LANG

CURRENCY

Your trust matters to us — in fragrance discovery, and in how we handle the personal information you share with us. This Privacy Policy explains, clearly and honestly, what data we collect, why we collect it, who we share it with, and what rights you have under the General Data Protection Regulation (GDPR) and applicable Romanian law.

We’ve tried to write this in plain, readable language. If anything is unclear, you can always write to us at data@thescentnest.com — we’ll respond within 30 days.

1. Data Controller

The data controller responsible for your personal data is:

 

SC INSPIRATIQUE SRL

Bd. Eroilor 4, Cluj-Napoca, jud. Cluj, Romania

Website: thescentnest.com

Privacy contact: data@thescentnest.com

2. What Personal Data We Collect

2.1 Account & order data

When you place an order or create an account, we collect:

  • Full name
  • Email address
  • Billing and shipping address
  • Phone number — collected optionally via subscription forms and at checkout, with your explicit consent
  • Order history
  • Password (stored in hashed form only — we never access your password in plain text)

2.2 Payment data

All payments are processed by Stripe, Inc. We do not store your card details, bank account numbers, or any other sensitive payment credentials on our servers. Stripe handles this data directly, in accordance with PCI-DSS standards. Accepted methods include credit/debit cards, Apple Pay, Google Pay, Klarna, Giropay, and other Stripe-supported options.

2.3 Technical & browsing data

When you visit our site, we automatically collect:

  • IP address
  • Browser type and version, operating system, device type
  • Pages visited and session duration
  • Referring URL (how you arrived at our site)
  • Navigation paths and click behaviour

This data is collected via cookies, HTML local storage, and server logs (see Section 8 — Cookies).

2.4 Marketing & communications data

If you subscribe to our marketing communications (email, SMS, or WhatsApp), we collect your email address, first name, and optionally your phone number — depending on the channel and the information you provide. We also record the date and method of your consent.

3. How We Collect Marketing Subscribers

We collect email addresses, phone numbers, and marketing consents only through channels where consent is explicit and documented:

  • At checkout: through voluntary tick-boxes for email, SMS, and/or WhatsApp consent, before the order is placed. Consent is never a condition of purchase.
  • Meta and Google lead forms: through leads generated by ads on Facebook, Instagram, or Google. Every form displayed includes a direct link to this privacy policy and requires explicit consent.
  • Site popup: email address and first name are required; phone number is optional. Consent is explicitly checked before submission.
  • The /en/subscribe/ page: email address and first name are required; phone number is optional. Consent is given explicitly.

You can opt out of any marketing communication at any time:

  • Email newsletters: every email includes an unsubscribe link in the footer — one click, no login required.
  • SMS and WhatsApp: reply STOP to any message and you will be immediately removed from the list.

By email: write to us directly at data@thescentnest.com and we will action it within 48 hours.

4. Legal Basis for Processing (GDPR Art. 6)

We process your personal data only where we have a valid legal basis:

 

  • Contract performance (Art. 6(1)(b)): to process your order, handle payment, arrange delivery, and manage returns.
  • Legal obligation (Art. 6(1)(c)): to retain financial and accounting records as required under Romanian accounting law (Law no. 82/1991 and related regulations — minimum 10 years).
  • Legitimate interests (Art. 6(1)(f)): to analyse website traffic, prevent fraud, and maintain the security of our systems.

Consent (Art. 6(1)(a)): for marketing communications (email, SMS, WhatsApp) and for non-essential cookies. You may withdraw consent at any time, without affecting the lawfulness of prior processing.

5. How We Use Your Data

  • Processing and fulfilling your orders, including dispatch and delivery notifications
  • Order confirmations and post-sale customer service communications
  • Processing payments, refunds, and complaints
  • Sending newsletters, SMS messages, and WhatsApp messages (with your consent)
  • Personalised product recommendations based on browsing behaviour
  • Analysing and improving site performance and user experience
  • Detecting and preventing fraud and abusive activity
  • Complying with legal and tax obligations
  • Responding to your enquiries and support requests

6. Third-Party Service Providers

We share your personal data only with trusted third-party service providers — strictly to the extent necessary to operate our business. All providers are contractually bound to process data solely on our instructions and to implement appropriate security measures.

 

Provider

Role

Privacy Policy

Stripe, Inc.

Payment processing

stripe.com/privacy

Klaviyo, Inc.

Email, SMS & WhatsApp marketing

klaviyo.com/legal/privacy-policy

Google LLC

Analytics (GA4), Ads, Tag Manager

policies.google.com/privacy

Meta Platforms, Inc.

Facebook/Instagram Pixel, Ads

facebook.com/privacy/policy

TikTok Inc.

TikTok Pixel, Ads

tiktok.com/legal/privacy-policy

Pinterest, Inc.

Pinterest Tag, Ads

policy.pinterest.com/en/privacy-policy

Hotjar Ltd.

Heatmaps, session recordings

hotjar.com/legal/policies/privacy

WeTracked (pixel.wetracked.io)

Server-side tracking / Conversion API

Conversios (conversiostrack.thescentnest.com)

GA4 + WooCommerce integration, UTM attribution

Cloudflare, Inc.

CDN, security, DDoS protection

cloudflare.com/privacypolicy

hCaptcha (Intuition Machines)

Bot protection

hcaptcha.com/privacy

Usercentrics A/S (Cookiebot)

Cookie consent management

usercentrics.com/privacy-policy

Rocket.net

Web hosting

rocket.net/privacy-policy

 

We do not sell, rent, or trade your personal data to any third party for their own marketing purposes.

7. International Data Transfers

Some of our service providers are located outside the European Economic Area (EEA), including in the United States. Where data is transferred outside the EEA, we ensure appropriate safeguards are in place, including:

  • Standard Contractual Clauses (SCCs) approved by the European Commission
  • Participation in the EU-US Data Privacy Framework (where applicable)

You may request a copy of the relevant safeguards by writing to data@thescentnest.com.

8. How Long We Keep Your Data

  • Financial records & orders: minimum 10 years, under Romanian accounting legislation.
  • Marketing data (email, SMS, WhatsApp): until you unsubscribe. You may unsubscribe at any time.
  • Account data: while your account is active, plus the applicable legal retention period after deletion.
  • Web traffic & analytics data: up to 26 months (GA4 default). Anonymised or aggregated data may be kept indefinitely.
  • Customer support communications: up to 12 months after the request is resolved.
  • Cookie data: according to each cookie’s own duration (see Section 9).

 

After the applicable retention period, data is securely deleted or anonymised.

9. Cookies & Tracking Technologies

We use cookies, HTML local storage, and tracking pixels to keep the site working, remember your preferences, and measure the performance of our marketing. We use Cookiebot to manage your consent for non-essential cookies.

9.1 Cookie categories

  • Necessary (24): essential for the site to function — shopping cart, session management, security, bot protection. Providers: Cloudflare, Google, Klaviyo, Pinterest, Stripe, hCaptcha, Cookiebot, The Scent Nest. No consent required.
  • Preference (3): remember your settings — selected currency (Aelia Currency Switcher), Klaviyo preferences. Providers: Klaviyo, Stripe, The Scent Nest.
  • Statistics (10): understand visitor behaviour — visits, time on site, pages read. Providers: Meta Platforms, Hotjar, Klaviyo, TikTok, The Scent Nest (Conversios/FPID). Require consent.

Marketing (36): cross-site tracking for relevant advertising and conversion attribution. Providers: Meta Platforms, Google, Klaviyo, Pinterest, TikTok, WeTracked (Conversion API), Conversios, The Scent Nest (sbjs). Require consent.

9.2 Managing your cookie preferences

You can review and update your cookie preferences at any time by clicking „Cookie Settings” in our site footer. The full, always-current list of active cookies is available in the Cookiebot consent window.

10. Your Rights Under GDPR

As a data subject, you have the following rights. To exercise any of them, write to us at data@thescentnest.com — we will respond within 30 days.

 

  • Right of access: request a copy of the personal data we hold about you.
  • Right to rectification: request correction of inaccurate or incomplete data.
  • Right to erasure („right to be forgotten”): request deletion of your data where there is no compelling legal reason for us to continue processing it.
  • Right to restriction: request that we limit how we use your data in certain circumstances.
  • Right to data portability: receive your data in a structured, commonly used, machine-readable format.
  • Right to object: object to processing based on legitimate interests, or to direct marketing.
  • Right to withdraw consent: at any time, without affecting the lawfulness of prior processing.

Right to lodge a complaint: with the Romanian National Supervisory Authority (ANSPDCP) — website: dataprotection.ro, address: B-dul Magheru 28-30, Sector 1, 010336, Bucharest, Romania. EU residents may also contact the supervisory authority in their country of residence.

11. Data Security

We implement appropriate technical and organisational measures to protect your data against unauthorised access, alteration, disclosure, or destruction:

  • TLS/SSL encryption for all connections to our website
  • Secure hosting on Rocket.net with regular security updates
  • DDoS protection and Web Application Firewall via Cloudflare
  • Payment processing via Stripe — PCI-DSS certified; we never store card data ourselves
  • Access controls limiting who within our organisation can access personal data

In the event of a personal data breach that is likely to result in a high risk to your rights and freedoms, we will notify you without undue delay as required by GDPR Art. 34. ANSPDCP will be notified within 72 hours as required by Art. 33 GDPR.

12. Children's Privacy

Our website and services are not directed at anyone under the age of 16. We do not knowingly collect personal data from minors. If you believe we have inadvertently collected such data, please write to us at data@thescentnest.com and we will delete it promptly.

13. Links to Third-Party Websites

Our website may contain links to third-party platforms (social media, commercial partners, etc.). This Privacy Policy does not apply to those sites. We encourage you to review their privacy policies before using them.

14. Changes to This Policy

We may update this Privacy Policy from time to time — to reflect changes in our practices, technology, or applicable law. The effective date at the top of the page is updated accordingly. For significant changes, we will notify you by email. We recommend checking this page periodically.

15. Contact

For any questions, requests, or complaints regarding this Privacy Policy or your personal data:

 

SC INSPIRATIQUE SRL  (The Scent Nest)

Bd. Eroilor 4, Cluj-Napoca, jud. Cluj, Romania

Email: data@thescentnest.com

Website: thescentnest.com

Login
Create an account

A link to set a new password will be sent to your email address.

Datele tale personale vor fi utilizate pentru a îți îmbunătăți experiența pe acest site, pentru a gestiona accesul la contul tău și pentru alte scopuri descrise în privacy policy.

Password Recovery

Lost your password? Please enter your username or email address. You will receive a link to create a new password via email.

Bestsellers
Shopping Bag 0

Get a 10% discount on your first order

Join the The Scent Nest newsletter community and you will receive a 10% off coupon in your inbox, valid on any order.