Brilliani — Compliance Condo B.V.
Privacy Policy
Version 2.0 — June 2026
This privacy policy explains how we handle your personal data across our websites, including our webshop at www.brilliani.com and Brilliani Labs at brillianilabs.com (our real-time diamond simulator and professional tools).
1. Who are we?
Brilliani is the trade name of Compliance Condo B.V., a private limited company established in the Netherlands that sells jewellery through its webshop at www.brilliani.com and operates the Brilliani Labs tools at brillianilabs.com.
We act as the data controller for the personal data we process in the course of our services.
2. What personal data do we process?
We may process the following categories of personal data about you:
2.1 Order data
- First and last name
- Delivery and billing address
- Email address
- Phone number (optional)
- Payment details (processed via our payment service provider; we do not store full card details)
- Order history and order status
- Customisation instructions or engraving text (for made-to-order products)
2.2 Account data
- Login details (email address and encrypted password)
- Address book and preferences
2.3 Communication data
- Messages sent by email or contact form
- Complaints and service requests
2.4 Marketing and analytics data
- Email address (newsletter)
- IP address and cookie IDs
- Click and browsing behaviour on the webshop
- Browser type and device data
2.5 Brilliani Labs account and usage data Brilliani Labs
- Google sign-in data. When you sign in to Brilliani Labs with Google, we receive from Google your name, email address, and your unique Google account identifier. We use these to create and recognise your account.
- Session data. While you are signed in we set a secure, HttpOnly session cookie and keep a matching session record so you stay logged in. Session tokens are stored only in hashed form.
- Usage / activity log. While you are signed in, we record which pages and tools you open, together with the date and time and your approximate location (country, derived from your IP address). We use this to keep the tools secure and to understand how our professional users use them.
3. On what basis and for what purpose do we process your data?
| Purpose | Basis (GDPR Art. 6) | Retention period |
|---|---|---|
| Performance of the purchase agreement (processing orders, shipping, invoicing) | Performance of a contract (1(b)) | 7 years (statutory tax retention) |
| Customer support and handling of complaints | Performance of a contract (1(b)) | 2 years after the matter is closed |
| Sending marketing emails (newsletter) | Consent (1(a)) | Until consent is withdrawn |
| Fraud and abuse prevention | Legitimate interest (1(f)) | Up to 1 year after detection |
| Web analytics and improving the webshop | Consent (1(a)) | In accordance with the cookie policy |
| Targeted advertising (Meta / Google) | Consent (1(a)) | In accordance with the cookie policy |
| Legal obligations (accounting, taxes) | Legal obligation (1(c)) | 7 years |
| Providing access to Brilliani Labs (account creation, sign-in, keeping you logged in) | Performance of a contract (1(b)) and legitimate interest (1(f)) in offering a secure, access-controlled professional tool | While your account is active; deleted within 12 months of account closure or on request. Sessions expire after 30 days. |
| Securing Brilliani Labs and understanding how it is used (activity log) | Legitimate interest (1(f)) | Up to 12 months, then deleted or aggregated |
Legitimate interest: We have a legitimate interest in preventing fraud, abuse and deception, and in keeping our tools secure and improving them. We always weigh this interest against your privacy interests.
4. Who do we share your data with?
We share personal data with third parties only where necessary and on the basis of a data processing agreement or another valid legal ground. We never sell your data.
4.1 Processors (processing on our behalf)
| Party | Purpose & location |
|---|---|
| Shopify Inc. | Webshop platform, order and customer management — US (adequacy decision / SCCs) |
| Mailchimp (Intuit Inc.) | Email marketing — US (SCCs) |
| Google LLC | Google Analytics (statistics), Google Workspace (email/storage), and Google Sign-In (authentication for Brilliani Labs) — US (SCCs / EU-US Data Privacy Framework) |
| Cloudflare, Inc. Brilliani Labs | Hosting, serverless functions and database (D1) for brillianilabs.com, including account and activity-log storage — US/EU (SCCs) |
| Meta Platforms Ireland | Meta Pixel for ad measurement — EEA/US (SCCs) |
| Payment service provider(s) | Processing of payment transactions — EEA |
| Logistics partner(s) | Delivery of orders — EEA |
4.2 Transfers outside the EEA
Some service providers are located in the United States. We safeguard the lawfulness of such transfers by using the European Commission's Standard Contractual Clauses (SCCs) or, where applicable, the EU-US Data Privacy Framework.
5. Cookies and similar technologies
We use cookies and similar techniques to make our websites work, to personalise your experience and to understand how our websites are used.
| Category | Examples | Purpose |
|---|---|---|
| Functional (necessary) | Shopify session cookie; Brilliani Labs session cookie (__Host-session) and short-lived sign-in state cookie | Shopping cart, login status, keeping you signed in, and security (incl. cross-site request protection) |
| Analytical | Google Analytics (_ga) on www.brilliani.com and brillianilabs.com | Insight into visitor behaviour; anonymised IP |
| Marketing | Meta Pixel, Google Ads | Measuring advertising effectiveness and retargeting |
On brillianilabs.com, analytics cookies (Google Analytics) are placed only after you give your consent through our cookie banner. Essential cookies — which keep you signed in and protect the sign-in process — are always active, as they are necessary to provide the service. No analytics or marketing cookies are set before you consent.
You can adjust your cookie preferences at any time via the cookie banner, the "Cookie settings" link in the footer of every page, or via your browser settings. Please note that disabling functional cookies may affect how the websites work.
6. Security
We take appropriate technical and organisational measures to protect your personal data against loss, unauthorised access or disclosure. These include:
- Encrypted connections (HTTPS/TLS)
- Access to personal data restricted on a 'need-to-know' basis
- For Brilliani Labs: HttpOnly/Secure session cookies and session tokens stored only in hashed form
- Processors contractually bound to security obligations
- Periodic review of our security measures
In the event of a data breach that poses a risk to your rights and freedoms, we will inform you and the Dutch Data Protection Authority (Autoriteit Persoonsgegevens) in accordance with the legal requirements.
7. Your rights as a data subject
Under the General Data Protection Regulation (GDPR) you have the following rights:
| Right | What this means |
|---|---|
| Right of access | You can request which personal data we process about you. |
| Right to rectification | You can have incorrect or incomplete data corrected. |
| Right to erasure | You can request that your data be deleted, unless we have a statutory retention obligation. |
| Right to restriction | You can ask us to temporarily restrict processing. |
| Right to portability | You have the right to receive your data in a common format. |
| Right to object | You can object to processing based on legitimate interest or for direct marketing. |
| Automated decision-making | Brilliani does not make decisions based on fully automated processing that has legal effects for you. |
You can exercise your rights by sending an email to [email protected]. We respond within one month. In complex cases this period may be extended by two months. To delete your Brilliani Labs account and activity log, email [email protected].
You also have the right to lodge a complaint with the Dutch Data Protection Authority (www.autoriteitpersoonsgegevens.nl).
8. Newsletter and direct marketing
We send you marketing messages only after your explicit consent. You can unsubscribe at any time via the unsubscribe link in every email or by sending a message to [email protected].
We use Mailchimp (Intuit Inc.) to send newsletters. Mailchimp processes your data as a processor on the basis of a data processing agreement.
9. Minors
Our webshop and the Brilliani Labs tools are not directed at persons under the age of 16. We do not knowingly process personal data of minors. If you suspect that we have inadvertently collected data from a minor, please contact us at [email protected].
10. Changes to this privacy policy
We may amend this privacy policy from time to time, for example as a result of changes to our services or to laws and regulations. This version 2.0 adds the processing carried out by Brilliani Labs (brillianilabs.com). The current version is always available on our website, and the date of the most recent version is stated at the top of this document. In the event of significant changes, we will inform you by email.
11. Contact and data protection officer
Do you have questions or comments about this privacy policy or the processing of your personal data? Please contact us:
Brilliani has not appointed a data protection officer (DPO) at this time, as this is not legally required for our processing activities. For privacy questions, please use the contact details above.