Privacy Policy

Last Updated: August 22, 2025

At Sona Diamonds, we are committed to protecting your privacy and ensuring the security of your personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website, engage with our services, or interact with us through various channels. We operate in compliance with applicable data protection laws, including the General Data Protection Regulation (GDPR) for individuals in the European Union (EU) or European Economic Area (EEA).

By using our website, purchasing our products, or providing your personal data, you consent to the practices described in this policy. If you do not agree with this policy, please do not use our services.

1. Information We Collect

We collect personal data that you voluntarily provide to us, as well as information automatically collected through your interactions with our services. The types of personal data we may collect include:

  • Personal Identifiers: Name, email address, phone number, postal address, and other contact details.
  • Payment Information: Credit card details, billing address, and transaction history (processed securely via third-party payment gateways).
  • Account Information: Username, password, and preferences if you create an account on our website.
  • Marketing Preferences: Subscriptions to newsletters, opt-ins for email, WhatsApp, or social media communications.
  • Device and Usage Data: IP address, browser type, operating system, pages visited, time and date of visits, and referral sources (collected via cookies and similar technologies).
  • Social Media Data: If you interact with us on social media platforms (e.g., Facebook, Instagram, Twitter/X), we may collect data such as your profile information, likes, comments, and shares.
  • Analytics Data: Aggregated usage statistics, such as website traffic patterns and user behaviour.
  • Other Data: Any additional information you provide, such as inquiries, feedback, or survey responses.

We do not collect sensitive personal data (e.g., racial or ethnic origin, political opinions, religious beliefs) unless explicitly provided by you for a specific purpose.

2. How We Collect Your Data

  • Directly from You: When you fill out forms, make purchases, subscribe to marketing, or contact us via email, phone, WhatsApp, or social media.
  • Automatically: Through cookies, web beacons, and analytics tools when you visit our website or interact with our digital content.
  • From Third Parties: From social media platforms if you connect your account, or from analytics providers like Google Analytics.
  • WhatsApp and Email: When you opt in to receive messages or newsletters, we collect your contact details for communication purposes.

3. How We Use Your Personal Data

We use your personal data for the following purposes:

  • To Provide Services: Process orders, deliver products, manage accounts, and respond to inquiries.
  • To Improve Our Services: Analyse user behaviour to enhance website functionality, product offerings, and customer experience.
  • Marketing and Communications:
    • Email Marketing: Send promotional emails about new products, offers, and events. You can opt out at any time via the unsubscribe link in emails.
    • WhatsApp Marketing: Send updates, offers, and personalised messages via WhatsApp if you have opted in. We use WhatsApp Business API for compliance.
    • Social Media Marketing: Target ads, engage with users, and promote content on platforms like Facebook, Instagram, and Twitter/X. We may use data from these platforms to create lookalike audiences.
  • Analytics: Use tools like Google Analytics to track website performance, user demographics, and engagement metrics. This helps us understand trends and optimise our site.
  • Legal Compliance: Comply with legal obligations, prevent fraud, and enforce our terms.
  • Security: Protect against unauthorised access, maintain data integrity, and monitor for potential threats.

We process your data based on the following legal bases under GDPR:

  • Consent (e.g., for marketing).
  • Contractual necessity (e.g., for order fulfilment).
  • Legitimate interests (e.g., analytics and security).
  • Legal obligations.

4. Sharing Your Personal Data

We may share your data with:

  • Service Providers: Third-party vendors for payment processing, shipping, analytics (e.g., Google Analytics), email services (e.g., Mailchimp), WhatsApp marketing tools, and social media advertising.
  • Business Partners: For joint promotions or affiliate marketing, with your consent.
  • Legal Authorities: If required by law, court order, or to protect our rights.
  • Successors: In the event of a merger, acquisition, or sale of assets.

We ensure all third parties comply with data protection standards and do not share data for their independent use without consent.

5. Data Security

We implement reasonable technical, administrative, and physical measures to protect your personal data from unauthorised access, loss, or alteration. This includes encryption, firewalls, and secure servers. However, no system is completely secure, and we cannot guarantee absolute security.

6. Data Retention

We retain your personal data only as long as necessary for the purposes outlined in this policy, or as required by law. For example:

  • Transaction data: Up to 7 years for accounting purposes.
  • Marketing data: Until you opt out or withdraw consent.
  • Analytics data: Anonymised and retained indefinitely for statistical purposes.

7. Your Rights Under GDPR

If you are in the EU/EEA, you have the following rights regarding your personal data:

  • Access: Request a copy of your data.
  • Rectification: Correct inaccurate data.
  • Erasure ("Right to be Forgotten"): Request deletion of your data under certain conditions.
  • Restriction: Limit processing in specific cases.
  • Objection: Object to processing based on legitimate interests or for direct marketing.
  • Data Portability: Receive your data in a structured, machine-readable format.
  • Withdraw Consent: At any time, without affecting prior processing.
  • Complaint: Complain with a supervisory authority (e.g., your local data protection authority).

To exercise these rights, contact us at support@sonadiamonds.com.au. We will respond within one month, extendable if complex.

8. Cookies and Analytics

We use cookies for essential functions, performance, and targeted advertising. You can manage cookie preferences via your browser settings. For analytics, we use Google Analytics, which collects anonymised data. Opt-out via Google's tools.

9. International Data Transfers

If we transfer data outside the EEA, we use safeguards like Standard Contractual Clauses or adequacy decisions to ensure protection.

10. Children's Privacy

Our services are not intended for children under 16. We do not knowingly collect data from minors without parental consent.

11. Changes to This Policy

We may update this policy periodically. Changes will be posted here with the updated date. Continued use constitutes acceptance.

12. Contact Us

For questions or requests, contact:

Sona Diamonds Email: support@sonadiamonds.com.au

This policy is governed by the laws of Victoria, Australia, and for GDPR purposes, our Data Protection Officer can be reached at the above email.