Privacy Policy

Data Controller

Company name: BELLAVITA FRAGRANCES (“Bellavita” or “we”)
Address: Yacatas 215, Narvarte Poniente, Benito Juárez, 03020, Mexico City, Mexico
CIN / Company ID / Tax ID: BFR2411124D5
E-Mail: care@bellavitaluxury.mx

Origin and Categories of Data

We collect and process the personal data that you provide through the “Contact” form on our website, as well as through other means or channels made available (e.g., customer service, internal reporting system). This information generally includes your name, email address, company (if applicable), and any message you choose to send us.

We may also process other personal data that you provide in the course of communication with us or that is generated while we provide services.

Additionally, we collect information through cookies for analytical and marketing purposes. More details are available in our Cookie Policy.

By submitting your information, you confirm that it is accurate and truthful. You are responsible for any false, inaccurate, or incomplete information provided, as well as for any damages that may result to Bellavita or third parties.

Purpose and Legal Basis of Processing

Purposes

  • Service delivery: To provide you with the services you request (e.g., product sales) or to respond to your queries.
  • Marketing: To send commercial updates, promotional offers, or newsletters by electronic means (e.g., email or SMS). You may unsubscribe anytime via the instructions in each message or by emailing- care@bellavitaluxury.mx.
  • Analytics: To carry out statistical and aggregated (non-identifiable) analysis of browsing behavior on our website.
  • Advertising & Social Media: To display personalized advertising while you browse, based on cookies, your interests, and your interactions on social platforms.
  • Internal Information System: To manage and, where applicable, investigate reports or complaints received through our whistleblowing/internal reporting system, in line with applicable law.

Data Retention

We will retain your personal data for as long as a customer-supplier relationship exists, in order to properly manage it and send you relevant commercial information. If there is a prolonged period of inactivity, we will delete or anonymize your data when processing is no longer necessary, unless you request deletion earlier.

Where data must be retained for legal obligations or to address potential liabilities, it will be securely stored in a “blocked” form, with access restricted.

Data collected through the Internal Information System will be deleted within three months unless anonymized for compliance or investigative purposes, as provided by law.

We will also take all reasonable measures to ensure your data is updated or deleted when inaccurate.

Automated Decisions

We do not make decisions based solely on automated processing that have legal or similarly significant effects on you.

Recipients

As a general principle, we do not share your personal data with third parties, except in the following cases:

  • Service providers: Certain suppliers may require access to your personal data in order to provide us with services (e.g., IT providers, hosting/cloud services, CRM platforms, logistics and courier companies, payment gateways). These third parties act as (sub)processors under a data processing agreement in line with Art. 28 GDPR.
  • Legal obligations & investigations: Where required by law, administrative or judicial authorities, anti-money laundering/tax/social security regulations, or investigations resulting from the Internal Information System, with confidentiality safeguards in place.
  • Corporate transactions: In the event of restructuring, merger, acquisition, or sale of assets, your data may be transferred to the relevant third party.

International Transfers

Currently, we do not conduct international transfers of personal data. However, some of our IT or cloud providers may have servers located outside the European Economic Area (EEA). If such transfers occur, they will only be carried out when strictly necessary and with appropriate safeguards (e.g., Standard Contractual Clauses, adequacy decisions) to ensure protection equivalent to EU standards.

Your Rights

In accordance with GDPR and applicable national legislation, you have the following rights:

  • Access: To know what personal data we process about you.
  • Rectification or Deletion: To request correction of inaccurate data or deletion of your data.
  • Restriction: To request limited processing in certain circumstances.
  • Portability: To receive your data in a structured, machine-readable format and transmit it to another controller.
  • Objection: To object to processing based on legitimate interests or direct marketing.

You may also withdraw your consent at any time for processing activities based on consent.

How to exercise your rights

You may exercise these rights at any time by contacting us at- care@bellavitaluxury.mx with the subject line “Privacy”. We may request proof of identity (such as an ID copy) for verification purposes.

The exercise of rights is free of charge, except where requests are manifestly unfounded, excessive, or repetitive.

Complaints

If you believe your rights have been violated, you may lodge a complaint with the competent supervisory authority in your country of residence. In Spain, this is the Spanish Data Protection Agency (AEPD).

Before filing a complaint, we encourage you to contact us first at- care@bellavitaluxury.mx so we can address your concern amicably.

Response Times

We will respond to your requests as soon as possible, and always within one month. If you do not receive a reply within this timeframe, please contact us again so we may investigate and resolve the issue.

Modifications

Bellavita reserves the right to amend this Privacy Policy in line with its Legal Notice.