Privacy policy

Privacy policy

Last updated: [insert date]

1. Who we are

Project Fragrance operates the website Projectfragrance.store. We are the data controller responsible for your personal data collected through this Site.

2. What personal data we collect

We collect the following categories of personal data when you use our Site or place an order:

  • Identity data: first name, last name
  • Contact data: email address, phone number, billing address, shipping address
  • Order data: products purchased, order value, order history
  • Payment data: payment confirmation data (card details themselves are processed directly by our payment provider and are not stored by us)
  • Technical data: IP address, browser type, device information, cookies (see our Cookie Policy)
  • Usage data: how you browse and interact with our Site

3. How we collect your data

  • Directly from you, when you place an order, create an account, subscribe to our newsletter, or contact us
  • Automatically, through cookies and similar tracking technologies when you visit our Site

4. Legal basis and purpose of processing

Under the EU General Data Protection Regulation (GDPR), we process your personal data on the following legal bases:

Purpose Legal basis
Processing and fulfilling your order Performance of a contract
Customer service and order-related communication Performance of a contract
Sending order confirmations and shipping updates Performance of a contract
Marketing emails and newsletters Consent
Fraud prevention and legal compliance Legal obligation
Improving our Site and services Legitimate interest

5. Sharing your data

We share personal data only where necessary, with:

  • The manufacturer/supplier fulfilling your order, who receives your name and shipping address to ship your product directly to you
  • Payment providers to process your payment securely
  • Shipping and logistics providers to deliver your order
  • IT and hosting providers (including Shopify Inc.), who process data on our behalf under data processing agreements

We do not sell your personal data to third parties.

6. International data transfers

Some of our service providers (such as Shopify) may process data outside the European Economic Area (EEA). Where this occurs, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses approved by the European Commission.

7. Data retention

We retain your personal data only as long as necessary for the purposes described above, including to comply with legal, accounting, or reporting obligations (typically 7 years for financial records under Dutch law).

8. Your rights under GDPR

As an EU resident, you have the right to:

  • Access the personal data we hold about you
  • Rectify inaccurate or incomplete data
  • Erase your data ("right to be forgotten"), subject to legal exceptions
  • Restrict processing of your data
  • Data portability — receive your data in a structured, machine-readable format
  • Object to processing based on legitimate interest or for direct marketing
  • Withdraw consent at any time, where processing is based on consent

To exercise any of these rights, contact us at [insert contact email]. You also have the right to lodge a complaint with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens) or your local supervisory authority.

9. Cookies

Our Site uses cookies to improve your browsing experience, analyze traffic, and support essential store functions (such as your shopping cart). You can manage your cookie preferences through your browser settings or our cookie consent banner.

10. Data security

We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, loss, or misuse.

11. Changes to this policy

We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated "Last updated" date.