Danu Group – Privacy Policy

Danu Group is a Sri Lanka–based gemstone business focused on natural rough and cut gemstones, gemstone education, and related customer support and sales services. This Privacy Policy applies to the Danu Group website, official Danu Group online store, direct customer service communication, and related online interactions handled through official Danu Group channels.

Danu Group acts as the party responsible for the collection and use of personal data described in this Privacy Policy, except where a third-party service provider independently acts as controller or operator of its own systems.

Danu Group may collect personal and non-personal information depending on how you use the website and services. This may include:

• Your name, email address, phone number, WhatsApp number, billing address, shipping address, and country;
• Order details, invoice information, product preferences, gemstone inquiry notes, and custom request information;
• Messages, attachments, screenshots, photos, reference images, or design requests you send to us;
• Payment-related information necessary to process a purchase, although full card details are typically handled by secure third-party payment providers rather than stored directly by Danu Group;
• Technical information such as IP address, browser type, device type, language setting, pages visited, referral source, approximate location data, and browsing behavior on the site;
• Cookie and tracking information where cookies or similar technologies are enabled on the website;
• Newsletter subscription details or marketing preferences if you choose to subscribe;
• Social media interaction data if you contact or engage with us through official social media pages.

Danu Group may collect information in several ways, including:

• When you browse the website;
• When you contact us through forms, email, phone, WhatsApp, or other official channels;
• When you place an order or request an invoice;
• When you sign up for a newsletter or updates;
• When you leave a comment, review, or message through the website or social media;
• When you submit custom design requests, gemstone sourcing requests, or certification-related questions;
• When cookies, analytics tools, or embedded content collect technical usage information where enabled.

Danu Group may use personal information for the following purposes:

• To respond to inquiries, quotations, order requests, and customer service messages;
• To process orders, prepare invoices, arrange shipping, and provide delivery updates;
• To verify buyer identity, reduce fraud risk, and maintain transaction security;
• To communicate about gemstone availability, certification, treatment disclosure, custom cutting, jewelry requests, or related service matters;
• To improve website performance, user experience, product presentation, and customer care;
• To send newsletters, promotions, new product updates, or other marketing communications where you have subscribed or where allowed by law;
• To maintain records for accounting, legal, compliance, anti-fraud, and business administration purposes;
• To enforce our Terms & Conditions, protect our rights, and investigate suspicious activity;
• To comply with legal obligations, court orders, tax rules, customs requirements, or lawful government requests.

When you place an order or communicate with Danu Group about a product or service, we may maintain records of your communications, order history, payment reference details, certification requests, shipping information, and support history. These records help us provide better customer service, resolve disputes, verify instructions, and handle after-sales support responsibly.

Where relevant, Danu Group may keep copies of invoices, lab report references, courier tracking data, customer approvals, and service instructions connected with a transaction.

Danu Group may offer payment through website checkout, card processing, bank transfer, or other officially approved methods. Where payment is processed through a third-party payment gateway or card processor, that provider may collect and process payment information according to its own privacy and security rules.

Danu Group generally does not intentionally store full card numbers, CVV codes, or similar sensitive card security details on its own website servers. However, Danu Group may retain limited payment-related records such as payer name, partial transaction references, order amount, transaction date, invoice reference, and payment status for accounting, compliance, and customer service purposes.

Danu Group may use cookies, server logs, pixels, tags, and similar technologies to improve website functionality, remember preferences, understand site performance, measure traffic, detect suspicious activity, and support marketing or remarketing where enabled.

These technologies may collect information such as:

• Your IP address and approximate location;
• Your browser type and device type;
• Pages viewed, time on site, and navigation behavior;
• Referral sources and campaign interactions;
• Cart activity and general shopping behavior on the site.

You can usually manage cookies through your browser settings. Please note that disabling certain cookies may affect website performance or some site features.

If you subscribe to the Danu Group newsletter, request promotional updates, or otherwise opt in to receive marketing communications, Danu Group may use your contact details to send information about new gemstones, promotions, seasonal campaigns, educational content, blog updates, or related brand announcements.

You can unsubscribe from marketing emails at any time by using the unsubscribe option where available or by contacting Danu Group directly. Please note that even if you opt out of promotional messages, Danu Group may still contact you with essential transactional or service-related communications regarding your orders, shipments, returns, or account-related requests.

Danu Group may communicate with customers through official social media pages and messaging platforms. If you message Danu Group through such platforms, the platform itself may independently collect and process your data under its own privacy rules.

Any content you publicly share on social media, such as comments, tags, reviews, or replies, may be visible to others depending on the platform’s settings. Danu Group is not responsible for the independent privacy practices of social media platforms.

If you share product photos, design ideas, reference images, or gemstone-related content with Danu Group through social media or messaging services, Danu Group may use that material only for handling your inquiry, unless you separately authorize wider use.

The Danu Group website may contain or use third-party tools, plugins, embedded videos, payment integrations, maps, CAPTCHA systems, social media widgets, live chat tools, analytics tools, review systems, newsletter plugins, or shipping/payment-related features. Where such services are active, they may collect technical or behavioral information directly from your browser or device.

Danu Group may also share limited personal information with third-party service providers where necessary to operate the business, such as:

• Payment processors and payment gateway providers;
• Courier and shipping providers;
• Email service providers or newsletter tools;
• Website hosting companies, security services, analytics providers, and anti-spam tools;
• Professional advisors, accountants, legal advisors, or regulatory authorities where necessary.

Danu Group seeks to work with reputable providers, but each third-party service may have its own privacy policy and data handling approach.

Danu Group does not sell personal data as a general business practice. However, Danu Group may share information where reasonably necessary for business operation, legal compliance, or protection of rights. This may include sharing data:

• With payment providers, banks, and processors to complete a transaction;
• With shipping partners and couriers to dispatch and deliver an order;
• With customs, regulatory authorities, or legal bodies where required by law or shipping rules;
• With laboratories or certification facilitators where you request additional gemological services;
• With fraud prevention, security, hosting, technology, or support providers where necessary;
• Where required to protect Danu Group, customers, the public, or to investigate suspected fraud, abuse, or unlawful conduct;
• As part of a business transition, restructuring, merger, asset sale, or similar corporate event, subject to lawful handling.

Because Danu Group serves international customers and may use service providers located in different countries, your information may be stored, processed, or accessed outside your home country. By using the website and services, you understand that your information may be transferred internationally where this is reasonably necessary for website operation, order handling, shipping, support, or compliance.

Where feasible, Danu Group seeks to work with providers that apply reasonable safeguards to personal information.

Danu Group may retain personal information for as long as reasonably necessary to fulfill the purposes described in this Privacy Policy, including for customer service, legal compliance, tax and accounting records, fraud prevention, dispute resolution, and business administration.

The retention period may vary depending on the type of data and the reason it was collected. For example:

• Order and invoice records may be retained for accounting and compliance purposes;
• Customer support records may be retained to help with future service;
• Marketing subscription data may be retained until you unsubscribe or request deletion, subject to lawful exceptions;
• Technical logs and analytics data may be retained according to the settings of the tools in use.

Danu Group takes reasonable administrative, technical, and organizational steps to help protect personal information against unauthorized access, misuse, disclosure, alteration, and destruction. These measures may include secure website hosting practices, controlled access to records, secure payment integrations, and selective sharing only where needed.

However, no internet transmission or electronic storage method is guaranteed to be completely secure. As a result, Danu Group cannot promise absolute security, and users should also take care to protect their own devices, passwords, and communication channels.

Depending on your country or region, you may have certain privacy rights regarding your personal data. These may include the right to request access to information held about you, request correction of inaccurate information, request deletion of certain information, object to certain processing, withdraw consent where processing is based on consent, or request a copy of certain data.

Danu Group will consider such requests in good faith and in accordance with applicable law. Some requests may be limited where Danu Group is legally required to keep certain records, where identity cannot be verified, or where the request conflicts with fraud prevention, contractual necessity, or lawful compliance obligations.

To make a privacy-related request, please contact Danu Group through the official contact details below.

The Danu Group website and services are not intentionally directed to children who are below the age required to enter into legally binding transactions in their jurisdiction. Danu Group does not knowingly collect personal information from children in a manner that would require parental consent under applicable law.

If you believe that a child has provided personal information to Danu Group without appropriate authorization, please contact Danu Group so that the matter can be reviewed.

The Danu Group website may contain links to third-party websites, certification portals, payment services, social media pages, courier services, blogs, or other external platforms. Danu Group is not responsible for the privacy practices, content, or security of third-party websites.

When you leave the Danu Group website and visit another website, that website’s own privacy policy and terms will apply.

Danu Group may use, preserve, or disclose personal information where Danu Group reasonably believes it is necessary to:

• Comply with applicable laws, tax rules, customs requirements, subpoenas, court orders, or lawful authority requests;
• Protect the rights, safety, property, systems, or reputation of Danu Group, its customers, service providers, or the public;
• Investigate suspected fraud, abuse, unauthorized transactions, policy violations, or unlawful activity;
• Enforce Danu Group’s Terms & Conditions or other legal rights.

Danu Group may update this Privacy Policy from time to time to reflect changes in business practices, website tools, legal requirements, or customer services. When updated, the revised version may be posted on the website with a new effective date.

Your continued use of the website after changes are published will be treated as acceptance of the updated Privacy Policy to the extent permitted by law.

If you have questions about this Privacy Policy, your personal information, your privacy rights, or a privacy-related request, please contact Danu Group through our official channels.

All sales and communications are handled exclusively through official Danu Group channels.