Website Policies
GDPR / UK Privacy Notice
GDPR / UK Privacy Notice
This GDPR / UK Privacy Notice supplements our Privacy Policy for individuals located in the European Economic Area, Switzerland, and the United Kingdom.
-
Controller
Crystal Lovoi, Inc., Los Angeles, California, is the controller of personal data collected through the Site unless otherwise stated. Contact: info@crystallovoi.com.
-
Categories of Personal Data We Collect
Depending on your interactions with us, we may process identifiers, contact details, billing and shipping details, purchase history, service history, communications, preferences, device identifiers, IP address, cookie identifiers, browsing activity, geolocation derived from IP, fraud-prevention signals, marketing engagement data, and other information described in our Privacy Policy.
-
Sources of Personal Data
We may collect personal data directly from you, automatically through your use of our Site and communications, from service providers, analytics providers, advertising partners, payment providers, social media platforms, public sources, and other lawful third-party sources.
-
Purposes of Processing
We may process personal data to:
-
provide products, bespoke services, repairs, consultations, and client support;
-
process transactions, payments, shipping, returns, and aftercare;
-
create and maintain customer records and preferences;
-
personalize content, recommendations, and client experiences;
-
operate, secure, troubleshoot, and improve our Site and business operations;
-
conduct analytics, measurement, auditing, forecasting, and internal reporting;
-
detect, prevent, investigate, and respond to fraud, misuse, and security incidents;
-
send marketing communications and administer preferences;
-
comply with legal, tax, accounting, regulatory, and law-enforcement obligations;
-
establish, exercise, or defend legal claims.
-
Legal Bases for Processing
We rely on one or more lawful bases, including:
-
performance of a contract or steps requested prior to entering a contract;
-
legitimate interests, including brand protection, fraud prevention, service improvement, analytics, and client relationship management where balanced against your rights;
-
compliance with legal obligations;
-
your consent where required, which may be withdrawn at any time without affecting prior lawful processing.
-
Recipients of Personal Data
We may share personal data with ecommerce platforms, payment processors, logistics providers, repair or service partners, technology vendors, hosting providers, analytics providers, advertising partners, professional advisors, auditors, insurers, corporate transaction counterparties, and governmental or regulatory authorities where required by law. We do not authorize processors to use personal data for their own unrelated purposes except as permitted by law or disclosed to you.
-
International Transfers
Because we operate internationally, personal data may be transferred outside your jurisdiction, including to the United States. Where required, we use appropriate safeguards such as Standard Contractual Clauses, adequacy decisions, supplementary measures, or other recognized transfer mechanisms.
-
Retention
We retain personal data for as long as reasonably necessary for the purposes collected, including maintaining our relationship with you, providing services, recordkeeping, warranty and repair history, fraud prevention, dispute resolution, tax, accounting, and legal compliance. Retention periods may vary depending on the nature of the data and legal requirements.
-
Your Rights
Subject to applicable law, you may have the right to:
-
request access to your personal data;
-
request correction of inaccurate data;
-
request erasure;
-
request restriction of processing;
-
object to processing based on legitimate interests;
-
object to direct marketing at any time;
-
request data portability where applicable;
-
withdraw consent where processing is based on consent;
-
lodge a complaint with your local supervisory authority or the UK Information Commissioner's Office.
-
Automated Decision-Making
We do not make decisions based solely on automated processing that produce legal or similarly significant effects, except where permitted by law and with required safeguards.
-
Cookies and Similar Technologies
Where required, we seek consent before placing non-essential cookies or similar technologies. You may manage preferences through our consent tools or browser settings. Please also see Section 10 (Your Privacy Choices) and Section 5 (Cookie Policy).
-
How to Exercise Rights
To exercise applicable rights or ask questions regarding this Notice, contact info@crystallovoi.com. We may request information necessary to verify your identity before responding.