Crystia | crystia-jewelry.com
Effective Date: February 20, 2026Â |Â Last Updated: February 20, 2026
Crystia is committed to protecting your personal data with full transparency.
This Privacy Policy explains what data we collect, why, and your rights over it.
â We comply with the EU General Data Protection Regulation (GDPR), the French Data Protection Act (Loi Informatique et Libertes), and the California Consumer Privacy Act (CCPA).
â Questions? Contact us anytime at [email protected]
1. Who We Are (Data Controller)
The data controller responsible for your personal information is:
Â
Brand: Crystia
Operated by: KLB ECOM â Kevyn Loux, Auto-Entrepreneur
SIRET: 94929544800029
Address: 59 Rue de Ponthieu, Bureau 326, 75008 Paris, France
Email: [email protected]
Response time: Within 1 business day
Â
As a business registered in France, Crystia is subject to French and European data protection law, including the GDPR. We voluntarily extend equivalent rights and protections to all our customers worldwide, including those in the United States.
2. Personal Data We Collect
2.1 Data You Provide Directly
When you browse, create an account, or place an order, we may collect:
Identity data: first name, last name
Contact data: email address, phone number (if provided)
Shipping data: delivery address, country, postal code
Order data: items purchased, order history, transaction amounts
Payment data: billing address, payment method type (note: full card numbers are never stored by Crystia â they are processed directly by Stripe or PayPal)
Account data: username and password (if you create an account)
Communications: messages you send to our support team
Newsletter preferences: email subscription status (future â via Klaviyo)
2.2 Data Collected Automatically
When you visit crystia-jewelry.com, we automatically collect certain technical data:
IP address and approximate geolocation (country / city level)
Browser type and version, operating system, device type
Pages visited, time spent on pages, referring URLs
Cookie identifiers and advertising IDs (see Section 5 â Cookies)
Clickstream data and interaction events (via Google Analytics, Meta Pixel, TikTok Pixel)
2.3 Data from Third Parties
We may receive limited data about you from third-party services when you interact with our advertising:
From Meta (Facebook/Instagram): ad interaction data, custom audience matching
From Google: ad click data, conversion tracking
From TikTok: ad engagement data, pixel events
These platforms share only aggregated or pseudonymized data with us and are subject to their own privacy policies.
3. How We Use Your Personal Data
The table below details our data processing activities, their purpose, and the legal basis under GDPR:
|
Data Collected |
Purpose |
Legal Basis |
|---|---|---|
|
Name, email, address |
Process and fulfill your order |
Contract performance (Art. 6.1.b GDPR) |
|
Email address |
Send order confirmation and shipping updates |
Contract performance (Art. 6.1.b GDPR) |
|
Email address |
Send marketing newsletters (future) |
Consent (Art. 6.1.a GDPR) |
|
Browsing & device data |
Website analytics and performance (Google Analytics) |
Legitimate interest (Art. 6.1.f GDPR) |
|
Browsing & ad interaction data |
Targeted advertising (Meta, Google, TikTok Ads) |
Consent (Art. 6.1.a GDPR) |
|
Order history |
Fraud prevention and legal compliance |
Legal obligation (Art. 6.1.c GDPR) |
|
All data |
Respond to customer service inquiries |
Legitimate interest (Art. 6.1.f GDPR) |
|
Purchase records |
Accounting and tax obligations (French law) |
Legal obligation (Art. 6.1.c GDPR) |
We will never use your personal data for any purpose incompatible with those listed above without first obtaining your explicit consent.
4. Who We Share Your Data With
Crystia does not sell, rent, or trade your personal data. We share your data only with trusted third-party service providers acting as data processors on our behalf:
Â
4.1 E-commerce & Hosting
WooCommerce / WordPress â website platform and order management (Automattic Inc., USA)
4.2 Payment Processors
Stripe, Inc. (USA) â credit/debit card processing. Privacy: stripe.com/privacy
PayPal Holdings, Inc. (USA) â PayPal payments. Privacy: paypal.com/privacy
Google Pay â processed via Stripe infrastructure
Apple Pay â processed via Stripe infrastructure
These processors are PCI-DSS compliant and operate under their own privacy frameworks. Crystia never stores full card numbers.
4.3 Shipping & Logistics
International shipping carriers (names may vary) â receive your name and delivery address solely to fulfill your order
4.4 Analytics
Google Analytics 4 (Google LLC, USA) â website traffic analysis. We use IP anonymization. Privacy: policies.google.com/privacy
4.5 Advertising Platforms
Meta Platforms, Inc. (USA) â Facebook/Instagram advertising via Meta Pixel
Google LLC (USA) â Google Ads conversion tracking
TikTok Inc. (USA/China) â TikTok advertising via TikTok Pixel
These platforms receive pseudonymized event data (page views, add-to-cart, purchases) for ad targeting and measurement. You can opt out of personalized advertising via your platform settings or our cookie preference center.
4.6 Email Marketing (Future)
Klaviyo, Inc. (USA) â email newsletter platform. Your email and name will be shared only if you subscribe. Privacy: klaviyo.com/legal/privacy
4.7 Legal Disclosure
We may disclose your personal data if required to do so by law, court order, or governmental authority, or if necessary to protect the rights, property, or safety of Crystia, our customers, or others.
5. Cookies & Tracking Technologies
5.1 What Are Cookies?
Cookies are small text files stored on your device when you visit a website. They help us provide a better experience and understand how our site is used.
5.2 Categories of Cookies We Use
Â
STRICTLY NECESSARY â These cookies are essential for the website to function. They cannot be disabled.
ANALYTICS â Help us understand traffic and behavior (Google Analytics). Can be disabled.
ADVERTISING â Enable targeted ads on Meta, Google, and TikTok. Require your consent.
FUNCTIONAL â Remember your preferences (language, cart). Can be disabled.
Â
5.3 Specific Cookies & Third-Party Scripts
_ga, _gid, _gat â Google Analytics 4. Tracks session data and page views. Retention: 2 years max.
_fbp, _fbc â Meta Pixel. Tracks conversions and ad interactions for Facebook/Instagram. Retention: 90 days.
_ttp, tt_webid â TikTok Pixel. Tracks conversions for TikTok Ads. Retention: 13 months.
WooCommerce session cookies â Essential for cart and checkout functionality.
wp_woocommerce_session â Essential WooCommerce cart cookie.
5.4 Your Cookie Choices
You can manage your cookie preferences at any time through our cookie preference center on the website. You may also configure your browser to block or delete cookies, though this may affect website functionality.
To opt out of Google Analytics tracking across sites, visit: tools.google.com/dlpage/gaoptout
To manage Meta ad preferences, visit: facebook.com/settings/ads
To opt out of TikTok advertising, visit: ads.tiktok.com/i18n/optout
6. Data Retention
We retain your personal data only for as long as necessary for the purposes described in this Policy, or as required by law:
Â
Order and transaction data: 10 years (French accounting law obligation)
Customer account data: until account deletion request, plus 3 years
Email marketing data: until unsubscription, plus 3 years
Cookie and analytics data: as specified in Section 5 (maximum 2 years)
Customer support communications: 3 years from last contact
Â
When data is no longer needed, it is securely deleted or anonymized.
7. International Data Transfers
As a French business using US-based service providers (Google, Meta, TikTok, Stripe, PayPal, WooCommerce/Automattic, Klaviyo), your personal data may be transferred to and processed in the United States and other countries outside the European Economic Area (EEA).
Crystia ensures that all such transfers are protected by appropriate safeguards, including:
Standard Contractual Clauses (SCCs) approved by the European Commission
Adequacy decisions where applicable
Service providers participating in the EU-U.S. Data Privacy Framework
Â
You may request information about the specific safeguards applicable to your data transfer by contacting [email protected]
8. Your Rights Under GDPR (EU/EEA Residents)
If you are located in the European Union or European Economic Area, you have the following rights under the GDPR:
Â
Right of access (Art. 15) â Request a copy of all personal data we hold about you
Right to rectification (Art. 16) â Correct inaccurate or incomplete data
Right to erasure (Art. 17) â Request deletion of your personal data (‘right to be forgotten’)
Right to restriction (Art. 18) â Request that we limit how we process your data
Right to data portability (Art. 20) â Receive your data in a machine-readable format
Right to object (Art. 21) â Object to processing based on legitimate interests or for direct marketing
Right to withdraw consent (Art. 7.3) â Withdraw consent at any time without affecting prior processing
Right to lodge a complaint â With the French data protection authority (CNIL): cnil.fr
Â
To exercise any of these rights, contact us at [email protected] with the subject line ‘Data Rights Request’.
â We will respond within 30 days. No fees apply for reasonable requests.
â We may ask you to verify your identity before processing your request.
9. Your Rights Under CCPA (California Residents)
If you are a California resident, the California Consumer Privacy Act (CCPA), as amended by the CPRA, grants you specific rights regarding your personal information:
Â
Right to Know â Request disclosure of the categories and specific pieces of personal information we have collected about you in the past 12 months
Right to Delete â Request deletion of personal information we have collected, subject to certain exceptions
Right to Correct â Request correction of inaccurate personal information
Right to Opt-Out of Sale or Sharing â You have the right to opt out of the ‘sale’ or ‘sharing’ of your personal information for cross-context behavioral advertising
Right to Limit Use of Sensitive Personal Information â We do not collect sensitive personal information as defined under CPRA
Right to Non-Discrimination â We will not discriminate against you for exercising any CCPA rights
Â
9.1 Do We Sell Your Personal Information?
Crystia does not sell your personal information in the traditional sense. However, under the CCPA’s broad definition, sharing data with advertising platforms (Meta, Google, TikTok) for cross-context behavioral advertising may constitute ‘sharing.’
You may opt out of this sharing at any time by:
Using our cookie preference center on the website
Emailing [email protected] with the subject ‘Do Not Share My Personal Information’
Using browser-based opt-out signals such as the Global Privacy Control (GPC)
9.2 Categories of Personal Information Collected (CCPA)
Identifiers: name, email, IP address, order ID
Commercial information: products purchased, order history
Internet activity: browsing data, cookie identifiers, ad interactions
Geolocation data: approximate location from IP address (country/city level)
Â
9.3 How to Submit a CCPA Request
Submit requests by email to [email protected] with the subject line ‘CCPA Privacy Request’. We will respond within 45 days. Requests may be extended by an additional 45 days with notice.
10. Children’s Privacy
crystia-jewelry.com is not directed to children under the age of 13. We do not knowingly collect personal information from children under 13. If you believe we have inadvertently collected such data, please contact us immediately at [email protected] and we will delete it promptly.
For users between 13 and 16 years of age located in California, we will not share your personal information for cross-context behavioral advertising without your explicit opt-in consent.
11. Data Security
Crystia implements appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. These include:
SSL/TLS encryption for all data transmitted via the website (HTTPS)
PCI-DSS compliant payment processing (via Stripe and PayPal)
Access controls limiting internal access to personal data on a need-to-know basis
Regular security reviews of our third-party service providers
Â
While we strive to protect your data, no method of transmission over the Internet or electronic storage is 100% secure. In the event of a personal data breach that is likely to result in risk to your rights and freedoms, we will notify you and the relevant supervisory authority (CNIL) within 72 hours, as required by GDPR Article 33.
12. Third-Party Website Links
crystia-jewelry.com may contain links to third-party websites (social media profiles, payment providers, etc.). Crystia is not responsible for the privacy practices of those websites. We encourage you to review their privacy policies before providing any personal data.
13. Changes to This Privacy Policy
Crystia may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or new services. When we make material changes, we will update the ‘Last Updated’ date at the top of this page.
For significant changes affecting your rights, we will make reasonable efforts to notify you directly by email (if you have an account or newsletter subscription) or via a prominent notice on the website.
Your continued use of crystia-jewelry.com after any changes constitutes your acceptance of the updated Privacy Policy.
14. Contact Us & Data Protection
For any privacy-related questions, requests, or complaints, please contact us:
Â
Brand: Crystia
Data Controller: KLB ECOM â Kevyn Loux
Address: 59 Rue de Ponthieu, Bureau 326, 75008 Paris, France
Email: [email protected]
Subject line: Privacy Request â [Your Request Type]
Response time: Within 30 days (GDPR) / 45 days (CCPA)
Â
EU/EEA Residents â You may also lodge a complaint with the CNIL (French Data Protection Authority):
â cnil.fr/en/complaints | Telephone: +33 (0)1 53 73 22 22
California Residents â You may contact the California Privacy Protection Agency (CPPA):
â cppa.ca.gov
