Privacy Policy

Last Updated: 29 December, 2025

Website: https://aromagicsamples.com/

Registered Company Name: Aromagic

Trading Name: Aromagic Samples

Company Registration Number (W-IdNr.): DE458806416-00001

VAT Identification Number: DE458806416 (Registered for identification purposes only. VAT exempt under §19 UStG – Small Business Regulation (Kleinunternehmerregelung).)

Registered Address: Ollenhauerstr. 5, 81737 Munich, Germany

Email: support@aromagicsamples.com

Phone: +49 160 6316267

Business hours: 9:00 AM–5:00 PM (Monday to Friday), (GMT+01:00) Central European Standard Time (Berlin)

1. Introduction

Aromagic highly values your privacy and data protection rights. This Privacy Policy explains in detail:

• What personal and non-personal data we collect
• How we use, store, and protect your information
• Your rights under GDPR and German privacy law
• How to exercise your rights, contact us, and manage your data

This policy applies to:

• Website visitors browsing our site https://aromagicsamples.com/
• Registered users who create accounts or subscribe to newsletters
• Customers making purchases through our online store

Our goal is to provide complete transparency regarding how your data is handled and ensure trust and compliance with EU and German regulations.

2. Data We Collect

We collect data in multiple ways: directly from you, automatically via our website, and from trusted third parties.

a) Personal Data Provided by Customers

When you interact with our website or place an order, we may collect:

• Contact information: Full name, email address, phone number
• Billing and shipping addresses: Required to process your orders and deliveries
• Payment information: Credit card or other payment details (processed securely via third-party gateways)
• Account information: Login credentials, username, password (if you register an account)
• Order history and preferences: Products purchased, preferred shipping method, communication preferences
• Communication records: Emails, chat interactions, and customer service inquiries

Transparency note: We only collect what is necessary to complete orders, provide support, and communicate with you.

b) Automatically Collected Data

When you visit our website, certain data is automatically collected via cookies, analytics tools, and server logs:

• Device and technical information: IP address, browser type, operating system, device type
• Browsing behavior: Pages visited, time spent on pages, clicks, scrolls, and navigation patterns
• Referral data: URLs from which you arrived at our site, search engine queries
• Cookies and tracking data: Used to improve website performance, remember preferences, and provide personalized experiences

Transparency note: This data helps us analyze website traffic, detect issues, and enhance usability. It is anonymous or pseudonymized when possible.

c) Data From Third Parties

We also receive information from trusted third-party providers to support operations:

• Payment providers: Visa, Mastercard, Maestro, American Express, Union Pay, Klarna, Bancontact, EPS, Apple Pay, Shop Pay, Google Pay, PayPal—to securely process payments
• Shipping and fulfillment partners: DHL and other couriers to handle order delivery and provide tracking information
• Marketing and analytics platforms: To understand user engagement and optimize website experience

Transparency note: We never sell your personal data to third parties. Data shared is strictly limited to service delivery or legal requirements.

3. Purpose of Data Processing

Aromagic uses your data for the following purposes:

1. Order fulfillment and payment processing: To complete purchases, handle billing, and ship orders accurately
2. Customer support: To respond to inquiries, resolve issues, or provide assistance efficiently
3. Marketing communications: To send newsletters, promotions, or updates only with your consent
4. Fraud prevention: To verify transactions, prevent unauthorized activity, and protect your account
5. Website and service improvement: Analyze browsing behavior, test features, and enhance user experience
6. Legal compliance: Retain data for tax reporting, accounting, and regulatory obligations

Transparency note: We process only the data necessary for each specific purpose. Data is never used beyond what is stated.

4. Legal Basis for Processing

Aromagic processes your personal data based on the following legal grounds under GDPR:

• Contractual necessity: To fulfill your orders and complete payments
• Consent: For marketing emails, newsletters, or cookies where explicit permission is required
• Legitimate interests: To prevent fraud, improve website functionality, and provide a personalized experience
• Legal obligations: To comply with German tax law, VAT rules, and accounting regulations

Transparency note: You have the right to withdraw consent at any time for marketing purposes without affecting your ability to make purchases.

5. Cookies and Tracking

We use cookies and similar technologies to provide a smooth, personalized, and secure experience.

Types of cookies used:

1. Essential cookies: Required for core functions such as the shopping cart, login, and checkout
2. Performance cookies: Collect anonymized data to analyze website traffic and performance
3. Functional cookies: Remember preferences, such as language or currency
4. Marketing cookies: Track user behavior for targeted promotions or advertising

Managing cookies:

• You can adjust your cookie preferences via our consent banner
• Browser settings also allow you to block or delete cookies

Transparency note: Essential cookies cannot be disabled, as they are critical for using the website.

6. Data Sharing

We share your data only when necessary to provide services or comply with law:

• Payment processors: To complete transactions securely
• Shipping providers: To deliver orders and provide tracking updates
• IT and hosting providers: For website operation, maintenance, and security
• Legal authorities: If required by law or court orders

Aromagic does not sell or trade personal information for marketing purposes.

7. Data Retention

Aromagic retains personal data only for as long as necessary to fulfill the purposes described above and to comply with legal obligations.

• Order and billing information: Retained for 10 years to comply with German tax and accounting laws (§147 AO).
• Marketing consent data: Retained until you withdraw consent.
• Customer service data: Retained as long as necessary to handle inquiries, complaints, or disputes.
• Automatic deletion: Data not required for legal compliance or ongoing business purposes is securely deleted after the retention period.

Transparency note: Retention periods ensure compliance with law while protecting your privacy.

8. Customer Rights Under GDPR

As a customer or visitor from the European Union (EU), including Germany, Austria, Belgium, Denmark, France, Italy, Luxembourg, the Netherlands, Poland, Spain, the Czech Republic, and Finland, you have the following rights regarding your personal data. Aromagic is committed to ensuring you can exercise these rights easily, transparently, and consistently across all shipping countries.

A. Right of Access (Art. 15 GDPR)

You have the right to request a complete copy of all personal data we hold about you. This includes:

• Name, email, phone number, billing and shipping addresses
• Purchase history and order details
• Account information and preferences
• Communication records (emails, chat logs, support tickets)
• Any data collected automatically (IP address, browsing behavior, cookies)

Requests can be made at any time, and we will provide a full copy in a readable format, including information about:

• Purposes of processing
• Data recipients
• Retention period

B. Right to Rectification (Art. 16 GDPR)

You can request corrections to any inaccurate or incomplete personal data we hold about you.
Examples:

• Updating your shipping address
• Correcting your name, email, or phone number
• Adjusting payment information stored in your account

Requests should be submitted via support@aromagicsamples.com, and updates will be completed promptly to ensure accurate order processing across all shipping destinations.

C. Right to Erasure (“Right to be Forgotten”) (Art. 17 GDPR)

You may request that Aromagic delete your personal data if no legal obligations prevent it.
Examples:

• Deleting your account
• Removing newsletter subscription data
• Deleting order history that is no longer required for tax or legal purposes

Important: Some data, such as billing or transaction records, must be retained for up to 10 years in accordance with German tax laws (§147 AO).

D. Right to Restrict Processing (Art. 18 GDPR)

You can limit the processing of your data in certain circumstances:

• If the accuracy of your data is contested, we may restrict processing until verification is complete.
• If processing is unlawful but you oppose deletion, we may limit its use instead.
• If you object to processing for legitimate interests, processing may be temporarily restricted while your request is reviewed.

E. Right to Object (Art. 21 GDPR)

You can object to certain types of processing, including:

• Marketing communications: opt out of emails, newsletters, or promotional messages at any time
• Legitimate interest processing: request we stop analytics, profiling, or personalized recommendations

Processing for essential purposes (order fulfillment, legal obligations) will continue as required by law.

F. Right to Data Portability (Art. 20 GDPR)

You may request your personal data in a structured, machine-readable format (e.g., CSV or JSON) to transfer it to another service provider.
This includes:

• Contact details
• Order history
• Account information and preferences

This right applies when processing is based on consent or contract and carried out by automated means.

G. Right to Withdraw Consent (Art. 7 GDPR)

You may withdraw consent for:

• Marketing communications
• Cookie tracking

Withdrawal does not affect the legality of processing performed before consent was withdrawn.
Manage your cookie preferences via our consent banner or unsubscribe from newsletters using email links.

H. How to Exercise Your Rights

To exercise any of the above rights:

1. Contact us at support@aromagicsamples.com or call +49 160 6316267
2. Provide your full name, order number, email address, and specify which right you wish to exercise
3. We respond within 30 days, as required by GDPR
4. Verification may be requested to protect your data from unauthorized access

I. International Applicability

These rights apply to all customers residing in EU countries we ship to:

• Germany
• Austria
• Belgium
• Denmark
• France
• Italy
• Luxembourg
• Netherlands
• Poland
• Spain
• Czech Republic
• Finland

Transparency note: Aromagic ensures full GDPR compliance and equal protection for all customers across the EU.

J. Additional Information

• Requests are free of charge unless manifestly unfounded or excessive
• We maintain a record of requests to ensure compliance and transparency
• You have the right to lodge a complaint with your local Data Protection Authority if you believe your rights are not respected

Local Data Protection Authorities for Reference:

• Germany: https://www.bfdi.bund.de
• Austria: https://www.dsb.gv.at
• Belgium: https://www.gegevensbeschermingsautoriteit.be
• Denmark: https://www.datatilsynet.dk
• France: https://www.cnil.fr
• Italy: https://www.garanteprivacy.it
• Luxembourg: https://cnpd.public.lu
• Netherlands: https://autoriteitpersoonsgegevens.nl
• Poland: https://uodo.gov.pl
• Spain: https://www.aepd.es
• Czech Republic: https://www.uoou.cz
• Finland: https://tietosuoja.fi/en/home

9. Security Measures

We implement technical and organizational measures to protect your personal data against unauthorized access, loss, or misuse:

• SSL encryption on all website pages, especially checkout and login areas
• PCI-DSS compliant payment gateways for secure financial transactions
• Tokenization for card payments—no full card details are stored on our servers
• Restricted access to personal data for authorized personnel only
• Regular security audits and monitoring for potential threats

Transparency note: These measures ensure your data is handled securely at all stages of collection, processing, and storage.

10. Data Breach Protocol

In the unlikely event of a data breach:

• Immediate investigation to assess risk
• Notification to affected users if personal data is at risk
• Reporting to relevant supervisory authorities as per GDPR
• Mitigation measures implemented to prevent recurrence

Transparency note: We maintain a clear procedure to protect both your information and our compliance obligations.

11. Minors’ Privacy

• Aromagic does not knowingly collect data from children under 16 years old.
• If we learn that a minor’s data has been collected without parental consent, it will be deleted immediately.
• Parents or guardians may contact support@aromagicsamples.com to request deletion.

12. Marketing & Communication

Aromagic respects your privacy and ensures that all marketing communications comply with GDPR and the German UWG (Unfair Competition Act).

Consent-based emails:
Marketing emails, newsletters, and promotional offers are sent only if you have explicitly consented to receive them during account registration, checkout, or via subscription forms.

Opt out anytime:
You can unsubscribe at any time through:

• The “unsubscribe” link included in every marketing email
• By contacting us directly at support@aromagicsamples.com
  Upon unsubscribing, Aromagic will immediately stop sending marketing communications.

Data usage:

• We use data such as your email, name, country, and product preferences solely for marketing purposes.
• No marketing data is shared with third parties for advertising purposes unless you provide explicit consent.
• We do not use marketing data for automated profiling beyond standard personalization suggestions for email campaigns.

Legal compliance:
Marketing campaigns adhere to all EU ePrivacy regulations, German UWG, and GDPR transparency obligations.

Transparency note: You have full control over the marketing communications you receive, and Aromagic respects your preferences immediately.

13. International Data Transfers

Some personal data may be processed or stored outside Germany or the EU by trusted third-party service providers such as:

• Payment gateways: Visa, Mastercard, Amex, Klarna, PayPal, etc.
• Analytics platforms: Google Analytics, advertising networks
• Cloud storage and IT service providers for hosting and maintenance

To ensure full GDPR compliance:

1. All transfers outside the EU are safeguarded using Standard Contractual Clauses (SCCs) or equivalent legal frameworks.
2. Data processing agreements are in place with all third-party providers to ensure EU-level privacy protection.
3. Your personal data remains protected to the same standard as within the EU, including encryption, secure access controls, and breach monitoring.

Transparency note: You can request details about the countries where your data is processed and the security measures in place by contacting support@aromagicsamples.com

14. Third-Party Services

Aromagic integrates several third-party services to enhance website functionality, payment processing, analytics, and user experience.

• Payment providers: Visa, Mastercard, Maestro, American Express, Union Pay, Klarna, Bancontact, Apple Pay, Shop Pay, Google Pay, and PayPal. These providers handle sensitive payment information directly and securely. Aromagic never stores full card details on its servers.
• Analytics providers: Google Analytics, marketing platforms, and advertising networks are used to anonymously track user behavior, optimize website performance, and improve customer experience.
• Social media integrations: Enable users to share content, log in with social accounts, or interact with our brand. Personal data is shared with the social platform according to their privacy policies.

Transparency note:

• Each third-party provider operates under its own privacy policy.
• Aromagic ensures all integrations comply with GDPR, limiting shared data to the minimum necessary.
• Customers retain the right to opt out of tracking cookies or social sharing features via our cookie consent banner.
• Google Analytics data collection can be managed via our cookie consent banner or at https://tools.google.com/dlpage/gaoptout

15. User Responsibility

Customers play a critical role in maintaining data security and ensuring smooth processing of orders and communications. Responsibilities include:

Accurate personal information:

• Ensure your name, email, phone number, shipping, and billing addresses are correct.
• Incorrect information may cause delivery delays, failed refunds, or unsuccessful communications.

Secure login credentials:

• Choose strong passwords and do not share account credentials.
• Inform Aromagic immediately if you suspect unauthorized account access.

Monitoring communications:

• Check emails, account notifications, and tracking information regularly to stay informed about orders, returns, or refunds.

Updating personal data:

• Notify Aromagic promptly about any changes to your contact information or payment details to avoid processing errors.

Transparency note: Accurate and updated customer data ensures timely deliveries, proper refunds, and effective customer support across all shipping countries (Germany, Austria, Belgium, Denmark, France, Italy, Luxembourg, Netherlands, Poland, Spain, the Czech Republic, and Finland).

16. Automated Decision-Making and Profiling

Aromagic does not engage in fully automated decision-making that could significantly affect your rights, interests, or legal status.

Website personalization:

• Product recommendations, recently viewed items, or promotional suggestions are non-binding and purely for convenience.
• These suggestions do not replace human oversight and can be ignored by the customer at any time.

Fraud prevention and risk management:

• Some automated systems may flag suspicious orders for review.
• Human verification is always applied before decisions such as order cancellation, refund rejection, or additional verification requests are made.

17. Transparency and Accountability

All processing activities are documented in accordance with GDPR.

Our responsible personnel and management ensure compliance and accountability.

Users are informed about:

• Data collection purposes
• Data retention period
• How to exercise their rights

18. Data Protection Contact

If you have questions, complaints, or wish to exercise your GDPR rights, contact us:

Aromagic

Ollenhauerstr. 5, 81737 Munich, Germany

Email: support@aromagicsamples.com

Phone: +49 160 6316267

We respond within 30 days to all requests, in line with GDPR requirements.

19. Policy Updates

This Privacy Policy may change due to:

• Changes in legal requirements (GDPR, German law)
• Operational updates or new services
• Updates from third-party service providers

Customers are encouraged to review the policy regularly.

The effective date is displayed at the top of the page.