Privacy Policy

At Maison Eclet, your privacy is treated with the same meticulous care as our fragrance compositions. This Privacy Policy explains how we collect, use, retain, protect, and share personal data when you browse the storefront, create an account, manage a cart, place an order, complete checkout, or contact support.

This policy is written for customers in Portugal and the European Economic Area and is intended to reflect the transparency expectations of the General Data Protection Regulation. It applies to the Maison Eclet website, product catalog, cart, checkout flow, customer account area, password recovery flow, and support interactions.

This policy does not replace the privacy notices of third-party providers that may process information under their own terms, such as payment processors, hosting providers, authentication providers, or email providers.

Maison Eclet is the controller for personal data processed to operate the storefront, customer account, cart, order, checkout, and support experience. Service providers may act as processors when they provide hosting, authentication, database, payment, email, or operational infrastructure on our behalf.

For privacy questions, GDPR rights requests, or concerns, contact us at privacy@maisoneclet.com. If we are legally required to appoint a Data Protection Officer or publish additional controller details, those details will be made available on this page or through an equivalent privacy contact channel.

If we need to verify your identity before acting on a request, we may ask for information reasonably necessary to confirm that the request relates to your account or order history.

We collect only the personal data needed to operate a perfume e-commerce storefront and provide customer support. The categories below describe the current product scope and may evolve if the storefront adds new customer-facing features.

We use personal data only for storefront, account, order, payment, support, security, and legal purposes connected to Maison Eclet. We do not sell customer personal data.

Under the GDPR, each processing activity must have a legal basis. The legal bases we may rely on depend on the context and the specific data involved.

Checkout is handled through trusted server-side boundaries and Stripe payment infrastructure. When you start checkout, payment-related information may be sent to Stripe so the transaction can be processed, verified, and reconciled with your order.

Maison Eclet stores order and checkout references needed to connect the cart, order, payment session, and final order status. Full card details are handled by Stripe and are not intentionally stored in the Maison Eclet application database.

We use cookies, local storage, and similar technologies only where they support the current storefront experience. These technologies may be required for authentication, cart continuity, password recovery, security, checkout, and user interface preferences.

For example, the site may store your theme preference locally so the storefront can remember whether you prefer dark or light mode. Authentication and recovery flows may use secure cookies or session mechanisms to keep protected routes and account actions safe.

We share information only when it is necessary to run the storefront, complete purchases, provide support, protect the service, comply with law, or enforce our terms. Service providers may process data under their own privacy and security terms depending on their role.

Current provider categories include hosting and deployment, database and authentication, payment processing, email or transactional communications, error diagnostics, and operational infrastructure. We may also disclose information if required by law, legal process, security investigation, chargeback, fraud prevention, or protection of rights and safety.

Because our providers may operate infrastructure in multiple countries, your personal data may be processed outside Portugal or the European Economic Area. When cross-border processing occurs, we rely on appropriate safeguards where required, such as provider contractual commitments, adequacy decisions, standard contractual clauses, and security measures appropriate to the service.

Payment, hosting, authentication, database, and email providers may each determine some processing locations and safeguards under their own legal documentation. You should review the privacy notices of those providers when you want details about their independent processing activities.

We retain personal information only for as long as needed for the purpose for which it was collected, unless a longer period is required or permitted for legal, accounting, tax, security, dispute, fraud-prevention, or operational reasons.

We use administrative, technical, and operational safeguards designed to protect customer information against unauthorized access, misuse, loss, or alteration. Security-sensitive flows are kept explicit and server-controlled where practical.

Examples include authentication boundaries, protected customer routes, server-side checkout validation, signed recovery controls, careful handling of payment status, and limited use of sensitive payment information. No internet-based service can be guaranteed completely secure, but we design the storefront to keep critical account, payment, and order boundaries clear.

If the GDPR applies to you, you may have the right to request access to your personal data, correction of inaccurate data, erasure, restriction of processing, portability, objection to processing based on legitimate interests, and withdrawal of consent where processing is based on consent.

You may also have the right to lodge a complaint with a supervisory authority. For Portugal, the relevant authority is the Comissão Nacional de Proteção de Dados, without prejudice to your right to contact another competent EEA supervisory authority.

To make a request, contact privacy@maisoneclet.com. We may need to verify your identity and may decline or limit requests where the law allows or requires us to retain information, such as order records needed for tax, accounting, fraud prevention, chargeback, or legal obligations.

Maison Eclet may send transactional messages connected to your account, password recovery, checkout, order status, support request, or security notice. These messages are part of the service and may be necessary even if you do not receive marketing messages.

If Maison Eclet later offers newsletters, launch notices, or promotional messages, we will provide an appropriate way to opt out where required. We do not currently rely on this policy to create unrelated advertising profiles from customer order data.

Maison Eclet does not currently use personal data to make decisions based solely on automated processing that produce legal or similarly significant effects for customers. Payment providers may apply their own fraud prevention and risk checks under their own policies.

Maison Eclet is not intended for children. We do not knowingly collect personal data from children through the storefront. If you believe a child has provided personal data through the storefront, contact us so we can review and take appropriate action.

The storefront may contain links to third-party websites, payment pages, provider pages, or social platforms. Their privacy practices are governed by their own policies, not this Maison Eclet Privacy Policy.

We may update this policy when the storefront changes, when providers or processing practices change, or when legal or operational requirements require a revision. The latest version will be posted on this page with an updated date.

For privacy inquiries, rights requests, or questions about this policy, contact privacy@maisoneclet.com. If your request relates to an order or account, include enough context for support to identify the relevant record without sending unnecessary sensitive information.