Last Updated: 17th of August 2025

Maison de Moon (“we,” “us,” “our”) values your privacy and is committed to protecting your personal data. This comprehensive Privacy Policy outlines how we collect, process, store, share, and safeguard your personal data when you visit our website www.maisondemoon.com, make purchases, or interact with us. We strictly adhere to the General Data Protection Regulation (GDPR), the ePrivacy Directive (EU Cookie Law), the California Consumer Privacy Act (CCPA), and applicable global privacy standards.

This Privacy Policy applies to all interactions with Maison de Moon, including purchases, use of our website, and communications conducted via email, social media platforms, and other digital channels. By accessing or using any part of our services, you acknowledge and accept the practices outlined in this policy.

  1. Data Controller Information

Maison de Moon, a company registered under the laws of the Netherlands, is the data controller responsible for handling your personal data. Our registered office is located at Laan van Meerdervoort 316, 2563 AM The Hague, The Netherlands. As a data controller, we determine how and why your personal information is processed, ensuring compliance with all relevant data protection regulations and standards. For any questions, concerns, requests related to your personal data, or to exercise your privacy rights, please contact our designated privacy officer at the following:

We are committed to addressing your inquiries promptly and transparently, maintaining your trust in our data practices.

  1. Types of Personal Data Collected

In the course of providing our products and services, Maison de Moon collects and processes various categories of personal data. We ensure that all data collection is lawful, transparent, and limited to what is necessary for the purposes described in this Privacy Policy. The personal data we collect includes, but is not limited to, the following:

    1. Identity Data : Your identifiers such as first name, last name, username or account ID, date of birth, and title. This information enables us to identify you, process orders, and personalize your experience.
    2. Contact Data : Your billing and shipping addresses, email address, phone numbers, and any additional delivery instructions, which allow us to fulfill your orders and provide customer support.
    3. Financial and Payment Data : Payment-related details, including partial credit or debit card information (last four digits), transaction references, and payment confirmations. All payments are processed via secure, PCI-DSS-compliant third-party payment providers (e.g., Shopify Payments, PayPal, Stripe), and we do not store your full payment card details.
    4. Transaction Data : Comprehensive records of your purchases, order history, refunds, returns, payment methods, invoices, and related communications. This information ensures accurate order fulfillment and compliance with accounting and tax obligations.
    5. Technical and Device Data
      Information about your device and browsing activity, including:
  • IP address and general geolocation data (e.g., city or region).
  • Browser type, version, and settings.
  • Operating system, platform, and device model.
  • Referring URLs, login timestamps, website usage statistics, and session logs.

We use this information to optimize website performance, maintain security, and improve user experience.

    1. Profile Data : Information relating to your account, including your username, hashed passwords, saved addresses, wishlist items, product preferences, purchase history, reviews, survey responses, and loyalty program participation.
    2. Usage Data
      Data about your interactions with our website, such as:
  • Browsing patterns, pages viewed, and time spent on pages.
  • Clickstream data, search queries, and products viewed.
  • Engagement metrics (e.g., cart abandonment or checkout behavior).
    1. Marketing and Communications Data : Your preferences for receiving promotional messages, newsletters, product updates, or offers. We also track your interactions with our marketing emails (e.g., open rates, clicks) to provide relevant and personalized content.
    2. Optional and User-Generated Data : Any voluntary information you share with us, including:
  • Customer service inquiries, live chat conversations, or call logs.
  • Participation in contests, surveys, or promotional campaigns.
  • Feedback, testimonials, or reviews you submit on our website or social media pages.
    1. Sensitive Personal Data : We do not intentionally collect or process any sensitive personal data (as defined under GDPR Article 9), such as data revealing racial or ethnic origin, religious or philosophical beliefs, political opinions, trade union membership, genetic or biometric data, health information, or sexual orientation.
      If you voluntarily provide such information (e.g., via a message or review), we will treat it with heightened care, but we strongly request that you do not submit sensitive personal data unless explicitly required and consented to for a specific purpose.
    2. Children’s Data : Our services are not directed at children under the age of 16, and we do not knowingly collect or process personal data from minors. If we become aware that we have inadvertently collected personal information from a child, we will take prompt steps to delete it.
      Parents or guardians who believe their child’s data may have been collected are encouraged to contact us immediately at support@moonjewelry.com





  1. Purposes of Data Collection and Usage

We collect and use personal data only when necessary to provide our services, fulfill legal obligations, or improve customer experiences. Specifically, we process your personal data for the following purposes:

    1. Order Fulfillment and Contract Management : Processing and confirming your purchases, preparing invoices, delivering products, handling returns, and managing warranty claims.
    2. Customer Support and Communication
  • Responding to inquiries, complaints, or refund requests via email, phone, or chat.
  • Sending essential service messages, including order confirmations, shipping updates, and account notifications.
    1. Personalization and Account Management
  • Creating and managing your account, storing your preferences, wishlists, and order history.
  • Tailoring your experience with personalized product recommendations and offers.
    1. Marketing and Promotional Activities
  • Sending promotional emails, newsletters, and special offers (only with your opt-in consent).
  • Conducting campaigns, contests, and surveys to improve engagement.
    1. Website Optimization and Analytics
  • Monitoring browsing behavior, website performance, and technical metrics.
  • Using aggregated analytics to improve user interface, content, and security.
    1. Fraud Prevention and Security : Detecting, preventing, and investigating fraud, unauthorized access, or harmful activities.
    2. Legal Compliance and Record-Keeping
  • Complying with tax, accounting, and consumer protection regulations.
  • Retaining records for audits, disputes, and claims management.
    1. Social Media Interactions : Engaging with users via platforms like Instagram, Facebook, or Pinterest, and responding to public or private messages.
  1. Legal Grounds for Processing

Under GDPR, all personal data processing must be based on one or more lawful grounds. We process your personal data under the following legal bases:

    1. Performance of a Contract
      When data processing is necessary to fulfill the contract between you and Maison de Moon, such as processing orders, payments, and deliveries.
    2. Consent
       When you voluntarily agree to data processing for specific purposes, such as subscribing to marketing emails or accepting certain cookies. Consent can be withdrawn at any time.
    3. Legitimate Interests
      When processing is necessary for our legitimate business purposes, such as improving our website, conducting analytics, ensuring IT security, and preventing fraud, provided these do not override your privacy rights.
    4. Legal Obligations
      When processing is required to comply with applicable laws and regulations (e.g., tax and accounting obligations).
    5. CCPA Compliance (For California Residents):
      Under the CCPA, we ensure that your rights to know, access, delete, and opt-out of data sharing are respected. We do not sell your personal data.


  1. Sharing of Personal Data

Maison de Moon may share your personal data with carefully selected third parties and service providers strictly on a need-to-know basis. We share your data only when necessary to perform our services, fulfill contractual obligations, maintain website functionality, or comply with legal requirements. We never sell your personal data to third parties. The categories of third parties with whom we may share your personal information include:

    1. E-commerce Platform Provider
  • Purpose: To operate and manage our online store, including hosting services, transaction processing, order management, and data storage.
  • Examples: Shopify Inc.
  • Data shared: Identity, Contact, Financial, Transactional, Technical, and Profile data.
    1. Payment Processing Providers
  • Purpose: To securely process your payments, prevent fraud, and facilitate refunds.
  • Examples: Shopify Payments, PayPal, Stripe.
  • Data shared: Financial data, Contact details, and Transaction records.
    1. Delivery and Logistics Providers
  • Purpose: To deliver your orders accurately and efficiently to your specified address.
  • Examples: DHL, FedEx, UPS, PostNL, or other reputable couriers.
  • Data shared: Contact, Identity, and Transactional data.
    1. Marketing and Advertising Partners
  • Purpose: To deliver targeted advertisements, promotional offers, newsletters, and conduct marketing analysis.
  • Examples: Mailchimp, Google Ads, Facebook Ads, Instagram Ads, Pinterest Ads.
  • Data shared: Identity, Contact, Profile, Technical, Usage, and Marketing data.
    1. Analytics and Performance Improvement Providers
  • Purpose: To understand website usage patterns, enhance user experiences, and optimize website functionality.
  • Examples: Google Analytics, Shopify Analytics.
  • Data shared: Technical, Usage, and aggregated statistical data.
    1. Customer Service and Communication Providers
  • Purpose: To efficiently manage customer interactions, inquiries, and provide support services.
  • Examples: Live chat services, email providers, call center services.
  • Data shared: Identity, Contact, Transaction, and Profile data.
    1. Professional Advisers and Compliance Providers
  • Purpose: To fulfill regulatory, legal, accounting, tax, auditing, or compliance obligations.
  • Examples: Accountants, lawyers, auditors, regulatory authorities.
  • Data shared: Identity, Contact, Financial, and Transaction data (only as strictly necessary).
    1. Social Media Platforms
  • Purpose: To interact with you on social media, enable sharing functionalities, and respond to your queries or messages.
  • Examples: Instagram, Facebook, Pinterest.
  • Data shared: Identity, Profile, Usage data (subject to your settings and consent).
    1. Law Enforcement and Regulatory Authorities
  • Purpose: To comply with legal obligations, court orders, subpoenas, or legitimate law enforcement requests.
  • Examples: Courts, tax authorities, police, customs authorities, and regulatory bodies.
  • Data shared: As legally required and strictly necessary.


  1. International Transfers and Safeguards

Some of our third-party service providers may be located outside the European Economic Area (EEA), including countries whose data protection laws differ from those in your jurisdiction. When we transfer your personal data internationally, we ensure robust protections through the following measures:

  • Standard Contractual Clauses (SCCs):
     We rely on the latest European Commission-approved SCCs to ensure appropriate safeguards and protection of your personal data transferred to non-EEA countries.
  • Adequacy Decisions:
     We may transfer data to countries recognized by the European Commission as providing an adequate level of data protection (e.g., the United Kingdom, Canada).
  • Third-Party Data Processing Agreements:
     We have detailed agreements in place with service providers ensuring strict adherence to GDPR and international privacy standards.
  • Privacy Shield (where applicable):
     While no longer recognized as valid for EU-US transfers, we continue monitoring international developments and adhere strictly to alternative approved safeguards like SCCs.


  1. Cookies and Similar Technologies

Our website uses cookies, tracking pixels, and similar technologies to ensure proper site functionality, analyze performance, and provide a personalized shopping experience. These technologies help us remember your preferences, improve website performance, and deliver relevant marketing content.

For full details on the cookies we use, their purposes, and how you can manage your cookie preferences, please refer to our [Cookie Policy](Insert Cookie Policy URL).

You can adjust your cookie preferences at any time via our cookie banner or browser settings. Please note that disabling certain cookies may limit the functionality of our website, including features like shopping cart retention or personalized product recommendations.

  1. Data Retention

We retain your personal data only for the period necessary to achieve the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by applicable laws, regulations, or industry standards.

Our data retention periods are determined based on several factors:

    1. Contractual Obligations:
      Personal data collected to fulfill your orders and manage contractual relationships (including your account information, order details, transaction history, and payment records) are retained for as long as you have an active account with us and for an additional period thereafter as required by legal and financial reporting obligations (generally up to seven years under Dutch financial and tax law).
    2. Marketing and Communications: Your contact information and marketing preferences are retained until you withdraw consent or unsubscribe from our marketing communications. Upon opting out, we will retain minimal data necessary to respect your choice and avoid future unsolicited communications.
    3. Legal and Regulatory Compliance: Personal data may be retained beyond the standard retention periods if required by applicable laws, such as accounting, tax, consumer rights, warranty periods, or legal proceedings. For example, financial transaction records are typically retained for seven years according to Dutch legal requirements.

  

    1. User-Generated and Voluntary Data: Any data you voluntarily provide (reviews, survey responses, testimonials) is retained until it no longer serves the original purpose, or until you request its deletion.
    2. Data Minimization: We adhere strictly to the principle of data minimization, ensuring we only retain personal data that is directly relevant and necessary for our business activities and legal obligations.
    3. Secure Deletion and Anonymization: Once your personal data is no longer required or legally necessary, we ensure its secure deletion or irreversible anonymization. If anonymized, the data can no longer be linked to you and is retained purely for aggregated statistical purposes.
    4. Your Right to Request Deletion: You have the right to request deletion of your personal data under GDPR and other applicable privacy laws. Subject to our legal retention obligations, we will promptly honor your deletion requests.


  1. Your Rights Under GDPR and CCPA

We are committed to ensuring that you have clear, actionable control over your personal data. Depending on where you reside (EU/EEA, UK, California, or other regions with privacy laws), you may have certain rights under GDPR, CCPA, and other applicable privacy regulations.


9.1 Your Rights under the GDPR (EU and EEA Residents)

If you are located in the European Union (EU) or European Economic Area (EEA), you have the following rights:

    1. Right of Access:  You can request confirmation of whether we process your personal data and receive a copy of your data, including details of the purposes, categories of data, and third parties with whom it is shared.
    2. Right to Rectification : You have the right to request that we correct or update inaccurate, incomplete, or outdated personal data.
    3. Right to Erasure : Also known as the “right to be forgotten,” you can request deletion of your personal data when:
  • It is no longer necessary for the purposes we collected it;
  • You withdraw your consent (where applicable);
  • You object to processing, and there are no overriding legitimate grounds for us to continue;
  • The data was unlawfully processed.
    1. Right to Restrict Processing : You can request that we limit the processing of your data while we verify its accuracy, legality, or pending a resolution to your objection.
    2. Right to Data Portability : You can request a copy of your personal data in a structured, machine-readable format and transfer it to another service provider.
    3. Right to Object : You may object to the processing of your personal data for direct marketing purposes or when processing is based on legitimate interests.
    4. Right to Withdraw Consent : Where processing is based on your consent (e.g., email marketing), you can withdraw consent at any time, without affecting the lawfulness of prior processing.
    5. Right to Lodge a Complaint: You have the right to lodge a complaint with your local supervisory authority. In the Netherlands, this is the Autoriteit Persoonsgegevens (www.autoriteitpersoonsgegevens.nl).


9.2. Your Rights under the CCPA (California Residents)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

    1. Right to Know: You can request disclosure of the categories and specific pieces of personal data we have collected, used, or shared in the last 12 months.
    2. Right to Deletion: You can request deletion of your personal data, subject to certain exceptions (e.g., where we need to retain data to fulfill legal obligations or complete transactions).
    3. Right to Opt-Out of Sale: We do not sell personal data. However, you have the right to opt-out of any potential future “sale” as defined under the CCPA.
    4. Right to Non-Discrimination: We will not discriminate against you for exercising any of your privacy rights, including by denying services, charging different prices, or providing different levels of quality.


9.3. Exercising Your Rights

You can exercise any of these rights by:

  • Emailing: support@moonjewelry.com
  • Submitting a Request: Through our website’s privacy request form (if applicable).
  • Verifying Your Identity: We may require you to verify your identity (e.g., by confirming account details) to ensure your data is protected and not disclosed to unauthorized parties.

We will respond to valid requests within one month (or up to 3 months for complex cases), as permitted under GDPR. For CCPA requests, we respond within 45 days.


  1. Profiling and Automated Decision-Making

Maison de Moon uses certain automated processes, including profiling, to improve your shopping experience, personalize product recommendations, and optimize marketing campaigns. We ensure that these activities are performed in compliance with applicable privacy laws (including GDPR Articles 21 and 22) and do not have any legal or significant impact on you without your explicit consent.

    1. What Is Profiling?

Profiling involves the automated processing of personal data to evaluate certain aspects of an individual’s preferences, behavior, or interests. We use profiling primarily for:

  • Personalized Product Recommendations: Suggesting jewelry products based on your browsing history, past purchases, or wishlists.
  • Marketing Personalization: Tailoring promotional offers or email campaigns to match your shopping preferences.
  • Website Customization: Displaying content or collections that are relevant to your location, device, or shopping behavior.
    1. Types of Automated Decision-Making We Use
  • Advertising Pixels & Retargeting: We use tools like Facebook Pixel, Google Ads, and Instagram Ads to deliver relevant advertising based on your interactions with our website (e.g., products viewed, cart additions).
  • Segmentation: Customers may be grouped into audience segments (e.g., “loyal customers,” “frequent visitors,” “abandoned cart users”) for tailored marketing campaigns.
  • Email Automation: Automated emails, such as cart recovery reminders or product back-in-stock alerts, may be triggered based on your shopping behavior.
    1. Your Rights Regarding Profiling

Under GDPR and other applicable laws, you have the following rights with respect to profiling and automated decision-making:

  • Right to Opt-Out: You can opt-out of marketing profiling (e.g., targeted advertising) by updating your cookie preferences or unsubscribing from marketing emails.
  • Right to Object: You may object to profiling activities where they are based on legitimate interest (Article 21 GDPR).
  • Right to Manual Review: If an automated decision significantly impacts you (e.g., eligibility for a specific offer), you may request a human review of the decision.
    1. Opt-Out Mechanisms
  • Cookie Settings: You can disable tracking technologies (e.g., marketing cookies, pixels) via our cookie banner or browser settings.
  • Advertising Preferences: Use third-party opt-out tools like Google Ad Settings or Facebook Ad Preferences to control personalized ads.
  • Email Marketing: Click “unsubscribe” links in marketing emails or contact us at support@moonjewelry.com to withdraw consent.


  1. Data Security Measures

At Maison de Moon, we prioritize the confidentiality, integrity, and availability of your personal data. We employ a combination of technical, organizational, and administrative measures to protect your information from unauthorized access, disclosure, alteration, or destruction. While no method of data transmission over the internet is 100% secure, we follow industry-leading practices to minimize risk.

    1. Technical Security Measures
  • Encryption:
     All sensitive data (including payment details and login credentials) is protected by SSL/TLS encryption during transmission. Stored data is encrypted using industry-standard algorithms (e.g., AES-256).
  • Secure Hosting & Infrastructure:
     Our website is hosted on Shopify, a platform with built-in PCI-DSS Level 1 compliance (the highest level of payment security standards).
  • Access Control:
     Only authorized personnel have access to customer data, and access is controlled via role-based permissions and multi-factor authentication (MFA).
  • Network Security:
     We deploy firewalls, intrusion detection systems (IDS), and endpoint security solutions to monitor and block malicious activity.
  • Data Backups:
     Encrypted backups are performed regularly to ensure data recovery in case of a system failure or disaster.


    1. Organizational and Administrative Security Measures
  • Employee Training:
     All employees and contractors undergo regular data protection and cybersecurity training, including GDPR compliance protocols and phishing awareness.
  • Vendor Risk Management:
     We require all third-party service providers (e.g., payment processors, logistics companies) to comply with GDPR and equivalent global data protection standards, verified through Data Processing Agreements (DPAs).
  • Regular Security Audits:
     We conduct periodic vulnerability assessments, penetration tests, and audits to detect and fix potential security weaknesses.
    1. Payment Security
  • We do not store full payment card data on our servers.
  • All transactions are processed via PCI-DSS-compliant payment gateways like Shopify Payments, PayPal, and Stripe.
    1. Breach Detection and Response

In the unlikely event of a data breach:

  • We will immediately investigate and contain the breach.
  • Notifiable Data Breaches: If the breach poses a risk to your rights and freedoms, we will notify you and the relevant data protection authority (e.g., Autoriteit Persoonsgegevens in the Netherlands) within 72 hours, as required by Article 33 GDPR.
  • We will implement remediation measures to prevent recurrence.
    1. Your Responsibility

While we maintain rigorous security practices, it is important that you:

  • Use strong, unique passwords for your account.
  • Avoid sharing your login details.
  • Log out of your account when using shared devices.
  1. Third-Party Links and External Services

Our website may include links to third-party websites, applications, or services, including social media platforms, payment gateways, marketing tools, or content-sharing widgets. These external sites operate independently from Maison de Moon, and we do not control, endorse, or take responsibility for their privacy practices, content, or security measures.

    1. External Websites and Platforms : When you click on third-party links (e.g., Instagram, Facebook, Pinterest, or external blogs), you will be redirected to websites that may collect personal information under their own privacy and cookie policies. We strongly encourage you to review the privacy policies of these third-party sites before sharing any personal information, as they may not offer the same level of data protection as we do.
    2. Third-Party Widgets and Embedded Content : Some third-party services, such as social media sharing buttons, video embeds, or interactive content, may collect data about your interaction even if you do not actively use the widget. These services may track your browsing behavior and collect technical information such as your IP address or browser details.
    3. Payment Processors and External Checkout Pages : Certain transactions may be completed on third-party checkout pages (e.g., PayPal). While these providers are vetted for PCI-DSS compliance, they operate under their own privacy frameworks. We do not have control over how these providers handle your personal information and recommend reviewing their policies.
    4. Disclaimer of Liability : Maison de Moon is not responsible for:
  • The accuracy, legality, or content of third-party websites or services.
  • Any data you voluntarily share with external providers.
  • Any security vulnerabilities present on those external sites.

Your interactions with third-party platforms are solely at your own risk and subject to their respective terms and privacy practices.

  1. Changes to Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our business practices, legal or regulatory obligations, technological advancements, or improvements to our services. Any updates will be made in compliance with applicable data protection laws, including GDPR.

    1. Notification of Changes
  • Website Updates: The latest version of this Privacy Policy will always be available on our website, with the “Last Updated” date clearly indicated at the top of the page.
  • Significant Changes: If we make material changes that affect how we process your personal data, we will notify you in advance through prominent notices on our website (e.g., a banner or pop-up) or via direct communication (e.g., email notification).
  • Consent Renewal: Where required by law (e.g., for new marketing practices or cookie technologies), we will seek your renewed consent before applying the changes.
    1. Version Control : We maintain previous versions of this Privacy Policy for audit and compliance purposes. Upon request, you can obtain earlier versions by contacting our privacy team at support@moonjewelry.com


    1. Your Responsibility : We encourage you to review this Privacy Policy periodically to stay informed about how we protect your personal data. Continued use of our website or services after updates are published constitutes your acceptance of the updated terms.


  1. Contact Information

We value your trust and are committed to resolving any privacy-related concerns quickly and transparently. If you have questions, comments, or requests regarding this Privacy Policy, or if you would like to exercise your data protection rights, please contact us using any of the methods below:

    1. Contacting Maison de Moon
  • Email: support@moonjewelry.com
  • Postal Address:
    Maison de Moon
    Laan van Meerdervoort 316
    2563 AM The Hague
    The Netherlands

We aim to respond to all valid privacy inquiries and requests within 30 days (or within the time limits required by applicable laws).


    1. Complaints and Escalation

If you believe that your privacy rights have not been addressed adequately by us, you have the right to lodge a complaint with the relevant supervisory authority. In the Netherlands, this is:

Autoriteit Persoonsgegevens
 Website: https://autoriteitpersoonsgegevens.nl
Phone: (+31) 88 1805 250

If you are located in another EU/EEA country, you can contact your local data protection authority. For U.S. or other international residents, we will cooperate with your local regulatory bodies as applicable.


    1. CCPA-Specific Inquiries (California Residents)

For California residents, privacy-related inquiries under the California Consumer Privacy Act (CCPA) can also be submitted via email at support@moonjewelry.com