ONYRIX
DesignersGallery

Legal

Privacy Policy

Last updated: March 2, 2026

1. Data Controller

The data controller for your personal data is Onyrix B.V., a company registered in the Netherlands (KvK registration pending), with its registered office in Eindhoven, the Netherlands.

Onyrix B.V.

Eindhoven, the Netherlands

Data Protection Contact: privacy@onyrix.com

2. What Data We Collect

We may collect the following categories of personal data:

CategoryExamples
Identity DataName, email address, account credentials
Contact DataEmail address, shipping address, phone number
Technical DataIP address, browser type, device information, cookies
Usage DataPages visited, features used, interaction timestamps
Transaction DataPurchase history, payment references, order details
Design DataUploaded images, design preferences, AI interaction logs

3. Legal Bases for Processing (GDPR Art. 6)

We process your personal data on the following legal bases:

  • Contract performance (Art. 6(1)(b)) — to provide our services, process orders, and manage your account;
  • Legitimate interests (Art. 6(1)(f)) — to improve our Platform, prevent fraud, and conduct analytics;
  • Consent (Art. 6(1)(a)) — for marketing communications and non-essential cookies;
  • Legal obligation (Art. 6(1)(c)) — to comply with tax, accounting, and regulatory requirements.

4. How We Use Your Data

  • To create and manage your account;
  • To process waitlist registrations and notify you of launches;
  • To facilitate design sessions and order fulfillment;
  • To process payments via our payment service providers;
  • To send service-related communications;
  • To send marketing communications (only with your explicit consent);
  • To analyse Platform usage and improve our services;
  • To detect and prevent fraud and abuse.

5. Data Sharing & Third Parties

We do not sell your personal data. We may share data with the following categories of recipients:

  • Payment processors (e.g., Stripe) for transaction handling;
  • Cloud infrastructure providers (e.g., Vercel, Neon) for hosting and database services;
  • Analytics providers for anonymised usage statistics;
  • Creators / jewelry artisans solely to the extent necessary to fulfill custom orders;
  • Legal authorities when required by law.

6. International Data Transfers

Your data is primarily stored on servers within the European Economic Area (EEA). Where we use service providers outside the EEA (e.g., certain cloud services), we ensure appropriate safeguards are in place, including:

  • Standard Contractual Clauses (SCCs) approved by the European Commission;
  • Adequacy decisions under GDPR Art. 45;
  • Other safeguards in accordance with GDPR Chapter V.

7. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes described in this policy:

  • Account data: retained for the duration of your account, plus 30 days after deletion;
  • Transaction data: retained for 7 years as required by Dutch fiscal law;
  • Waitlist data: retained until 12 months after Platform launch or until you request deletion;
  • Technical logs: retained for up to 90 days.

8. Your Rights Under the GDPR

As a data subject in the EU/EEA, you have the following rights:

  • Right of access (Art. 15) — obtain a copy of your personal data;
  • Right to rectification (Art. 16) — correct inaccurate or incomplete data;
  • Right to erasure (Art. 17) — request deletion of your data (“right to be forgotten”);
  • Right to restrict processing (Art. 18) — limit how we use your data;
  • Right to data portability (Art. 20) — receive your data in a structured, machine-readable format;
  • Right to object (Art. 21) — object to processing based on legitimate interests or direct marketing;
  • Right to withdraw consent (Art. 7(3)) — withdraw consent at any time without affecting the lawfulness of prior processing.

To exercise any of these rights, please email privacy@onyrix.com. We will respond within 30 days.

9. Cookies & Tracking

We use strictly necessary cookies to operate the Platform (e.g., language and country preferences). We do not use tracking or advertising cookies without your explicit consent. For details, see our Cookie Banner upon your first visit.

10. Security

We implement appropriate technical and organisational measures to protect your personal data, including encryption in transit (TLS/HTTPS), access controls, and secure hosting environments. However, no method of electronic transmission or storage is 100% secure.

11. Children's Privacy

The Platform is not directed at individuals under 16 years of age. We do not knowingly collect personal data from children. If we become aware of such collection, we will promptly delete the data.

12. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated via the Platform or by email at least 30 days before they take effect. The “Last updated” date at the top of this page reflects the latest revision.

13. Supervisory Authority

If you believe we have not adequately addressed your data protection concerns, you have the right to lodge a complaint with your local supervisory authority. In the Netherlands, this is the Autoriteit Persoonsgegevens (AP):

Autoriteit Persoonsgegevens

Bezuidenhoutseweg 30, 2594 AV The Hague

Website: autoriteitpersoonsgegevens.nl

14. Contact

For any privacy-related questions or requests, please contact:

Onyrix B.V.

Eindhoven, the Netherlands

Email: privacy@onyrix.com