Privacy Policy

Last updated: February 23, 2026

ATEN Skincare ("we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website atenskincare.com and make purchases from our store.

This policy applies to customers in the European Economic Area (EEA), United Kingdom (UK), United States (US), and all other jurisdictions where we operate.

1. Information We Collect

Personal Information

We collect personal information that you voluntarily provide to us when you:

  • Create an account
  • Place an order
  • Subscribe to our newsletter
  • Contact us
  • Participate in surveys or promotions

This information may include:

  • Name
  • Email address
  • Shipping and billing address
  • Phone number
  • Payment information (processed securely through our payment providers)

Automatically Collected Information

When you visit our Site, we automatically collect certain information about your device, including:

  • IP address
  • Browser type
  • Operating system
  • Referring URLs
  • Pages viewed
  • Time and date of visits
  • Cookies and similar tracking technologies

2. How We Use Your Information

We use the information we collect to:

  • Process and fulfill your orders
  • Communicate with you about your orders and account
  • Send you marketing communications (with your consent)
  • Improve our products and services
  • Personalize your shopping experience
  • Prevent fraud and enhance security
  • Comply with legal obligations
  • Analyze site usage and trends

3. Legal Basis for Processing

For EEA and UK Customers (GDPR/UK GDPR)

Our legal basis for collecting and using your personal information includes:

  • Contract performance: Processing necessary to fulfill our contract with you (e.g., processing orders)
  • Consent: You have given clear consent for us to process your personal data for specific purposes (e.g., marketing emails)
  • Legitimate interests: Processing is necessary for our legitimate interests (e.g., fraud prevention, improving our services)
  • Legal obligation: Processing is necessary to comply with the law

For US Customers

We process your information based on your consent, to fulfill our contract with you, and for our legitimate business interests, in compliance with applicable US laws including state privacy laws.

4. Sharing Your Information

We may share your information with:

  • Service providers: Third-party companies that help us operate our business (e.g., payment processors, shipping carriers, email service providers, analytics providers)
  • Business transfers: In connection with a merger, sale, or acquisition of all or part of our business
  • Legal requirements: When required by law or to protect our rights and safety

We do not sell your personal information to third parties.

5. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to enhance your experience on our Site. Cookies are small data files stored on your device. You can control cookies through your browser settings, but disabling cookies may affect your ability to use certain features of our Site.

Types of cookies we use:

  • Essential cookies: Necessary for the Site to function properly
  • Performance cookies: Help us understand how visitors use our Site
  • Functional cookies: Remember your preferences and settings
  • Marketing cookies: Track your activity to deliver relevant advertisements

6. Your Privacy Rights

For EEA and UK Customers

Under GDPR and UK GDPR, you have the right to:

  • Access: Request a copy of the personal information we hold about you
  • Rectification: Request correction of inaccurate or incomplete information
  • Erasure: Request deletion of your personal information
  • Restriction: Request restriction of processing your personal information
  • Data portability: Request transfer of your information to another service
  • Object: Object to our processing of your personal information
  • Withdraw consent: Withdraw consent for marketing communications at any time
  • Lodge a complaint: File a complaint with your local data protection authority

For California Residents (CCPA/CPRA)

Under the California Consumer Privacy Act and California Privacy Rights Act, you have the right to:

  • Know: Request information about the categories and specific pieces of personal information we collect, use, and disclose
  • Delete: Request deletion of your personal information
  • Opt-out: Opt-out of the sale or sharing of your personal information (we do not sell personal information)
  • Correct: Request correction of inaccurate personal information
  • Limit: Limit the use and disclosure of sensitive personal information
  • Non-discrimination: Not receive discriminatory treatment for exercising your privacy rights

For Other US State Residents

If you reside in Virginia, Colorado, Connecticut, Utah, or other states with comprehensive privacy laws, you may have similar rights to those outlined above. Please contact us to exercise your rights.

How to Exercise Your Rights

To exercise any of these rights, please contact us using the information provided in the Contact Us section. We will respond to your request within the timeframe required by applicable law (typically 30-45 days).

7. Data Retention

We retain your personal information for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law. Typically, we retain:

  • Order information for 7 years (for tax and accounting purposes)
  • Account information for as long as your account is active
  • Marketing preferences until you unsubscribe

When we no longer need your information, we will securely delete or anonymize it.

8. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence, including Spain, the United Kingdom, the United States, and other countries where our service providers operate.

For transfers from the EEA and UK, we ensure appropriate safeguards are in place, such as:

  • Standard Contractual Clauses approved by the European Commission
  • Adequacy decisions
  • Other legally approved transfer mechanisms

9. Security

We implement appropriate technical and organizational measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction, including:

  • Encryption of data in transit and at rest
  • Regular security assessments
  • Access controls and authentication
  • Secure payment processing through PCI-DSS compliant providers

However, no method of transmission over the internet or electronic storage is 100% secure.

10. Children's Privacy

Our Site is not intended for children under the age of 16. We do not knowingly collect personal information from children under 16. If you believe we have collected information from a child under 16, please contact us immediately, and we will take steps to delete such information.

11. Third-Party Links

Our Site may contain links to third-party websites. We are not responsible for the privacy practices of these websites. We encourage you to review their privacy policies before providing any personal information.

12. Marketing Communications

With your consent, we may send you marketing emails about our products, special offers, and news. You can opt out of marketing communications at any time by:

  • Clicking the "unsubscribe" link in our emails
  • Contacting us directly
  • Updating your account preferences

Please note that even if you opt out of marketing communications, we will still send you transactional emails related to your orders and account.

13. Do Not Track Signals

Some browsers include a "Do Not Track" (DNT) feature. Our Site does not currently respond to DNT signals. However, you can control cookies and tracking through your browser settings and our cookie consent tool.

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or applicable laws. We will notify you of any material changes by:

  • Posting the new Privacy Policy on this page
  • Updating the "Last updated" date
  • Sending you an email notification (for significant changes)

We encourage you to review this Privacy Policy periodically.

15. Contact Us

If you have any questions about this Privacy Policy or wish to exercise your rights, please contact us:

  • Through our Contact page
  • By email: hello@atenskincare.com
  • By mail: ATEN Skincare, Lepant 270, Entresuelo, Barcelona 08013, Spain.

For EEA/UK customers: Our data protection representative can be contacted at the above address.

For California residents: You may also contact us using the methods above to exercise your CCPA/CPRA rights.

16. Supervisory Authority

EEA customers: If you believe we have not addressed your concerns, you have the right to lodge a complaint with your local data protection authority or the Spanish Data Protection Agency (Agencia Española de Protección de Datos).

UK customers: You have the right to lodge a complaint with the UK Information Commissioner's Office (ICO).

US customers: You may contact your state attorney general's office if you believe your privacy rights have been violated.