Privacy policy
Last updated: April 4, 2026
At 101 Carat (managed by "101 CARAT" LTD) the security of your data is as important as the purity of our products. This policy describes how we collect, use and protect your personal information when you visit 101carat.com or make a purchase through the Shopify platform.
1. ADMINISTRATOR IDENTIFICATION
The administrator of the personal data is "101 CARAT" LTD, UIC: 208744024, with headquarters and management address: Plovdiv, Prespa St. 12, p.c. 4000.
We process your data in full compliance with Regulation (EU) 2016/679 (GDPR).
2. WHAT DATA DO WE COLLECT?
To provide our services, we collect the following categories of information:
Contact details: First name, last name, email address, telephone number and delivery address.
Transaction data: Information about orders and payments made.
Note: Your card details are processed directly by Shopify Payments. We do not have access to your full card number or CVV code. Payments are protected by the industry's highest security standard (PCI DSS).
Technical data: IP address, browser type and site behavior via Shopify cookies and Google Analytics.
Verification data: For high value orders, under the Anti-Money Laundering Act (AMLA), we may require additional identification to prevent fraud.
3. BASIS AND PURPOSES OF PROCESSING
We process your data on the following grounds:
Contract performance: For order processing, delivery and communication with you.
Legal obligation: To issue invoices, accounting and comply with the requirements of the Currency Law (regarding trade in precious metals and precious and semi-precious stones).
Legitimate interest: To protect against financial fraud and improve the functionality of our store.
Consent: For marketing communications (only if you have expressly subscribed to our newsletter).
4. SHARING DATA WITH THIRD PARTIES
For the operation of 101 Carat we only share information with trusted partners:
Shopify: Our e-commerce platform, including the payments module Shopify Payments.
Courier companies: For the physical delivery of your jewellery.
State bodies: When this is required by law (NAS, Ministry of Economy, CPLD).
5. INTERNATIONAL TRANSFER
Because we use Shopify, your data may be transferred to and stored outside of the European Economic Area (for example, Canada or the US). Shopify ensures their protection through established mechanisms such as the European Commission's Standard Contractual Clauses.
6. STORAGE PERIOD
Accounting data: 10 years (according to Bulgarian legislation).
User profile: As long as the profile is active or until you request deletion.
Marketing data: Until you withdraw your consent.
7. YOUR RIGHTS
Under the GDPR, you have the right of access, rectification, erasure ("right to be forgotten"), restriction of processing, data portability and objection to direct marketing.
8. COOKIES
The website uses a consent management mechanism that allows you to choose which types of cookies to enable. Analytical and marketing data is processed only after your explicit consent through the provided interactive banner.
Mandatory: For the functionality of the shopping cart and the security of transactions (Shopify and related payment operators).
Analytical and Marketing: For statistical analysis and relevant advertising (Google, Meta, TikTok). These cookies are activated only after your express consent through the provided banner.
Control: You can change your preferences at any time through the site's consent mechanism or from your browser settings.
9. SECURITY
Your security is our priority. The site is secured with an SSL certificate, and payments are made through the encrypted Shopify Payments environment.
10. CONTACT AND COMPLAINTS
For questions about your data: contact@101carat.com.
In case of violation of your rights, you can contact:
Personal Data Protection Commission (PCPD)
Address: Sofia 1592, Prof. Tsvetan Lazarov Blvd. No. 2: www.cpdp.bg