Menu
Privacy Policy
1. Introduction & Key Information
Welcome to Aromaworld's privacy policy.
Aromaworld ("we", "us", or "our") is committed to protecting your personal data and respecting your privacy. This policy explains what personal data we collect, how we use it, who we share it with, and what your rights are in relation to your data.
This policy applies to your use of our website at aromaworld.co.uk ("Website") and any other services we provide ("Services").
For the purpose of the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018, the Data Controller is:
- Company Name: Aromaworld
- Registered Address: Office 2566PD, 182-184 High Street North, Area 1/1, East Ham, London, E6 2JA
- Contact Email: support@aromaworld.co.uk
If you have any questions about this policy or how we handle your data, please contact us at the email above.
You have the right to make a complaint at any time to the Information Commissioner's Office (ICO), the UK's independent body set up to uphold information rights. You can find their details at https://ico.org.uk. We would, however, appreciate the chance to deal with your concerns before you approach the ICO, so please contact us in the first instance.
2. The Data We Collect About You
We may collect, use, store, and transfer different kinds of personal data about you, which we have grouped together as follows:
- Identity Data: Includes first name, last name, username, and profile photo.
- Contact Data: Includes billing address, delivery address, and email address.
- Financial Data: Includes the last 4 digits of your payment card and transaction details. All sensitive payment data is processed securely by our payment provider, Stripe. We do not store your full payment card details.
- Transaction Data: Includes details about payments to and from you and other details of products you have purchased from us.
- Technical Data: Includes your internet protocol (IP) address, browser type and version, time zone setting and location, and other technology on the devices you use to access this website.
- Profile Data: Includes your username and password, purchases or orders made by you, your interests, preferences, and feedback.
- Usage Data: Includes information about how you use our website, products, and services, such as which pages you visit and what products you view.
- Marketing and Communications Data: Includes your preferences in receiving marketing from us and our third parties and your communication preferences.
- User-Generated Content: Includes product reviews, questions, and other content you post on the Website.
3. How and Why We Use Your Personal Data (Our Legal Basis)
We will only use your personal data when the law allows us to. Most commonly, we will use your personal data in the following circumstances:
- Performance of a Contract: Where we need to perform the contract we are about to enter into or have entered into with you (e.g., to process and deliver your order).
- Legitimate Interests: Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests.
- Consent: Where you have given us your explicit consent to do so.
- Legal Obligation: Where we need to comply with a legal or regulatory obligation.
Here is a table explaining the ways we use your data and the legal grounds we rely on to do so:
| Purpose/Activity | Type of Data Used | Lawful Basis for Processing |
|---|---|---|
| To register you as a new customer | Identity, Contact, Profile | Performance of a contract |
| To process and deliver your order | Identity, Contact, Financial, Transaction | Performance of a contract |
| To manage our relationship with you (e.g., notifying you about changes, asking for feedback) | Identity, Contact, Profile, Marketing | Performance of a contract; Legitimate Interests |
| To enable you to participate in a prize draw, competition, or complete a survey | Identity, Contact, Profile, Usage | Performance of a contract; Consent |
| To display your product reviews or questions | Identity, Profile, User-Generated Content | Consent; Legitimate Interests |
| To administer and protect our business and this Website (including troubleshooting, data analysis, security) | Identity, Contact, Technical | Legitimate Interests; Legal Obligation |
| To deliver relevant website content and advertisements to you and measure their effectiveness | Identity, Contact, Profile, Usage, Marketing, Technical | Legitimate Interests |
| To send you marketing communications about our products and offers | Identity, Contact, Marketing | Consent (You can withdraw consent at any time) |
| To respond to your enquiries and provide customer support | Identity, Contact | Performance of a contract; Legitimate Interests |
4. Who We Share Your Information With
We may have to share your personal data with the parties set out below for the purposes detailed in the table above:
- Payment Service Providers: such as Stripe, to securely process your payments.
- Delivery & Courier Services: such as Royal Mail, DPD, or others, to deliver your orders.
- Marketing & Analytics Platforms: such as Mailchimp (for email marketing) or Google Analytics (for website analysis), to help us understand our customers and market our products.
- IT & System Administration Providers: who host our website and provide technical support.
- Professional Advisers: including lawyers, bankers, auditors, and insurers who provide consultancy, banking, legal, insurance, and accounting services.
- HM Revenue & Customs (HMRC), regulators, and other authorities based in the United Kingdom who require reporting of processing activities in certain circumstances.
- Third parties to whom we may choose to sell, transfer, or merge parts of our business or our assets.
We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your data for specified purposes and in accordance with our instructions.
5. International Data Transfers
Some of our external third parties (such as Stripe or Google) are based outside the United Kingdom (UK), so their processing of your personal data will involve a transfer of data outside the UK.
Whenever we transfer your personal data out of the UK, we ensure a similar degree of protection is afforded to it by ensuring that the transfer is subject to appropriate safeguards, such as:
- The country has been deemed to provide an adequate level of protection for personal data by the UK Government (an "adequacy decision").
- We use specific contracts approved for use in the UK by the Information Commissioner's Office which give personal data the same protection it has in the UK (known as "Standard Contractual Clauses" or SCCs).
6. Data Security
We have put in place appropriate technical and organisational security measures to prevent your personal data from being accidentally lost, used, or accessed in an unauthorised way. However, no method of transmission over the Internet is 100% secure. While we do our best to protect your data, we cannot guarantee its absolute security.
7. Data Retention
We will only retain your personal data for as long as is necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.:
- Account Data: We keep your personal data for as long as you have an account with us.
- Order Data: By law, we have to keep basic information about our customers (including Contact, Identity, Financial, and Transaction Data) for six years after they cease being customers for UK tax purposes.
- Marketing Consent: We will keep data based on your consent until you withdraw that consent.
When it is no longer necessary to retain your data, we will securely delete or anonymise it.
8. Your Legal Rights
Under UK data protection law, you have rights over your personal data:
- Right to be Informed: To be informed about how we use your data (which is the purpose of this policy).
- Right of Access: To request a copy of the personal data we hold about you.
- Right to Rectification: To request that we correct any inaccurate personal data.
- Right to Erasure: To request that we delete your personal data.
- Right to Restrict Processing: To request that we suspend the processing of your personal data.
- Right to Data Portability: To request a copy of your data in a commonly used, machine-readable format.
- Right to Object: To object to us processing your data (for example, for direct marketing purposes).
- Rights related to automated decision making and profiling.
To exercise any of these rights, please email us at support@aromaworld.co.uk. You will not have to pay a fee to access your personal data (or to exercise any of the other rights).
9. Cookies
Our website uses cookies to distinguish you from other users. This helps us to provide you with a good experience when you browse our website and also allows us to improve our site. For detailed information on the cookies we use, please see our separate Cookie Policy
10. Updates to This Policy
We may update this privacy policy from time to time. The updated version will be indicated by a "Last Updated" date at the top. We encourage you to review this policy frequently to be informed of how we are protecting your information.
