Privacy policy
Privacy policy
Last updated: [insert date]
1. Who we are
Project Fragrance operates the website Projectfragrance.store. We are the data controller responsible for your personal data collected through this Site.
2. What personal data we collect
We collect the following categories of personal data when you use our Site or place an order:
- Identity data: first name, last name
- Contact data: email address, phone number, billing address, shipping address
- Order data: products purchased, order value, order history
- Payment data: payment confirmation data (card details themselves are processed directly by our payment provider and are not stored by us)
- Technical data: IP address, browser type, device information, cookies (see our Cookie Policy)
- Usage data: how you browse and interact with our Site
3. How we collect your data
- Directly from you, when you place an order, create an account, subscribe to our newsletter, or contact us
- Automatically, through cookies and similar tracking technologies when you visit our Site
4. Legal basis and purpose of processing
Under the EU General Data Protection Regulation (GDPR), we process your personal data on the following legal bases:
| Purpose | Legal basis |
|---|---|
| Processing and fulfilling your order | Performance of a contract |
| Customer service and order-related communication | Performance of a contract |
| Sending order confirmations and shipping updates | Performance of a contract |
| Marketing emails and newsletters | Consent |
| Fraud prevention and legal compliance | Legal obligation |
| Improving our Site and services | Legitimate interest |
5. Sharing your data
We share personal data only where necessary, with:
- The manufacturer/supplier fulfilling your order, who receives your name and shipping address to ship your product directly to you
- Payment providers to process your payment securely
- Shipping and logistics providers to deliver your order
- IT and hosting providers (including Shopify Inc.), who process data on our behalf under data processing agreements
We do not sell your personal data to third parties.
6. International data transfers
Some of our service providers (such as Shopify) may process data outside the European Economic Area (EEA). Where this occurs, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses approved by the European Commission.
7. Data retention
We retain your personal data only as long as necessary for the purposes described above, including to comply with legal, accounting, or reporting obligations (typically 7 years for financial records under Dutch law).
8. Your rights under GDPR
As an EU resident, you have the right to:
- Access the personal data we hold about you
- Rectify inaccurate or incomplete data
- Erase your data ("right to be forgotten"), subject to legal exceptions
- Restrict processing of your data
- Data portability — receive your data in a structured, machine-readable format
- Object to processing based on legitimate interest or for direct marketing
- Withdraw consent at any time, where processing is based on consent
To exercise any of these rights, contact us at [insert contact email]. You also have the right to lodge a complaint with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens) or your local supervisory authority.
9. Cookies
Our Site uses cookies to improve your browsing experience, analyze traffic, and support essential store functions (such as your shopping cart). You can manage your cookie preferences through your browser settings or our cookie consent banner.
10. Data security
We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, loss, or misuse.
11. Changes to this policy
We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated "Last updated" date.