Privacy Policy
Last Updated: [24/1/2024]

At [Sephora-Salo], we respect your privacy and are committed to protecting your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your data when you visit our website, purchase discounted perfumes, or interact with our services.

1. What Personal Data We Collect

We only collect data necessary for your transactions and personalized experiences:

  • Directly Provided Data:

    • Name, email, shipping/billing address, phone number.

    • Payment details (processed via PCI-DSS compliant gateways like Stripe/PayPal). We do not store full credit card numbers.

    • Account credentials (if you create one).

  • Automatically Collected Data:

    • Device information (IP address, browser type, operating system) for fraud prevention.

    • Usage data via cookies (e.g., pages viewed, cart activity) to improve site functionality.

    • No precise geolocation tracking without consent.

2. How We Use Your Data

We process data lawfully under GDPR Article 6(1):

Purpose Legal Basis
Process orders & deliver perfumes Contractual necessity
Send transactional communications Legitimate interest
Personalized marketing & offers Your explicit consent
Fraud prevention & security Legal obligation + legitimate interest

3. Your Rights (GDPR/CCPA Compliance)

You have the right to:

  • Access, correct, or delete your personal data.

  • Object to marketing or automated processing.

  • Port your data to another service.

  • Withdraw consent at any time (e.g., unsubscribe via link in emails).
    To exercise these rights, contact us at [email]. We respond within 30 days.

4. Data Sharing & International Transfers

  • Strictly Limited Sharing:

    • Payment processors (Stripe, PayPal) for transaction completion.

    • Shipping partners (e.g., DHL, FedEx) for delivery.

    • No sale of data to third parties for independent marketing.

  • Cross-Border Safeguards:

    • EU/US transfers protected by Standard Contractual Clauses (SCCs) or GDPR adequacy decisions.

5. Security Measures

We implement:

  • Encryption: All data transmitted via TLS/SSL.

  • Access Controls: Strict employee permissions.

  • Regular Security Audits: To protect against breaches.

  • PCI-DSS Compliance: For payment security.

6. Cookies Policy

  • Essential Cookies: Necessary for checkout and account functions (no consent required).

  • Analytics/Marketing Cookies: Used only with your prior consent (manage via cookie banner).

  • Opt-out: Adjust settings in your browser or our preference center.

7. Children’s Privacy

We do not target or knowingly collect data from individuals under 16. If inadvertently collected, contact us for immediate deletion.

8. Policy Updates

Changes will be posted here with a new effective date. Material changes will be notified via email.

Contact Us

For privacy requests or questions: