Privacy policy

Privacy Policy

1) INFORMATION ON THE COLLECTION OF PERSONAL DATA & CONTACT DETAILS OF THE DATA CONTROLLER
 1.1 We are pleased that you are visiting our website and thank you for your interest. Below we explain how we handle your personal data when using our website. Personal data is any data that can personally identify you.

1.2 The controller responsible for processing data on this website under the General Data Protection Regulation (GDPR) is AvaandAurora. The data controller is the natural or legal person who alone or jointly with others determines the purposes and means of processing personal data.

1.3 For security reasons and to protect the transmission of personal data and other confidential content (such as orders or enquiries), this website uses SSL or TLS encryption. You can recognise a secure connection by the “https://” prefix and the padlock icon in your browser’s address bar.

 

 

2) DATA COLLECTION WHEN VISITING OUR WEBSITE
 When you use our website solely for information purposes, i.e., if you do not register or provide us with information in any other way, we only collect data that your browser transmits to our server (so-called “server log files”). When you access our website, we collect the following data, which is technically necessary for us to display the website:

  • The website you visited

  • Date and time of access

  • Amount of data sent (in bytes)

  • Source/referrer from which you accessed the site

  • Browser used

  • Operating system used

  • IP address used (possibly anonymised)

We process this data under Article 6(1)(f) GDPR, based on our legitimate interest in improving the stability and functionality of our website. We do not pass on or otherwise use this data, although we reserve the right to review the server log files later if there are concrete indications of unlawful use.

 

 

3) COOKIES
 To make your visit to our website attractive and to enable the use of certain features, we use cookies—small text files stored on your device. Some cookies are deleted at the end of the browser session (session cookies), while others remain on your device (persistent cookies) to recognise your browser on your next visit. Cookies may collect data such as browser and location data or IP addresses. Persistent cookies are automatically deleted after a set period.

Cookies can, for example, simplify the ordering process by remembering the contents of a virtual shopping basket for later visits. If cookies process personal data, this is done under Article 6(1)(b) GDPR (to fulfil a contract) or Article 6(1)(f) GDPR (legitimate interest in functional and user‑friendly site features).

We may work with advertising partners who place third-party cookies on your device. We inform you in the following sections about the use of such cookies and the data collected.

You can configure your browser to alert you about cookies and decide whether to accept them, or reject cookies entirely or in specific cases. Each browser has different settings explained in their help menus. You may find the instructions via:

  • Internet Explorer

  • Firefox

  • Chrome

  • Safari

  • Opera

Please note that refusing cookies may limit the functionality of our website.

 

 

4) CONTACTING US
 When you contact us (e.g., via a contact form or email), we collect personal data. The details required depend on the form used. This data is stored and used solely to respond to your enquiry and for technical administration. Processing is based on our legitimate interest under Article 6(1)(f) GDPR. If your contact aims to conclude a contract, Article 6(1)(b) GDPR also applies. Your data will be deleted after resolution of your request, unless legal retention requirements prevent this.

 

 

5) DATA PROCESSING WHEN CREATING A CUSTOMER ACCOUNT & FOR ORDER PROCESSING
 Under Article 6(1)(b) GDPR, personal data you provide when opening an account or placing an order is collected and processed. You may delete your account at any time by contacting the controller. We use your data to fulfil the contract. After contract completion or account deletion, we block your data, observing statutory tax and commercial retention periods, and delete it after these periods unless you have explicitly consented to further use or lawful further processing is permitted, as informed below.

 

 

6) USE OF YOUR DATA FOR DIRECT MARKETING

6.1 Newsletter Sign‑Up
 If you sign up for our email newsletter, only your email address is required, with other details optional. We use a double opt‑in process. We store your IP address and timestamp to prevent misuse. Data is used solely for newsletter marketing. You can unsubscribe at any time via a link in the email or by contacting us. After unsubscribing, your email is deleted from the newsletter list unless you have consented to further use or legal retention applies.

6.2 Emailing Existing Customers
 If you have previously provided your email when purchasing goods or services, we may send you offers for similar goods or services by email, based on our legitimate interest under Article 6(1)(f) GDPR. If you initially objected to this use, we do not send such emails. You may object at any time at no cost beyond standard transmission charges. Once we receive your objection, we cease marketing emails to you.

 

 

7) DATA PROCESSING FOR ORDER FULFILMENT

7.1 Personal data is forwarded to the delivery company as needed for delivery and to the financial institution for payment processing, under Article 6(1)(b) GDPR.

7.2 Payment Service Providers

  • PayPal: We share payment data with PayPal (Luxembourg) under Article 6(1)(b) GDPR. PayPal may conduct a credit check under Article 6(1)(f) GDPR and uses statistical score values. You may object by contacting PayPal, but they may retain data necessary for payment processing.

  • SOFORT: Payment data is passed to SOFORT GmbH (Germany/part of Klarna) under Article 6(1)(b) GDPR. See Klarna’s privacy policy for more details.

 

 

8) CONTACT FOR REVIEW REMINDER
 We may use your email to remind you (once) to review your purchase, but only if you have given explicit consent under Article 6(1)(a) GDPR. You may withdraw consent at any time by contacting us.

 

 

9) USE OF SOCIAL MEDIA PLUGINS (SHARIFF SOLUTION)
 We use HTML link-based social buttons (not direct plugins) for Facebook, Google+ and Instagram. Only when you click the link is a connection made to the respective provider, who then processes the data. All three are certified under the EU–US Privacy Shield.

 

 

10) ONLINE MARKETING

10.1 DoubleClick by Google
 We use DoubleClick (Google) for relevant ads and campaign reports. Cookie IDs track ads in your browser. Processing is under our legitimate interest (Article 6(1)(f) GDPR). Google may collect data (including IP) to report ad clicks. You may disable conversion tracking cookies in your browser or via the Digital Advertising Alliance.

10.2 Google AdWords Conversion Tracking
 We use AdWords to display ads and measure effectiveness. Conversion cookies expire after 30 days and do not contain personal data. Participation can be blocked via browser settings or the Digital Advertising Alliance. Processing is based on our legitimate interest (Article 6(1)(f) GDPR).

 

 

11) WEB ANALYTICS SERVICES – GOOGLE UNIVERSAL ANALYTICS
 This website uses Google Analytics with the “_anonymizeIp()” extension to shorten IP addresses within the EU/EEA. Usually all data is processed under Article 6(1)(f) GDPR. We use it for site usage reports and optimisation. IP addresses are not merged with other Google data. You can disable cookies or opt out via a browser plugin or opt-out link on Google.

Cross-device analytics via a pseudonymous User-ID are also used. This does not involve personal data. You must disable Analytics on all devices with repeat plugin or link clicks.

 

 

12) RETARGETING / REMARKETING / RECOMMENDATION ADVERTISING

Facebook Custom Audiences (Pixel)
 With explicit consent (Article 6(1)(a) GDPR, only over 13s), we may track behaviour after ad clicks via Facebook Pixel. Data is anonymous for us but may be stored and used by Facebook for advertising. You can opt out via browser settings or Digital Advertising Alliance.

Google AdWords Remarketing
 We use Google’s remarketing functions to advertise based on your browsing habits with pseudonymous cookies, under our legitimate interest (Article 6(1)(f) GDPR). Broader data linkage occurs only if you consent to cross-device tracking from Google account. You can disable ad targeting via Google plugin or Digital Advertising Alliance. Some site features may be limited if you refuse cookies.

 

 

13) RIGHTS OF DATA SUBJECTS
 You have the following rights:

  • Right of access (Art. 15 GDPR)

  • Right to rectification (Art. 16)

  • Right to erasure (Art. 17)

  • Right to restriction (Art. 18)

  • Right to notification (Art. 19)

  • Right to data portability (Art. 20)

  • Right to withdraw consent (Art. 7(3))

  • Right to complain to a supervisory authority (Art. 77)

13.2 Right to Object
 Where data is processed on our legitimate interest basis, you may object at any time based on your situation. We will then stop processing unless we demonstrate compelling legitimate grounds overriding yours or the processing is needed for legal claims.

You also have the right to object to processing for direct marketing; if you do so, marketing processing will cease.

 

 

14) STORAGE DURATION OF PERSONAL DATA
 Personal data is stored for the duration required by legal retention periods (e.g. tax or commercial law). After this period, unless needed for contract fulfilment or our legitimate interest, data is routinely deleted.