The Office is Open: Call Us: 416-366-3335 | 27 Queen St E, #1011, Toronto
Login

Country

Cart

Your cart is empty

Privacy policy

Skyjems (skyjems.ca) is a business name of 1630931 Ontario Ltd. (“Skyjems”, “we”, “us”, or “our”), a coloured-gemstone and jewellery dealer at 27 Queen Street East, Suite 1011, Toronto, Ontario M5C 2M6, Canada. Privacy is one of our founding principles, and this policy explains, in plain terms, how we handle your personal information.

Last updated: 3 June 2026

This Privacy Policy describes what personal information we collect, why we collect it, how we use and protect it, who we share it with, and the choices and rights you have. We handle personal information in accordance with Canada’s Personal Information Protection and Electronic Documents Act (PIPEDA) and, where they apply, the EU/UK General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA/CPRA). If you have any questions, contact our Privacy Officer, David Saad, at [email protected] or 416-366-3335.

1. Information we collect

  • Contact & identity details — name, email address, telephone number, and shipping and billing addresses.
  • Order & transaction information — items ordered, order value, and payment confirmation. We do not store full payment-card numbers; card payments are processed by our PCI-DSS-compliant payment providers (see section 3).
  • Account information — if you create an account, your login credentials and saved preferences.
  • Enquiries & communications — messages you send through our forms, our online chat assistant, email, telephone, or SMS, including any custom-design or commission details and images you choose to share.
  • Marketing preferences — your consent choices for email and other communications.
  • Technical & usage data — IP address, device and browser type, pages viewed, and referring site, collected automatically through cookies and similar technologies (see section 6).

2. How and why we use your information

We use your personal information to:

  • process, fulfil, and deliver your orders, and provide related customer service;
  • manage your account and respond to your enquiries, including custom-commission consultations;
  • send you marketing communications where you have consented, and let you withdraw that consent at any time;
  • operate, secure, and improve our website and services;
  • measure and improve our advertising; and
  • meet our legal, tax, and regulatory obligations.

Legal bases (GDPR). Where the GDPR applies, we rely on: performance of a contract (to fulfil your orders); your consent (for marketing and non-essential cookies); our legitimate interests (to operate, secure, and improve our business and prevent fraud); and compliance with legal obligations. We do not use your personal information to make automated decisions that produce legal or similarly significant effects on you.

3. Who we share your information with

We do not sell your personal information for monetary payment. However, to run our advertising and analytics we share certain information with partners such as Google and Meta, which may be considered a “sale” or “sharing” under certain U.S. state privacy laws — see sections 6 and 9 for details and how to opt out. Otherwise, we share personal information only as needed to operate our business, with service providers who are bound by contract to protect it and use it only on our instructions:

  • Shopify — our e-commerce platform: website hosting, order processing, customer accounts, and payment processing (Shopify Payments).
  • Payment providers — card and other payments are processed securely by Shopify Payments and any additional PCI-DSS-compliant providers offered at checkout.
  • Shipping and logistics carriers — to deliver your order with insured delivery.
  • Klaviyo — to send the email communications you have consented to receive.
  • HubSpot — to manage enquiries, consultations, and our customer-relationship records.
  • Google (Analytics and Ads) and Meta (Facebook/Instagram) — to measure website usage and the performance of our advertising. This may involve sharing limited, often hashed, information for conversion measurement (see section 6).
  • Cloudflare — for website security, performance, and content delivery.
  • Twilio — to send SMS messages where you contact us or opt in.
  • Cloudinary — to host and deliver images, including any design images you submit for a commission.
  • Our online chat assistant — powered by a third-party AI service (currently Google’s Gemini) to answer your questions; any contact details you share in the chat are handled as described in this policy.
  • Professional advisers and authorities — where required by law, to comply with legal process, or to protect our rights.

Some of these providers operate outside Canada, including in the United States and the European Union. Where we transfer personal information internationally, we take steps to ensure it remains protected by comparable safeguards and appropriate contractual measures, such as Standard Contractual Clauses and the data-processing agreements our service providers maintain.

4. Your choices

  • Marketing email: every marketing email has an unsubscribe link; you can opt out at any time, or email [email protected].
  • Cookies and advertising: you can control cookies through your browser settings, and opt out of personalised advertising through Google Ads Settings, your Meta ad preferences, and the Digital Advertising Alliance (AdChoices) and AdChoices Canada tools. You can also use our Your Privacy Choices page (see section 9).
  • SMS: reply STOP, or contact us, to stop messages.

5. Accessing and correcting your information

You may ask us to confirm what personal information we hold about you, to provide a copy, and to correct anything inaccurate. Email [email protected] and we will respond within the timeframes required by applicable law. We may need to verify your identity before acting on a request.

6. Cookies, analytics, and advertising

Our website uses cookies and similar technologies to make the site work, remember your preferences, analyse traffic, and measure advertising. These include analytics tools (such as Google Analytics) and advertising and measurement tools (such as Google Ads, the Meta Pixel and Conversions API, and Klaviyo). We currently rely on browser-level controls and the advertising opt-outs described in section 4 rather than a cookie-consent banner; if you are in a region that requires prior consent for non-essential cookies (such as the EU or UK), you can use those controls to set your preferences. Because our advertising tools may share limited information with Google and Meta for measurement, this activity may be considered a “sale” or “sharing” under certain U.S. state privacy laws — see section 9 to opt out.

7. How we protect your information

We use reasonable administrative, technical, and physical safeguards appropriate to the sensitivity of the information, including encryption of data in transit (TLS/HTTPS) and access controls. We host your information with established providers, such as Shopify, that maintain recognised security standards, including PCI-DSS compliance for payment processing; we do not store full payment-card numbers on our own systems. No method of transmission or storage is completely secure, so we cannot guarantee absolute security, but we work to protect your information and to dispose of it securely when it is no longer needed.

8. How long we keep your information

We keep personal information only as long as necessary for the purposes described above and to meet our legal, accounting, and tax obligations. In practice, this means: financial and transaction records are retained for the period required by Canadian tax law (generally six years); enquiry, consultation, and customer-relationship records for as long as you remain a customer or active contact and for a reasonable period afterward; marketing records until you withdraw consent and for a short period afterward to honour your preferences; and custom-design materials and images for the duration of your commission and a reasonable period afterward. When information is no longer required, we securely delete or anonymise it.

9. Your privacy rights

Everyone. You may contact us at any time with a privacy question or to exercise the choices described in this policy.

Canada (PIPEDA). You have the right to access and correct your personal information and to withdraw consent, subject to legal or contractual limits. If we cannot resolve your concern, you may contact the Office of the Privacy Commissioner of Canada (priv.gc.ca).

European Union / United Kingdom (GDPR). You have the rights of access, rectification, erasure, restriction, portability, and objection, the right to withdraw consent, and the right to lodge a complaint with your local data-protection authority. We do not currently maintain a representative in the EU or UK under Article 27 of the GDPR, as our processing of personal data from those regions is occasional and not large-scale.

California (CCPA/CPRA). You have the right to know, delete, and correct your personal information, to opt out of the “sale” or “sharing” of personal information, and not to be discriminated against for exercising these rights. We do not sell your personal information for monetary payment. To opt out of advertising-related “sharing,” use our Your Privacy Choices page or the controls in section 4. We also honour the Global Privacy Control (GPC) browser signal through our platform’s native support for data-sharing opt-out.

To exercise any right, email [email protected]. You may use an authorised agent where the law allows.

10. Children’s privacy

Our website and products are intended for adults. We do not knowingly collect personal information from children under 16. If you believe a child has provided us with information, please contact us and we will delete it.

11. Third-party links

Our site may link to third-party websites, such as social media or gemmological laboratories. We are not responsible for their privacy practices; please review their policies.

12. Raising a concern

If you believe we have not handled your personal information in line with this policy, please contact our Privacy Officer, David Saad, at [email protected] or 416-366-3335, and we will work to resolve it. You may also escalate to the privacy regulator for your region (see section 9).

13. Changes to this policy

We may update this Privacy Policy from time to time. We will post the revised policy on this page and update the “Last updated” date above; for significant changes, we will also notify customers who hold an active account by email.

14. Contact us

Skyjems — Privacy Officer (David Saad)
1630931 Ontario Ltd.
27 Queen Street East, Suite 1011, Toronto, Ontario M5C 2M6, Canada
Email: [email protected] · Telephone: 416-366-3335