Legal Informations

PRIVACY POLICY

Website: www.boutiquesdelpontevecchio.com
Last Updated: 29/01/2026

Article 1 - Introduction and Scope

This Privacy Policy describes how BOUTIQUES DEL PONTE VECCHIO SRL (hereinafter "we," "us," "our," or the "Company") collects, uses, stores, shares and protects personal data when you access or use the website www.boutiquesdelpontevecchio.com (hereinafter the "Website") or interact with our services.

This Policy applies to all personal data processed in connection with your use of the Website, whether you browse as a visitor, create an account, place an order, subscribe to marketing communications, or otherwise interact with our online platform.

By using the Website, submitting information through any form, creating an account or placing an order, you acknowledge that you have read, understood and agree to the practices described in this Privacy Policy. If you do not agree with this Policy, please do not use the Website or provide us with your personal data.

This Privacy Policy is issued in compliance with Regulation (EU) 2016/679 (General Data Protection Regulation, "GDPR"), Italian Legislative Decree 196/2003 as amended, the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA), and other applicable data protection laws in the jurisdictions where we operate or where our customers are located.

Minimum Age Requirement: The Website and our services are intended for use by individuals who have reached the age of majority in their jurisdiction of residence, which is typically eighteen years of age. We do not knowingly collect personal data from minors without parental consent where such consent is required by law. If you are under the age of majority in your jurisdiction, you may use the Website only with the involvement and consent of a parent or legal guardian. If we become aware that we have collected personal data from a minor without appropriate parental consent, we will take steps to delete such information promptly.

Article 2 - Data Controller

The data controller responsible for the processing of your personal data is:

BOUTIQUES DEL PONTE VECCHIO SRL

Registered Office: Via Adolfo Bartoli 1, 50135 Florence (FI), Italy

VAT Number: 07495480480

Company Registration (REA): FI-707311

Email: service@boutiquesdelpontevecchio.com

Certified Email (PEC): bpontevecchio@pec.it

For all inquiries, requests or complaints regarding the processing of your personal data or the exercise of your rights under applicable data protection laws, please contact us at the email address above.
Article 3 - Categories of Personal Data We Collect

We collect and process various categories of personal data depending on how you interact with the Website and our services. The data collected includes:

3.1 Data You Provide Directly

Account and Identity Information: Full name, email address, telephone number, date of birth (if provided), username and password for account creation, preferences and settings.

Order and Transaction Information: Billing address, shipping address, payment method information (processed by third-party payment providers; we do not directly access or store complete credit card numbers or CVV codes), order history, product selections, purchase amounts.

Communication Data: Messages, inquiries and correspondence sent to us via email, contact forms, live chat, WhatsApp Business, customer service channels, social media, or any other communication method, including the content of such communications, attachments, metadata (such as read receipts, delivery confirmations, timestamps), and profile information.

Verification and Fraud Prevention Data: For high-value orders or where fraud prevention protocols are triggered, we may collect copies of government-issued identification documents, proof of address, photographs of delivery locations, signed declarations, or other documentation required to verify your identity and the legitimacy of transactions.

Marketing Preferences: Consent records, subscription preferences, communication channel preferences, interests and engagement history with our marketing materials.

3.2 Data Collected Automatically

When you access or use the Website, certain data is collected automatically through cookies, web beacons, pixels, scripts and similar tracking technologies:

Technical Data: IP address, device identifiers, browser type and version, operating system, screen resolution, device model, unique device identifiers, mobile network information.

Usage Data: Pages visited, time spent on pages, clickstream data, navigation paths, links clicked, features used, search queries entered, referring and exit pages, date and time stamps of visits, session duration.

Location Data: Approximate geographic location inferred from IP address, country, region, city (we do not collect precise GPS coordinates unless you grant specific permission through your device settings).

Analytics and Performance Data: Website performance metrics, error logs, crash reports, loading times, interaction events, conversion events, heatmaps showing cursor movements and clicks, session recordings showing anonymised user interactions with the Website.

3.3 Data from Third Parties

We may receive personal data about you from third-party sources, including:

Payment Providers: Shopify Payments, PayPal and other payment processors provide us with transaction confirmation data, fraud risk assessments, payment method verification and billing information necessary to complete transactions.

Advertising and Marketing Platforms: Meta Platforms (Facebook, Instagram), Google (Google Ads, YouTube), TikTok and other advertising networks provide data regarding your interaction with our advertisements, including impressions, clicks, conversions and audience segment information, typically in aggregated or pseudonymised form.

Analytics and Tracking Providers: Google Analytics 4, Lucky Orange, Shopify analytics and other analytics platforms provide data regarding Website traffic, user behavior, demographics and interests, typically in aggregated or statistical form.

Email Marketing Platforms: Klaviyo, Omnisend and Shopify Email provide data regarding email deliverability, open rates, click rates, engagement patterns and subscriber preferences.

Fraud Prevention Services: Third-party fraud detection and risk assessment services provide scores, risk indicators and recommendations regarding the legitimacy of orders and transactions.

Public and Commercial Databases: Where necessary for fraud prevention or identity verification, we may obtain data from public records, business registries, credit reference agencies (with your consent where required), address validation services and similar sources.
Article 4 - Purposes of Processing and Legal Bases

We process your personal data for the purposes set forth below, relying on the legal bases specified under Article 6 of the GDPR or equivalent provisions under other applicable laws:

4.1 Performance of Contract (GDPR Art. 6(1)(b))

  • Processing and fulfilling orders for jewellery and precious goods purchased through the Website
  • Creating and managing customer accounts
  • Communicating with you regarding orders, shipments, delivery status and order-related issues
  • Arranging shipping through carriers and coordinating delivery
  • Processing payments and issuing invoices and receipts
  • Providing customer service and support in response to inquiries and requests
  • Managing returns, refunds and exchanges in accordance with our policies
  • Enforcing our Terms and Conditions of Sale and other contractual obligations

4.2 Compliance with Legal Obligations (GDPR Art. 6(1)(c))

  • Maintaining accounting records and issuing fiscal documentation as required by Italian tax law
  • Retaining invoices, transaction records and related documentation for the periods mandated by law (typically ten years for tax purposes)
  • Complying with anti-money laundering (AML) regulations applicable to dealers in precious metals, precious stones and high-value goods
  • Fulfilling obligations under Italian Legislative Decree 231/2007 and related anti-fraud legislation
  • Complying with requirements under the Italian TULPS (Testo Unico delle Leggi di Pubblica Sicurezza) regarding the trade in precious metals and jewellery
  • Responding to lawful requests from courts, law enforcement agencies, regulatory authorities and other competent public bodies
  • Fulfilling obligations related to export controls, customs declarations and international trade compliance

4.3 Legitimate Interests (GDPR Art. 6(1)(f))

  • Fraud Prevention and Security: Detecting, preventing and investigating fraudulent transactions, identity theft, payment fraud, account takeovers, unauthorised access and other security threats; conducting risk assessments and implementing appropriate security measures to protect the Company's assets, operations and customers
  • Identity and Address Verification: Verifying the identity of customers and the legitimacy of delivery addresses to prevent fraud, particularly for high-value orders involving gold, diamonds and precious stones; implementing enhanced due diligence procedures for transactions presenting elevated risk
  • Website Security and Integrity: Monitoring and protecting the Website against cyber attacks, hacking attempts, malware, denial-of-service attacks, data breaches and other security incidents; maintaining system logs and conducting security audits
  • Business Operations and Optimization: Analysing Website usage, customer behavior and transaction patterns to improve our services, optimise user experience, develop new features, troubleshoot technical issues and inform business decisions; conducting internal research and data analytics
  • Legal Claims and Defense: Establishing, exercising and defending legal claims; protecting the Company's rights, property and safety, as well as those of our customers and the public
  • Administrative Efficiency: Managing customer relationships, maintaining accurate records, improving operational efficiency and ensuring smooth functioning of business processes

4.4 Consent (GDPR Art. 6(1)(a))

Where consent is required by law or where we rely on consent as the legal basis, we process personal data only after obtaining your explicit, informed and freely given consent, which you may withdraw at any time. Consent-based processing includes:

  • Email Marketing and Newsletters: Sending promotional emails, newsletters, product announcements, special offers, personalised recommendations and other marketing communications via email using Klaviyo, Omnisend or Shopify Email
  • Targeted Advertising and Remarketing: Serving personalised advertisements on third-party platforms (Meta, Google, TikTok) based on your browsing behavior, interests and interactions with our Website; creating custom audiences and lookalike audiences for advertising purposes
  • Non-Essential Cookies and Tracking: Deploying marketing cookies, analytics cookies (beyond those strictly necessary), tracking pixels, session recording tools (Lucky Orange) and other non-essential technologies that collect and analyse your behavior on the Website
  • Abandoned Cart Recovery: Sending automated emails or messages to remind you of products left in your shopping cart and encourage completion of the purchase

You can withdraw your consent at any time by clicking the unsubscribe link in marketing emails, adjusting your cookie preferences through the cookie management banner on the Website, or contacting us at service@boutiquesdelpontevecchio.com. Withdrawal of consent does not affect the lawfulness of processing based on consent before withdrawal.
Article 5 - Data Retention Periods

We retain personal data only for as long as necessary to fulfill the purposes for which it was collected, to comply with legal obligations, to resolve disputes and to enforce our agreements. Specific retention periods are as follows:

Orders, Invoices and Transaction Records: Retained for ten years from the date of the transaction in accordance with Italian tax and accounting law (D.P.R. 633/1972 and related legislation).

Customer Account Data: Retained for as long as your account remains active or as needed to provide services. If you request account deletion, we will delete or anonymise your data within sixty days, except for data that must be retained to comply with legal obligations or to establish, exercise or defend legal claims.

Marketing and Communication Data: Retained until you withdraw consent or unsubscribe from marketing communications, plus an additional period of up to twelve months to maintain suppression lists and honour your opt-out preferences. Upon withdrawal of consent, we will cease processing your data for marketing purposes but may retain limited data to ensure we do not contact you again.

Fraud Prevention and Verification Data: Retained for up to thirty-six months from the date of collection or last transaction to enable fraud detection, prevent repeat fraud attempts and fulfill regulatory obligations related to high-value goods transactions.

Analytics and Usage Data: Retained in aggregated or pseudonymised form for periods ranging from twelve to thirty-six months depending on the analytics platform used (Google Analytics 4, Lucky Orange) and the purpose of analysis. Individual-level data is anonymised or deleted at the end of each retention period.

Technical Logs and Security Data: Server logs, access logs and security incident records are retained for twelve months unless longer retention is necessary to investigate or defend against security breaches or legal claims.

Legal and Dispute Records: Data related to legal proceedings, disputes, claims or complaints is retained for the duration of the matter plus any applicable statute of limitations period, typically up to ten years under Italian law.

At the end of the applicable retention period, personal data is securely deleted, anonymised or aggregated in such a manner that it can no longer be associated with an identifiable individual.

6. Data Security Measures

We implement appropriate technical and organisational measures designed to protect personal data against accidental or unlawful destruction, loss, alteration, unauthorised disclosure or access. Our security measures include:

Encryption: All data transmitted between your browser and our servers is encrypted using SSL/TLS protocols. Payment information is encrypted and tokenised by our payment processors and is not stored on our servers.

Secure Hosting Infrastructure: The Website is hosted on Shopify's secure, PCI-DSS Level 1 compliant infrastructure, which employs multiple layers of physical and digital security controls, redundancy and disaster recovery capabilities.

Access Controls: Access to personal data is restricted to authorised personnel who require access to perform their job functions. We implement role-based access controls, strong authentication mechanisms and the principle of least privilege.

Authentication and Authorisation: Customer accounts are protected by password authentication. We encourage customers to use strong, unique passwords and to enable any additional security features offered by the platform.

Monitoring and Logging: We continuously monitor systems for suspicious activity, security incidents and potential vulnerabilities. Security logs are maintained and reviewed regularly.

Fraud Detection Systems: We employ automated fraud detection tools and manual review processes to identify and block fraudulent transactions, suspicious login attempts and other security threats.

Employee Training: Personnel with access to personal data receive training on data protection principles, security practices and confidentiality obligations.

Vendor Management: Third-party service providers are selected based on their security capabilities and are contractually obligated to implement appropriate security measures and to comply with applicable data protection laws.

Incident Response: We maintain an incident response plan to detect, respond to and mitigate data breaches and security incidents. In the event of a breach affecting your personal data, we will notify you and the relevant supervisory authorities in accordance with applicable legal requirements.

While we implement robust security measures, no method of transmission over the Internet or method of electronic storage is absolutely secure. We cannot guarantee absolute security but are committed to protecting your data using industry-standard practices and continuously improving our security posture.

Article 7 - Sharing Personal Data with Third Parties

We share personal data with third-party service providers, business partners and other entities only to the extent necessary to operate our business, provide our services, fulfill legal obligations and pursue legitimate interests. We do not sell personal data to third parties.

7.1 Service Providers and Processors

We engage third-party companies to provide services on our behalf. These entities process personal data under our instructions and are contractually obligated to implement appropriate security measures and to use the data only for the purposes specified by us. Our service providers include:

E-commerce Platform & Hosting (Shopify):
Our Services are hosted by Shopify Inc. They provide us with the online e-commerce platform that allows us to sell our products and services to you. Your data is stored through Shopify’s data storage, databases and the general Shopify application. They store your data on a secure server behind a firewall.
Information you submit to the Services will be transmitted to and shared with Shopify as well as third parties that may be located in countries other than where you reside, in order to provide and improve the Services for you. Shopify collects and processes personal information about your access to and use of the Services. To help protect, grow, and improve our business, we use certain Shopify enhanced features that incorporate data and information obtained from your interactions with our Store. In these circumstances, Shopify acts as a processor or joint controller of your personal information. For more insight, you may also want to read Shopify’s Consumer Privacy Policy at https://www.shopify.com/legal/privacy.

Payment Processors: Shopify Payments (operated by Stripe, Inc., USA), PayPal Holdings Inc. (USA) and other payment gateways process payment transactions, handle card authentication and perform fraud screening. We do not store complete payment card information; this is handled securely by the payment processors.

Shipping and Logistics: Specialised armored carriers (e.g., Ferrari Group, Malca-Amit) and express couriers (DHL, UPS, FedEx) receive delivery addresses, contact information and shipment details necessary to deliver products to customers. They may also provide tracking information and delivery confirmation.

Email Marketing and Communication: Klaviyo Inc. (USA), Omnisend (Lithuania/USA) and Shopify Email are used to send transactional emails (order confirmations, shipping notifications) and marketing communications (newsletters, promotional offers) to customers who have consented to receive them.

Analytics and Performance Monitoring: Google LLC (USA) through Google Analytics 4 and Google Tag Manager collects and analyses Website usage data to help us understand visitor behavior and improve Website performance. Lucky Orange LLC (USA) provides heatmap, session recording and analytics services that help us visualise how users interact with the Website.

Advertising and Marketing Platforms: Meta Platforms Inc. (Facebook, Instagram, USA), Google LLC (Google Ads, YouTube, USA), TikTok (ByteDance Ltd., Singapore/USA) and other advertising networks receive data regarding conversions, audience segments and advertising performance to enable targeted advertising and remarketing campaigns.

Messaging and Customer Support:
We may use live chat, helpdesk and CRM platforms to manage customer inquiries and support tickets.WhatsApp Business (operated by Meta
Platforms Inc., USA) is used to communicate with customers who choose to
contact us via WhatsApp. WhatsApp processes phone numbers, message content,
delivery status, read receipts, and profile information. Messages are
end-to-end encrypted but metadata is accessible to Meta. For more information,
see WhatsApp's Privacy Policy at https://www.whatsapp.com/legal/privacy-policy

Fraud Prevention and Security: Third-party fraud detection services analyse transaction patterns, verify identities and assess risk scores to help us prevent fraudulent orders and protect customer accounts.

Accounting and Legal Services: Professional advisors, accountants, auditors and legal counsel receive data as necessary to provide accounting, tax, legal and compliance services.

All service providers are carefully selected based on their ability to comply with data protection requirements and are bound by data processing agreements that require them to protect personal data, process it only in accordance with our instructions, implement appropriate security measures and comply with applicable laws.

7.2 Business Transfers

In the event of a merger, acquisition, reorganisation, sale of assets, bankruptcy or other business transaction involving the Company, personal data may be transferred to the acquiring or successor entity as part of the transaction. We will notify you via email and/or prominent notice on the Website prior to such transfer and inform you of any choices you may have regarding your data.

7.3 Legal Requirements and Protection of Rights

We may disclose personal data to government authorities, law enforcement agencies, courts, regulatory bodies or other third parties when we believe in good faith that disclosure is necessary to:

  • Comply with applicable laws, regulations, legal processes or enforceable governmental requests
  • Enforce our Terms and Conditions, policies and agreements, including investigation of potential violations
  • Detect, prevent or address fraud, security threats, technical issues or illegal activity
  • Protect the rights, property or safety of the Company, our customers or the public as required or permitted by law
Article 8 - International Data Transfers

The Company is based in Italy, within the European Union. However, some of our service providers and business partners are located outside the European Economic Area (EEA), including in the United States, Canada and other countries that may have different data protection standards than those in the EEA.

When we transfer personal data outside the EEA, we ensure that appropriate safeguards are in place to protect your data in accordance with the GDPR and applicable laws. These safeguards include:

Standard Contractual Clauses (SCCs): We use the European Commission's Standard Contractual Clauses for transfers to countries that do not have an adequacy decision, ensuring that recipients are contractually obligated to protect personal data in accordance with EU standards.

Adequacy Decisions: We may transfer data to countries that have been deemed by the European Commission to provide an adequate level of data protection (such as Canada for commercial organisations subject to PIPEDA).

Processor Safeguards: Major service providers such as Shopify, Google, Meta and Stripe have implemented comprehensive data protection programs, including participation in recognised cross-border data transfer frameworks, use of SCCs and implementation of supplementary security measures.

Data Processing Agreements: All third-party processors located outside the EEA are bound by data processing agreements that impose strict data protection obligations and provide mechanisms for oversight and enforcement.

For more information about the safeguards in place for specific transfers, please contact us at service@boutiquesdelpontevecchio.com.
Article 9 - Your Rights Under the GDPR (EU and UK Residents)

If you are located in the European Union, the United Kingdom or another jurisdiction that grants equivalent rights under the GDPR or UK GDPR, you have the following rights regarding your personal data:

Right of Access (Art. 15 GDPR): You have the right to obtain confirmation as to whether we are processing your personal data and, if so, to access that data and receive information about the processing, including the purposes, categories of data, recipients, retention periods and your rights.

Right to Rectification (Art. 16 GDPR): You have the right to obtain the correction of inaccurate personal data and to have incomplete data completed.

Right to Erasure / "Right to Be Forgotten" (Art. 17 GDPR): You have the right to request deletion of your personal data in certain circumstances, including where the data is no longer necessary for the purposes for which it was collected, where you withdraw consent, where you object to processing and there are no overriding legitimate grounds, or where the data has been unlawfully processed. This right is subject to exceptions, including where retention is necessary for compliance with legal obligations or for the establishment, exercise or defence of legal claims.

Right to Restriction of Processing (Art. 18 GDPR): You have the right to request that we restrict processing of your personal data in certain situations, such as where you contest the accuracy of the data, where processing is unlawful but you do not want the data erased, or where you have objected to processing pending verification of whether our legitimate grounds override yours.

Right to Data Portability (Art. 20 GDPR): You have the right to receive your personal data in a structured, commonly used and machine-readable format and to transmit that data to another controller where processing is based on consent or contract and is carried out by automated means.

Right to Object (Art. 21 GDPR): You have the right to object to processing of your personal data based on legitimate interests or for direct marketing purposes. If you object to direct marketing, we will cease processing your data for such purposes immediately.

Right to Withdraw Consent (Art. 7(3) GDPR): Where processing is based on your consent, you have the right to withdraw consent at any time. Withdrawal does not affect the lawfulness of processing based on consent before withdrawal.

Right Not to Be Subject to Automated Decision-Making (Art. 22 GDPR): You have the right not to be subject to decisions based solely on automated processing, including profiling, which produce legal effects or similarly significantly affect you, except where necessary for contract performance, authorised by law, or based on explicit consent.

Right to Lodge a Complaint: You have the right to lodge a complaint with the competent supervisory authority if you believe our processing of your personal data violates applicable law. In Italy, the supervisory authority is the Garante per la Protezione dei Dati Personali (www.garanteprivacy.it). If you are located in another EU Member State or the UK, you may lodge a complaint with the supervisory authority in your country of residence.

To exercise any of these rights, please send a written request to service@boutiquesdelpontevecchio.com, clearly specifying which right you wish to exercise and providing sufficient information to enable us to identify you and verify your identity. We will respond to your request within one month, which may be extended by two additional months in complex cases. We may request additional information to verify your identity before processing your request.
Article 10 - Your Rights Under U.S. Privacy Laws (U.S. Residents)

If you are a resident of certain U.S. states, you may have additional privacy rights under state law, including the California Consumer Privacy Act as amended by the California Privacy Rights Act (CCPA/CPRA), the Virginia Consumer Data Protection Act (VCDPA), the Colorado Privacy Act (CPA), the Connecticut Data Privacy Act (CTDPA), the Utah Consumer Privacy Act (UCPA) and similar laws.

These rights generally include:

Right to Know / Access: You have the right to request disclosure of the categories and specific pieces of personal information we have collected about you, the categories of sources, the business or commercial purposes for collection, and the categories of third parties with whom we share personal information.

Right to Delete: You have the right to request deletion of personal information we have collected from you, subject to certain exceptions (such as where retention is necessary to complete a transaction, comply with legal obligations, or exercise/defend legal claims).

Right to Correct: You have the right to request correction of inaccurate personal information we maintain about you.

Right to Opt-Out of Sale or Sharing: You have the right to opt out of the "sale" or "sharing" of your personal information as those terms are defined under applicable state laws. We do not sell personal information in the traditional sense (i.e., for monetary consideration), but certain data sharing practices for targeted advertising purposes may be considered a "sale" or "sharing" under these laws. You can opt out through the "Do Not Sell or Share My Personal Information" link on our Website or by contacting us.

Right to Opt-Out of Targeted Advertising: You have the right to opt out of processing of personal information for targeted advertising purposes.

Right to Opt-Out of Profiling: You have the right to opt out of profiling in furtherance of decisions that produce legal or similarly significant effects, where applicable.

Right to Data Portability: Some state laws provide the right to obtain a portable copy of your personal information.

Right to Non-Discrimination: You have the right not to receive discriminatory treatment for exercising your privacy rights. We will not deny goods or services, charge different prices, provide different quality of service, or suggest that you will receive different treatment for exercising your rights.

Authorized Agent: You may designate an authorised agent to submit requests on your behalf. We may require verification of the agent's authority and your identity before processing the request.

To exercise these rights, please submit a request to service@boutiquesdelpontevecchio.com with the subject line "U.S. Privacy Rights Request," clearly specifying which right(s) you wish to exercise and providing information sufficient for us to verify your identity. We will respond to verifiable requests within the timeframes required by applicable law (typically 45 days, which may be extended in certain circumstances).

We Do Not Sell Personal Information: We do not sell personal information for monetary or other valuable consideration. However, certain data sharing activities for targeted advertising may be considered a "sale" or "sharing" under CCPA/CPRA and similar laws. To opt out of such data sharing, please adjust your cookie preferences, use the opt-out link on the Website, or contact us.

Article 11 - Cookies and Tracking Technologies

Our Website uses cookies, web beacons, pixels, tags, scripts and similar tracking technologies to enhance user experience, analyse Website usage, deliver targeted advertising and improve our services. A cookie is a small text file stored on your device by your web browser that allows the Website to recognise your device and remember certain information about your preferences and actions.

11.1 Types of Cookies We Use

Strictly Necessary Cookies: These cookies are essential for the operation of the Website and enable basic functionality such as page navigation, secure login, shopping cart functionality and checkout processes. Without these cookies, the Website cannot function properly. These cookies do not require consent as they are necessary for the performance of the service requested by you.

Analytical and Performance Cookies: These cookies collect information about how visitors use the Website, such as which pages are visited most frequently, how long visitors stay on pages, error messages received and navigation paths. Examples include Google Analytics 4 cookies. The information collected is typically aggregated and anonymised and is used to improve Website performance, diagnose technical issues and understand user behavior. These cookies require consent where required by law.

Marketing and Advertising Cookies: These cookies are used to deliver personalised advertisements based on your interests, track the effectiveness of advertising campaigns, limit the number of times you see an advertisement and measure campaign performance. Examples include Meta Pixel (Facebook), Google Ads cookies and TikTok Pixel. These cookies may track your browsing activity across multiple websites to build a profile of your interests. These cookies require consent.

Functionality Cookies: These cookies remember your preferences and choices (such as language, currency, region) to provide enhanced and personalised features. These cookies improve user experience but are not strictly necessary for the Website to function.

11.2 Specific Technologies

Google Analytics 4 (GA4): Collects data about Website visits, traffic sources, user demographics, device types and user interactions to provide statistical reports and insights. Data is processed by Google LLC and may be combined with data from other Google services.

Google Tag Manager: A tag management system that allows us to deploy and manage marketing and analytics tags without modifying Website code.

Meta Pixel (Facebook Pixel): Tracks conversions from Facebook and Instagram advertisements, optimises advertising delivery, builds custom audiences for remarketing and measures advertising effectiveness. Data is shared with Meta Platforms Inc.

Lucky Orange: Provides heatmaps, session recordings, form analytics and visitor behavior insights. Lucky Orange may record cursor movements, clicks, scrolls and interactions with the Website to help us understand user experience. Session recordings are anonymised and do not capture sensitive information such as payment details.

TikTok Pixel: Tracks conversions and user behavior from TikTok advertisements and enables retargeting campaigns.

Klaviyo, Omnisend, Shopify Email: Email marketing platforms that track email opens, clicks and engagement to optimise email campaigns and personalise communications.

11.3 Managing Cookie Preferences

When you first visit the Website, you will be presented with a cookie consent banner that allows you to accept or reject non-essential cookies. You can modify your cookie preferences at any time through the cookie settings banner accessible from the footer of the Website.

You can also manage cookies through your browser settings. Most browsers allow you to refuse or accept cookies, delete existing cookies and set preferences for certain websites. Please note that disabling or blocking certain cookies may affect the functionality and user experience of the Website, and some features may not work properly.

To opt out of targeted advertising delivered through third-party platforms, you can use the following resources:

  • Digital Advertising Alliance (DAA): www.aboutads.info/choices
  • Network Advertising Initiative (NAI): www.networkadvertising.org/choices
  • European Interactive Digital Advertising Alliance (EDAA): www.youronlinechoices.eu
  • Google Ads Settings: adssettings.google.com
  • Facebook Ad Preferences: www.facebook.com/ads/preferences

For more detailed information about our use of cookies and tracking technologies, please refer to our separate Cookie Policy available on the Website.

Article 12 - Identity Verification, Fraud Prevention and High-Value Transactions

Due to the nature of our business, which involves the sale of fine jewellery containing gold, diamonds, precious stones and other high-value materials, we implement enhanced security and verification measures to protect both our customers and our business from fraud, identity theft, money laundering and other illicit activities.

These measures are necessary to comply with legal obligations under Italian and European anti-money laundering legislation (Legislative Decree 231/2007), the Italian TULPS regulations governing trade in precious metals and jewellery, and international best practices for high-value goods transactions.

12.1 Identity Verification Procedures

For certain orders, particularly those involving high-value products, first-time customers, shipments to addresses that differ significantly from billing addresses, or transactions that trigger fraud risk indicators, we may request additional documentation to verify your identity and the legitimacy of the transaction. Such documentation may include:

  • Government-issued photographic identification (passport, national identity card, driver's licence)
  • Proof of residence (utility bill, bank statement, rental agreement) showing your name and address
  • Proof of association with commercial delivery addresses (business card, employment letter, authorisation from business management)
  • Photographs of the delivery address exterior
  • Signed declarations confirming the legitimacy of the transaction

Failure to provide requested verification documentation within a reasonable timeframe may result in cancellation of the order and refund of any amounts paid, in accordance with our Terms and Conditions of Sale.

12.2 Fraud Detection and Prevention

We use automated fraud detection tools and manual review processes to assess the risk level of transactions. Factors considered in fraud risk assessment include, but are not limited to:

  • Consistency between billing and shipping addresses
  • Payment method verification and card issuer authentication responses
  • Transaction velocity and patterns (multiple orders in short timeframes, unusually large orders)
  • IP address location and consistency with billing/shipping locations
  • Device fingerprinting and recognition of previously used devices
  • Behavioral indicators such as unusual navigation patterns or rapid checkout
  • Cross-referencing with databases of known fraudulent addresses, email addresses or payment instruments

Orders identified as high-risk may be subject to manual review, may require additional verification, may be delayed pending investigation, or may be cancelled if we determine that the risk of fraud is unacceptable.

12.3 Address Change Restrictions

For security reasons, we do not permit changes to the delivery address after an order has been confirmed and payment has been processed, except in extraordinary circumstances and subject to stringent verification requirements. This policy protects customers from unauthorised redirection of shipments and protects the Company from fraudulent schemes involving address changes.

Any request to change a delivery address after order confirmation will be evaluated on a case-by-case basis and may require extensive verification documentation as described above, at the Company's sole discretion.

12.4 Refusal or Cancellation of Orders

We reserve the right to refuse, cancel or reverse orders at any stage where we have reasonable grounds to suspect fraud, identity theft, money laundering, violation of applicable laws, or breach of our Terms and Conditions. Refusal or cancellation of an order does not constitute a breach of contract and does not give rise to any claim for damages beyond refund of amounts paid, as specified in our Terms and Conditions.

These fraud prevention and verification measures are implemented based on our legitimate interests in protecting the Company's assets and operations, preventing financial crime, complying with legal obligations and ensuring the security and integrity of our services and customer accounts.
Article 13 - Changes to This Privacy Policy

We reserve the right to modify, update or replace this Privacy Policy at any time to reflect changes in our data processing practices, legal requirements, technological developments or business operations.

The updated Privacy Policy will be published on this page with a new "Last Updated" date. Material changes that significantly affect your rights or our processing practices will be communicated to you via email (to the address associated with your account) or through a prominent notice on the Website prior to the changes taking effect.

Where changes to the Privacy Policy require new consent under applicable law (for example, where we introduce new purposes for processing based on consent or implement new tracking technologies), we will obtain your explicit consent before implementing such changes.

We encourage you to review this Privacy Policy periodically to stay informed about how we collect, use and protect your personal data. Your continued use of the Website after the posting of changes constitutes your acknowledgment and acceptance of the updated Privacy Policy.
Article 14 - Contact Us

If you have any questions, concerns, requests or complaints regarding this Privacy Policy, our data processing practices, or the exercise of your rights, please contact us:

BOUTIQUES DEL PONTE VECCHIO SRL

Data Protection Contact

Email: service@boutiquesdelpontevecchio.com

Postal Address: Via Adolfo Bartoli 1, 50135 Florence (FI), Italy

Certified Email (PEC): bpontevecchio@pec.it