BESPOKE AVAILABLE!

Privacy policy

Last updated: 26 March 2026

How to contact us

Indigo Jewels can be contacted through the contact details provided on this website. Indigo Jewels is responsible for the processing of personal data it collects and handles, in compliance with the requirements set out in Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 (General Data Protection Regulation — GDPR), and Law No. 58/2019 of 8 August, which implements the GDPR within the national legal order.

Why we process your personal data

The personal data we process is always collected for a specific purpose, in accordance with Article 5 of the GDPR, and for a specific processing operation, after which it is anonymised or destroyed. The purposes of processing are as follows:

  • Compliance with legal obligations applicable to us, whether in relation to clients, suppliers, or our staff, under Article 6(1)(c) of the GDPR;
  • Performance of contracts or pre-contractual steps within the scope of our activity, under Article 6(1)(b) of the GDPR;
  • Provision of the services we offer, subject to obtaining the data subject’s consent, under Article 6(1)(a) of the GDPR;
  • Based on legitimate interests, under Article 6(1)(f) of the GDPR, namely in communicating with existing and prospective clients, suppliers, and in the recruitment of staff.

Lawful basis for processing your personal data

The commercial activity of Indigo Jewels involves carrying out personal data processing operations whenever it provides services. The lawfulness of those operations is ensured under Article 6 of the GDPR and may take the following forms:

  • As a processor acting on behalf of a client who, as controller, transmits personal data to us so that we may contact them;
  • In cases where Indigo Jewels is itself the controller, obtaining the data subject’s consent in advance and in a recorded manner.

What we do with your data at the end of processing

The personal data used serves exclusively the purposes described above. Once the processing operation is complete, we proceed to anonymise the records or destroy them entirely, in accordance with Article 5(1)(e) of the GDPR.

Retention period

We only retain personal data for the period necessary to fulfil the purposes for which it was collected, in accordance with Article 5(1)(e) of the GDPR. Where a longer retention period is required by law, the data will be anonymised.

Security

The security of information and the protection of personal data is a priority for Indigo Jewels, in accordance with Article 32 of the GDPR. We ensure that adequate protective measures are in place and that any third parties we engage are contractually bound to provide adequate data protection. Access to personal data is restricted to staff directly involved in processing operations. All personal data is stored in secure systems that are audited and subject to periodic testing.

In the event of a personal data breach, Indigo Jewels will notify the National Data Protection Commission (CNPD) within a maximum of 72 hours of becoming aware of the breach. Where the breach is likely to result in a high risk to data subjects, they will also be informed without undue delay, in accordance with Article 34 of the GDPR.

Confidentiality

We respect the confidentiality of the personal data we process and ensure that it is not disclosed, distributed, or made available to third parties, except in the specific fulfilment of a contracted service in support of the services we provide.

Exercise of data subjects’ rights

Under Articles 15 to 22 of the GDPR, as a data subject, you may exercise the following rights:

  • Access — you may request access to the information we hold about you;
  • Rectification — you may request the correction of inaccurate or incomplete information;
  • Erasure — you may request the deletion of your data when it is no longer necessary for the purpose for which it was collected, under Article 17 of the GDPR;
  • Withdrawal of consent — you have the right to withdraw your consent at any time, without affecting the lawfulness of processing carried out prior to withdrawal;
  • Restriction and objection to processing — under Articles 18 and 21 of the GDPR, you may request the restriction of, or object to, the processing of your data in certain circumstances.

You may also, at any time, request the deletion of your user account, which will result in the erasure of all associated personal data, except for data that must be retained by legal obligation.

Requests may be submitted through the contact details available on this website and will be handled within a maximum period of 30 days, as provided for in Article 12 of the GDPR. This period may be extended by a further two months in cases of particular complexity. You may be asked to provide proof of identity to ensure that data is only shared with its rightful owner.

You also have the right to lodge a complaint with the National Data Protection Commission (CNPD), headquartered at Rua de São Bento, No. 148-3º, 1200-821 Lisbon, via www.cnpd.pt.

Cookies

This section of the policy is prepared pursuant to Law No. 41/2004 of 18 August, as amended by Law No. 46/2012 of 29 August, which transposes the ePrivacy Directive into national law, as well as the GDPR.

What are cookies?

Cookies are small text files that are stored on your device (computer, tablet, or mobile phone) when you visit a website. These files allow the site to recognise your device on future visits and remember certain information about your browsing, such as preferences or items added to your shopping basket. Cookies do not contain viruses and cannot access other files on your device.

What types of cookies are there?

Cookies may be classified according to their origin, duration, and purpose:

By origin:

  • First-party cookies — installed directly by the website you are visiting;
  • Third-party cookies — installed by external entities, such as analytics platforms or social networks, through the website you are visiting.

By duration:

  • Session cookies — temporary cookies that are automatically deleted when you close your browser;
  • Persistent cookies — remain on your device for a defined period, even after closing your browser, until they expire or are manually deleted.

By purpose:

  • Strictly necessary cookies — essential for the basic functioning of the site, such as maintaining your session or shopping basket. These do not require consent under Law No. 41/2004;
  • Preference (functional) cookies — allow the site to remember your choices, such as language or region, to provide a personalised experience;
  • Analytical or performance cookies — collect anonymous information about how users navigate the site, with the aim of improving its performance;
  • Marketing and advertising cookies — used to display relevant adverts based on the user’s interests and to measure the effectiveness of advertising campaigns;
  • Social media cookies — allow content to be shared on social networks and may record your visit to the site for advertising purposes.

Cookies we use

Strictly necessary cookies — do not require prior user consent under Law No. 41/2004:

  • Session (login) cookies — keep the session active between pages, being removed when the session ends, ensuring the security of restricted areas;
  • Shopping basket cookies — ensure that items added to the basket are retained during browsing, allowing orders to be processed correctly;
  • Form cookies — temporarily store information submitted in forms, preventing data loss in the event of an error;
  • User account cookies — manage the registration, authentication, and general administration of the user’s account;
  • Security cookies — used to detect and prevent fraudulent or malicious activity, protecting both the user and the site.

Non-essential cookies — require your prior, express, and informed consent under Article 5 of Law No. 41/2004 and Article 6(1)(a) of the GDPR:

  • Google Analytics — we use Google Analytics to understand how the site is used and to improve the user experience. These cookies may record, for example, the time spent on the site or the pages visited. The data collected is anonymous and aggregated. For more information, please refer to Google’s privacy policy at policies.google.com;
  • Newsletter cookies — used to manage newsletter subscription status and email communications, showing or hiding notifications based on the user’s subscription status;
  • Preference cookies — store user preferences, such as language or content layout, to provide a personalised experience on future visits;
  • Conversion and performance cookies — collect statistics related to purchases and browsing behaviour to support marketing, advertising, and pricing decisions;
  • Testing and improvement cookies — used during testing of new features or design changes, ensuring a consistent experience and allowing measurement of which changes are most valued by users;
  • Survey cookies — used to remember who has already responded to satisfaction surveys or to ensure consistent results when navigating between pages.

How to manage cookies

You may manage or disable cookies at any time through your browser settings. Please refer to the “Help” section of your browser for specific instructions. Please note that disabling certain cookies may limit the functionality of this site, particularly in relation to authentication, the shopping basket, or the personalisation of your browsing experience.

You may also opt out of being tracked by Google Analytics by visiting tools.google.com/dlpage/gaoptout.

Final remarks

This Privacy and Cookies Policy may be updated at any time, with any changes published on this page along with the date of the most recent update. We recommend consulting this document periodically. For any queries relating to the processing of your personal data or the use of cookies, please contact Indigo Jewels through the contact details available on this website.