1. Data Controller
- Identity: Samuel Pérez Espino
- Tax ID: 45351699T
- Postal address: Calle de Antonio 3, 28029 Madrid (Spain)
- Contact: via the contact form
2. Data We Collect
We collect personal data that you provide directly to us when you:
- Place an order: name, surname, shipping and billing address, telephone, email, payment data (processed by the gateway; not stored on our servers).
- Create a customer account: name, email, and encrypted password.
- Subscribe to commercial communications: email.
- Contact us via the form or support email: name, email, and content of your inquiry.
- Leave a review: name or pseudonym, rating, comment, and, optionally, images.
- Browse the Website: IP address, device identifiers, browsing data, and cookies (see Cookie Policy).
3. Legal Bases for Processing
| Purpose | Legal Basis |
|---|---|
| Process and ship your order | Performance of a contract (Art. 6.1.b GDPR) |
| Handle inquiries and support | Performance of a contract or legitimate interest (Art. 6.1.b and f GDPR) |
| Comply with tax and accounting obligations | Legal obligation (Art. 6.1.c GDPR) |
| Send commercial communications | Consent (Art. 6.1.a GDPR), revocable |
| Manage reviews and opinions | Consent and legitimate interest |
| Fraud prevention | Legitimate interest |
| Anonymous statistical analysis | Legitimate interest |
4. Retention Periods
- Order and billing data: for the duration of the commercial relationship and, subsequently, for mandatory legal periods (minimum 6 years, Art. 30 Commercial Code; 4 years for tax obligations).
- Customer account data: until you request its deletion.
- Data for commercial communications: until consent is withdrawn.
- Browsing data and cookies: see Cookie Policy.
- Reviews: indefinitely, as long as you do not request their deletion.
5. Recipients of Your Data
We do not transfer your data to third parties except to the following data processors, contractually bound:
- Shopify Inc. — e-commerce platform (servers in EU/USA with standard contractual clauses).
- Payment gateways (Stripe, PayPal, Shop Pay, etc.) — to process payments.
- Logistics and transport operators — to deliver the order.
- Judge.me — for review management.
- Transactional email and marketing providers (if applicable).
- Competent public administrations when there is a legal obligation.
Some providers may be located outside the European Economic Area. In such cases, transfers are made under the Standard Contractual Clauses approved by the European Commission or adequacy decisions.
6. Your Rights
As the data subject, you can exercise the following rights:
- Access: know what data we process about you.
- Rectification: correct inaccurate data.
- Erasure ("right to be forgotten"): delete your data when it is no longer necessary.
- Objection: object to the processing of your data.
- Restriction: limit processing to mere storage.
- Data portability: receive your data in a structured format.
- Withdraw consent at any time, without affecting the lawfulness of prior processing.
To exercise any of these rights, use our contact form, indicating the right you wish to exercise and attaching a copy of a document proving your identity.
Furthermore, you have the right to file a complaint with the Spanish Data Protection Agency (www.aepd.es) if you believe that the processing does not comply with regulations.
7. Security
We apply reasonable technical and organizational measures to protect your personal data. Payments are made through PCI-DSS certified gateways. The website uses HTTPS encryption on all pages.
8. Minors
The Website is not directed at children under 14 years of age. We do not knowingly collect data from minors. If we detect that data from a minor has been collected without the consent of their parent or guardian, we will delete it.
9. Changes to this Policy
We reserve the right to update this Privacy Policy. We will publish any significant changes on this page and, when necessary, will inform you by email.