Grown Lab Diamond / Astrid Gold BV is committed to protecting your personal data. This Privacy Policy explains what information we collect, how we use it, and your rights under the General Data Protection Regulation (GDPR) and Belgian privacy law.
1. Data Controller
Astrid Gold BV (trading as Grown Lab Diamond)
Koningin Astridplein 31 bus 43, 2018 Antwerpen, Belgium
VAT: BE0720809473
Email: info@astridgold.be
Phone: +32 490 25 90 05
2. Personal Data We Collect
Data You Provide Directly
- Contact information: name, email address, phone number, delivery address
- Order information: purchase history, product preferences, ring size
- Communication: messages sent via our contact form, email, or boutique visits
- Account data: if you create a customer account, your login credentials (passwords are encrypted)
Data Collected Automatically
- Technical data: IP address, browser type, operating system, referring URL
- Usage data: pages visited, time on site, clicks, and navigation patterns
- Cookie data: see our Cookie Policy for full details
3. How We Use Your Data
We process your personal data only for the following lawful purposes:
- Contract performance: processing orders, arranging delivery, handling returns and warranty claims
- Legitimate interest: fraud prevention, security, improving our services
- Legal obligation: complying with Belgian tax, accounting, and consumer protection law
- Consent: sending promotional emails and newsletters (only when you have opted in)
We do not sell, rent, or trade your personal data to third parties for their marketing purposes.
4. Data Sharing
We share your data only when necessary, with the following categories of recipients:
- Delivery partners: bPost, DHL, FedEx — to fulfil your order
- Payment processors: Stripe, PayPal, Klarna — for secure payment handling
- IT providers: web hosting, CRM, and email service providers (data processing agreements in place)
- Legal authorities: when required by law or court order
All third-party processors are contractually required to handle your data securely and in compliance with GDPR.
5. Data Retention
We retain your personal data for as long as necessary to fulfil the purposes for which it was collected, subject to the following retention periods:
- Order and transaction records: 7 years (Belgian accounting law)
- Customer account data: until account deletion or 3 years of inactivity
- Marketing consent: until you withdraw consent or 2 years of inactivity
- Cookie and analytics data: as set out in our Cookie Policy (typically 13 months)
6. Your Rights Under GDPR
As a data subject in the EU, you have the following rights:
Request a copy of all personal data we hold about you.
Ask us to correct inaccurate or incomplete data.
Request deletion of your data ("right to be forgotten"), subject to legal obligations.
Ask us to restrict processing of your data in certain circumstances.
Receive your data in a structured, machine-readable format.
Object to processing based on legitimate interest, including direct marketing.
To exercise any of these rights, email us at info@astridgold.be with the subject line "GDPR Request". We will respond within 30 days. You also have the right to lodge a complaint with the Belgian Data Protection Authority (APD / GBA) at dataprotectionauthority.be.
7. Security
We implement industry-standard technical and organisational measures to protect your personal data against unauthorised access, disclosure, alteration, or destruction. These include SSL/TLS encryption, access controls, and regular security reviews. Despite our precautions, no transmission over the internet is 100% secure; if you believe your data has been compromised, please contact us immediately.
8. International Transfers
Your data is processed primarily within the European Economic Area (EEA). Where data is transferred outside the EEA (e.g., to a cloud provider with US-based servers), we ensure adequate safeguards are in place, such as Standard Contractual Clauses (SCCs) approved by the European Commission.
9. Changes to This Policy
We may update this Privacy Policy periodically. Changes are effective upon publication. We will notify you of significant changes by email or by displaying a prominent notice on our website. We encourage you to review this page regularly.