Privacy policy

Last updated: May 26, 2026

This Privacy Policy explains how AromaEssence collects, uses, stores, and protects your personal data when you visit aromaessence.eu or make a purchase. AromaEssence complies with the EU General Data Protection Regulation (GDPR – Regulation 2016/679).

1. Data Controller The data controller is AromaEssence. Contact details for data protection matters are available on the Contact page.

2. Data We Collect AromaEssence collects the following categories of personal data:

  • Identification data: first and last name, email address, billing address.
  • Transaction data: order history, payment confirmation (AromaEssence does not store full card details – payments are processed by our payment provider).
  • Technical data: IP address, browser type, device information, pages visited, cookies and similar technologies.
  • Communication data: any information you provide when contacting us by email or contact form.

3. Purposes and Legal Basis AromaEssence processes your data for the following purposes:

  • Order fulfillment (delivery of digital content, customer support) – legal basis: performance of a contract (Art. 6(1)(b) GDPR).
  • Compliance with legal obligations (tax records, accounting) – legal basis: legal obligation (Art. 6(1)(c) GDPR).
  • Marketing communications (newsletters, promotions), only if you opt in – legal basis: consent (Art. 6(1)(a) GDPR).
  • Fraud prevention and security – legal basis: legitimate interest (Art. 6(1)(f) GDPR).

4. Recipients of Your Data Your data may be shared with:

  • Payment processors to process payments.
  • Hosting and e-commerce infrastructure providers (Shopify).
  • Email and marketing service providers.
  • Tax authorities and other public bodies where required by law.

AromaEssence does not sell your personal data to third parties.

5. International Data Transfers Some of AromaEssence's service providers may be located outside the European Economic Area. In such cases, transfers are protected by Standard Contractual Clauses approved by the European Commission or other appropriate safeguards under GDPR.

6. Retention Period AromaEssence retains your personal data for the period necessary to fulfill the purposes described above and to comply with applicable legal obligations (typically up to 10 years for accounting and tax records).

7. Your Rights Under GDPR, you have the right to:

  • Access your personal data.
  • Request rectification of inaccurate data.
  • Request erasure ("right to be forgotten").
  • Restrict or object to processing.
  • Data portability.
  • Withdraw your consent at any time (where processing is based on consent).
  • Lodge a complaint with the data protection authority in your country of residence.

To exercise your rights, please contact AromaEssence via the email address listed on our Contact page.

8. Cookies aromaessence.eu uses cookies for essential functionality, analytics, and marketing. You can manage your cookie preferences via the cookie banner displayed on your first visit.