GDPR Compliance Information for EU, UK & Switzerland Residents
Effective Date: September 4, 2025
Last Updated: September 4, 2025
Applicable Law: General Data Protection Regulation (EU) 2016/679, UK GDPR, Swiss Federal Act on Data Protection
Important Legal Notice: This page provides specific information required under the General Data Protection Regulation (GDPR) for residents of the European Economic Area (EEA), United Kingdom, and Switzerland. This information supplements our comprehensive Privacy Policy and must be read in conjunction with it.
1. Data Controller Information (Article 13(1)(a) & 14(1)(a) GDPR)
Data Controller: Eklexic Jewelry LLC
Legal Status: Limited Liability Company incorporated in the United States
Business Address: 21926 Town Place Drive, Boca Raton, Florida 33433, United States
Contact Email: info@eklexic.com
Customer Support: customersupport@eklexic.com
Phone: (917) 750-8066
EU Representative (if applicable): As a non-EU entity, we will appoint an EU representative if required under Article 27 GDPR based on our processing activities and will update this information accordingly.
2. Categories of Personal Data Processed (Article 13(1)(c) & 14(1)(d) GDPR)
2.1 Data Collected Directly from You
| Data Category | Specific Data Types | Source |
|---|---|---|
| Identity Data | First name, last name, username, title | Account registration, order forms |
| Contact Data | Email address, telephone number, billing address, delivery address | Account registration, checkout process |
| Financial Data | Payment card details (processed securely by payment processors) | Checkout process, payment forms |
| Transaction Data | Purchase history, order details, payment amounts, delivery information | Order processing, transaction records |
| Marketing Data | Marketing preferences, communication consent records | Newsletter signup, preference center |
2.2 Data Collected Automatically
| Data Category | Specific Data Types | Collection Method |
|---|---|---|
| Technical Data | IP address, browser type, device information, operating system | Automatic collection via cookies and server logs |
| Usage Data | Website navigation patterns, page views, time spent, click behavior | Analytics cookies, tracking pixels |
| Location Data | General location based on IP address, shipping addresses | IP geolocation, address forms |
3. Legal Basis for Processing (Article 13(1)(c) & 14(1)(c) GDPR)
3.1 Contract Performance (Article 6(1)(b) GDPR)
Processing Activities:
- Processing and fulfilling orders
- Payment processing and transaction management
- Delivery and shipping services
- Customer account management
- Customer service and support
- Order confirmations and communications
Data Categories: Identity, Contact, Financial, Transaction Data
3.2 Legitimate Interests (Article 6(1)(f) GDPR)
Our Legitimate Interests:
- Fraud Prevention: Protecting against fraudulent transactions and maintaining payment security
- Website Security: Monitoring for security threats and maintaining system integrity
- Business Analytics: Understanding customer behavior to improve products and services
- Marketing Optimization: Improving marketing effectiveness and customer experience
- Legal Compliance: Meeting regulatory requirements and legal obligations
Data Categories: Technical, Usage, Transaction Data
Balancing Test: We have conducted legitimate interest assessments to ensure our interests do not override your fundamental rights and freedoms.
3.3 Legal Compliance (Article 6(1)(c) GDPR)
Legal Obligations:
- Tax and accounting record keeping (7 years retention)
- Anti-money laundering and financial crime prevention
- Consumer protection law compliance
- Product safety and recall obligations
- Data protection law compliance
Data Categories: Identity, Contact, Financial, Transaction Data
3.4 Consent (Article 6(1)(a) GDPR)
Consent-Based Processing:
- Marketing communications (where required by law)
- Non-essential cookies and tracking
- Third-party data sharing for advertising
- Optional features and services
Data Categories: Contact, Marketing, Usage Data
Consent Management: Managed through Pandectes GDPR compliance system with granular controls
4. Data Recipients and International Transfers (Articles 13(1)(e)(f) & 14(1)(e)(f) GDPR)
4.1 Data Processors (Article 28 GDPR)
| Processor | Service | Location | Safeguards |
|---|---|---|---|
| Shopify Inc. | E-commerce platform, hosting | Canada, US, Ireland | DPA, Adequacy Decision (Canada), SCCs |
| Klaviyo | Email marketing | US, Ireland | DPA, Standard Contractual Clauses |
| Microsoft | Analytics, advertising | US, Ireland | EU-US Data Privacy Framework, SCCs |
| Pandectes | GDPR compliance | EU | EU-based processing |
4.2 Joint Controllers and Independent Controllers
| Entity | Relationship | Purpose | Safeguards |
|---|---|---|---|
| Meta (Facebook/Instagram) | Independent Controller | Advertising, analytics | Standard Contractual Clauses |
| Independent Controller | Analytics, advertising | EU-US Data Privacy Framework | |
| TikTok | Independent Controller | Advertising, analytics | Standard Contractual Clauses |
5. Data Retention Periods (Article 13(2)(a) & 14(2)(a) GDPR)
| Data Category | Retention Period | Legal Basis |
|---|---|---|
| Account Data | Until account deletion requested | Contract performance, legitimate interests |
| Order/Transaction Data | 7 years | Legal compliance (tax, accounting laws) |
| Marketing Data | Until consent withdrawn or 3 years inactivity | Consent, legitimate interests |
| Analytics Data | 26 months | Legitimate interests |
| Security Logs | 12 months | Legitimate interests (security) |
6. Your Rights Under GDPR (Articles 15-22)
6.1 Right of Access (Article 15 GDPR)
You have the right to obtain confirmation of whether we process your personal data and access to that data, including information about processing purposes, categories, recipients, retention periods, and your rights.
6.2 Right to Rectification (Article 16 GDPR)
You have the right to have inaccurate personal data corrected and incomplete data completed without undue delay.
6.3 Right to Erasure (Article 17 GDPR)
You can request deletion when data is no longer necessary, you withdraw consent, data has been unlawfully processed, or erasure is required for legal compliance.
6.4 Right to Restrict Processing (Article 18 GDPR)
You can request restriction when you contest data accuracy, processing is unlawful, we no longer need the data but you need it for legal claims, or you've objected to processing.
6.5 Right to Data Portability (Article 20 GDPR)
You can receive your data in a structured, machine-readable format when processing is based on consent or contract and carried out by automated means.
6.6 Right to Object (Article 21 GDPR)
You can object to processing based on legitimate interests or public interest, and you have an absolute right to object to direct marketing.
7. How to Exercise Your Rights
Online: Data Subject Rights Request Form
Email: info@eklexic.com or customersupport@eklexic.com
Phone: (917) 750-8066
Shopify Portal: https://privacy.shopify.com
Response Time: 1 month (extendable by 2 months for complex requests)
Verification: We will verify your identity before processing requests
Free of Charge: Unless requests are manifestly unfounded or excessive
8. Automated Decision-Making and Profiling (Article 22 GDPR)
We use automated processing for fraud detection, website personalization, and marketing optimization. You have the right to request human intervention and contest automated decisions that significantly affect you.
9. Data Security Measures (Article 32 GDPR)
We implement appropriate technical and organizational measures including encryption, access controls, security monitoring, staff training, and incident response procedures.
10. Supervisory Authority and Complaints (Articles 77-78 GDPR)
You have the right to lodge a complaint with a supervisory authority in your country of residence, workplace, or where the alleged infringement occurred.
EU/EEA: Find your local DPA
UK: Information Commissioner's Office
Switzerland: Federal Data Protection Commissioner
11. Cookies and Consent Management
We use Pandectes GDPR compliance system for cookie management. Essential cookies are used without consent, while analytics and marketing cookies require your consent. Manage preferences: Cookie Policy
12. Contact Information
Data Controller: Eklexic Jewelry LLC
Email: info@eklexic.com
Customer Support: customersupport@eklexic.com
Phone: (917) 750-8066
Address: 21926 Town Place Drive, Boca Raton, Florida 33433, United States
Legal Disclaimer: This information helps you understand your rights under GDPR. For complete details about our data processing practices, please refer to our comprehensive Privacy Policy. For specific legal questions, we recommend consulting with a qualified legal professional.
This GDPR compliance page meets all requirements under Articles 13 and 14 GDPR and provides comprehensive information about data processing activities, your rights, and how to exercise them. Last updated: September 4, 2025.
Free Shipping within the USA