Privacy Policy

Last updated: 22 May 2026

Your privacy matters. This Privacy Policy explains what information we collect, how we use it, and the rights you have over your data.

1. Who We Are

Auréa ("we", "us", "our") is the data controller for personal information collected through this website. If you have any questions, contact our privacy team at privacy@aurea.com.

2. What We Collect

We collect the following categories of personal data:

Identity & contact: name, email, phone number, billing and shipping address.
Order data: products purchased, payment confirmation (we do not store full card details — these are handled by our payment processor).
Account data: if you register an account, your password (hashed), order history, wishlist.
Technical data: IP address, browser type, device, pages visited, time on site (collected via cookies — see our Cookie Policy).
Marketing preferences: if you subscribe to our newsletter or accept marketing communications.

3. How We Use Your Data

To process and fulfil your orders
To send order confirmations, shipping updates and customer support replies
To improve our website and product offering
To send marketing communications (only with your consent — you can unsubscribe anytime)
To prevent fraud and comply with legal obligations

4. Legal Basis for Processing (GDPR)

Contract: processing necessary to fulfil your order.
Legitimate interests: improving our service, preventing fraud, security.
Consent: marketing communications and optional cookies.
Legal obligation: tax, accounting and regulatory requirements.

5. Sharing Your Data

We share your data only with trusted partners necessary to operate our business:

Payment processors (Stripe, PayPal, Shop Pay)
Shipping carriers
Email and marketing platforms (with your consent)
Analytics providers (anonymised where possible)
Legal or regulatory authorities when required

We never sell your personal data to third parties.

6. How Long We Keep Your Data

We retain personal data only as long as necessary to fulfil the purposes outlined above, comply with legal obligations, resolve disputes and enforce our agreements. Order records are typically retained for 7 years for tax and legal reasons.

7. Your Rights

Under GDPR and similar laws, you have the right to:

Access the personal data we hold about you
Request correction of inaccurate data
Request deletion of your data (subject to legal retention obligations)
Object to or restrict certain processing
Request data portability
Withdraw consent at any time
Lodge a complaint with your local data protection authority

To exercise any of these rights, email privacy@aurea.com. We'll respond within 30 days.

8. International Transfers

Some of our service providers may be located outside your country. When we transfer data internationally, we use Standard Contractual Clauses and other safeguards required by applicable law.

9. Security

We use industry-standard security measures including encryption (TLS/SSL), access controls, and regular security reviews to protect your data. No transmission over the internet is 100% secure, but we work hard to keep your information safe.

10. Children

Our website is not directed to children under 13. We do not knowingly collect personal data from children. If you believe we have, contact us and we'll delete it.