Privacy Policy

Status: January, 2025

About Us

This privacy policy ("Privacy Policy") explains how we process and protect your personal data when you use this website or our services offered via https://rosandiamond.com (together "our services").

The website is operated by Rosan Diamond AG, Dufourstrasse 150, 9000 St.Gallen (the "company", "we", "our" or "us"). The Company is the controller for the data processing described below.

In Germany, we have appointed an EU representative in accordance with Article 27 of the General Data Protection Regulation. If you are visiting us from the EU/EEA, you can also contact this representative:
VGS Datenschutzpartner GmbH
Am Kaiserkai 69
20457 Hamburg
Germany
info@datenschutzpartner.eu

Unless otherwise defined in this Privacy Policy, the definitions used in this Privacy Policy have the same meaning as in the Swiss Federal Act on Data Protection ("FADP") or in the EU General Data Protection Regulation ("GDPR").

1. Personal data that we collect

When you use our services, we may collect or receive personal data for a number of purposes in connection with our business operations. This includes the following:

  • Usage and analysis data (e.g.: identifiers, number of clicks, tracking data)

  • Contact details (e.g. name, address, telephone number)

  • Request details (e.g.: details and content of your requests to us)

  • Website visitor data (e.g.: IP address, log files, device ID)

There is no obligation to provide your personal data. However, please note that our services cannot be provided if you do not provide the required data that is necessary for the fulfillment of the contract between you and us.

2. How we collect personal data

We collect information about our users when they use our services, including certain actions on our website.

Direct

  • Usage and analysis data (e.g.: identifiers, number of clicks, tracking data)

  • Contact details (e.g. name, address, telephone number)

  • Request details (e.g.: details and content of your requests to us)

  • Website visitor data (e.g.: IP address, log files, device ID)

Indirect

  • Through public sources

  • From public registers (e.g. commercial registers), news articles and internet searches

  • When our business clients engage us to provide professional services and share personal data that they control as part of that engagement

  • From external service providers

3. Legal basis and purposes of data processing

Our legal basis for collecting and using the personal information described in this Privacy Policy depends on the personal information we collect and the specific purposes for which we collect it.

Contract: To fulfill our (pre-)contractual obligations or to take measures in connection with a contract with you. In particular:

  • To support you with inquiries

  • To provide our services

Consent: We may rely on your consent voluntarily given at the time of providing your personal data to:

  • analyze, improve and personalize the use of our services and communication with us

  • set optional cookies and similar technologies on your end device

  • provide users with news, special offers, newsletters and general information about the goods and services we offer

Legitimate interests: We may rely on legitimate interests based on our assessment that the processing is fair and proportionate and where your interests or fundamental rights and freedoms do not override those interests. In specific cases to:

  • set technically necessary cookies and similar technologies on your end device

  • develop new services

  • maintain and improve our services and to prevent, find and address security vulnerabilities

Necessity to comply with legal obligations: To comply with legal and public interest obligations. In particular:

  • To inform you about changes to our services and our privacy policy

  • To comply with the applicable regulations and laws

  • For the legal enforcement of claims and rights

4. Storage periods

We retain personal data for as long as it is needed for the purposes for which it was collected and in accordance with legal and regulatory requirements or contractual agreements. After this period has expired, we delete your personal data or anonymize it completely.

5. Recipients of personal data

We engage third party companies ("Service Providers") to facilitate the operation of our Services, to help analyze the use of the Services or to provide necessary services such as payment and the provision of IT services. These third parties only have access to your personal data to the extent necessary to perform these tasks.

Type(s) of service provider(s) that may access your personal data:

  • Specialist consultants we use such as accountants, auditors and lawyers

  • Third parties that we engage while providing our services to you, such as consultants, banks and other payment service providers, KYC/AML service providers and postal and courier services

  • Insurer

  • Third parties who support us with IT and software solutions

  • Third parties who support us in gaining customer insights and marketing activities

6. Data transfers to third countries

We and/or our service providers may transfer your personal data to the following locations and process it there:

  • EU and EEA

  • USA

  • Switzerland

We may use service providers that are partly located in so-called third countries (outside the European Union or the European Economic Area or Switzerland) or process personal data there, i.e. in countries whose level of data protection does not correspond to that of the EU or Switzerland.

We protect your personal data in accordance with our contractual obligations and the applicable data protection laws when we transfer data abroad.

Such protective measures may include

  • the transfer to countries which, according to the Federal Council, offer an adequate level of protection, as well as countries for which an adequacy decision by the European Commission exists;

  • Application of standard contractual clauses, binding corporate rules or other standard contractual obligations that ensure adequate data protection.

If a transfer to a third country takes place and there is no adequacy decision or suitable guarantees, it is possible and there is a risk that authorities in the third country (e.g. intelligence services) may gain access to the transferred data and that the enforceability of the data subject's rights cannot be guaranteed.

7. Data transfers

We may disclose your personal data if we believe in good faith that such action is necessary:

  • To comply with a legal obligation (i.e. where required by law or in response to legitimate requests from public authorities, such as a court or government agency);

  • To protect the security of the website and to defend our rights or property;

  • To prevent or investigate possible misconduct in connection with us;

8. Data security

We use appropriate technical and organizational security measures to protect your stored data from manipulation, loss or unauthorized access by third parties. Our security measures are continuously adapted in line with technological developments.

We also take internal data protection very seriously. Our employees and the service providers commissioned by us are obliged to maintain confidentiality and to comply with the applicable data protection laws. In addition, they are only given access to personal data to the extent that this is necessary for the fulfillment of their respective tasks or assignments.

The security of your Personal Data is important to us, but remember that no method of transmission over the Internet, or method of electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your Personal Data, we cannot guarantee its absolute security. We recommend the use of anti-virus software, a firewall and other similar software to protect your system.

9. Your rights

You have the following data protection rights. To exercise these rights, you can contact us at the above address or send an email to: info@rosandiamond.com. Please note that we may ask you to verify your identity before responding to the content of such requests.

  • Right of access: You have the right to request a copy of your personal data, which we will provide to you in electronic form.

  • Right to rectification: You have the right to ask us to correct our records if you believe they contain incorrect or incomplete information about you.

  • Right to withdraw consent: If you have consented to the processing of your personal data, you have the right to withdraw this consent with effect for the future. This also applies if you wish to unsubscribe from marketing communications. Once we have received notification that you have withdrawn your consent, we will no longer process your data for the purpose(s) to which you originally consented, unless there is another legal basis for the processing. To stop receiving emails from us, please click on the "unsubscribe" link in the email you have received or contact us at info@rosandiamond.com

  • Right to erasure: You have the right to request that we erase your personal data if it is no longer necessary for the purposes for which it was collected or if it has been processed unlawfully.

  • Right to restriction of processing: You have the right to request the restriction of the processing of your personal data if you believe that the data is incorrect, the processing is unlawful or we no longer need to process the data for the original purpose, but we cannot delete it due to a legal obligation or because you do not wish us to do so.

  • Right to data portability: You have the right to request that we transfer your personal data to another controller in a standard format such as Excel, provided that it is data that you have provided to us and we process it on the legal basis of your consent or to fulfill our contractual obligations.

  • Right to object to processing: If the legal basis for the processing of your personal data is our legitimate interest, you have the right to object to this processing on grounds relating to your particular situation. We will comply with your request unless we have a compelling legal basis for the processing which overrides your interests or we need to continue processing the personal data for the exercise or defense of a legal claim.

  • Right to lodge a complaint with a supervisory authority: You have the right to lodge a complaint with a data protection supervisory authority if you believe that the processing of your personal data violates data protection law. In the EU and the EEA, for example, you can assert this right with a supervisory authority in the member state of your place of residence, your place of work or the place of the alleged infringement. You can find a list of the relevant authorities at://edpb.europa.eu/about-edpb/about-edpb/members_de. The competent supervisory authority in Switzerland is the Federal Data Protection and Information Commissioner, Feldeggweg 1, CH - 3003 Bern, info@edoeb.admin.ch.

10. Cookies

Our services use cookies and similar technologies (collectively "tools") that are provided either by us or by third parties.

What are cookies?
A cookie is a small amount of information that’s downloaded to your computer or device when you visit certain websites. We use a number of different cookies on the Shopify website, including strictly necessary, performance, advertising, and social media or content cookies. Cookies make your browsing experience better by allowing the website to remember your actions and preferences (such as login and region selection). This means you don’t have to re-enter this information each time you return to the site or browse from one page to another. Cookies also provide information on how people use the website, for instance whether it’s their first time visiting or if they are a frequent visitor.

What cookies do we use and why?
Some cookies are necessary to allow you to browse our website, use its features, and access secure areas. The use of these cookies is essential for the website to work. For example, we use user-input cookies for the duration of a session to keep track of their input when filling in forms that span several pages.

We also use functional cookies to remember choices you’ve made or information you’ve provided, such as your username, language, or the region you are in. This allows us to tailor your website experience specifically to your preferences. For example, authentication cookies are functional cookies that are used for the duration of a session (or persistent, if you agree to the “remember me” function) to allow users to authenticate themselves on subsequent visits or to gain access to authorized content across pages. The functional cookies we use include:

  • User-centric security cookies to detect authentication abuses for a limited persistent duration, like repeated failed login attempts. These cookies are set for the specific task of increasing the security of the service.

  • Multimedia content player session cookies (flash cookies) are used for the duration of a session to store technical data needed to play back video or audio content (e.g. image quality, network link speed, and buffering parameters).

  • Load balancing session cookies are used for the duration of the session to identify the same server in the pool in order for the load balancer to redirect requests appropriately.

  • User interface customization persistent cookies are used to store a user’s preference regarding a service across web pages.

Shopify is dedicated to optimizing user experience and we use many tools to help us improve our website and our commerce platform. To this end, we use reporting and analytics cookies to collect information about how you use our website or our merchants’ storefronts, and how often. The performance cookies we use include:

  • First party analytics cookies - we use these cookies to estimate the number of unique visitors, to improve our websites and our merchants’ websites, and to detect the most searched for words in search engines that lead to a webpage. These cookies are not used to target you with online marketing. We use these cookies to learn how our websites and our merchants’ websites are performing and make relevant improvements to improve your browsing experience.

  • Third party analytics cookies - we also use Google Analytics and other third-party analytics providers listed below to help measure how users interact with our website content. These cookies “remember” what our users have done on previous pages and how they’ve interacted with the website. For more information on Google Analytics, visit Google’s information page. For instructions on how to opt out of Google Analytics, see below.

Advertising cookies are used on our website to tailor marketing to you and your interests and provide you with a more personalized service in the future. These cookies remember that you visited our website and we may share this information with third-parties, such as advertisers. Although these cookies can track your device’s visits to our website and other sites, they typically cannot personally identify you. Without these cookies, the advertisements that you see may be less relevant and interesting to you. Read more about how companies use cookies to conduct targeted or retargeted advertising here. We do not set advertising cookies through our merchants’ storefronts ourselves, though merchants may choose to do so independently.

Finally, social media and content cookies are placed by many social media plugins (for example the Facebook ’like’ button), and other tools meant to provide or improve the content on a website (for example services that allow the playing of video files, or that create comments sections). We integrate these modules into our platform to improve the experience of browsing and interacting with our websites. Please note that some of these third party services place cookies that are also used for things like behavioural advertising, analytics, and/or market research.

11. Social media & links to third-party apps and websites

Our services contain links to websites or apps that are not operated by us. When you click on a third-party link, you will be directed to that third-party website or app. We have no control over the content, privacy policies or practices of third party websites or services.

We maintain online presences in social networks in order to communicate with customers and interested parties and to provide information about our products and services. If you have an account with the same network, it is possible that the information and media you make available there can be seen by us when we access your profile, for example. In addition, the social network may allow us to contact you. As soon as we transfer personal data to our own system, we are independently responsible for this. This is then done to carry out pre-contractual measures and to fulfill a contract. The legal basis for the data processing carried out by the social networks under their own responsibility can be found in their data protection declarations. Below is a list of social networks on which we have an online presence:

12. Newsletter

We send newsletters and other notifications by e-mail and via other communication channels and can also deliver these with the help of third parties.

In principle, you must expressly consent to receiving newsletters and other notifications from us, unless this is permitted for other legal reasons. For e-mails, we use the "double opt-in" procedure for consent, i.e. you will receive an e-mail with a web link that you must confirm by clicking on it, so that no misuse by unauthorized third parties can occur. We may log such consents, including the Internet Protocol (IP) address, date and time.

Newsletters and other notifications may contain web links or tracking pixels that record whether an individual newsletter or notification has been opened and which web links have been clicked on (performance measurement). Such web links and tracking pixels record the use of newsletters and other notifications. We use this statistical recording of usage, including the measurement of success and reach, in order to be able to offer newsletters and other notifications in an effective, user-friendly, permanent, secure and reliable manner based on the reading habits of the recipients.

13. Changes to this privacy policy

We may update our privacy policy from time to time. We therefore recommend that you check this privacy policy regularly for changes.Changes to this Privacy Policy will become effective when they are posted on this page.

14. Contact us

If you have any questions about this privacy policy, please do not hesitate to contact us:

Rosan Diamond AG
Dufourstrasse 150
CH-9000 St.Gallen
info@artemissio.com

Technical Information

We use Shopify to power our online store. Shopify places the following cookies for visitors of their stores. Cookies Necessary for the Functioning of the Store:

NAME DESCRIPTION DURATION
_abUsed to control when the admin bar is shown on the storefront.1y
_abvPersist the collapsed state of the admin bar.1y
_checkout_queue_tokenUsed when there is a queue during the checkout process.1y
_cmp_aUsed for managing customer privacy settings.1d
_identity_sessionContains the identity session identifier of the user.2y
_master_udrPermanent device identifier.session
_pay_sessionThe Rails session cookie for Shopify Paysession
_secure_account_session_idUsed to track a customer's session for new customer accounts.30d
_session_idUsed for providing reporting and analytics.2y
_shopify_countryUsed for Plus shops where pricing currency/country is set from GeoIP by helping avoid GeoIP lookups after the first request.30min
_shopify_essentialContains essential information for the correct functionality of a store such as session and checkout information and anti-tampering data.1y
_storefront_uUsed to facilitate updating customer account information.1min
_tracking_consentUsed to store a user's preferences if a merchant has set up privacy rules in the visitor's region.1y
auth_state_<<id>>Stores state for customer authentication.25min
card_update_verification_idUsed to support verification when a buyer is redirected back to Shopify after completing 3D Secure during checkout.20min
cartContains information related to the user's cart.2w
cart_currencyUsed after a checkout is completed to initialize a new empty cart with the same currency as the one just used.2w
cart_sigA hash of the contents of a cart. This is used to verify the integrity of the cart and to ensure performance of some cart operations.2w
cart_tsUsed in connection with checkout.2w
cart_verSet every time a cart is updated and used to track cart version mismatches.2w
checkoutUsed in connection with checkout.21d
checkout_one_remember_meUsed to prefill checkout with the details from the previous checkout.1y
checkout_prefillEncrypts and stores URL parameters containing PII which are used in cart permalink URLs.5min
checkout_session_lookupUsed in connection with checkout.3w
checkout_session_token_<<id>>Used when a checkout session is established on the server.3w
checkout_tokenCaptures the landing page of the visitor when they come from other sites.session
customer_account_localeUsed to keep track of a customer account locale when a redirection occurs from checkout or the storefront to customer accounts.1y
customer_payment_methodStores what payment method is being updated for subscriptions.1h
customer_shop_pay_agreementUsed to help verify a new Shop Pay payment instrument.20min
device_fp_idDevice fingerprint identifier to help prevent fraud.session
device_idSession device identifier to help prevent fraud.session
discount_codeStores a discount code (received from an online store visit with a URL parameter) in order to the next checkout.session
dynamic_checkout_shown_on_cartAdjusts checkout experience for buyers that proceed with regular checkout versus dynamic checkout.30min
hide_shopify_pay_for_checkoutSet when a buyer dismisses the Shop Pay login modal during checkout, informing display to buyer.session
keep_aliveUsed when international domain redirection is enabled to determine if a request is the first one of a session.session
locale_bar_acceptedPreserves if the modal from the geolocation app was accepted.session
locale_bar_dismissedPreserves if the modal from the geolocation app was dismissed.1d
localizationUsed to localize the cart to the correct country.2w
logged_inIdentity logged-in hint.12w
login_with_shop_finalizeUsed to facilitate login with Shop.5min
master_device_idPermanent device identifier.1y
orderUsed to allow access to the data of the order details page of the buyer.3w
pay_update_intent_idStores an ID of a Shop Pay billing agreement update intent, required for a callback after verifying a new Shop Pay payment instrument.20min
preview_themeUsed to indicate whether the theme is being previewed.session
previous_checkout_tokenUsed to prefill checkout with the details from the previous checkout.1y
previous_stepUsed in connection with checkout.1y
profile_preview_tokenUsed for previewing checkout extensibility.5min
receive-cookie-deprecationA cookie specified by Google to identify certain Chrome browsers affected by the third-party cookie deprecation. More information about this cookie can be found here.session
remember_meUsed to prefill checkout with the details from the previous checkout.1y
secure_customer_sigUsed to identify a user after they sign into a shop as a customer so they do not need to log in again.1y
shop_pay_acceleratedIndicates if a buyer is eligible for Shop Pay accelerated checkout.1y
shopify-editor-unconfirmed-settingsStores changes merchant does in the editor to update the preview.16h
shopify_payUsed to log in a buyer into Shop Pay when they come back to checkout on the same store.1y
shopify_pay_redirectUsed to accelerate the checkout process when the buyer has a Shop Pay account.1y
storefront_digestStores a digest of the storefront password, allowing merchants to preview their storefront while it's password protected.1y
tracked_start_checkoutUsed in connection with checkout.1y
userUsed in connection with Shop login.1y
user_cross_siteUsed in connection with Shop login.1y
wpm-domain-testUsed to test Shopify's Web Pixel Manager with the domain to make sure everything is working correctly.session

Reporting and Analytics:

NAME DESCRIPTION DURATION
_landing_page Capture the landing page of visitor when they come from other sites. 2w
_orig_referrer Allows merchant to identify where people are visiting them from. 2w
_shopify_ga Contains Google Analytics parameters that enable cross-domain analytics measurement to work. session
_shopify_s Used to identify a given browser session/shop combination. Duration is 30 minute rolling expiry of last use. 30min
_shopify_sa_p Capture the landing page of visitor when they come from other sites to support marketing analytics. 30min
_shopify_sa_t Capture the landing page of visitor when they come from other sites to support marketing analytics. 30min
_shopify_y Shopify analytics. 1y
checkout_one_experiment Used when a checkout is eligible to Checkout One and has been assigned to an experiment (control group or test group). session
shop_analytics Contains the required buyer information for analytics in Shop. 1y
unique_interaction_id Used for checkout metrics. 10min

Shopify’s websites

When visitors load Shopify’s websites, we generally place the following Shopify cookies.

Cookies Necessary for the Functioning of the Sites

NAME DESCRIPTION DURATION
_identity_session Contains the identity session identifier of the user. 2y
checkout Used in connection with checkout. 21d
user Used in connection with Shop login. 1y

Reporting and Analytics

NAME DESCRIPTION DURATION
_assignment Shopify analytics. 1y
_landing_page Capture the landing page of visitor when they come from other sites. 2w
_orig_referrer Allows merchant to identify where people are visiting them from. 2w
_shopify_s Used to identify a given browser session/shop combination. Duration is 30 minute rolling expiry of last use. 30min
_shopify_sa_t Capture the landing page of visitor when they come from other sites to support marketing analytics. 30min
_shopify_y Shopify analytics. 1y

Additionally, we use pixels and tags from the following third parties, which may in turn place cookies.

Cookies Necessary for the Functioning of the Sites

THIRD PARTY DESCRIPTION PRIVACY POLICY
Cloudflare Shopify uses Cloudflare Network as a Service for edge routing. https://www.cloudflare.com/privacypolicy/
Drift We use Drift to help with conversational marketing to customers while they visit our websites. https://www.drift.com/privacy-policy/

Reporting & Analytics

THIRD PARTY DESCRIPTION PRIVACY POLICY
Fullstory We use Fullstory to help measure how users interact with our websites. https://www.fullstory.com/legal/privacy/
Google Analytics We use Google Analytics to help measure how users interact with our websites. https://policies.google.com/privacy
Google Tag Manager We use Google Tag Manager to help manage analytics vendors. https://policies.google.com/privacy
Vidyard We use Vidyard to provide video content and measure how users interact with our content. https://www.vidyard.com/privacy/

Advertising

THIRD PARTY DESCRIPTION PRIVACY POLICY
Bizible We use Bizible to help measure marketing and advertising campaign attribution. https://documents.marketo.com/legal/privacy/
Facebook Pixel We use Facebook Pixel to help measure how users interact with our websites. https://www.facebook.com/privacy/explanation
Facebook Custom Audiences We use Facebook Custom Audiences to deliver targeted advertisements to individuals who visit our websites. https://www.facebook.com/policy.php
Google We use Google Ads to deliver targeted advertisements to individuals who visit our websites. https://policies.google.com/privacy
Instagram We use Instagram to deliver targeted advertisements to individuals who visit our websites. https://privacycenter.instagram.com/policy
iSpot We use iSpot to help measure how users interact with our websites. https://www.ispot.tv/terms-of-service
LinkedIn Insight Tag We use LinkedIn Insight Tag to help measure how users interact with our websites. https://www.linkedin.com/legal/privacy-policy
Reddit We use Reddit Ads to deliver targeted advertisements to individuals who visit our websites. https://www.reddit.com/help/privacypolicy
TikTok We use TikTok to help measure how users interact with our websites. https://www.tiktok.com/legal/privacy-policy?lang=en
Twitter We use Twitter to help measure how users interact with our websites. https://twitter.com/en/privacy
YouTube We use YouTube to deliver targeted advertisements to individuals who visit our websites. https://policies.google.com/privacy?hl=en

Social Media & Content

THIRD PARTY DESCRIPTION PRIVACY POLICY
Facebook Connect We use Facebook Connect to allow visitors to our website to interact with and share content via Facebook’s social media platform. https://www.facebook.com/policy.php
Gravatar We use Gravatar to allow visitors to our websites to create avatars. https://en.gravatar.com/site/privacy
Instagram CDN Shopify uses Instagram CDN to provide content to user. https://privacycenter.instagram.com/policy
Sanity CDN Shopify uses Sanity CDN to provide content to user. https://www.sanity.io/legal/privacy
Simplecast Shopify uses Simplecast to distribute podcasts. https://simplecast.com/privacy
Twitter CDN We use Twitter to allow visitors to our website to interact with and share content via Twitter’s social media platform. https://twitter.com/en/privacy
TypeKit (Adobe fonts) We use typekit to load web fonts from Adobe CDN. https://www.adobe.com/privacy/policies/typekit.html
Wistia We use Wistia to display video content. https://wistia.com/privacy
YouTube CDN Shopify uses YouTube CDN to provide content to user. https://policies.google.com/privacy?hl=en

How long will cookies remain on my computer or mobile device?

The length of time that a cookie remains on your computer or mobile device depends on whether it is a “persistent” or “session” cookie. Session cookies last until you stop browsing and persistent cookies last until they expire or are deleted. Most of the cookies we use are persistent and will expire between 30 minutes and two years from the date they are downloaded to your device. See the section below on how to control cookies for more information on removing them before they expire.

How to control cookies?

You can control and manage cookies in various ways. Please keep in mind that removing or blocking cookies can negatively impact your user experience and parts of our website may no longer be fully accessible.

Most browsers automatically accept cookies, but you can choose whether or not to accept cookies through your browser controls, often found in your browser’s “Tools” or “Preferences” menu. For more information on how to modify your browser settings or how to block, manage or filter cookies can be found in your browser’s help file or through such sites as: www.allaboutcookies.org.

Many of the third party advertising and other tracking services listed above offer you the opportunity to opt out of their tracking systems. You can read more about the information they collect and how to opt out through the privacy policy links listed above.