Privacy policy

PRIVACY POLICY

Protecting your personal data is very important to us. This Privacy Policy explains how Sense for Scents (registered as a Kleinunternehmen under German law) collects, processes, and uses your personal data in accordance with the General Data Protection Regulation (GDPR) and applicable German data protection laws (BDSG).

Last updated: 08.02.2026

 

CONTROLLER

The controller responsible for data processing is:

Raul Arany
Sense for Scents
Prinz-Alfons-Straße 3a
85521 Riemerling
Deutschland
Email: info@senseforscents.com

As a Kleinunternehmen, we are not required to appoint a Data Protection Officer. For all data protection inquiries, please contact: info@senseforscents.com

 

LEGAL BASIS FOR PROCESSING

We process personal data only where permitted by law, in particular on the basis of:

  • Art. 6(1)(a) GDPR - Consent
  • Art. 6(1)(b) GDPR - Performance of a contract
  • Art. 6(1)(c) GDPR - Legal obligation
  • Art. 6(1)(f) GDPR - Legitimate interests

 

DATA WE COLLECT

a) Website Access

When visiting our website, technical data may be automatically processed, including:

  • IP address
  • Date and time of access
  • Browser type and version
  • Operating system
  • Referrer URL
  • Pages visited

This data is processed to ensure website stability, security, and functionality (Art. 6(1)(f) GDPR - legitimate interest in operating a secure website).

b) Orders

When placing an order, we process:

  • Full name
  • Billing and shipping address
  • Email address
  • Phone number (if provided)
  • Order details (products, quantities, prices)
  • Order history

This processing is necessary for contract fulfillment (Art. 6(1)(b) GDPR).

c) Customer Accounts

If you create an account, we additionally process:

  • Login credentials (email and encrypted password)
  • Order history
  • Saved addresses

Account data is stored until you request account deletion (Art. 6(1)(b) GDPR).

d) Contact Inquiries

When contacting us by email or contact form, we process the information you provide solely to respond to your inquiry (Art. 6(1)(b) GDPR or Art. 6(1)(f) GDPR - legitimate interest in customer communication).

e) Abandoned Carts

If you add items to your cart but do not complete checkout, cart data may be retained for up to 30 days to enable you to resume your order. This is based on our legitimate interest in facilitating your purchase (Art. 6(1)(f) GDPR).

 

PAYMENT PROCESSING

Payments are processed via Shopify Payments and its associated payment service providers, including Stripe, credit card providers, PayPal, and other payment methods offered at checkout.

We do not store complete payment card information. Payment data is processed directly by these payment service providers in accordance with PCI-DSS security standards.

For credit card payments: Only the last four digits and card type are stored in our system for order reference purposes.

Processing basis: Art. 6(1)(b) GDPR (contract fulfillment).

 

SHIPPING AND FULFILLMENT

For order delivery, we share necessary data (name, shipping address, phone number if provided, and order details) with shipping service providers including Deutsche Post, DHL, and other carriers as applicable.

These shipping providers process data solely for delivery purposes and are bound by data processing agreements.

Processing basis: Art. 6(1)(b) GDPR (contract fulfillment).

 

HOSTING BY SHOPIFY

Our online store is hosted by Shopify International Ltd. (Victoria Buildings, 1-2 Haddington Road, Dublin 4, D04 XN32, Ireland).

Shopify acts as a data processor under Art. 28 GDPR. We have concluded a data processing agreement with Shopify.

In individual cases, personal data may be transferred to Shopify Inc. (Canada/USA). Canada has received an EU adequacy decision, and appropriate safeguards such as Standard Contractual Clauses are in place for any transfers to the USA.

For more information, see Shopify's Privacy Policy: https://www.shopify.com/legal/privacy

 

INTERNATIONAL DATA TRANSFERS

Some of our service providers are located outside the European Economic Area (EEA):

  • Shopify Inc. (Canada): EU adequacy decision in place (Art. 45 GDPR)
  • Payment processors: May process data in various countries with Standard Contractual Clauses or other appropriate safeguards in place

All transfers comply with GDPR Chapter V requirements.

 

COOKIES

We use only essential cookies that are necessary for the operation of our website, including:

  • Session cookies for shopping cart functionality
  • Cookies for checkout processes
  • Security and authentication cookies

These essential cookies do not require consent under GDPR as they are strictly necessary for the provision of services you have requested (Art. 6(1)(b) GDPR).

We do not currently use analytics, marketing, or tracking cookies. If such cookies are introduced in the future, we will implement a cookie consent mechanism and update this policy accordingly.

 

ANALYTICS AND MARKETING TOOLS

We currently do not use analytics or marketing tracking tools (such as Google Analytics, Facebook Pixel, or similar services).

If such tools are introduced in the future, they will only be activated with your explicit consent via a cookie consent banner (Art. 6(1)(a) GDPR).

 

EMAIL MARKETING (NEWSLETTER)

We do not currently send marketing emails or newsletters.

If you create an account or place an order, you will only receive transactional emails related to your order, including:

  • Order confirmation
  • Shipping notifications
  • Delivery updates
  • Customer service responses

Should we introduce a newsletter in the future, subscription will require explicit opt-in consent (Art. 6(1)(a) GDPR), and you may unsubscribe at any time using the unsubscribe link in each email.

 

PRODUCT SAFETY INFORMATION

As a seller of cosmetic products (fragrance decants), we maintain:

  • Product safety information files for all fragrances offered
  • Batch tracking and traceability records
  • Allergen and ingredient information
  • CPNP registration data

This data is processed to comply with EU Cosmetics Regulation (EC) No 1223/2009 and is retained as legally required (Art. 6(1)(c) GDPR - legal obligation).

 

DATA RETENTION

Personal data is stored only as long as legally required or necessary for the purpose for which it was collected:

  • Order and accounting data: Up to 10 years (German tax and commercial law requirements)
  • Contact inquiries: Until resolved, then deleted or anonymized
  • Customer account data: Until account deletion is requested
  • Abandoned cart data: 30 days
  • Product safety records: As required by EU Cosmetics Regulation
  • Marketing data (if applicable): Until consent is withdrawn

After expiration of retention periods, data is securely deleted or anonymized.

 

YOUR RIGHTS UNDER GDPR

You have the following rights:

  • Right of access (Art. 15 GDPR): You may request information about the personal data we process about you.
  • Right to rectification (Art. 16 GDPR): You may request correction of inaccurate data.
  • Right to erasure (Art. 17 GDPR): You may request deletion of your data, subject to legal retention obligations.
  • Right to restriction of processing (Art. 18 GDPR): You may request that we limit the processing of your data.
  • Right to data portability (Art. 20 GDPR): You may request your data in a structured, machine-readable format.
  • Right to object (Art. 21 GDPR): You may object to processing based on legitimate interests.
  • Right to withdraw consent (Art. 7(3) GDPR): Where processing is based on consent, you may withdraw it at any time.

To exercise your rights, contact: info@senseforscents.com

We will respond to your request within one month.

 

RIGHT TO OBJECT TO DATA PROCESSING

Where we process your personal data based on legitimate interests (Art. 6(1)(f) GDPR), you have the right to object to this processing at any time on grounds relating to your particular situation.

For marketing purposes: You can object at any time by contacting info@senseforscents.com or using the unsubscribe link in marketing emails (if applicable).

 

RIGHT TO LODGE A COMPLAINT

You have the right to lodge a complaint with a data protection supervisory authority if you believe that the processing of your personal data violates the GDPR.

In Germany, the competent authority is the data protection authority of your federal state (Landesdatenschutzbehörde).

For Bavaria: Bayerisches Landesamt für Datenschutzaufsicht (BayLDA)
Website: https://www.lda.bayern.de

 

DATA SECURITY

We use appropriate technical and organizational measures to protect personal data against unauthorized access, loss, destruction, or alteration, including:

  • SSL/TLS encryption for data transmission
  • Secure hosting infrastructure
  • Access controls and authentication
  • Regular security updates
  • Data processing agreements with all processors

Despite these measures, no data transmission over the internet is completely secure. We cannot guarantee absolute security but continuously work to protect your data.

 

CHANGES TO THIS PRIVACY POLICY

We reserve the right to update this Privacy Policy to reflect changes in our data processing practices or legal requirements.

The current version is always available on our website. Material changes will be communicated via email to registered customers or through prominent notice on our website.

 

CONTACT

For any questions about this Privacy Policy or our data processing practices, please contact:

Raul Arany
Sense for Scents
Email: info@senseforscents.com
Address: Prinz-Alfons-Straße 3a, 85521 Riemerling, Deutschland