At Fragrances For Candles, we are deeply committed to protecting your personal data. We process your information in full accordance with the General Data Protection Regulation (GDPR) (EU) 2016/679 and all other applicable data protection laws across the European Union. This document is designed to inform you transparently about how we collect, use, transfer, and protect your personal data when you interact with us through our website, mobile applications, or by using our products and services.
We may update this Privacy Policy periodically to reflect changes in our data processing practices or new legal requirements. Any modifications will be posted on our website, so we encourage you to review this policy regularly.
Who We Are and How to Reach Us
Fragrances For Candles is the trade name of Geomar Concept SRL, a legal entity established in Romania. Our registered office is located at Codrului 9A, Tunari, Ilfov, Romania. We are registered with the Trade Register under number J23/5394/2020, and our unique fiscal registration code is 43316318. For the purposes of data protection legislation, Geomar Concept SRL acts as the data controller for your personal data. The administrator of Geomar Concept SRL is George Oncea.
We welcome your questions, feedback, or any requests regarding our data processing practices. You can contact our Data Protection Officer at [email protected] or by postal mail or courier to our registered office at Codrului 9A, Tunari, Ilfov, Romania, with the clear mention: “Attention: Fragrances For Candles Data Protection Officer.”
What Personal Data We Process
We generally collect your personal data directly from you, giving you control over the type of information you provide. Here are examples of the personal data we collect:
- When you create an account on Fragrances For Candles: We collect your email address, first name, and last name.
- In your personal account (“My Account”) on the Fragrances For Candles platform: You have the option to provide additional information, such as: your photograph, gender, nickname, mobile phone number, landline phone number, date of birth, education level, various delivery addresses, an alternative email address, and bank card details (for saving payment methods, if you choose this option).
- When you place an order: You provide information necessary for order fulfillment, including: the desired product(s), your first name and last name, delivery address, billing details, chosen payment method, phone number, and bank card details (for processing the current transaction).
You can also register on the Fragrances For Candles platform using your existing Facebook or Google account. If you choose either of these options, you will be redirected to a page administered by Facebook Inc. / Google LLC, where they will inform you about the specific data that will be transferred to Fragrances For Candles. You can consult the privacy policies of Facebook and Google for more details:
https://www.facebook.com/about/privacy
https://policies.google.com/privacy
Furthermore, we may collect and subsequently process certain information about your behavior during your visits to our website or while using our mobile application. This data helps us personalize your online experience and provide you with offers tailored to your interests and profile. More details on this can be found in the section below concerning the purposes of processing.
On our website and in our mobile application, we may store and retrieve information using cookies and similar technologies. Our practices in this regard are fully detailed in our dedicated Cookie Policy, which we encourage you to review.
We do not collect or otherwise process sensitive data, which the General Data Protection Regulation defines as “special categories of personal data” (e.g., data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, health data, or data concerning a person’s sex life or sexual orientation). Additionally, we are committed to not knowingly collecting or processing data from minors under the age of 16. If we become aware that we have inadvertently collected personal data from a child under 16 without parental consent, we will take steps to delete that information promptly.
Purposes and Legal Bases for Processing Your Data
We will utilize your personal data for the following specific purposes, each supported by a clear legal basis as required by GDPR:
1. For the provision of Fragrances For Candles services and fulfillment of contractual obligations.
This overarching purpose includes, but is not limited to, the following activities:
- Creation and administration of your user account within the Fragrances For Candles platform.
- Processing of your orders, including their acceptance, validation, shipment, and invoicing.
- Resolution of order cancellations or any issues related to orders, purchased goods, or services.
- Processing of product returns in accordance with applicable legal provisions.
- Facilitating refunds for products, as required by law.
- Ensuring comprehensive customer support, including providing responses to your inquiries regarding your orders or Fragrances For Candles products and services.
Legal Basis: The processing of your data for these purposes is, in most cases, necessary for the performance of a contract to which you are a party or in order to take steps at your request prior to entering into a contract (GDPR Art. 6(1)(b)). Additionally, certain processing activities under these purposes are mandated by legal obligations to which we are subject, including tax and accounting legislation (GDPR Art. 6(1)(c)).
2. For the continuous improvement of our services.
We are committed to consistently providing you with the best possible online shopping experience. To achieve this, we may collect and utilize certain information related to your purchasing behavior. We may invite you to complete satisfaction questionnaires after an order has been finalized, or we may conduct market studies and research, either directly or with the assistance of trusted partners.
Legal Basis: We base these improvement activities on our legitimate interest to conduct and develop our commercial activities (GDPR Art. 6(1)(f)). We always ensure that a careful assessment is performed to balance our legitimate interests with your fundamental rights and freedoms, ensuring your interests are not overridden.
3. For direct marketing communications.
We aim to inform you about our products, services, and offers that might be of interest to you.
- In most instances, our marketing communications are based on your prior, explicit consent (GDPR Art. 6(1)(a)). You have the right to withdraw your consent at any time.
- In certain limited situations, we may base our marketing activities on our legitimate interest to promote and develop our commercial activity (GDPR Art. 6(1)(f)), particularly for existing customers and similar products/services. In such cases, we always take necessary measures to ensure your fundamental rights and freedoms are not adversely affected.
You can easily change your mind and withdraw your consent or object to marketing at any time by:
- Modifying your settings in your customer account under the “My Subscriptions” or similar section.
- Clicking the unsubscribe link clearly displayed within any marketing messages you receive from us.
- Contacting Fragrances For Candles directly using the contact details described above.
Upon receipt of your request, we will cease processing your personal data for direct marketing purposes without undue delay.
4. For the defense of our legitimate interests and legal compliance.
We undertake specific measures to protect our business, our platform, and our users:
- Implementation of measures for the protection of the website and users of the Fragrances For Candles platform against cyber-attacks, fraud, and other malicious activities.
- Measures for the prevention and detection of fraud attempts, including, where necessary, the transmission of relevant information to competent public authorities.
- Measures for the management of various other risks associated with our business operations.
Legal Basis: The general basis for these types of processing is our legitimate interest in protecting our commercial activity, ensuring the security of our systems, and safeguarding our assets and users (GDPR Art. 6(1)(f)). We carefully balance these interests with your fundamental rights and freedoms. In certain specific cases, our processing activities are based on legal obligations (GDPR Art. 6(1)(c)), such as the obligation to ensure the security of goods and assets as stipulated by applicable legislation.
How Long We Keep Your Personal Data
As a general rule, we will store your personal data for as long as you maintain an active account on the Fragrances For Candles platform. If you request us to delete certain information or close your account, we will comply with these requests. However, please be aware that we may be required to retain certain information even after your account is closed, in situations where applicable law or our legitimate interests mandate such retention (e.g., for tax compliance, dispute resolution, or record-keeping related to past transactions). The specific retention periods will vary depending on the type of data and the purpose of processing, but will always comply with legal requirements and the principle of data minimization.
Who We Share Your Personal Data With
Where necessary and appropriate, we may transmit or provide access to certain categories of your personal data to the following types of recipients:
- Companies within the same corporate group as Geomar Concept SRL (Fragrances For Candles);
- Third-party service providers that assist us in our operations, including:
- Courier and delivery service providers;
- Payment processing and banking service providers;
- Marketing and telemarketing service providers;
- Market research service providers;
- Insurance companies;
- IT service providers (for hosting, maintenance, security, etc.);
- Other companies with whom we may collaborate to develop joint programs for offering our goods and services on the market.
Additionally, if we are under a legal obligation to do so, or if it is necessary for us to defend a legitimate interest (e.g., in legal proceedings), we may disclose certain personal data to competent public authorities (e.g., tax authorities, consumer protection bodies, courts).
We take all reasonable steps to ensure that access to your data by private third-party legal entities occurs in strict compliance with data protection and information confidentiality provisions. This is primarily achieved through data processing agreements (DPAs) or other contractual arrangements entered into with these parties, which impose strict obligations to protect your data, including ensuring they meet GDPR standards.
Where We Transfer Your Personal Data
Currently, we primarily store and process your personal data on servers located within Romania.
However, in certain circumstances, it may be necessary to transfer some of your personal data to entities located in other European Union (EU) or European Economic Area (EEA) countries. All such transfers are protected by GDPR.
In some cases, it may also be necessary to transfer your data to entities located outside the EU/EEA, including to countries that the European Commission has not recognized as providing an adequate level of personal data protection.
For any transfers of personal data outside the EU/EEA to countries not deemed “adequate” by the European Commission, we will always implement robust measures to ensure that such international data transfers are handled with the utmost care to protect your rights and interests. These transfers will always be protected by appropriate safeguards, such as:
- The Standard Contractual Clauses (SCCs) issued by the European Commission (for transfers to third countries, ensuring equivalent data protection).
- Your explicit consent for specific transfers, where other safeguards are not available and you have been informed of the potential risks.
- Other legally recognized mechanisms as provided for in the GDPR (e.g., Binding Corporate Rules, codes of conduct, certification mechanisms).
You can contact us at any time, using the contact details provided above, to obtain more detailed information about the specific countries to which we transfer your data and the particular safeguards we have implemented for these transfers.
How We Protect the Security of Your Personal Data
We are fully committed to ensuring the security of your personal data. We implement and continuously review appropriate technical and organizational measures in line with industry best practices and security standards to protect your data against unauthorized access, disclosure, alteration, or destruction.
Key security measures include:
- Data Encryption: The transmission of your personal data (e.g., during registration, login, or checkout) is secured using state-of-the-art encryption algorithms (e.g., TLS/SSL).
- Secure Storage: We store your data on secure servers that are protected by firewalls and robust access controls. We also implement data redundancy measures to prevent data loss.
- Payment Security: For processing payments, we utilize the services of a certified payment processor, Plati.Online. All information related to payments is encrypted using secure technologies like HTTPS with TSL 1.2 encryption. We do not directly store your full payment card details on our servers; these are handled directly by our payment processor.
- Access Controls: Access to your personal data within our organization is strictly limited to authorized personnel who have a legitimate and defined need to know the information for the purposes described in this policy.
- Regular Audits and Training: We regularly audit our security practices and provide ongoing data protection training to our staff to ensure they are aware of and comply with our security policies.
Despite the comprehensive measures we take to protect your personal data, we must remind you that transmitting information over the Internet or any public network is never completely secure. There is always an inherent risk that data could be intercepted, seen, or used by unauthorized third parties. We cannot be held responsible for such vulnerabilities that arise from systems or networks not under our direct control. We encourage you to take appropriate measures to protect your own personal data, such as using strong, unique passwords and avoiding public Wi-Fi for sensitive transactions.
Your Rights
The General Data Protection Regulation (GDPR) grants you a series of important rights regarding your personal data. You can exercise these rights by contacting us using the details provided in the “Who We Are and How to Reach Us” section.
Here are the rights you have and some important aspects to consider when exercising them:
- Identity Verification: We take the confidentiality of all records containing personal data very seriously. To protect your data, we ask that you submit your requests regarding such records from the email address associated with your Fragrances For Candles account. If you use a different email address or method, we reserve the right to verify your identity by requesting additional information to confirm who you are before processing your request.
- Fees: We generally do not charge a fee for you to exercise any of your rights concerning your personal data. However, if your request is clearly unfounded, repetitive, or excessive, we may either charge a reasonable fee commensurate with the administrative costs of providing the information or communication or taking the action requested, or refuse to act on the request. We will inform you of any applicable fees before proceeding with your request.
- Response Time: We aim to respond to all valid requests within a maximum of one month from receipt. If your request is particularly complex or you have made several requests, we may extend this period to a maximum of two months. In such cases, we will inform you of the extension within one month of receiving your request, along with the reasons for the delay. We may also ask you to clarify precisely what information you wish to receive or what specific concerns you have, which can help us process your request more quickly.
- Third-Party Rights: Please note that we are not obligated to comply with a request if it would adversely affect the rights and freedoms of other individuals.
Here is a detailed description of your rights:
| Right | Description |
|---|---|
| Access | You have the right to request confirmation as to whether or not personal data concerning you are being processed, and, where that is the case, access to the personal data and the following information: the purposes of the processing; the categories of personal data concerned; the recipients or categories of recipient to whom the personal data have been or will be disclosed; where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period; the existence of the right to request from the controller rectification or erasure of personal data or restriction of processing of personal data concerning the data subject or to object to such processing; the right to lodge a complaint with a supervisory authority; where the personal data are not collected from the data subject, any available information as to their source; the existence of automated decision-making, including profiling, and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject. We will provide a copy of your personal data undergoing processing, unless this would adversely affect the rights and freedoms of others. |
| Rectification | You have the right to obtain from us without undue delay the rectification of inaccurate personal data concerning you. Taking into account the purposes of the processing, you also have the right to have incomplete personal data completed, including by means of providing a supplementary statement. We may try to verify the accuracy of the new data before rectifying it. |
| Erasure (Right to be Forgotten) | You have the right to obtain from us the erasure of personal data concerning you without undue delay, and we shall have the obligation to erase personal data without undue delay where one of the following grounds applies: (a) the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed; (b) you withdraw consent on which the processing is based and where there is no other legal ground for the processing; (c) you object to the processing and there are no overriding legitimate grounds for the processing; (d) the personal data have been unlawfully processed; (e) the personal data have to be erased for compliance with a legal obligation in Union or Member State law to which we are subject; (f) the personal data have been collected in relation to the offer of information society services to a child. We are not obliged to comply with your request for erasure if the processing is necessary for: (a) compliance with a legal obligation which requires processing by Union or Member State law to which we are subject; or (b) for the establishment, exercise, or defense of legal claims. Note: Before exercising this right, please ensure you download and save all documents related to your orders from your Fragrances For Candles account (e.g., invoices, warranty certificates). If you do not perform this action before exercising your right to erasure, you will lose access to all these documents, and Fragrances For Candles may be unable to provide them to you, as the process of deleting data and your Fragrances For Candles account, along with all associated data and documents, is irreversible. |
| Restriction of Processing | You have the right to obtain from us restriction of processing where one of the following applies: (a) the accuracy of the personal data is contested by you, for a period enabling us to verify the accuracy of the personal data; (b) the processing is unlawful and you oppose the erasure of the personal data and request the restriction of their use instead; (c) we no longer need the personal data for the purposes of the processing, but they are required by you for the establishment, exercise, or defense of legal claims; (d) you have objected to processing, pending the verification whether our legitimate grounds override yours. We may continue to use your personal data following a request for restriction if: we have your consent; or for the establishment, exercise or defense of legal claims; or for the protection of the rights of Fragrances For Candles or another natural or legal person. |
| Data Portability | You have the right to receive the personal data concerning you, which you have provided to us, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance from us, where: (a) the processing is based on consent or on a contract; and (b) the processing is carried out by automated means. You also have the right to have the personal data transmitted directly from us to another controller, where technically feasible. |
| Objection | You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based on our legitimate interests (GDPR Art. 6(1)(f)), including profiling based on those provisions, if you consider that your fundamental rights and freedoms override this interest. In such cases, we shall no longer process the personal data unless we demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defense of legal claims. You also have the right to object at any time to the processing of your personal data for direct marketing purposes (including profiling to the extent that it is related to such direct marketing), without invoking any specific reason, in which case we will cease this processing as soon as possible. |
| Automated Individual Decision-Making, including Profiling | You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you. This right does not apply if the decision: (a) is necessary for entering into, or performance of, a contract between you and us; (b) is authorised by Union or Member State law to which we are subject and which lays down suitable measures to safeguard your rights and freedoms and legitimate interests; or (c) is based on your explicit consent. |
| Complaints | You have the right to lodge a complaint with a supervisory authority regarding the processing of your personal data. In Romania, the contact details of the supervisory authority for data protection are: Autoritatea Națională de Supraveghere a Prelucrării Datelor cu Caracter Personal (National Supervisory Authority for Personal Data Processing), B-dul G-ral. Gheorghe Magheru nr. 28-30, Sector 1, cod poștal 010336, București, Romania; Phone: +40.318.059.211 or +40.318.059.212; E-mail: [email protected]. While you always have the right to contact the supervisory authority, we kindly ask you to contact us first. We promise to make every effort to resolve any issue or concern amicably and efficiently. |
Remember, you can always contact Fragrances For Candles’ Data Protection Officer by sending your request via email to: [email protected] or by post or courier to: Codrului 9A, Tunari, Ilfov, Romania – with the mention: Attention: Fragrances For Candles Data Protection Officer.