible for the processing of personal data is:

Inna Nechyporenko (INNAN)
Mulackstraße 23
10119 Berlin
Germany
Email: info@innan-jewellery.com
Tel.: +49 176 66484642

We have not appointed a data protection officer, as we are not legally required to do so.

3. Accessing Our Website

When you visit our website, we automatically process certain technical data that your browser transmits to our server. This may include:

  • IP address
  • date and time of access
  • requested page or file
  • referrer URL
  • browser type and version
  • operating system
  • access status/HTTP status code
  • amount of data transferred

We process this data to provide the website, ensure technical stability and security, and prevent misuse. The legal basis is Art. 6(1)(f) GDPR. Our legitimate interest is the secure and reliable operation of our website.

Our website and online shop are operated via Shopify. In addition, we use one.com as our hosting provider.

4. Orders and Customer Accounts

If you place an order in our online shop, we process the personal data required to process and fulfil your order. This may include:

  • name
  • billing and shipping address
  • email address
  • telephone number, if provided or required for delivery
  • order details
  • payment information
  • delivery and shipping information
  • customer communication

We process this data for the purpose of handling your order, delivering the products, processing payments, providing customer service and managing returns, exchanges or warranty matters. The legal basis is Art. 6(1)(b) GDPR.

Where we are legally required to retain order, invoice or tax-related information, the legal basis is Art. 6(1)(c) GDPR.

Statutory retention obligations remain unaffected.

5. Contacting Us

If you contact us by email, contact form, telephone, social media message or otherwise, we process the data you provide in order to respond to your enquiry.

This may include your name, contact details, message content and any related communication data.

The legal basis is Art. 6(1)(b) GDPR if your enquiry relates to a contract or pre-contractual measures, and otherwise Art. 6(1)(f) GDPR. Our legitimate interest is responding to enquiries and communicating with customers and interested persons.

6. Payment Processing

Payments are processed by the payment service provider selected during checkout. Depending on the payment method, payment data may be transmitted to the relevant payment service provider.

The legal basis for payment processing is Art. 6(1)(b) GDPR. Where processing is required for accounting, tax or legal compliance purposes, the legal basis is Art. 6(1)(c) GDPR.

We currently use Shopify Payments / Shopify and PayPal to process payments. Through Shopify Payments, customers may be offered payment methods such as credit card payments, Shop Pay and local payment methods such as Bancontact, EPS and iDEAL/Wero, depending on availability during checkout.

Payment service providers may process data as independent controllers. Their own privacy notices may apply.

7. Shipping and Delivery

For the delivery of orders, we may transmit necessary delivery data to shipping providers. This may include your name, shipping address, email address, telephone number, order reference and shipment details.

The legal basis is Art. 6(1)(b) GDPR.

We currently use DHL and UPS Express Saver as shipping providers.

8. Newsletter and Email Marketing

If you subscribe to our newsletter, we process your email address and, where applicable, your name and preferences for the purpose of sending marketing emails.

We use Mailchimp to send and manage our newsletter. Mailchimp is provided by The Rocket Science Group, LLC d/b/a Mailchimp, c/o Corporation Service Company (CSC), 2 Sun Court, Suite 400, Peachtree Corners, GA 30092, United States. Mailchimp processes personal data on our behalf for the purpose of sending newsletters, managing subscriptions and, where applicable, analysing newsletter performance. Personal data may be transferred to the United States. Where personal data is transferred outside the EEA, appropriate safeguards are used, such as standard contractual clauses, certification under an applicable data protection framework, or other safeguards permitted under GDPR.

Newsletter subscriptions are based on your consent pursuant to Art. 6(1)(a) GDPR. You may withdraw your consent at any time with effect for the future by clicking the unsubscribe link in any newsletter or by contacting us at info@innan-jewellery.com.

We may use a double opt-in procedure to verify your subscription. In this case, we store the subscription and confirmation time as well as the IP address used, in order to document consent. The legal basis for this documentation is Art. 6(1)(f) GDPR. Our legitimate interest is proving that consent was validly obtained.

9. Cookies and Similar Technologies

Our website uses cookies and similar technologies. Cookies are small text files stored on your device.

We use technically necessary cookies to operate the website, provide core shop functions, remember shopping cart contents, enable checkout and ensure security. These cookies are necessary for the website to function.

We may also use optional cookies or similar technologies for analytics, marketing, personalisation or external content, but only where legally required with your prior consent.

The legal basis for technically necessary cookies is Art. 6(1)(f) GDPR and, where applicable, Section 25(2) TDDDG. Our legitimate interest is the secure and functional operation of our website.

The legal basis for optional analytics, marketing and similar cookies is your consent pursuant to Art. 6(1)(a) GDPR and, where applicable, Section 25(1) TDDDG.

You can manage or withdraw your cookie consent at any time through our cookie settings provided via the Complianz Consent App.

10. Analytics, Marketing and Advertising Tools

We only use analytics, marketing or advertising tools where they are technically implemented on our website and, where required, after you have given your consent.

Such tools may help us understand how visitors use our website, improve our online shop, measure the effectiveness of advertising or display relevant content.

The legal basis is your consent pursuant to Art. 6(1)(a) GDPR and, where applicable, Section 25(1) TDDDG.

We may use the following analytics, marketing and advertising tools, subject to your consent where required: Google Analytics, Google Ads, Meta Pixel, Pinterest Tag and Shopify Analytics.

If you do not give your consent, optional analytics, marketing and advertising cookies will not be used, unless they are technically necessary for the operation of the website.

11. Social Media

We maintain profiles on social media platforms and may link to them from our website. If you click such links or interact with our social media profiles, the respective platform provider may process your personal data under its own responsibility.

We maintain profiles on Instagram, Facebook and Pinterest.

We have no full control over the data processing carried out by social media platforms. Please refer to the privacy notices of the respective platforms for further information.

Our website may include embedded content, such as videos, a 360° atelier tour and Pinterest sharing functions. If you interact with such embedded content or sharing functions, the respective third-party provider may process personal data under its own responsibility. Where legally required, such content will only be loaded after you have given your consent.

12. Recipients of Personal Data

We may share personal data with the following categories of recipients where necessary:

  • ecommerce platform and hosting providers
  • payment service providers
  • shipping and logistics providers
  • newsletter and email service providers
  • IT, maintenance and support providers
  • tax advisors, accountants, legal advisors and authorities, where legally required
  • analytics, marketing or advertising providers, where used with consent

We only share personal data where necessary for the purposes described in this Privacy Policy, where legally required, where you have consented, or where we have a legitimate interest.

13. International Data Transfers

Some of the service providers we use may process personal data outside the European Economic Area (EEA), in particular in the United States, Canada or other third countries.

Where personal data is transferred to countries outside the EEA, we ensure that appropriate safeguards are in place, such as an adequacy decision by the European Commission, standard contractual clauses, certification under an applicable data protection framework, or other safeguards permitted under GDPR.

The service providers we use or may use in this context include Shopify, Google, Meta, Pinterest, Stripe, PayPal and, where applicable, Mailchimp or another newsletter provider.

14. Retention Periods

We retain personal data only for as long as necessary for the purposes for which it was collected, or as required by statutory retention obligations.

Order, invoice and tax-related data may be retained for statutory retention periods under commercial and tax law, generally for six or ten years.

Data processed on the basis of consent is retained until you withdraw your consent, unless another legal basis or statutory retention obligation applies.

Server log files are retained only for as long as necessary for security and technical purposes.

15. Your Rights

Subject to the legal requirements, you have the following rights under GDPR:

  • right of access
  • right to rectification
  • right to erasure
  • right to restriction of processing
  • right to data portability
  • right to object to processing based on legitimate interests
  • right to withdraw consent at any time with effect for the future
  • right to lodge a complaint with a data protection supervisory authority

Where we process your personal data for direct marketing purposes, you have the right to object to such processing at any time. In that case, we will no longer process your personal data for direct marketing purposes. This right follows from Art. 21 GDPR.

To exercise your rights, please contact us at:

Inna Nechyporenko (INNAN)
Mulackstraße 23
10119 Berlin
Germany
Email: info@innan-jewellery.com
Tel.: +49 176 66484642

16. Obligation to Provide Data

You are not legally required to provide personal data when simply visiting our website. However, certain data is technically necessary to operate the website.

If you wish to place an order, contact us, create a customer account or subscribe to the newsletter, certain personal data is necessary for the respective purpose. Without this data, we may not be able to provide the requested service, process your order or respond to your enquiry.

17. Data Security

We take appropriate technical and organisational measures to protect personal data against loss, misuse, unauthorised access, disclosure, alteration or destruction.

Our website uses SSL/TLS encryption where personal data is transmitted.

18. Updates to This Privacy Policy

We may update this Privacy Policy from time to time, for example due to changes to our website, services, technologies or legal requirements.

This Privacy Policy is currently valid as of May 2026.