legal

Privacy Policy

Last updated: March 2025

1. Who We Are

mimūn fragrance is a US-based company and the data controller responsible for your personal data collected through this website. For any privacy-related enquiries, contact us at [email protected].

2. Data We Collect

We collect personal data that you provide directly, including your name, email address, delivery address, and payment information when you place an order or sign up for our newsletter. We also collect data automatically when you browse our website, including IP address, browser type, pages visited, and session duration through analytics tools.

3. How We Use Your Data

Your data is used to process and fulfil orders, communicate order updates, respond to enquiries, send marketing communications (where consented), prevent fraud, comply with legal obligations, and improve our website and product offering through aggregated analytics.

4. Legal Basis for Processing (US Customers)

For US customers, we process your personal data in accordance with applicable US federal and state privacy laws, including the California Consumer Privacy Act (CCPA) where applicable. We collect only the data necessary to fulfil your order and provide our services. We do not sell your personal data to third parties.

5. California Privacy Rights (CCPA)

If you are a California resident, you have the right to: know what personal information we collect, use, disclose, and sell; request deletion of your personal information; opt out of the sale of your personal information (we do not sell personal data); and non-discrimination for exercising your privacy rights. To exercise these rights, contact us at [email protected].

6. International Customers and GDPR

Although mimūn is a US company, we voluntarily apply GDPR-aligned data handling practices for customers in the European Union and United Kingdom. EU and UK customers have the right to access, rectify, erase, restrict, or port their personal data, and to withdraw consent at any time. To exercise these rights, contact us at [email protected].

7. Third-Party Services

We share data with third-party processors acting on our behalf, including Stripe for payment processing (PCI-DSS compliant; we do not store full card details) and analytics providers. All processors are bound by appropriate data processing agreements.

8. Data Retention

We retain personal data only for as long as necessary to fulfil the purposes for which it was collected, or as required by law. Order data is retained for a minimum of seven years for tax and accounting purposes. Marketing data is retained until you withdraw consent or request deletion.

9. Data Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, loss, or disclosure. Payment data is processed exclusively through Stripe's secure infrastructure.

10. Changes to This Policy

We may update this Privacy Policy periodically. Material changes will be communicated via email or a prominent notice on our website. The current version is always available at this URL.