Last Updated: January 05, 2026

1. Controller and Data Protection Contact

The controller for data processing on this website is:

Vladimir Malikov
am Weidenring 29
61352 Bad Homburg
Germany

Phone: +49 160 5727375
Email: info@am-gemstone.com
VAT ID: DE453068498

For questions about data protection, please contact us using the contact details provided in our imprint.

2. General Information About Data Processing

2.1 Scope of Personal Data Processing

We process personal data of our users only to the extent necessary to provide a functional website and our content and services. The processing of personal data occurs regularly only with the user’s consent. An exception applies in cases where prior consent cannot be obtained for factual reasons and the processing of data is permitted by law.

2.2 Legal Basis for Processing Personal Data

  • Art. 6(1)(a) GDPR serves as the legal basis when we obtain consent for processing personal data.
  • Art. 6(1)(b) GDPR applies when processing personal data is necessary to fulfill a contract or perform pre-contractual measures.
  • Art. 6(1)(c) GDPR applies when processing is necessary to fulfill a legal obligation.
  • Art. 6(1)(f) GDPR applies when processing is necessary to protect our legitimate interests or those of a third party, provided the interests, fundamental rights, and freedoms of the data subject do not outweigh these interests.

2.3 Data Deletion and Storage Duration

Personal data of the data subject will be deleted or blocked as soon as the purpose of storage ceases to apply. Storage may also occur if provided for by European or national legislators in EU regulations, laws, or other provisions to which the controller is subject. Data will also be blocked or deleted when a storage period prescribed by the aforementioned standards expires, unless there is a need for continued storage of the data for the conclusion or fulfillment of a contract.

3. Website Provision and Log Files

3.1 Description and Scope

Each time our website is accessed, our system automatically collects data and information from the accessing computer’s system. The following data is collected:

  • Information about the browser type and version used
  • User’s operating system
  • User’s Internet service provider
  • User’s IP address
  • Date and time of access
  • Websites from which the user’s system reaches our website
  • Websites accessed by the user’s system through our website

This data is also stored in our system’s log files. This data is not stored together with other personal data of the user.

3.2 Legal Basis

The legal basis for temporary storage of data and log files is Art. 6(1)(f) GDPR.

3.3 Purpose

Temporary storage of the IP address by the system is necessary to enable delivery of the website to the user’s computer. For this purpose, the user’s IP address must remain stored for the duration of the session.

Storage in log files occurs to ensure the functionality of the website. Additionally, the data helps us optimize the website and ensure the security of our information technology systems. An evaluation of the data for marketing purposes does not occur in this context.

These purposes also constitute our legitimate interest in data processing according to Art. 6(1)(f) GDPR.

3.4 Storage Duration

Data is deleted as soon as it is no longer necessary to achieve the purpose for which it was collected. When data is collected to provide the website, this is the case when the respective session ends.

When data is stored in log files, this is the case after seven days at the latest. Storage beyond this period is possible. In this case, the users’ IP addresses are deleted or anonymized so that assignment to the accessing client is no longer possible.

3.5 Right to Object

Collection of data for website provision and storage of data in log files is absolutely necessary for the operation of the website. Consequently, there is no right to object.

4. Hosting

4.1 External Hosting Services

This website is hosted by external service providers. Personal data collected on this website is stored on the hosting providers’ servers. This may include IP addresses, contact requests, meta and communication data, contract data, contact details, names, website access, and other data generated via a website.

The hosting provider is used to fulfill our contract with potential and existing customers (Art. 6(1)(b) GDPR) and in the interest of secure, fast, and efficient provision of our online offering by a professional provider (Art. 6(1)(f) GDPR).

Our hosting provider processes your data only to the extent necessary to fulfill its service obligations and follows our instructions regarding this data.

Hosting Provider Server Locations:

  • Germany
  • Finland

4.2 Data Processing Agreement

We have concluded a data processing agreement (DPA) with our hosting provider to ensure compliance with data protection regulations.

5. Customer Account and Guest Checkout

5.1 Customer Account

You can create a customer account in our shop. If you wish, you do not need to create a customer account. You can also complete your order as a guest.

Your data is processed for contract fulfillment (Art. 6(1)(b) GDPR). If you create a customer account, your data will be saved for future orders. As a registered customer, you can access your stored data and previous orders at any time.

5.2 Data Storage

The data provided during registration is stored until you request deletion of your customer account. Statutory storage obligations remain unaffected.

6. Order Processing

6.1 Data Collection

For order processing, we collect and process the following personal data:

  • Name and address
  • Email address
  • Telephone number (for shipping notifications)
  • Payment information

6.2 Legal Basis

Processing of this data is necessary for contract fulfillment (Art. 6(1)(b) GDPR).

6.3 Data Sharing with Third Parties

For order fulfillment, we share your data with the following service providers:

Shipping Service Providers
Your postal address, email address, and telephone number are transmitted to our shipping service providers for delivery and shipping notifications, based on your consent (Art. 6(1)(a) GDPR).

For more information about our shipping process, please see our Shipping & Delivery page.

Payment Service Providers
Your payment data is transmitted to the relevant payment service provider for payment processing.

For detailed information about payment methods, please see our Payment Methods page.

6.4 Storage Duration

Order data is stored for the duration required by tax and commercial law (generally 10 years).

7. Newsletter

7.1 Scope of Data Processing

You can subscribe to a free newsletter on our website. When subscribing to the newsletter, the data from the input mask is transmitted to us:

  • Email address

Additionally, the following data is collected during registration:

  • IP address of the accessing computer
  • Date and time of registration

For processing data, your consent is obtained during the registration process, and reference is made to this privacy policy.

7.2 Newsletter Tracking

Our newsletters contain tracking technologies. With your separate consent, we use technologies to track whether newsletters are opened and which links are clicked (Art. 6(1)(a) GDPR).

This data is used to improve our newsletter campaigns and better tailor content to your interests.

7.3 Email Marketing Provider

Newsletters are sent through external email marketing providers:

  • Server Location: Germany
  • Data Processing Agreement: A DPA has been concluded

7.4 Review Requests

With your consent, we send review request emails after purchase. Your email address is shared with our review service provider located in Germany.

7.5 Withdrawal of Consent

You can withdraw your consent to the storage of data, email address, and their use for newsletter delivery at any time. The withdrawal can be made via a link in the newsletter itself or by sending a message to the contact details provided in the imprint.

8. Cookies and Consent Management

8.1 Use of Cookies

Our website uses cookies. Cookies are text files that are stored in the Internet browser or by the Internet browser on the user’s computer system. When a user visits a website, a cookie may be stored on the user’s operating system. This cookie contains a characteristic string that enables unique identification of the browser when the website is revisited.

8.2 Cookie Categories

We use different types of cookies:

Essential Cookies
These cookies are strictly necessary for the website to function. They enable basic functions such as page navigation and access to secure areas of the website. The website cannot function properly without these cookies.

Functional Cookies
These cookies enable enhanced functionality and personalization, such as language preferences and user preferences.

Analytics and Marketing Cookies
These cookies are used only with your consent to analyze website usage and for marketing purposes.

8.3 Consent Management Platform

We use a Consent Management Platform (CMP) to manage cookie consents:

devowl.io GmbH
Rathausstraße 32
82194 Gröbenzell
Germany

  • Server Location: Germany
  • Storage Technology: Cookies
  • Storage Duration: 1 year
  • Local Storage: Consent data is stored only on your device and not transmitted to the CMP provider

8.4 Legal Basis

  • Essential cookies: Art. 6(1)(f) GDPR (legitimate interest in website functionality)
  • Analytics and marketing cookies: Art. 6(1)(a) GDPR (your consent)

8.5 Managing Cookie Preferences

You can manage your cookie preferences at any time through the privacy settings button on our website.

9. Web Analysis and Online Marketing

9.1 Google Analytics 4

This website uses Google Analytics 4, a web analytics service provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”).

Scope of Processing
Google Analytics uses cookies to analyze your use of the website. Information generated by the cookie about your use of this website is usually transmitted to and stored on a Google server.

IP addresses are only stored for the purpose of deriving location data and are then deleted. Google Analytics 4 does not offer IP anonymization as a separate setting since IP addresses are automatically anonymized.

Legal Basis
Processing is based on your consent (Art. 6(1)(a) GDPR).

Data Processing Agreement
We have concluded a data processing agreement with Google.

Google Analytics Consent Mode
We use Google Analytics Consent Mode. When you have not consented to analytics cookies, only essential technical data is transmitted to Google without additional tracking.

Data Transfer
Google LLC is certified under the EU-US Data Privacy Framework. Data may also be transferred to countries without an adequacy decision, with appropriate safeguards through EU Standard Contractual Clauses.

We obtain your explicit consent for data transfers to third countries through our consent management platform.

9.2 Google Maps

This website uses the Google Maps service. The provider is Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.

To use Google Maps functions, it is necessary to store your IP address. This information is usually transmitted to and stored on a Google server in the USA.

Legal Basis
Processing is based on your consent (Art. 6(1)(a) GDPR) and our legitimate interest in presenting our location information (Art. 6(1)(f) GDPR).

Joint Controllership
We have concluded an agreement on joint controllership with Google for the use of Google Maps.

9.3 Google reCAPTCHA

We use Google reCAPTCHA on this website to protect against spam and abuse. The provider is Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.

reCAPTCHA analyzes user behavior based on various characteristics to distinguish between humans and bots. Analysis begins automatically as soon as the user enters the website.

Legal Basis
Processing is based on your consent (Art. 6(1)(a) GDPR) and our legitimate interest in protecting our website from abusive automated access (Art. 6(1)(f) GDPR).

Joint Controllership
We have concluded an agreement on joint controllership with Google for the use of reCAPTCHA.

9.4 Google Tag Manager

We use Google Tag Manager, a service provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.

Google Tag Manager is a tool for managing website tags via a single interface. The Tag Manager itself does not collect personal data but manages the activation of other tools that may collect data.

Legal Basis
Processing is based on your consent (Art. 6(1)(a) GDPR).

Data Processing Agreement
We have concluded a data processing agreement with Google.

9.5 Google Fonts

This website uses Google Fonts for uniform font display. When you access our pages, your browser loads the required fonts into its cache to display texts and fonts correctly.

For this purpose, the browser you use must connect to Google’s servers. This allows Google to know that our website was accessed via your IP address.

Legal Basis
Processing is based on your consent (Art. 6(1)(a) GDPR).

Data Transfer
Google LLC is certified under the EU-US Data Privacy Framework.

10. Social Media

10.1 Social Media Plugins (Shariff Solution)

We use social media plugins on our website using the “Shariff” solution. This solution prevents plugins from automatically transmitting data to social networks when you visit a page.

A direct connection to the provider’s servers is only established when you actively click the plugin button. We use Shariff plugins for the following services:

  • Facebook (Meta Platforms Inc.)
  • Instagram (Meta Platforms Inc.)
  • Pinterest
  • WhatsApp

Legal Basis
Processing is based on your consent when you click the button (Art. 6(1)(a) GDPR).

10.2 Social Media Presence

We maintain profiles on the following social media platforms:

  • Facebook (Meta Platforms Inc.)
  • YouTube (Google LLC)
  • Instagram (Meta Platforms Inc.)
  • Pinterest

Joint Controllership
When you visit our social media pages, we share joint responsibility with the platform provider for certain data processing operations. We have concluded agreements on joint controllership with these providers.

Legal Basis
Processing is based on our legitimate interest in social media presence (Art. 6(1)(f) GDPR).

Data Transfer
These platforms may transfer data to the USA. Providers certified under the EU-US Data Privacy Framework ensure adequate data protection. For others, EU Standard Contractual Clauses apply.

11. Facebook Marketing Tools

11.1 Facebook Pixel

This website uses the Facebook Pixel from Meta Platforms Inc., 1601 Willow Road, Menlo Park, CA 94025, USA.

The Facebook Pixel allows Facebook to identify visitors to our website as a target group for displaying advertisements (“Facebook Ads”). We use it to display our Facebook Ads only to Facebook users who have shown interest in our online offering.

Legal Basis
Processing is based on your consent (Art. 6(1)(a) GDPR).

11.2 Facebook Custom Audiences

We use Facebook Custom Audiences to create target groups based on website visitors, customer lists, or other sources.

Legal Basis
Processing is based on your consent (Art. 6(1)(a) GDPR).

11.3 Facebook Remarketing and Conversions

We use Facebook Pixel to track conversions and remarketing:

  • Remarketing: Showing ads to previous website visitors
  • Conversions: Measuring the effectiveness of Facebook Ads

Legal Basis
Processing is based on your consent (Art. 6(1)(a) GDPR).

11.4 Data Transfer

Meta Platforms Inc. is certified under the EU-US Data Privacy Framework. Data may also be transferred to countries without adequacy decisions, with appropriate safeguards through EU Standard Contractual Clauses.

We obtain your explicit consent for data transfers to third countries through our consent management platform.

12. Payment Services

We offer the following payment methods on our website. For complete information about all payment options, please see our Payment Methods page.

12.1 Klarna/Sofort

Provider:
Klarna Bank AB (publ)
Sveavägen 46
111 34 Stockholm
Sweden

When you select Klarna payment methods, your payment data is transmitted to Klarna for payment processing.

Legal Basis
Processing is necessary for contract fulfillment (Art. 6(1)(b) GDPR).

Data Transfer
Klarna may transfer data to countries outside the EU/EEA. Appropriate safeguards are provided through EU Standard Contractual Clauses.

12.2 Credit Card

When paying by credit card, your card information is transmitted directly to the payment service provider. We do not store complete credit card information.

Processing Time: Your credit card is charged when you complete the order.

Legal Basis: Art. 6(1)(b) GDPR (contract fulfillment)

12.3 SEPA Direct Debit

When paying via SEPA direct debit, you authorize us to collect the purchase amount from your account. The debit occurs before shipping the goods.

Legal Basis: Art. 6(1)(b) GDPR (contract fulfillment)

12.4 PayPal

Provider:
PayPal (Europe) S.à r.l. et Cie, S.C.A.
22-24 Boulevard Royal
L-2449 Luxembourg

When you select PayPal, your payment data is transmitted to PayPal. The payment transaction is processed when you complete the order.

Legal Basis: Art. 6(1)(b) GDPR (contract fulfillment)

13. Video Embedding

13.1 YouTube Videos

We embed YouTube videos on our website. The provider is Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.

We use YouTube in extended data protection mode, which according to YouTube means that YouTube does not store information about website visitors unless they play a video.

Legal Basis
Processing is based on your consent (Art. 6(1)(a) GDPR) when you play a video, and our legitimate interest in presenting media content (Art. 6(1)(f) GDPR).

Data Transfer
Google LLC is certified under the EU-US Data Privacy Framework.

14. Your Rights as a Data Subject

When your personal data is processed, you are a data subject within the meaning of the GDPR and have the following rights:

14.1 Right to Information

You can request confirmation from us as to whether personal data concerning you is being processed.

If such processing is taking place, you can request information about:

  • The purposes for which the personal data is being processed
  • The categories of personal data being processed
  • The recipients or categories of recipients to whom the personal data has been or will be disclosed
  • The planned duration of storage
  • The existence of a right to correction, deletion, restriction of processing, or objection
  • The existence of a right to lodge a complaint with a supervisory authority
  • All available information about the origin of the data if it was not collected from you
  • The existence of automated decision-making including profiling

14.2 Right to Correction

You have the right to correction and/or completion if the personal data processed concerning you is incorrect or incomplete.

14.3 Right to Restriction of Processing

You can request the restriction of processing of your personal data under the following conditions:

  • If you contest the accuracy of the data
  • If processing is unlawful but you oppose deletion
  • If we no longer need the data, but you need it for legal claims
  • If you have objected to processing pending verification

14.4 Right to Deletion

You can request the deletion of your personal data if:

  • The data is no longer necessary for the purposes for which it was collected
  • You withdraw your consent and there is no other legal basis
  • You object to processing and there are no overriding legitimate grounds
  • The data has been processed unlawfully
  • Deletion is necessary to comply with a legal obligation

Exceptions
The right to deletion does not exist if processing is necessary:

  • To exercise the right to freedom of expression and information
  • To comply with a legal obligation
  • For reasons of public interest
  • To establish, exercise, or defend legal claims

14.5 Right to be Informed

If you have exercised your right to correction, deletion, or restriction of processing, we are obligated to inform all recipients to whom your personal data has been disclosed of this correction, deletion, or restriction unless this proves impossible or involves disproportionate effort.

14.6 Right to Data Portability

You have the right to receive the personal data concerning you in a structured, commonly used, and machine-readable format, and to transmit this data to another controller without hindrance.

14.7 Right to Object

You have the right to object at any time, for reasons arising from your particular situation, to the processing of personal data concerning you that is based on Art. 6(1)(f) GDPR (legitimate interests).

If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for processing that override your interests, rights, and freedoms, or the processing serves to establish, exercise, or defend legal claims.

Special Right to Object for Direct Marketing
If personal data is processed for direct marketing purposes, you have the right to object at any time to the processing of personal data for such marketing. This also applies to profiling insofar as it is related to such direct marketing.

14.8 Right to Withdraw Consent

You have the right to withdraw your consent to data processing at any time. The withdrawal of consent does not affect the lawfulness of processing carried out on the basis of consent before its withdrawal.

14.9 Right to Lodge a Complaint

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority if you believe that the processing of personal data concerning you violates the GDPR.

Responsible Supervisory Authority:
The supervisory authority responsible depends on your place of residence or workplace. In Germany, state data protection authorities are responsible.

15. Online Dispute Resolution

15.1 EU Platform

The European Commission provides a platform for online dispute resolution (ODR), which you can find at:
https://ec.europa.eu/consumers/odr/

Our email address is: info@am-gemstone.com

15.2 Consumer Arbitration

We are willing to participate in dispute resolution proceedings before a consumer arbitration board.

Responsible Arbitration Board:

Universalschlichtungsstelle des Bundes
Zentrum für Schlichtung e.V.
Straßburger Straße 8
77694 Kehl am Rhein
Germany

Website: https://www.verbraucher-schlichter.de

We are not obligated to participate in dispute resolution proceedings before a consumer arbitration board, but we are willing to do so.

16. Data Security

We use appropriate technical and organizational security measures to protect your data against accidental or intentional manipulation, partial or complete loss, destruction, or unauthorized access by third parties. Our security measures are continuously improved in line with technological developments.

All employees who have access to your data are obligated to maintain confidentiality.

17. Third-Country Data Transfers

Some of our service providers are located in countries outside the European Economic Area (third countries) or process data there. This only occurs with your explicit consent obtained through our consent management platform.

Safeguards:

  • EU-US Data Privacy Framework: For service providers certified under this framework
  • EU Standard Contractual Clauses: For transfers to countries without adequacy decisions
  • Explicit consent: For transfers where additional risks may exist

Despite all safeguards, data transfers to third countries may involve risks such as access by government authorities. We inform you about these risks in our consent management platform.

18. Changes to this Privacy Policy

We reserve the right to update this privacy policy to reflect changes in data processing practices or legal requirements. The current version is always available on our website.

Last Updated: December 25, 2025

19. Contact

If you have questions about data protection, please contact us:

Vladimir Malikov
am Weidenring 29
61352 Bad Homburg
Germany

Email: info@am-gemstone.com
Phone: +49 160 5727375

For general inquiries, please visit our Contact page.

Related Policies

For complete information about your rights and our obligations, please also review:

Thank you for trusting AM Gemstone with your personal data.