Instagram Whatsapp
Instagram Whatsapp
Instagram Whatsapp

Data Protection Policy

Last updated: November 18, 2025

At [Company/Store Name], located at [Full Address], and email [email@empresa.com], we guarantee the protection of our customers’ and users’ personal data, strictly complying with Regulation (EU) 2016/679 (GDPR) and Organic Law 3/2018 on Personal Data Protection and Guarantee of Digital Rights (LOPDGDD).

The purpose of this policy is to provide clear, complete, and transparent information about how we collect, process, and protect personal data.

Data controller

The entity responsible for processing personal data is:

[Company/Store Name]
Address: [Full Address]
Email: [email@empresa.com]
Phone: [Contact Phone Number]

You may exercise your rights of access, rectification, erasure, restriction, objection, and portability of your data by contacting us using the above information.

Principles applied in data processing

All personal data processing is carried out in accordance with the following principles:

  1. Lawfulness, fairness, and transparency: data is collected and used in a lawful and clear manner for the user.
  2. Purpose limitation: data is used only for the specific purposes for which it was collected.
  3. Data minimization: we only collect data that is strictly necessary.
  4.  

  5. Accuracy: data is kept correct and up to date.
  6. Storage limitation: data is kept only as long as it is necessary.
  7. Integrity and confidentiality: data is protected against unauthorized access, loss, or alteration.
  8. Proactive responsibility: we take technical and organizational measures to comply with regulations.

 

Personal data processed

We collect and process the following data:

  1. Identification: first name, last name, postal address, email, telephone number.
  2. Payment and billing: bank or card details (managed by secure gateways).
  3. Browsing and behavior: IP address, cookies, pages visited, preferences, and usage habits.

Voluntary data: subscriptions, comments, requests for information, participation in sweepstakes and promotions.

Purpose of processing

Personal data is used to:

Manage orders and transactions securely.

  1. Contact customers about orders, queries, and after-sales service.
  2. Send commercial information and promotions with prior consent.
  3. Improve our services, optimize the website, and perform statistical analysis.
  4. Comply with legal, tax, and accounting obligations.

Prevent fraud and protect the security of our systems.

Legal basis for data processing

The processing of your data is based on:

  1. Execution of a contract: to process orders and requested services.
  2. Explicit consent: for marketing, newsletters, and promotions.
  3. Legal obligation: compliance with tax and accounting laws.

Legitimate interest: improvement of services, security, and fraud prevention.

Data retention

The data will only be kept for as long as it is necessary to fulfill the purpose for which it was collected, and for the legal periods established by current regulations.

Disclosure of data to third parties

Personal data may be shared with:

  1. Suppliers and partners necessary to fulfill orders and services (logistics, payment gateways, hosting).
  2. Public authorities in compliance with legal obligations.
  3. In the event of a merger or sale of the company, ensuring continuity in data protection.

Personal data is not sold or rented to third parties for commercial purposes.

User rights

Users may exercise the following rights at any time:

  1. Access: to know what data is being processed.
  2. Rectification: to correct inaccurate or incomplete data.
  3. Erasure: to delete data when it is no longer necessary.
  4. Restriction: to restrict processing in certain circumstances.
  5. Object: prevent the use of data for marketing or legitimate purposes.
  6. Portability: receive data in a structured and transferable format.
  7. Withdraw consent without affecting the lawfulness of prior processing.

To exercise your rights: [email@empresa.com] attaching a copy of your identity document.

Safety measures

We implement technical and organizational measures to ensure data security, including:

  • Data encryption using SSL/TLS protocols.
  • Internal access controls and differentiated permissions.
  • Regular backups and security audits.

Prevention against unauthorized access, alteration, loss, or disclosure of information.

International transfers

In the event of data transfers outside the European Economic Area, we guarantee that they are carried out under appropriate data protection measures, such as standard contractual clauses or recognized certifications.

Minors

Our services are not intended for children under the age of 14. We do not collect data from minors without the express consent of their parents or guardians.

If such data is detected, it will be deleted immediately.

Modifications and updates

Modifications and updates: We may update this Data Protection Policy to adapt it to legal or technical changes. The current version will always be available on our website with its effective date.

Contact for questions or complaints about Data Protection:
Email: [email@empresa.com]
Phone: [Contact phone number]