If you're shopping with us from the European Economic Area (EEA) or the UK, this section is for you. It explains your data rights under the General Data Protection Regulation (GDPR) and UK GDPR.

This policy works alongside our main Privacy Policy above. If anything here overlaps, this section applies to you as an EEA/UK customer.

Who we are

Aura by Khushbu (Shree Aura by Khushbu), Ahmedabad, Gujarat, India — is the data controller for your personal data. We're a small independent brand, not a large corporation, but we take your data rights seriously regardless of where you shop from.

Contact: info@aurabykhushbu.com | +91 63590 99916

What data we collect from you

  • Your name, email, and phone number
  • Delivery and billing address
  • Payment references (not your full card details)
  • Browsing and cookie data
  • Order history and any messages you send us

Why we process your data (legal basis)

  • To fulfil your order — this is necessary to complete your purchase (contractual necessity)
  • To communicate with you about your order — also contractual necessity
  • To send you marketing emails — only with your explicit consent; you can opt out anytime
  • To improve our website — legitimate interest (we use anonymised analytics data)
  • To comply with the law — legal obligation (e.g., tax records)

Your rights under GDPR

You have the right to:

  • Access — request a copy of the data we hold about you
  • Rectification — ask us to fix anything that's incorrect
  • Erasure — ask us to delete your data (where we're legally able to)
  • Restrict processing — ask us to limit how we use your data in certain situations
  • Data portability — receive your data in a readable format
  • Object — object to processing based on our legitimate interests, or to direct marketing
  • Withdraw consent — at any time, for anything you originally consented to (like marketing emails)

To use any of these rights, email us at info@aurabykhushbu.com. We'll respond within 30 days.

Your data leaving the EEA

We're based in India, which means your data is processed there. India doesn't yet have a formal EU adequacy decision, so we protect your data through contractual obligations with all third parties who handle it on our behalf, requiring them to maintain equivalent standards of protection.

Cookies

If you're visiting from the EEA or UK, you'll see a cookie consent banner when you first land on our site. We won't activate any non-essential cookies (like analytics or marketing cookies) until you've given your consent. You can change your preferences at any time.

Data breach notification

If there's ever a data breach that could affect your personal data, we'll notify the relevant supervisory authority within 72 hours and inform you directly without delay.

How to complain

We'd always prefer to sort things out directly — please email us first. But if you're not satisfied, you have the right to raise a complaint with your local data protection authority:

  • UK: Information Commissioner's Office (ICO) — ico.org.uk
  • EU: Your country's Data Protection Authority — edpb.europa.eu

Updates

If we make significant changes to this policy, we'll let EEA/UK customers know by email.

This policy is prepared in compliance with EU GDPR 2016/679 and UK GDPR, applicable to customers based in the EEA and United Kingdom.

Questions?

Reach us at info@aurabykhushbu.com or +91 63590 99916