Privacy Policy

SandGems bv is committed to protecting your personal data and respecting your privacy. This Privacy Policy explains how we collect, use, store and protect your personal information in accordance with the General Data Protection Regulation (GDPR) (EU) 2016/679 and applicable Belgian privacy legislation.

1. What Personal Data We Collect

Data you provide directly

When you contact us, submit an enquiry, or request a stone, we may collect:

• Name and surname
• Email address
• Phone number
• Company name (if applicable)
• Message content and gemstone preferences
• Billing and shipping address (for purchases)

Data collected automatically

Our website does not use analytics tracking, advertising cookies, or fingerprinting. The only data stored locally on your device is:

• sg_lang:your chosen language preference (EN, NL or FR), stored in browser localStorage
• sg_cookie_ok:records that you have dismissed the cookie notice, stored in browser localStorage
• Supabase auth token:a secure session token stored in browser localStorage when you log in as a member. This is strictly necessary for the member login to function and is not used for tracking.

None of the above are shared with third parties or used for advertising purposes.

2. Why We Process Your Data (Legal Basis)

We process your personal data only where we have a valid legal basis under Article 6 of the GDPR:

• Contract performance:to process orders, respond to enquiries and manage the client relationship.
• Legitimate interests:to improve our services, prevent fraud, and ensure website security.
• Legal obligation:to comply with Belgian and EU legal requirements, including tax and accounting obligations.
• Consent:where you have explicitly opted in to receive marketing communications. You may withdraw consent at any time.

3. How We Use Your Data

We use your personal data for the following purposes:

• Responding to enquiries and stone requests
• Processing orders and managing transactions
• Sending order confirmations and relevant updates
• Sending newsletters or promotional communications (only with your consent)
• Improving our website and services
• Complying with legal and regulatory obligations

We do not sell your personal data to third parties.

4. How Long We Keep Your Data

We retain your personal data only for as long as necessary for the purposes for which it was collected:

• Client and transaction records: 7 years, in accordance with Belgian accounting law.
• Enquiry and contact data: Up to 2 years from last contact, unless a business relationship is established.
• Marketing consent records: Until you withdraw consent or request deletion.
• Website analytics data: Up to 13 months.

5. Who We Share Your Data With

We share your personal data with the following trusted service providers only where necessary:

• Supabase Inc.:our database and authentication provider. Member registration data (name, email, company, VAT number, account tier) is stored securely in Supabase. Supabase is SOC 2 Type II certified and processes data in accordance with GDPR. Data is stored in EU-based servers. See Supabase Privacy Policy.
• Netlify Inc.:our website hosting provider. Netlify processes web requests to serve this website. See Netlify Privacy Policy.
• Legal and accounting advisors:where required by Belgian law or for compliance purposes.

We do not sell, rent or share your data with advertisers or marketing companies. We do not transfer your data outside the European Economic Area (EEA) without appropriate safeguards in place.

6. Cookies & Local Storage

Our website uses browser localStorage (not traditional cookies) for strictly necessary functional purposes only. We do not use advertising cookies, analytics cookies, or any third-party tracking.

We store the following items in your browser's localStorage:

• sg_lang:remembers your language preference (EN, NL or FR) between visits.
• sg_cookie_ok:remembers that you have acknowledged this notice, so it does not appear on every visit.
• Supabase session token:a secure authentication token stored only when you log in as a member. It expires automatically and is required for the member portal to function. It contains no personal data beyond your session identifier.

You can clear all localStorage data at any time through your browser settings (Developer Tools → Application → Local Storage). Clearing the session token will log you out of the member area.

7. Your Rights Under the GDPR

As a data subject under the GDPR, you have the following rights:

To exercise any of these rights, please contact us at info@sandgems.com. We will respond within 30 days.

8. Data Security

SandGems bv takes appropriate technical and organisational measures to protect your personal data against unauthorised access, loss, alteration or disclosure. These measures include secure server hosting, encrypted communications (SSL/TLS), and restricted internal access to personal data.

In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the relevant supervisory authority and, where required, inform you directly without undue delay.

9. Contact & Supervisory Authority

For any questions about this Privacy Policy or to exercise your rights, please contact:

If you are not satisfied with our response, you have the right to lodge a complaint with the Belgian Data Protection Authority:

10. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in legislation or our practices. The date at the top of this page indicates when it was last revised. We encourage you to review this page periodically.

© 2026 SandGems bv, Schupstraat 9-11, box 21, bus 171, 2018 Antwerpen, België