PRIVACY POLICY

General Data Protection Regulation (GDPR) Compliant

1. Introduction

New Goi Gems S.r.l. (“we,” “us,” or “our”) is a wholesale diamond and precious gemstone trading company headquartered in Milan, Italy. We supply diamonds and a curated selection of precious gemstones including emeralds, rubies, sapphires, aquamarine, tanzanite and other fine stones to jewellery manufacturers, wholesalers, and international gemstone buyers worldwide.

This Privacy Policy explains how we collect, use, store, disclose, and protect personal information when you visit our website at https://newgoigems.com or otherwise interact with us. It applies to all visitors, prospective buyers, existing clients, and any individual whose personal data we process in connection with our business activities.

As a company established and operating in Italy, we are subject to Article 13 of the General Data Protection Regulation (EU) 2016/679 (“GDPR”), the Italian Personal Data Protection Code (Legislative Decree No. 196/2003, as amended by Legislative Decree No. 101/2018), and all applicable EU and Italian data protection legislation. We are committed to full compliance with these laws and to the protection of your privacy

By using our Website, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with any part of this Policy, please discontinue your use of the Website.

2. Information We Collect

We collect two categories of information: personal data and non-personal data.

2.1 Personal Data

Personal data means any information that can identify you directly or indirectly as a natural person. We may collect the following personal data:

  • Full name and professional title
  • Business name and company registration details
  • Email address
  • Telephone and/or mobile number
  • Business postal address and billing address
  • Country of residence or business registration
  • Communication history and preferences
  • Enquiry details, including specific gemstone or diamond requirements
  • Any other information you voluntarily provide to us through contact forms, emails, or direct communications

2.1 Personal Data

Non-personal data is information that cannot, on its own, identify you as an individual. This includes:

  • Browser type and version
  • Device type and operating system
  • IP address (anonymised where technically feasible)
  • Pages visited, session duration, and navigation paths on the Website
  • Referring URL or search query terms
  • Geographic region (country or city level)
  • Language preferences

3. How We Collect Information

We collect information through the following channels:

3.1 Directly From You

  • Contact and enquiry forms on the Website
  • Email correspondence and telephone communications
  • Business card exchanges, trade fair interactions, or direct meetings
  • Account registration, where applicable
  • Requests for quotations, product catalogues, or certification documents

3.2 Automatically

  • Cookies and similar tracking technologies when you browse the Website (see Section 5)
  • Web analytics tools that record behavioural and technical data
  • Server logs that capture access times, referring pages, and IP addresses

3.3 From Third Parties

  • Business directories, trade associations, and publicly available commercial databases
  • Social media platforms, where you interact with our official profiles
  • Referrals from existing clients or business partners

4. How We Use the Information

We process personal data only where we have a lawful basis to do so under the GDPR. The applicable legal bases are: (i) performance of a contract; (ii) compliance with a legal obligation; (iii) our legitimate interests; or (iv) your consent. We use your information for the following purposes:

4.1 Business and Commercial Purposes

  • To respond to your enquiries, requests for quotations, and business communications in a timely manner
  • To process and fulfil commercial orders for diamonds and gemstones
  • To issue invoices, certificates of authenticity, and related commercial documentation
  • To provide after-sales support, including grading certificate verification and delivery tracking
  • To manage our ongoing business relationship with wholesale clients and trade buyers

4.2 Marketing and Communications

  • To send product updates, new collection announcements, and promotional materials, subject to your consent
  • To invite you to trade events, exhibitions, and industry fairs in which we participate
  • To conduct customer satisfaction surveys and improve our services

4.3 Legal and Compliance Purposes

  • To comply with Italian and EU legal obligations, including anti-money laundering (AML) regulations applicable to the gemstone and diamond trade
  • To maintain accurate business records as required by Italian tax and commercial law
  • To detect, prevent, and investigate fraudulent activity or breaches of our terms
  • To respond to lawful requests from competent public authorities

4.4 Website and Service Improvement

  • To analyse Website traffic and user behaviour in order to improve content, navigation, and overall user experience
  • To ensure the technical security and proper functioning of the Website

 

We will never sell, rent, or transfer your personal data to unaffiliated third parties for their own commercial or marketing purposes.

5. Cookies and Tracking Technologies

5.1 What Are Cookies?

Cookies are small text files placed on your device by websites you visit. They are widely used to make websites function correctly, to improve user experience, and to provide website operators with analytical information.

5.2 Types of Cookies We Use

  • Strictly Necessary Cookies: Essential for the Website to function. These cookies cannot be disabled without affecting core Website functionality.
  • Performance and Analytics Cookies: Used to understand how visitors interact with the Website, such as which pages are visited most frequently. This information is collected in aggregate and anonymised form.
  • Functional Cookies: Used to remember your preferences (such as language or region) to enhance your experience.
  • Marketing Cookies: Used where applicable to deliver relevant content and track the effectiveness of outreach. These are only placed with your prior consent.

5.3 Your Cookie Choices

In accordance with GDPR and the Italian ePrivacy rules (Legislative Decree No. 69/2012), we will seek your consent before placing non-essential cookies. You may modify or withdraw your consent at any time through our cookie consent banner or by adjusting your browser settings.

Please note that disabling certain cookies may affect the functionality and performance of the Website. For guidance on managing cookies across different browsers, you may visit the website of the relevant supervisory authority or www.allaboutcookies.org.

6. Third-Party Services

To operate our Website and conduct our business effectively, we engage trusted third-party service providers who may process personal data on our behalf. These providers act as data processors under the GDPR and are contractually bound to process data only in accordance with our instructions and applicable law.

6.1 Service Categories

Web Hosting and Cloud Infrastructure: Our Website is hosted on secure servers. Hosting providers may process technical data such as IP addresses and access logs as part of service delivery.

Web Analytics: We use web analytics tools (such as Google Analytics or equivalent services) to measure Website performance. These tools may collect anonymised usage data including page views, session durations, and traffic sources

Email Communication: We use professional email service providers to manage business correspondence and, where consented, marketing communications.

Customer Relationship Management (CRM): We may use CRM software to manage client data and business interactions.

Payment Processing: Where applicable, payments are processed through compliant third-party payment gateways. We do not store payment card details on our systems.

6.2 Disclosure to Third Parties

We may disclose personal data to third parties in the following limited circumstances:

  • To comply with a legal obligation or lawful order by a competent authority
  • To enforce our contractual rights or defend against legal claims
  • In connection with a business transfer, merger, acquisition, or restructuring, provided the acquiring party agrees to honour the terms of this Privacy Policy
  • With your explicit prior consent

7. Data Protection and Security

The security of your personal data is a matter of the highest importance to us. We implement appropriate technical and organisational measures to protect personal data against accidental loss, unauthorised access, alteration, disclosure, or destruction. These measures include:

  • SSL/TLS encryption for all data transmitted between your browser and our Website
  • Restricted access controls ensuring that personal data is accessible only to authorised personnel with a legitimate business need
  • Secure hosting environments with regular vulnerability assessments and monitoring
  • Internal data handling policies and staff training on data protection obligations
  • Regular review and updating of our security practices in line with evolving threats and regulatory guidance

 

In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the competent supervisory authority (the Italian Garante) within 72 hours of becoming aware of the breach, as required by Article 33 of the GDPR. Where the breach poses a high risk to affected individuals, we will also notify those individuals without undue delay.

Whilst we take all reasonable steps to protect your data, no method of electronic storage or internet transmission is entirely secure. We therefore cannot guarantee absolute security.

8. International Data Transfers

New Goi Gems is established in Milan, Italy, and our primary data processing operations are conducted within the European Union. As such, the majority of your personal data remains within the EU/EEA, which is subject to the full protections of the GDPR.

However, given the international nature of the diamond and gemstone trade, we may on occasion transfer personal data to recipients located outside the EU/EEA, including in countries such as India, the United States, the United Arab Emirates, or other gemstone trading hubs. Where such transfers occur, we ensure an adequate level of protection is maintained by relying on one or more of the following safeguards:

  • An adequacy decision by the European Commission confirming that the destination country provides an adequate level of data protection
  • Other appropriate safeguards as permitted under Article 46 or Article 49 of the GDPR

 

You may request further information about the specific safeguards applied to any international transfers by contacting our Data Protection contact at the details provided in Section 13.

9. Your Rights Under GDPR

If you are located in the European Union or European Economic Area, or if your data is processed by us as a data controller subject to GDPR, you have the following rights with respect to your personal data. We will respond to all verified requests within one calendar month, with the possibility of extension by a further two months in cases of complexity, as permitted by Article 12 of the GDPR.

To exercise any of the above rights, please submit a written request to our Data Protection contact using the details set out in Section 13. We may request proof of identity before processing your request. The exercise of these rights is free of charge, unless requests are manifestly unfounded or excessive, in which case we reserve the right to charge a reasonable administrative fee or refuse the request, in accordance with Article 12(5) GDPR.

10. Third-Party Links

Our Website may contain links to third-party websites, social media platforms, trade directories, or gemological institute websites. These links are provided for your convenience and informational purposes only.

New Goi Gems does not operate, control, or endorse the content, privacy practices, or data handling policies of any third-party website. We encourage you to review the privacy policy of any third-party site you visit. We accept no responsibility or liability for any data processing carried out by third-party websites.

11. Data Retention

We retain personal data only for as long as is necessary to fulfill the purposes for which it was collected, or as required by applicable law. The following retention principles apply:

  • Business enquiry and contact data: Retained for 3 years from last interaction, unless a commercial relationship develops.
  • Client and commercial transaction data: Retained for a minimum of 10 years from the date of the last transaction, in compliance with Italian civil and tax law obligations.
  • Marketing consent records: Retained until consent is withdrawn and for a reasonable period thereafter as evidence of prior consent.
  • Website analytics data: Retained in anonymised or aggregated form for up to 26 months
  • Anti-money laundering records: Retained in accordance with Italian Legislative Decree No. 231/2007 implementing the EU’s Fourth Anti-Money Laundering Directive.

 

Upon the expiry of the applicable retention period, personal data is securely deleted, anonymised, or otherwise disposed of in a manner appropriate to its sensitivity.

12. Policy Updates

We reserve the right to review and amend this Privacy Policy at any time, in response to changes in applicable law, regulatory guidance, our business practices, or the services we offer. Any updated version will be published on this page with a revised “Last Updated” date.

Where changes are material in nature, for example, changes to how we use your personal data or to your rights, we will provide a prominent notice on the Website and, where appropriate and practicable, notify you by email. We encourage you to review this Policy periodically.

Your continued use of the Website following the publication of an updated Privacy Policy constitutes your acknowledgement of the revised terms. If you do not agree to the updated Policy, you should discontinue use of the Website and contact us to have your data deleted.

13. Contact Information

If you have any questions, concerns, or requests regarding this Privacy Policy, or if you wish to exercise your data protection rights, please contact us using the details below. All privacy-related enquiries will be handled with strict confidentiality.

If you are not satisfied with our response, or if you believe that your data is being processed in violation of applicable law, you have the right to lodge a complaint with the Italian Data Protection Authority:

This Privacy Policy was prepared for New Goi Gems and is intended for use on the website newgoigems.com. It is governed by Italian law and the General Data Protection Regulation (EU) 2016/679.