Privacy Policy

The data controller responsible for personal data processed through this website is: Natural Mystic Aroma Sp. z o.o. ul. Pamiątkowa 2/56, 61-512 Poznań, Poland Email: info@themysticaroma.com For privacy-related requests, contact us at the above email address.

Depending on how you use the website, we may process: (a) identification and contact data (name, email, phone, company details); (b) order and billing data (address, VAT data, invoice details); (c) communication content you send us; (d) technical data (IP address, browser, device information, cookie/consent status); and (e) website usage data in aggregated form when analytics consent is granted.

We process data to: (a) answer inquiries and prepare offers; (b) process, ship, and support orders; (c) issue invoices and comply with accounting/tax duties; (d) secure and maintain website operations; (e) improve service quality and website performance; and (f) send marketing communications only where permitted and/or consented. We do not sell personal data.

Our legal bases are: (a) contract performance or pre-contractual steps (Art. 6(1)(b) GDPR); (b) legal obligation, especially tax/accounting duties (Art. 6(1)(c)); (c) legitimate interest, including fraud prevention, IT security, and handling B2B communication (Art. 6(1)(f)); and (d) consent for optional cookies and selected marketing activity (Art. 6(1)(a)).

We share data only where necessary with trusted service providers, such as hosting providers, email providers, payment processors, logistics/carrier partners, and IT/accounting support. These entities process data under appropriate contracts and only to the extent needed for service delivery or legal compliance.

Where service providers process data outside the EEA, we use recognized transfer safeguards, such as Standard Contractual Clauses and supplementary technical/organizational measures where required.

This website uses essential technologies and optional cookie categories managed through a consent banner. Optional categories (such as analytics) are activated only after consent. You can accept, reject, or customize your choices and update them at any time via "Cookie settings" in the footer. See our Cookie Policy for details.

We keep personal data only as long as required for the purpose collected and legal obligations. Typical periods: inquiry data up to 24 months, commercial correspondence as needed for claim defense, and accounting/invoice records for the statutory period (generally 5 years after the relevant tax year). Consent records are retained for accountability.

Subject to GDPR, you may request access, rectification, erasure, restriction, data portability, and objection to processing based on legitimate interest. Where processing is based on consent, you may withdraw consent at any time without affecting lawfulness before withdrawal.

To exercise your rights, contact info@themysticaroma.com. You also have the right to lodge a complaint with the Polish supervisory authority: President of the Personal Data Protection Office (UODO), ul. Stawki 2, 00-193 Warsaw, Poland, https://uodo.gov.pl. We may update this policy from time to time; the latest revision date is shown on this page.