Privacy policy

 

PRIVACY POLICY — AUREA STERLING

Last updated: [DATE OF PUBLICATION]


 

A note from us

At Aurea Sterling, we believe luxury begins with trust. The same care we put into crafting every piece of sterling silver and gold vermeil jewellery extends to how we treat your personal information. This Privacy Policy explains — in plain language — what data we collect, why we collect it, how we protect it, and the rights you have over it.

By using aureasterling.com (the "Site") or purchasing from us, you agree to the practices described below. If you do not agree, please do not use the Site or share your information with us.


 

1. Who we are

This Site is owned and operated by Aurea Gold and Diamonds LLP ("Aurea Sterling", "we", "us", or "our"), a Limited Liability Partnership registered under the laws of India, with its registered office in Surat, Gujarat, India.

For all data-related queries, you can reach our Grievance Officer at:

Email: care@aureasterling.com
Phone / WhatsApp: +91 99984-96004
Hours: Monday to Saturday, 10:00 AM to 7:00 PM IST
Response SLA: Within 7 (seven) business days of receipt, in compliance with the Digital Personal Data Protection Act, 2023 and the Information Technology Rules, 2011.

 

2. Information we collect

We collect personal data only when it is necessary to deliver our products, improve your experience, fulfil legal obligations, or communicate with you.

2.1 Information you provide to us

Identity & contact data: name, email address, phone number, billing address, shipping address.
Order data: items purchased, order value, payment method, transaction reference numbers (we do not store your full card or UPI credentials — see Section 4).
Account data: if you create an account, your login credentials (passwords are stored in encrypted hash form).
Communication data: messages you send us via email, WhatsApp, contact forms, or social media.
User-generated content: product reviews, ratings, photos, or videos you submit.
Marketing preferences: consent choices for email, SMS, WhatsApp, and push notifications.

2.2 Information collected automatically

When you visit the Site, we automatically collect:

Device information (browser type, operating system, device ID, IP address)
Usage data (pages visited, time spent, click paths, referring URLs)
Cookies and similar tracking technologies (see Section 6)
Approximate geolocation derived from your IP address

2.3 Information from third parties

We may receive data about you from:

Payment processors (Razorpay, Shopify Payments, PhonePe, Cashfree, Go Kwik) — transaction status and partial payment metadata
Logistics partners (Shiprocket, Delhivery, Bluedart, XpressBees, India Post) — delivery confirmations and address verification
Marketing platforms (Meta, Google, WhatsApp Business API providers such as Wati / Interakt / AiSensy) — campaign engagement and attribution data
Social login providers (if you sign in using Google) — your name, email, and profile photo

 

3. Why we collect your data (purpose of processing)

We process your personal data for the following lawful purposes:

Purpose

Lawful basis

To process and fulfil your orders

Contractual necessity

To deliver products and arrange returns/exchanges

Contractual necessity

To communicate order updates via email, SMS, WhatsApp

Contractual necessity

To process payments and prevent fraud

Contractual necessity & legal obligation

To send promotional offers, new launches, restock alerts

Consent (you can withdraw anytime)

To personalise your shopping experience and product recommendations

Legitimate interest

To run advertising on Meta (Facebook, Instagram), Google, and other platforms

Consent (via cookie banner)

To improve our Site, products, and customer service

Legitimate interest

To comply with tax, GST, and consumer protection laws

Legal obligation

To defend against legal claims or disputes

Legitimate interest

 

4. Payment data

We do not store your full credit card numbers, debit card numbers, CVVs, UPI PINs, or net-banking credentials on our servers. All payments are processed by PCI-DSS compliant payment gateways including Razorpay, Shopify Payments, and our integrated UPI partners. We only retain the minimum transaction reference data required for order reconciliation, refunds, and tax compliance.


 

5. How we share your data

We do not sell your personal data. Ever.

We share your data only with the following categories of recipients, and only to the extent necessary:

5.1 Service providers (data processors)

Shopify Inc. — e-commerce platform hosting
Razorpay / Shopify Payments / Cashfree / PhonePe /  Go Kwik — payment processing
Shiprocket, Delhivery, Bluedart, XpressBees, India Post, and similar courier partners — order fulfilment
Meta Platforms (Facebook, Instagram, WhatsApp Business) — advertising, customer messaging, Conversions API (we share hashed customer data — email, phone, name — for ad attribution and audience matching, as permitted under Meta's Business Tools Terms and the DPDP Act)
Google LLC — analytics (Google Analytics 4) and advertising
WhatsApp Business API providers (Wati / Interakt / AiSensy / Zoko, as applicable)— customer support, order updates, marketing broadcasts
Email & SMS service providers (Klaviyo, Mailchimp, Shopify Email, MSG91, or similar) — transactional and marketing communications
Review platforms (Judge.me, Loox, Yotpo, or similar) — collecting and displaying product reviews
Customer support tools (Gorgias, Freshdesk, or similar) — managing support tickets
Cloud storage providers (Amazon Web Services, Google Cloud) — data hosting and backups

All processors are bound by data processing agreements requiring confidentiality, security, and purpose-limitation.

5.2 Legal and regulatory disclosures

We may disclose your data when required by:

Indian law, court orders, or government authorities (Income Tax Department, GST authorities, law enforcement agencies)
Banks or payment processors investigating fraud or chargebacks
Our legal, accounting, or audit advisors under strict confidentiality

5.3 Business transfers

If Aurea Sterling is acquired, merged, or restructured, your data may be transferred to the new entity, with at least 30 days' prior notice to you and the same protections continuing to apply.


 

6. Cookies and tracking technologies

We use cookies and similar technologies (pixels, SDKs, local storage) to operate the Site, remember your preferences, measure performance, and personalise your experience.

Categories of cookies we use:

Strictly necessary: required for the Site to function (cart, checkout, login). Cannot be disabled.
Performance: Google Analytics 4, Microsoft Clarity, Hotjar — to understand how visitors use the Site.
Advertising: Meta Pixel, Meta Conversions API, Google Ads, Pinterest Tag — to measure ad performance and show you relevant ads.
Functional: chat widgets, wishlist memory, product recommendations.

When you first visit the Site, you'll see a cookie consent banner. You can accept all, reject non-essential cookies, or customise your choices. You can change your preferences anytime via the "Cookie Preferences" link in our website footer.


 

7. Marketing communications

If you opt-in, we may send you:

Email: new launches, restocks, exclusive offers, styling tips, brand stories
SMS: order updates (transactional) and occasional promotional offers
WhatsApp: order updates (transactional) and marketing broadcasts (only with explicit opt-in)
Push notifications: if you enable them on our Site or app

You can opt-out anytime by:

Clicking "Unsubscribe" in any marketing email
Replying "STOP" to any marketing SMS
Replying "STOP" or "OPT OUT" to any WhatsApp marketing message
Adjusting notification settings on your device
Emailing care@aureasterling.com

Please note: even if you opt out of marketing, we will still send you essential transactional messages (order confirmations, shipping updates, refund notifications).


 

8. Your rights under the Digital Personal Data Protection Act, 2023

As a "Data Principal" under the DPDP Act, 2023, you have the following rights:

Right to access: request a summary of the personal data we hold about you and the processing activities we carry out.
Right to correction & erasure: request that we correct inaccurate data or delete data that is no longer needed (subject to legal retention requirements — see Section 10).
Right to grievance redressal: raise a complaint with our Grievance Officer (contact in Section 1).
Right to nominate: nominate another person to exercise your rights in case of your death or incapacity.
Right to withdraw consent: withdraw consent for any processing based on consent, at any time. Withdrawal does not affect processing already carried out.

To exercise any of these rights, email care@aureasterling.com with the subject line "DPDP Request — [Your Right]". We will respond within 7 business days and resolve verified requests within 30 days.

If your concern is not resolved to your satisfaction, you may escalate to the Data Protection Board of India (once operational) under the DPDP Act, 2023.


 

9. Data security

We implement industry-standard technical and organisational measures to protect your data, including:

SSL/TLS encryption for all data in transit
Encrypted storage of passwords and payment tokens
Access controls and role-based permissions for our team
Regular security audits of our hosting and processing partners
PCI-DSS compliant payment processing
Vendor due diligence for all third-party processors

However, no system is 100% secure. While we strive to protect your data, we cannot guarantee absolute security. In the unlikely event of a data breach affecting your personal data, we will notify you and the relevant authorities within the timelines required by the DPDP Act, 2023.


 

10. Data retention

We retain your personal data only for as long as necessary to fulfil the purposes outlined in this policy, or as required by law:

Data type

Retention period

Account data (active customers)

As long as your account is active + 3 years after last activity

Order and transaction records

8 years from order date (Income Tax Act, GST Act compliance)

Marketing consent records

Until consent is withdrawn + 1 year

Customer support communications

3 years from last interaction

Cookie data

Per cookie expiry (typically 30 days to 2 years)

Anonymised analytics data

Indefinitely

After the retention period, your data is securely deleted or anonymised.


 

11. Children's privacy

Aurea Sterling is intended for users aged 18 and above. We do not knowingly collect personal data from anyone under 18. If you are a parent or guardian and believe your child has provided us with personal data, please contact care@aureasterling.com and we will delete it promptly.


 

12. International data transfers

Some of our service providers (such as Shopify, Meta, Google, AWS) are headquartered outside India and may process your data in the United States, European Union, or other jurisdictions. When data is transferred internationally, we ensure it is protected by standard contractual clauses or equivalent safeguards as required under the DPDP Act, 2023.


 

13. Third-party links

The Site may contain links to third-party websites, social media platforms, or influencer pages. We are not responsible for the privacy practices of those third parties. We encourage you to review their privacy policies before sharing any personal data.


 

 

14. Changes to this policy

We may update this Privacy Policy from time to time to reflect changes in our practices, new services, or legal requirements. The "Last updated" date at the top of this page will indicate when the policy was last revised. For material changes, we will notify you via email or a prominent notice on the Site at least 7 days before the changes take effect.


 

15. Contact us

For any privacy-related questions, complaints, or to exercise your rights:

Grievance Officer Aurea Gold and Diamonds LLP Surat, Gujarat, India

Email: care@aureasterling.com

Phone / WhatsApp: +91 99984-96004

Response time: Within 7 business days


 

This Privacy Policy is governed by the laws of India and any disputes will be subject to the exclusive jurisdiction of the courts in Surat, Gujarat.