Privacy Policy

Status: January, 2025

About Us

This privacy policy ("Privacy Policy") explains how we process and protect your personal data when you use this website or our services offered via https://rosandiamond.com (together "our services").

The website is operated by Rosan Diamond AG, Dufourstrasse 150, 9000 St.Gallen (the "company", "we", "our" or "us"). The Company is the controller for the data processing described below.

In Germany, we have appointed an EU representative in accordance with Article 27 of the General Data Protection Regulation. If you are visiting us from the EU/EEA, you can also contact this representative:
VGS Datenschutzpartner GmbH
Am Kaiserkai 69
20457 Hamburg
Germany
‍info@datenschutzpartner.eu
‍
Unless otherwise defined in this Privacy Policy, the definitions used in this Privacy Policy have the same meaning as in the Swiss Federal Act on Data Protection ("FADP") or in the EU General Data Protection Regulation ("GDPR").

1. Personal data that we collect

When you use our services, we may collect or receive personal data for a number of purposes in connection with our business operations. This includes the following:

Usage and analysis data (e.g.: identifiers, number of clicks, tracking data)
Contact details (e.g. name, address, telephone number)
Request details (e.g.: details and content of your requests to us)
Website visitor data (e.g.: IP address, log files, device ID)

There is no obligation to provide your personal data. However, please note that our services cannot be provided if you do not provide the required data that is necessary for the fulfillment of the contract between you and us.

2. How we collect personal data

We collect information about our users when they use our services, including certain actions on our website.

Direct

Usage and analysis data (e.g.: identifiers, number of clicks, tracking data)
Contact details (e.g. name, address, telephone number)
Request details (e.g.: details and content of your requests to us)
Website visitor data (e.g.: IP address, log files, device ID)

Indirect

Through public sources
From public registers (e.g. commercial registers), news articles and internet searches
When our business clients engage us to provide professional services and share personal data that they control as part of that engagement
From external service providers

3. Legal basis and purposes of data processing

Our legal basis for collecting and using the personal information described in this Privacy Policy depends on the personal information we collect and the specific purposes for which we collect it.

Contract: To fulfill our (pre-)contractual obligations or to take measures in connection with a contract with you. In particular:

To support you with inquiries
To provide our services

Consent: We may rely on your consent voluntarily given at the time of providing your personal data to:

analyze, improve and personalize the use of our services and communication with us
set optional cookies and similar technologies on your end device
provide users with news, special offers, newsletters and general information about the goods and services we offer

Legitimate interests: We may rely on legitimate interests based on our assessment that the processing is fair and proportionate and where your interests or fundamental rights and freedoms do not override those interests. In specific cases to:

set technically necessary cookies and similar technologies on your end device
develop new services
maintain and improve our services and to prevent, find and address security vulnerabilities

Necessity to comply with legal obligations: To comply with legal and public interest obligations. In particular:

To inform you about changes to our services and our privacy policy
To comply with the applicable regulations and laws
For the legal enforcement of claims and rights

4. Storage periods

We retain personal data for as long as it is needed for the purposes for which it was collected and in accordance with legal and regulatory requirements or contractual agreements. After this period has expired, we delete your personal data or anonymize it completely.

5. Recipients of personal data

We engage third party companies ("Service Providers") to facilitate the operation of our Services, to help analyze the use of the Services or to provide necessary services such as payment and the provision of IT services. These third parties only have access to your personal data to the extent necessary to perform these tasks.

Type(s) of service provider(s) that may access your personal data:

Specialist consultants we use such as accountants, auditors and lawyers
Third parties that we engage while providing our services to you, such as consultants, banks and other payment service providers, KYC/AML service providers and postal and courier services
Insurer
Third parties who support us with IT and software solutions
Third parties who support us in gaining customer insights and marketing activities

6. Data transfers to third countries

We and/or our service providers may transfer your personal data to the following locations and process it there:

EU and EEA
USA
Switzerland

We may use service providers that are partly located in so-called third countries (outside the European Union or the European Economic Area or Switzerland) or process personal data there, i.e. in countries whose level of data protection does not correspond to that of the EU or Switzerland.

We protect your personal data in accordance with our contractual obligations and the applicable data protection laws when we transfer data abroad.

Such protective measures may include

the transfer to countries which, according to the Federal Council, offer an adequate level of protection, as well as countries for which an adequacy decision by the European Commission exists;
Application of standard contractual clauses, binding corporate rules or other standard contractual obligations that ensure adequate data protection.

If a transfer to a third country takes place and there is no adequacy decision or suitable guarantees, it is possible and there is a risk that authorities in the third country (e.g. intelligence services) may gain access to the transferred data and that the enforceability of the data subject's rights cannot be guaranteed.

7. Data transfers

We may disclose your personal data if we believe in good faith that such action is necessary:

To comply with a legal obligation (i.e. where required by law or in response to legitimate requests from public authorities, such as a court or government agency);
To protect the security of the website and to defend our rights or property;
To prevent or investigate possible misconduct in connection with us;

8. Data security

We use appropriate technical and organizational security measures to protect your stored data from manipulation, loss or unauthorized access by third parties. Our security measures are continuously adapted in line with technological developments.
‍
We also take internal data protection very seriously. Our employees and the service providers commissioned by us are obliged to maintain confidentiality and to comply with the applicable data protection laws. In addition, they are only given access to personal data to the extent that this is necessary for the fulfillment of their respective tasks or assignments.
‍
The security of your Personal Data is important to us, but remember that no method of transmission over the Internet, or method of electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your Personal Data, we cannot guarantee its absolute security. We recommend the use of anti-virus software, a firewall and other similar software to protect your system.

9. Your rights

You have the following data protection rights. To exercise these rights, you can contact us at the above address or send an email to: info@rosandiamond.com. Please note that we may ask you to verify your identity before responding to the content of such requests.

Right of access: You have the right to request a copy of your personal data, which we will provide to you in electronic form.
Right to rectification: You have the right to ask us to correct our records if you believe they contain incorrect or incomplete information about you.
Right to withdraw consent: If you have consented to the processing of your personal data, you have the right to withdraw this consent with effect for the future. This also applies if you wish to unsubscribe from marketing communications. Once we have received notification that you have withdrawn your consent, we will no longer process your data for the purpose(s) to which you originally consented, unless there is another legal basis for the processing. To stop receiving emails from us, please click on the "unsubscribe" link in the email you have received or contact us at info@rosandiamond.com
Right to erasure: You have the right to request that we erase your personal data if it is no longer necessary for the purposes for which it was collected or if it has been processed unlawfully.
Right to restriction of processing: You have the right to request the restriction of the processing of your personal data if you believe that the data is incorrect, the processing is unlawful or we no longer need to process the data for the original purpose, but we cannot delete it due to a legal obligation or because you do not wish us to do so.
Right to data portability: You have the right to request that we transfer your personal data to another controller in a standard format such as Excel, provided that it is data that you have provided to us and we process it on the legal basis of your consent or to fulfill our contractual obligations.
Right to object to processing: If the legal basis for the processing of your personal data is our legitimate interest, you have the right to object to this processing on grounds relating to your particular situation. We will comply with your request unless we have a compelling legal basis for the processing which overrides your interests or we need to continue processing the personal data for the exercise or defense of a legal claim.
Right to lodge a complaint with a supervisory authority: You have the right to lodge a complaint with a data protection supervisory authority if you believe that the processing of your personal data violates data protection law. In the EU and the EEA, for example, you can assert this right with a supervisory authority in the member state of your place of residence, your place of work or the place of the alleged infringement. You can find a list of the relevant authorities at://edpb.europa.eu/about-edpb/about-edpb/members_de. The competent supervisory authority in Switzerland is the Federal Data Protection and Information Commissioner, Feldeggweg 1, CH - 3003 Bern, info@edoeb.admin.ch.

10. Cookies

Our services use cookies and similar technologies (collectively "tools") that are provided either by us or by third parties.

What are cookies?
‍A cookie is a small amount of information that’s downloaded to your computer or device when you visit certain websites. We use a number of different cookies on the Shopify website, including strictly necessary, performance, advertising, and social media or content cookies. Cookies make your browsing experience better by allowing the website to remember your actions and preferences (such as login and region selection). This means you don’t have to re-enter this information each time you return to the site or browse from one page to another. Cookies also provide information on how people use the website, for instance whether it’s their first time visiting or if they are a frequent visitor.

‍What cookies do we use and why?
‍Some cookies are necessary to allow you to browse our website, use its features, and access secure areas. The use of these cookies is essential for the website to work. For example, we use user-input cookies for the duration of a session to keep track of their input when filling in forms that span several pages.

We also use functional cookies to remember choices you’ve made or information you’ve provided, such as your username, language, or the region you are in. This allows us to tailor your website experience specifically to your preferences. For example, authentication cookies are functional cookies that are used for the duration of a session (or persistent, if you agree to the “remember me” function) to allow users to authenticate themselves on subsequent visits or to gain access to authorized content across pages. The functional cookies we use include:

User-centric security cookies to detect authentication abuses for a limited persistent duration, like repeated failed login attempts. These cookies are set for the specific task of increasing the security of the service.
Multimedia content player session cookies (flash cookies) are used for the duration of a session to store technical data needed to play back video or audio content (e.g. image quality, network link speed, and buffering parameters).
Load balancing session cookies are used for the duration of the session to identify the same server in the pool in order for the load balancer to redirect requests appropriately.
User interface customization persistent cookies are used to store a user’s preference regarding a service across web pages.

Shopify is dedicated to optimizing user experience and we use many tools to help us improve our website and our commerce platform. To this end, we use reporting and analytics cookies to collect information about how you use our website or our merchants’ storefronts, and how often. The performance cookies we use include:

First party analytics cookies - we use these cookies to estimate the number of unique visitors, to improve our websites and our merchants’ websites, and to detect the most searched for words in search engines that lead to a webpage. These cookies are not used to target you with online marketing. We use these cookies to learn how our websites and our merchants’ websites are performing and make relevant improvements to improve your browsing experience.
Third party analytics cookies - we also use Google Analytics and other third-party analytics providers listed below to help measure how users interact with our website content. These cookies “remember” what our users have done on previous pages and how they’ve interacted with the website. For more information on Google Analytics, visit Google’s information page. For instructions on how to opt out of Google Analytics, see below.

Advertising cookies are used on our website to tailor marketing to you and your interests and provide you with a more personalized service in the future. These cookies remember that you visited our website and we may share this information with third-parties, such as advertisers. Although these cookies can track your device’s visits to our website and other sites, they typically cannot personally identify you. Without these cookies, the advertisements that you see may be less relevant and interesting to you. Read more about how companies use cookies to conduct targeted or retargeted advertising here. We do not set advertising cookies through our merchants’ storefronts ourselves, though merchants may choose to do so independently.

Finally, social media and content cookies are placed by many social media plugins (for example the Facebook ’like’ button), and other tools meant to provide or improve the content on a website (for example services that allow the playing of video files, or that create comments sections). We integrate these modules into our platform to improve the experience of browsing and interacting with our websites. Please note that some of these third party services place cookies that are also used for things like behavioural advertising, analytics, and/or market research.

11. Social media & links to third-party apps and websites

Our services contain links to websites or apps that are not operated by us. When you click on a third-party link, you will be directed to that third-party website or app. We have no control over the content, privacy policies or practices of third party websites or services.

We maintain online presences in social networks in order to communicate with customers and interested parties and to provide information about our products and services. If you have an account with the same network, it is possible that the information and media you make available there can be seen by us when we access your profile, for example. In addition, the social network may allow us to contact you. As soon as we transfer personal data to our own system, we are independently responsible for this. This is then done to carry out pre-contractual measures and to fulfill a contract. The legal basis for the data processing carried out by the social networks under their own responsibility can be found in their data protection declarations. Below is a list of social networks on which we have an online presence:

Instagram: @rosandiamond_official

12. Newsletter

We send newsletters and other notifications by e-mail and via other communication channels and can also deliver these with the help of third parties.

In principle, you must expressly consent to receiving newsletters and other notifications from us, unless this is permitted for other legal reasons. For e-mails, we use the "double opt-in" procedure for consent, i.e. you will receive an e-mail with a web link that you must confirm by clicking on it, so that no misuse by unauthorized third parties can occur. We may log such consents, including the Internet Protocol (IP) address, date and time.

Newsletters and other notifications may contain web links or tracking pixels that record whether an individual newsletter or notification has been opened and which web links have been clicked on (performance measurement). Such web links and tracking pixels record the use of newsletters and other notifications. We use this statistical recording of usage, including the measurement of success and reach, in order to be able to offer newsletters and other notifications in an effective, user-friendly, permanent, secure and reliable manner based on the reading habits of the recipients.

13. Changes to this privacy policy

We may update our privacy policy from time to time. We therefore recommend that you check this privacy policy regularly for changes.Changes to this Privacy Policy will become effective when they are posted on this page.

14. Contact us

If you have any questions about this privacy policy, please do not hesitate to contact us:
‍
Rosan Diamond AG
Dufourstrasse 150
CH-9000 St.Gallen
info@artemissio.com

Technical Information

We use Shopify to power our online store. Shopify places the following cookies for visitors of their stores. Cookies Necessary for the Functioning of the Store:

NAME	DESCRIPTION	DURATION
_ab	Used to control when the admin bar is shown on the storefront.	1y
_abv	Persist the collapsed state of the admin bar.	1y
_checkout_queue_token	Used when there is a queue during the checkout process.	1y
_cmp_a	Used for managing customer privacy settings.	1d
_identity_session	Contains the identity session identifier of the user.	2y
_master_udr	Permanent device identifier.	session
_pay_session	The Rails session cookie for Shopify Pay	session
_secure_account_session_id	Used to track a customer's session for new customer accounts.	30d
_session_id	Used for providing reporting and analytics.	2y
_shopify_country	Used for Plus shops where pricing currency/country is set from GeoIP by helping avoid GeoIP lookups after the first request.	30min
_shopify_essential	Contains essential information for the correct functionality of a store such as session and checkout information and anti-tampering data.	1y
_storefront_u	Used to facilitate updating customer account information.	1min
_tracking_consent	Used to store a user's preferences if a merchant has set up privacy rules in the visitor's region.	1y
auth_state_<<id>>	Stores state for customer authentication.	25min
card_update_verification_id	Used to support verification when a buyer is redirected back to Shopify after completing 3D Secure during checkout.	20min
cart	Contains information related to the user's cart.	2w
cart_currency	Used after a checkout is completed to initialize a new empty cart with the same currency as the one just used.	2w
cart_sig	A hash of the contents of a cart. This is used to verify the integrity of the cart and to ensure performance of some cart operations.	2w
cart_ts	Used in connection with checkout.	2w
cart_ver	Set every time a cart is updated and used to track cart version mismatches.	2w
checkout	Used in connection with checkout.	21d
checkout_one_remember_me	Used to prefill checkout with the details from the previous checkout.	1y
checkout_prefill	Encrypts and stores URL parameters containing PII which are used in cart permalink URLs.	5min
checkout_session_lookup	Used in connection with checkout.	3w
checkout_session_token_<<id>>	Used when a checkout session is established on the server.	3w
checkout_token	Captures the landing page of the visitor when they come from other sites.	session
customer_account_locale	Used to keep track of a customer account locale when a redirection occurs from checkout or the storefront to customer accounts.	1y
customer_payment_method	Stores what payment method is being updated for subscriptions.	1h
customer_shop_pay_agreement	Used to help verify a new Shop Pay payment instrument.	20min
device_fp_id	Device fingerprint identifier to help prevent fraud.	session
device_id	Session device identifier to help prevent fraud.	session
discount_code	Stores a discount code (received from an online store visit with a URL parameter) in order to the next checkout.	session
dynamic_checkout_shown_on_cart	Adjusts checkout experience for buyers that proceed with regular checkout versus dynamic checkout.	30min
hide_shopify_pay_for_checkout	Set when a buyer dismisses the Shop Pay login modal during checkout, informing display to buyer.	session
keep_alive	Used when international domain redirection is enabled to determine if a request is the first one of a session.	session
locale_bar_accepted	Preserves if the modal from the geolocation app was accepted.	session
locale_bar_dismissed	Preserves if the modal from the geolocation app was dismissed.	1d
localization	Used to localize the cart to the correct country.	2w
logged_in	Identity logged-in hint.	12w
login_with_shop_finalize	Used to facilitate login with Shop.	5min
master_device_id	Permanent device identifier.	1y
order	Used to allow access to the data of the order details page of the buyer.	3w
pay_update_intent_id	Stores an ID of a Shop Pay billing agreement update intent, required for a callback after verifying a new Shop Pay payment instrument.	20min
preview_theme	Used to indicate whether the theme is being previewed.	session
previous_checkout_token	Used to prefill checkout with the details from the previous checkout.	1y
previous_step	Used in connection with checkout.	1y
profile_preview_token	Used for previewing checkout extensibility.	5min
receive-cookie-deprecation	A cookie specified by Google to identify certain Chrome browsers affected by the third-party cookie deprecation. More information about this cookie can be found here.	session
remember_me	Used to prefill checkout with the details from the previous checkout.	1y
secure_customer_sig	Used to identify a user after they sign into a shop as a customer so they do not need to log in again.	1y
shop_pay_accelerated	Indicates if a buyer is eligible for Shop Pay accelerated checkout.	1y
shopify-editor-unconfirmed-settings	Stores changes merchant does in the editor to update the preview.	16h
shopify_pay	Used to log in a buyer into Shop Pay when they come back to checkout on the same store.	1y
shopify_pay_redirect	Used to accelerate the checkout process when the buyer has a Shop Pay account.	1y
storefront_digest	Stores a digest of the storefront password, allowing merchants to preview their storefront while it's password protected.	1y
tracked_start_checkout	Used in connection with checkout.	1y
user	Used in connection with Shop login.	1y
user_cross_site	Used in connection with Shop login.	1y
wpm-domain-test	Used to test Shopify's Web Pixel Manager with the domain to make sure everything is working correctly.	session

Reporting and Analytics:

NAME	DESCRIPTION	DURATION
_landing_page	Capture the landing page of visitor when they come from other sites.	2w
_orig_referrer	Allows merchant to identify where people are visiting them from.	2w
_shopify_ga	Contains Google Analytics parameters that enable cross-domain analytics measurement to work.	session
_shopify_s	Used to identify a given browser session/shop combination. Duration is 30 minute rolling expiry of last use.	30min
_shopify_sa_p	Capture the landing page of visitor when they come from other sites to support marketing analytics.	30min
_shopify_sa_t	Capture the landing page of visitor when they come from other sites to support marketing analytics.	30min
_shopify_y	Shopify analytics.	1y
checkout_one_experiment	Used when a checkout is eligible to Checkout One and has been assigned to an experiment (control group or test group).	session
shop_analytics	Contains the required buyer information for analytics in Shop.	1y
unique_interaction_id	Used for checkout metrics.	10min

Shopify’s websites
‍
When visitors load Shopify’s websites, we generally place the following Shopify cookies.
‍
Cookies Necessary for the Functioning of the Sites

NAME	DESCRIPTION	DURATION
_identity_session	Contains the identity session identifier of the user.	2y
checkout	Used in connection with checkout.	21d
user	Used in connection with Shop login.	1y

Reporting and Analytics

NAME	DESCRIPTION	DURATION
_assignment	Shopify analytics.	1y
_landing_page	Capture the landing page of visitor when they come from other sites.	2w
_orig_referrer	Allows merchant to identify where people are visiting them from.	2w
_shopify_s	Used to identify a given browser session/shop combination. Duration is 30 minute rolling expiry of last use.	30min
_shopify_sa_t	Capture the landing page of visitor when they come from other sites to support marketing analytics.	30min
_shopify_y	Shopify analytics.	1y

Additionally, we use pixels and tags from the following third parties, which may in turn place cookies.

Cookies Necessary for the Functioning of the Sites

THIRD PARTY	DESCRIPTION	PRIVACY POLICY
Cloudflare	Shopify uses Cloudflare Network as a Service for edge routing.	https://www.cloudflare.com/privacypolicy/
Drift	We use Drift to help with conversational marketing to customers while they visit our websites.	https://www.drift.com/privacy-policy/

Reporting & Analytics

THIRD PARTY	DESCRIPTION	PRIVACY POLICY
Fullstory	We use Fullstory to help measure how users interact with our websites.	https://www.fullstory.com/legal/privacy/
Google Analytics	We use Google Analytics to help measure how users interact with our websites.	https://policies.google.com/privacy
Google Tag Manager	We use Google Tag Manager to help manage analytics vendors.	https://policies.google.com/privacy
Vidyard	We use Vidyard to provide video content and measure how users interact with our content.	https://www.vidyard.com/privacy/

Advertising

THIRD PARTY	DESCRIPTION	PRIVACY POLICY
Bizible	We use Bizible to help measure marketing and advertising campaign attribution.	https://documents.marketo.com/legal/privacy/
Facebook Pixel	We use Facebook Pixel to help measure how users interact with our websites.	https://www.facebook.com/privacy/explanation
Facebook Custom Audiences	We use Facebook Custom Audiences to deliver targeted advertisements to individuals who visit our websites.	https://www.facebook.com/policy.php
Google	We use Google Ads to deliver targeted advertisements to individuals who visit our websites.	https://policies.google.com/privacy
Instagram	We use Instagram to deliver targeted advertisements to individuals who visit our websites.	https://privacycenter.instagram.com/policy
iSpot	We use iSpot to help measure how users interact with our websites.	https://www.ispot.tv/terms-of-service
LinkedIn Insight Tag	We use LinkedIn Insight Tag to help measure how users interact with our websites.	https://www.linkedin.com/legal/privacy-policy
Reddit	We use Reddit Ads to deliver targeted advertisements to individuals who visit our websites.	https://www.reddit.com/help/privacypolicy
TikTok	We use TikTok to help measure how users interact with our websites.	https://www.tiktok.com/legal/privacy-policy?lang=en
Twitter	We use Twitter to help measure how users interact with our websites.	https://twitter.com/en/privacy
YouTube	We use YouTube to deliver targeted advertisements to individuals who visit our websites.	https://policies.google.com/privacy?hl=en

Social Media & Content

THIRD PARTY	DESCRIPTION	PRIVACY POLICY
Facebook Connect	We use Facebook Connect to allow visitors to our website to interact with and share content via Facebook’s social media platform.	https://www.facebook.com/policy.php
Gravatar	We use Gravatar to allow visitors to our websites to create avatars.	https://en.gravatar.com/site/privacy
Instagram CDN	Shopify uses Instagram CDN to provide content to user.	https://privacycenter.instagram.com/policy
Sanity CDN	Shopify uses Sanity CDN to provide content to user.	https://www.sanity.io/legal/privacy
Simplecast	Shopify uses Simplecast to distribute podcasts.	https://simplecast.com/privacy
Twitter CDN	We use Twitter to allow visitors to our website to interact with and share content via Twitter’s social media platform.	https://twitter.com/en/privacy
TypeKit (Adobe fonts)	We use typekit to load web fonts from Adobe CDN.	https://www.adobe.com/privacy/policies/typekit.html
Wistia	We use Wistia to display video content.	https://wistia.com/privacy
YouTube CDN	Shopify uses YouTube CDN to provide content to user.	https://policies.google.com/privacy?hl=en

How long will cookies remain on my computer or mobile device?

The length of time that a cookie remains on your computer or mobile device depends on whether it is a “persistent” or “session” cookie. Session cookies last until you stop browsing and persistent cookies last until they expire or are deleted. Most of the cookies we use are persistent and will expire between 30 minutes and two years from the date they are downloaded to your device. See the section below on how to control cookies for more information on removing them before they expire.

How to control cookies?

You can control and manage cookies in various ways. Please keep in mind that removing or blocking cookies can negatively impact your user experience and parts of our website may no longer be fully accessible.

Most browsers automatically accept cookies, but you can choose whether or not to accept cookies through your browser controls, often found in your browser’s “Tools” or “Preferences” menu. For more information on how to modify your browser settings or how to block, manage or filter cookies can be found in your browser’s help file or through such sites as: www.allaboutcookies.org.

Many of the third party advertising and other tracking services listed above offer you the opportunity to opt out of their tracking systems. You can read more about the information they collect and how to opt out through the privacy policy links listed above.