Skip to content

30-DAY FREE RETURNS

Privacy policy

Privacy and Cookie Policy

Last updated: June 6, 2026 - AOE Ecom AB, Sweden

AESKA is operated by AOE Ecom AB (org.nr 5594582925), a company registered in Sweden. For the purposes of EU and UK data protection law, AOE Ecom AB is the data controller of your personal information. The Services are hosted and powered by Shopify Inc.

Contents

1. What personal information we collect
2. How we collect it
3. How and why we use it - including legal basis (GDPR)
4. Who we share it with
5. Cookies and tracking technologies
6. International data transfers
7. Data retention
8. Your rights
9. Children's data
10. Security
11. Changes to this policy
12. Contact and complaints

1. What personal information we collect

When we use the term "personal information," we mean information that identifies or can reasonably be linked to you. We may collect the following categories depending on how you interact with our Services:

Contact and identity details

Name, billing address, shipping address, phone number, email address.

Payment and financial information

Payment card details, transaction amounts, payment confirmation. Note: full card numbers are processed by our payment providers and are not stored by AESKA.

Account information

Username, password (encrypted), preferences and settings.

Transaction and browsing data

Items viewed, added to cart, wishlisted, purchased, returned or cancelled. Past order history.

Device and usage information

IP address, browser type, device identifiers, pages visited, time spent, click behavior, referring URLs.

Communications

Messages, emails, and other content you send to our customer support team.

2. How we collect it

We collect personal information from the following sources:

  • Directly from you - when you create an account, place an order, contact support, or communicate with us
  • Automatically - through cookies, pixels, and similar tracking technologies when you visit aeska.co (see section 5)
  • From our service providers - including Shopify, payment processors, and logistics partners
  • From marketing and advertising partners - including Meta (Facebook/Instagram), Google, and TikTok, when you interact with our ads on those platforms

3. How and why we use your information

The table below explains how we use your personal information and, for EU/EEA/UK customers, the legal basis under GDPR for each purpose.

Purpose Legal basis (GDPR) US legal basis
Processing your order, payment, and delivery Contract performance (Art. 6(1)(b)) Business purpose
Managing your account and customer support Contract performance (Art. 6(1)(b)) Business purpose
Sending order confirmations and transactional emails Contract performance (Art. 6(1)(b)) Business purpose
Marketing emails, SMS, and promotional communications Consent (Art. 6(1)(a)) - you may withdraw at any time Consent / legitimate interest
Targeted advertising on Meta, Google, TikTok and other platforms Consent (Art. 6(1)(a)) via cookie banner You may opt out - see section 8
Improving and personalizing the Services Legitimate interest (Art. 6(1)(f)) Business purpose
Fraud detection and security Legitimate interest (Art. 6(1)(f)) Business purpose
Compliance with legal obligations (tax, accounting, law enforcement) Legal obligation (Art. 6(1)(c)) Legal obligation

4. Who we share your information with

We share your personal information only for the purposes described above, with the following categories of recipients:

Shopify Inc.

Our e-commerce platform and data processor. Shopify processes your data to provide the storefront, checkout, and order management. See Shopify's Privacy Policy and the Shopify Privacy Portal for your rights in relation to Shopify's processing.

Payment processors

Shopify Payments, Stripe, Klarna, and other payment providers to securely process transactions. These providers handle payment card data under PCI DSS compliance and their own privacy policies.

Fulfillment and logistics

Our fulfillment partners, including BestFulfill and other third-party logistics providers, who require your name and shipping address to deliver your order. Orders may ship from China or other countries.

Advertising and analytics partners

Meta Platforms (Facebook/Instagram Pixel), Google (Google Analytics, Google Ads), TikTok (TikTok Pixel), and Klaviyo (email and SMS marketing). These partners may receive data such as your IP address, browsing behavior, and purchase events to serve you relevant advertising and measure campaign performance. This sharing may constitute a "sale" or "share" of personal information under California law - see section 8.

Review and trust platforms

Trustpilot, for collecting and displaying customer reviews. Your name and order details may be shared to facilitate review invitations.

Legal and regulatory disclosure

Where required by law, court order, or government authority, including tax authorities in jurisdictions where we collect and remit VAT, GST, or sales tax.

Business transfers

In the event of a merger, acquisition, or sale of all or part of our business, your personal information may be transferred to the successor entity.

We do not sell your personal information to data brokers or unrelated third parties for their own marketing purposes.

5. Cookies and tracking technologies

We use cookies and similar tracking technologies on aeska.co. A cookie is a small text file stored on your device. Below is an overview of the types of cookies we use and their purpose.

Strictly necessary cookies

Always active

Required for the website to function. Includes session cookies, cart cookies, and Shopify checkout cookies. Cannot be disabled.

Preference and functional cookies

Consent required (EU)

Remember your preferences such as language, currency, and login state.

Analytics cookies

Consent required (EU)

Google Analytics - helps us understand how visitors use our website. Data is aggregated and anonymized where possible. Google may transfer this data to the US.

Marketing and advertising cookies

Consent required (EU/CA)

Meta Pixel, Google Ads, TikTok Pixel. Used to track conversions, build audiences for retargeting, and measure advertising effectiveness. These cookies may track you across other websites. This may constitute a "sale" or "share" of personal data under applicable law.

Managing your cookie preferences

When you first visit aeska.co, you will be presented with a cookie consent banner where you can accept or decline non-essential cookies. You can change your preferences at any time via the cookie settings link in our website footer.

You can also manage cookies through your browser settings. Note that disabling certain cookies may affect website functionality.

If you have the Global Privacy Control (GPC) opt-out signal enabled in your browser, we will treat this as a request to opt out of the sale or sharing of your personal information for users in jurisdictions where this is required by law. To learn more about GPC, visit globalprivacycontrol.org.

We do not respond to other "Do Not Track" browser signals.

6. International data transfers

As an international e-commerce business, your personal information may be transferred to and processed in countries other than where you reside, including Sweden (our headquarters), the United States (Shopify, Meta, Google, TikTok, Klaviyo), and countries where our fulfillment partners operate.

For transfers of personal information from the European Economic Area or the United Kingdom to countries not deemed to provide an adequate level of protection, we rely on the European Commission's Standard Contractual Clauses (SCCs) or equivalent transfer mechanisms approved by the relevant UK authority.

Please note that when your order is shipped, your name and delivery address will be shared with our fulfillment and logistics partners, which may include parties located in China or other countries. This is necessary to fulfill your order.

7. Data retention

We retain your personal information for as long as necessary to fulfill the purposes described in this policy, subject to the following general guidelines:

  • Order and transaction records - typically 7 years to comply with accounting and tax obligations in Sweden and other jurisdictions
  • Customer account data - for the duration of your account, plus a reasonable period after closure
  • Marketing preferences and opt-out records - until you request deletion or withdraw consent
  • Support communications - up to 3 years after resolution
  • Cookie and analytics data - per the retention periods of the respective third-party tools (typically 13-26 months for Google Analytics)

8. Your rights and choices

All customers

  • Unsubscribe from marketing emails at any time using the unsubscribe link in our emails
  • Contact us to request access to, correction of, or deletion of your personal information

EU and EEA customers (GDPR)

  • Right to access your personal information
  • Right to rectification of inaccurate data
  • Right to erasure ("right to be forgotten")
  • Right to restriction of processing
  • Right to data portability
  • Right to object to processing based on legitimate interest or for direct marketing purposes
  • Right to withdraw consent at any time (where processing is based on consent)
  • Right to lodge a complaint with your national data protection authority. A list of EU supervisory authorities is available at edpb.europa.eu. In Sweden, the supervisory authority is Integritetsskyddsmyndigheten (IMY), at imy.se.

UK customers (UK GDPR)

You have the same rights as EU customers above. You may also lodge a complaint with the UK Information Commissioner's Office (ICO) at ico.org.uk.

California residents (CCPA / CPRA)

  • Right to know what personal information we collect, use, disclose, and sell
  • Right to delete your personal information
  • Right to correct inaccurate personal information
  • Right to opt out of the sale or sharing of your personal information for cross-context behavioral advertising
  • Right to limit the use of sensitive personal information
  • Right to non-discrimination for exercising your rights

Do Not Sell or Share My Personal Information (California)

We use advertising pixels (Meta, Google, TikTok) that may constitute a "sale" or "share" of personal information under California law. California residents may opt out by: (1) using our cookie settings tool, (2) enabling the Global Privacy Control signal in your browser, or (3) contacting us at support@aeska.co with the subject line "Do Not Sell My Information."

Other US state residents (Virginia, Colorado, Connecticut, Texas, and others)

Residents of US states with applicable consumer privacy laws have similar rights to access, delete, correct, and opt out of certain processing of personal information. Contact us to exercise these rights.

Australian customers

Under the Australian Privacy Act 1988, you have the right to access and correct your personal information, and to complain to the Office of the Australian Information Commissioner (OAIC) at oaic.gov.au if you believe we have breached the Australian Privacy Principles.

To exercise any of these rights, contact us at support@aeska.co. We may need to verify your identity before processing your request. We will respond within the timeframe required by applicable law (typically 30 days for GDPR, 45 days for CCPA). We will not discriminate against you for exercising your rights.

9. Children's data

The Services are not directed at children under the age of 16 (or the applicable age of majority in your jurisdiction). We do not knowingly collect personal information from children.

If you are a parent or guardian and believe your child has provided us with personal information, please contact us at support@aeska.co and we will delete it promptly.

We do not knowingly sell or share personal information of individuals under 16 years of age.

10. Security

We implement appropriate technical and organizational measures to protect your personal information against unauthorized access, loss, or misuse. These include encryption of data in transit (SSL/TLS), access controls, and use of PCI DSS-compliant payment processors.

No method of transmission over the internet or electronic storage is completely secure. While we strive to protect your information, we cannot guarantee absolute security. We recommend you do not share account credentials with others.

11. Changes to this policy

We may update this Privacy and Cookie Policy from time to time to reflect changes in our practices, technology, legal requirements, or for other operational reasons. We will post the updated policy on this page and update the "Last updated" date. For material changes, we will provide notice as required by applicable law, which may include an email notification to registered customers.

12. Contact and complaints

Data controller

AOE Ecom AB (org.nr 5594582925)

Sweden

support@aeska.co

If you have questions, concerns, or complaints about how we handle your personal information, please contact us first. We will do our best to resolve your concern promptly.

If you are not satisfied with our response, you have the right to lodge a complaint with your local data protection or consumer protection authority. For EU customers, contact IMY (Sweden) or your national DPA. For UK customers, contact the ICO. For Australian customers, contact the OAIC. For California customers, contact the California Privacy Protection Agency (CPPA).