Insured worldwide shipping · Authenticity guaranteed for life · The Certifié Promise
Legal

Privacy Notice

Last updated: 2026-04-01

This Privacy Notice explains how Certifié Luxe ("the house," "we") collects, uses, retains, and shares your personal data when you visit certifie-luxe.com, when you transact with us, and when you correspond with us.

1. Who we are

Certifié Luxe is operated by Certifié Luxe Limited (UK) and Certifié Luxe Mücevherat A.Ş. (Türkiye) as joint controllers for cross-border activity. Our Data Protection Officer can be reached at dpo@certifie-luxe.com.

2. Data we collect

We collect: contact information (name, email, phone, address); transactional information (orders, consignments, certificates, KYC documents above £10,000); behavioural information (pages viewed, watchlist, marketing engagement) — only with your consent; and authentication evidence (photographs, descriptions of pieces).

3. Lawful bases

We process personal data on the bases of contract (when you transact with us), legitimate interest (operating the house, fraud prevention, internal analytics), legal obligation (tax, AML/KYC, sanctions screening), and consent (marketing, non-essential cookies).

4. Sharing

We share data only with carefully vetted processors necessary for our service: payment processors (Stripe, iyzico), shipping carriers (Brink's, FedEx), KYC providers (Onfido), email providers, and our advisors. We do not sell data and we do not use behavioural data for third-party advertising.

5. Your rights

You have the right of access, rectification, erasure, restriction, portability, and objection. You may exercise any right at privacy@certifie-luxe.com. Turkish residents may also contact the Turkish Data Protection Authority. EU/UK residents may complain to their national supervisory authority. UAE/KSA residents may contact the local PDPL regulator.

6. Retention

Marketing data: until you withdraw consent. Transactional data: 7 years (legal requirement). KYC data: 7 years from the last transaction. Behavioural data: 24 months.

7. Security

We protect your data with TLS 1.3 in transit, AES-256 at rest, two-factor authentication on accounts placing transactions ≥ £5,000, and a documented incident response procedure. See our Security & Compliance overview at /authentication/.

8. Updates

We may update this notice. The date of last change appears at the top of this page. Material changes are notified to registered clients by email.