Privacy policy

This Data Protection and Privacy Policy describes how Aurelia Bloom (“we,” “us,” or “our”) collects, uses, and discloses your personal information when you visit or use our website (the “Website”), purchase our products or services, interact with us, or otherwise communicate with us. “Personal data” or “personal information” means any information relating to an identified or identifiable individual.

Please read this Policy carefully. By accessing or using our Website or services, you acknowledge that you have read and understood this Policy.


1) INFORMATION ABOUT THE RESPONSIBLE PARTY

1.1 The entity responsible for the processing of personal data on this Website under the General Data Protection Regulation (GDPR) is Aurelia Bloom.

1.2 The responsible party (also known as the data controller) is the natural or legal person who alone or jointly with others decides on the purposes and means of processing personal data.

1.3 For security reasons and to protect the transmission of personal and other confidential data (e.g., orders or inquiries), this Website uses SSL or TLS encryption. You can recognize an encrypted connection by the string “https://” and the lock icon in your browser’s address bar.


2) CHANGES TO THIS POLICY

We may update or modify this Data Protection and Privacy Policy from time to time for operational, legal, or regulatory reasons, or to reflect changes in our practices. If we make changes, we will post the revised policy on our Website and update the “Last updated” date above. Where required by applicable law, we will also take additional steps to notify you of significant changes. We encourage you to review this Policy periodically.


3) HOW WE COLLECT AND USE YOUR PERSONAL INFORMATION

We collect personal information about you from various sources, including information you provide directly, information we automatically collect through your use of our Website or services, and information we obtain from third parties. The specific categories of personal information we collect and how we use it can depend on how you interact with us, as detailed below.

In addition to the specific uses described in this Policy, we may use your personal information to:

  • Communicate with you.
  • Provide, maintain, and improve our Website, products, and services.
  • Comply with applicable legal obligations.
  • Enforce our terms and policies.
  • Protect or defend our rights and the rights of our users or others.

3.1 Personal Information We Collect Directly From You

Examples of information you may provide directly to us:

  • Contact details: name, address, phone number, email address.
  • Order information: name, billing/shipping address, payment details, phone number, email address.
  • Account information: username, password, security questions for registration.
  • Shopping information: items viewed, added to cart or wish list, loyalty points, product reviews, referrals, gift cards, and purchases.
  • Customer support: any information you choose to include in messages you send us (e.g., via email, contact forms).

Some features of our services may require that you provide certain personal information. If you do not provide it, you may not be able to use or access certain features.

3.2 Information We Collect About Your Usage

We may automatically collect certain information about your interactions with our Website and services (often referred to as “Usage Data”). This can include:

  • Device information and browser type.
  • IP address.
  • Pages or products viewed, time spent on pages, clicks, and navigation paths.
  • Network connection details.
  • The date/time of your visit.

We use cookies, pixels, and similar tracking technologies (“Cookies”) to collect Usage Data. For more details, see Section 4 (Cookies).

3.3 Information We Obtain From Third Parties

We may receive information from third parties, such as:

  • Service providers: For instance, Shopify if our store is powered by Shopify, which may provide us with information about your account or purchases.
  • Payment processors: These providers collect payment details and may share limited information with us to process your orders or handle refunds.
  • Advertising or marketing partners: Who provide us with insights into user interactions with our ads or Website.

Any information we obtain from third parties will be treated in accordance with this Policy.

3.4 How We Use Your Personal Information

We use your personal information for the following purposes:

Providing Products and Services

  • To process payments, fulfill orders, arrange for shipping, and handle returns or exchanges.
  • To manage your account (if you create one).
  • To send you notifications about your account, orders, and transactions.

Marketing and Advertising

  • To send promotional communications by email, text message, or postal mail (where lawful to do so).
  • To show you advertisements for products or services that may interest you.
  • To measure the effectiveness of our marketing.

You may opt out of certain marketing activities as described in Section 17 (Your Rights).

Security and Fraud Prevention

  • To detect, investigate, or prevent fraudulent or illegal activities.
  • To enforce our terms and protect our users and business.

If you have an account, you are responsible for keeping your login credentials secure. If you suspect unauthorized access, please contact us immediately.

Communicating with You and Service Improvement

  • To provide customer support and respond to your inquiries.
  • To improve and optimize our products, services, and user experience based on analytics.

4) COOKIES

We use cookies and similar technologies on our Website to make your visit more attractive, enable certain functions, remember your preferences, and analyze usage. Cookies are small text files stored on your device. Some cookies are session cookies (deleted when you close your browser), while others are persistent cookies (remain on your device until they expire or are removed).

4.1 Why We Use Cookies

  • Functional: To remember your choices (e.g., items in cart) and provide enhanced features.
  • Analytical: To understand how you interact with our Website, identify usage patterns, and improve the Website.
  • Advertising: To tailor content and advertisements to your interests on our Website or other websites, sometimes in collaboration with third-party partners.

4.2 Managing Cookies

Most browsers automatically accept cookies but allow you to manage cookie preferences. You can set your browser to inform you about the use of cookies, decide on a case-by-case basis whether to accept them, or generally exclude them. Each browser differs in how it manages cookie settings. Refer to your browser’s help menu or the following links:

If you block or delete cookies, our Website’s functionality might be limited.

4.3 Shopify Cookies (If Applicable)

If our store is powered by Shopify, please see Shopify’s Cookie Policy for additional details on the cookies used to power our store, and how they may be used to enhance functionality, run analytics, or tailor advertising.


5) DATA COLLECTION WHEN VISITING OUR WEBSITE (SERVER LOG FILES)

If you access our Website only for informational purposes (no registration or form submission), we collect only the data automatically transmitted by your browser to our server (in “server log files”). This includes:

  • The page(s) visited.
  • Date and time of access.
  • Amount of data sent.
  • The source/reference from which you came to the page.
  • Browser used.
  • Operating system used.
  • IP address (possibly in anonymized form).

Processing is based on our legitimate interest (Art. 6(1)(f) GDPR) in ensuring stability and functionality of the Website. This data is not shared further or used otherwise. However, we reserve the right to review these logs if there is a justified suspicion of unlawful use.


6) CONTACTING US

When you contact us (for example, via email or a contact form), we collect your name, email address, and any other information you provide. We use this data exclusively to respond to your request and handle related technical administration.

Legal basis: Art. 6(1)(f) GDPR (our legitimate interest in responding to inquiries). If your contact relates to a contract, the additional legal basis is Art. 6(1)(b) GDPR. Data is deleted once your request is resolved, provided there are no statutory retention obligations.


7) DATA PROCESSING WHEN OPENING A CUSTOMER ACCOUNT OR PLACING AN ORDER

7.1 Customer Accounts

If you open a customer account, we collect personal data (name, address, email, password, etc.) to facilitate checkout, track orders, and enhance your user experience. The legal basis is Art. 6(1)(b) GDPR. You can request deletion of your account at any time by contacting us. We will store your data as long as necessary for contract performance and delete it afterward unless we are required by law to keep it for a longer period.

7.2 Order Processing and Sharing with Third Parties

For contractual fulfillment (Art. 6(1)(b) GDPR), we may share your personal data with third parties such as shipping providers to deliver goods, or payment service providers and banks to process payments. We only share data that is necessary for the specific purpose (e.g., name, delivery address, payment details).


8) USE OF YOUR DATA FOR DIRECT MARKETING

8.1 Subscribing to Our Email Newsletter

If you subscribe to our newsletter, we use your email address to send you regular promotional emails. We use the double opt-in method, meaning you will receive an email asking you to confirm your subscription. By confirming, you consent to our use of your personal data (Art. 6(1)(a) GDPR). You can unsubscribe at any time via the “unsubscribe” link in the newsletter or by contacting us.

8.2 Newsletter to Existing Customers

If we obtained your email address in connection with a purchase, we may send you promotional emails about similar products or services. The legal basis is our legitimate interest (Art. 6(1)(f) GDPR) in direct advertising. You can opt out of these emails at any time.


9) DATA PROCESSING FOR ORDER PROCESSING (PAYMENT SERVICES)

9.1 PayPal

If you choose PayPal for payment, we share your payment data with PayPal (Europe) S.a.r.l. et Cie, S.C.A. (22-24 Boulevard Royal, L-2449 Luxembourg) as necessary for processing the payment (Art. 6(1)(b) GDPR). PayPal may perform a credit check for certain payment methods (e.g., credit card via PayPal). This is based on PayPal’s legitimate interest (Art. 6(1)(f) GDPR). If you object, PayPal may still be authorized to process your data if required for payment.

9.2 SOFORT

If you select “SOFORT,” payment is processed by SOFORT GmbH (Theresienhöhe 12, 80339 Munich, Germany), part of the Klarna Group. We share your order and payment information with SOFORT to process your payment (Art. 6(1)(b) GDPR). See Klarna’s Privacy Policy for details.


10) REMINDER TO SUBMIT A REVIEW

We may use your email address for a one-time review reminder if you gave us express consent under Art. 6(1)(a) GDPR (for instance, after completing a purchase). You can revoke this consent at any time by contacting us.


11) USER-GENERATED CONTENT

Our services may enable you to post reviews or other user-generated content (e.g., product reviews). If you choose to post such content publicly, it may be accessed, viewed, and used by anyone. We cannot control how others use or share that information. We are not responsible for the privacy or security of any information you make publicly available.


12) USE OF SOCIAL MEDIA PLUGINS

To enhance privacy protection, our Website may implement social plugins (e.g., Facebook, Instagram) using the “Shariff” solution. This means that no direct connection with the social media provider’s servers is established when you merely view our Website. Only when you click on a plugin button will a new window open to the relevant social platform, where you can (if logged in) interact with their features. For information on how these third-party platforms process your data, please refer to their respective privacy policies.


13) ONLINE MARKETING

13.1 DoubleClick by Google

We use DoubleClick by Google (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA) to display relevant ads and measure their performance. DoubleClick uses cookies to track ad impressions and conversions. This is based on our legitimate interest in optimal marketing (Art. 6(1)(f) GDPR). A direct connection to Google’s servers is established, and Google may record that you visited our site or clicked an ad. If you prefer not to be tracked, you can disable cookies for conversion tracking by setting your browser to block cookies from www.googleadservices.com.

13.2 Google AdWords Conversion Tracking

We also use Google AdWords Conversion Tracking. When you click on a Google ad, a conversion cookie is set. If you then visit certain pages and the cookie is still valid, we and Google can see that you clicked on the ad and proceeded to our page. This helps us assess ad performance. If you do not wish to be tracked, you can disable cookies in your browser settings or via Google’s opt-out features.

For more details on how Google processes data, see Google’s Privacy Policy.


14) THIRD-PARTY WEBSITES AND LINKS

Our Website may contain links to external websites or services operated by third parties. We do not control these sites and are not responsible for their privacy practices. If you choose to visit any third-party link, we encourage you to review the privacy and security policies of that website.


15) CHILDREN’S DATA

Our Website and services are not directed to children, and we do not knowingly collect personal data from children. If you believe your child has provided us with personal data, please contact us. We will take steps to delete such information. We do not knowingly “sell” or “share” personal data of individuals under 16 years of age.


16) SECURITY AND RETENTION OF YOUR INFORMATION

We implement appropriate technical and organizational measures to protect your personal data. However, no security measure is entirely secure. We cannot guarantee the security of your data, especially while in transit. Please avoid sending sensitive information through unsecured channels.

We retain your personal data for as long as necessary to fulfill the purposes for which it was collected, comply with legal obligations, resolve disputes, and enforce agreements. The exact retention period varies depending on the type of data and the circumstances of its collection.


17) YOUR RIGHTS

Depending on your location and subject to applicable law, you may have some or all of the following rights regarding your personal data:

  • Right to Access / Know: Request access to personal information we hold about you.
  • Right to Delete: Request that we delete your personal information, subject to certain exceptions.
  • Right to Correct: Request that we correct inaccuracies in your personal information.
  • Right to Data Portability: Obtain a copy of your data in a structured, commonly used format and request we transfer it to another controller if technically feasible.
  • Right to Object or Opt Out of Sale/Sharing: Object to certain processing of your data, including direct marketing or “sale”/“sharing” of personal data under applicable law.
  • Restriction of Processing: Ask us to limit our processing of your personal data under certain conditions.
  • Withdrawal of Consent: Where we rely on consent, you can withdraw it at any time.
  • Right to Appeal: If we decline your request, you may have the right to appeal our decision.
  • Manage Communication Preferences: Opt out of promotional emails by using the unsubscribe link. You may still receive non-promotional messages (e.g., about your account or orders).

To exercise these rights, please contact us (see Section 20). We may request information to verify your identity before processing your request. We will not discriminate against you for exercising any of your rights.


18) COMPLAINTS

If you have concerns or complaints regarding our handling of personal data, please contact us first so we can address them. Depending on where you live, you may also have the right to lodge a complaint with a data protection authority or similar regulatory body in your country.


19) INTERNATIONAL USERS

Your personal data may be transferred to and processed in countries other than your country of residence, including countries that may not have data protection laws equivalent to those in your jurisdiction. If you reside in the European Economic Area (EEA) or the UK, we will rely on recognized legal mechanisms (such as Standard Contractual Clauses) for cross-border transfers of personal data, unless the data is transferred to a jurisdiction deemed adequate by the European Commission or other competent authority.


20) CONTACT US

If you have any questions, concerns, or requests regarding this Data Protection and Privacy Policy or our data practices, please contact us at support@aurelia-bloom.com or through our contact form.

For the purpose of applicable data protection laws and if not explicitly stated otherwise, we are the data controller of your personal information.


🛒 Trade name: Aurelia Bloom

📧 Email: support@aurelia-bloom.com