Privacy Policy
Last updated: February 2026
At EmociónGift S.L. we are committed to protecting your personal data. This Privacy Policy explains how we collect, use, store, and share your information when you use our website and services, in accordance with the General Data Protection Regulation (EU) 2016/679 (“GDPR”) and Spain’s Ley Orgánica 3/2018 de Protección de Datos Personales y garantía de los derechos digitales (“LOPDGDD”).
1. Data Controller
- Company: EmociónGift S.L.
- CIF: B-XXXXXXXX [PLACEHOLDER]
- Registered Address: [PLACEHOLDER — Street, 28001 Madrid, Spain]
- Email: legal@emociongift.com
If you have questions about this policy or want to exercise your rights, contact us at privacy@emociongift.com.
2. What Personal Data We Collect
We may collect and process the following categories of personal data:
| Category | Examples |
|---|---|
| Identity data | Full name, username |
| Contact data | Email address, phone number, shipping address |
| Transaction data | Order history, payment amounts (card details are processed by Stripe and never stored on our servers) |
| Technical data | IP address, browser type, device information, pages visited |
| Usage data | QR code scans, product views, customization choices |
| Marketing data | Communication preferences, newsletter subscriptions |
3. Why We Collect Your Data and Legal Basis
| Purpose | Legal Basis (GDPR Art. 6) |
|---|---|
| Fulfilling and delivering your orders | Performance of a contract (Art. 6.1.b) |
| Processing payments via Stripe | Performance of a contract (Art. 6.1.b) |
| Sending order confirmations and shipping updates | Performance of a contract (Art. 6.1.b) |
| Complying with tax and accounting obligations | Legal obligation (Art. 6.1.c) |
| Sending marketing emails (only with opt-in) | Consent (Art. 6.1.a) |
| Improving our website and services | Legitimate interest (Art. 6.1.f) |
| Analytics and performance monitoring | Legitimate interest (Art. 6.1.f) / Consent for non-essential cookies |
| Fraud prevention and security | Legitimate interest (Art. 6.1.f) |
4. Data Retention
We retain your personal data only as long as necessary for the purposes described:
- Account data: For the duration of your account, plus 30 days after deletion request.
- Order and transaction data: 5 years, as required by Spanish tax law (Ley General Tributaria).
- Marketing consent records: Until you withdraw consent, plus 1 year for audit purposes.
- Analytics data: Anonymized after 26 months.
- Support inquiries: 3 years from resolution.
5. Third-Party Data Sharing
We share personal data only when necessary and with appropriate safeguards. We do not sell your personal data.
| Third Party | Purpose | Data Shared |
|---|---|---|
| Stripe (US) | Payment processing | Name, email, payment details |
| Gelato (EU/Global) | Print-on-demand production and fulfillment | Name, shipping address, order details |
| Supabase (EU) | Database and authentication | Account data, order data |
| Analytics providers | Website analytics | Anonymized browsing data (with consent) |
6. International Data Transfers
Some of our service providers (e.g., Stripe) are based in the United States. When your data is transferred outside the European Economic Area (EEA), we ensure adequate protection through:
- EU-US Data Privacy Framework (where applicable)
- Standard Contractual Clauses (SCCs) approved by the European Commission
- Adequacy decisions by the European Commission
7. Your Rights Under GDPR
You have the following rights regarding your personal data:
- Right of access (Art. 15) — Request a copy of your personal data.
- Right to rectification (Art. 16) — Correct inaccurate or incomplete data.
- Right to erasure (Art. 17) — Request deletion of your data (“right to be forgotten”).
- Right to restrict processing (Art. 18) — Limit how we use your data.
- Right to data portability (Art. 20) — Receive your data in a structured, machine-readable format.
- Right to object (Art. 21) — Object to processing based on legitimate interests or direct marketing.
- Right to withdraw consent (Art. 7.3) — Withdraw consent at any time without affecting the lawfulness of prior processing.
How to Exercise Your Rights
Send a request to privacy@emociongift.com with the subject “Data Rights Request.” We will respond within 30 days. You may also lodge a complaint with the Spanish Data Protection Agency (Agencia Española de Protección de Datos — www.aepd.es).
8. Cookies
We use cookies and similar technologies on our website. For full details, see our Cookie Policy.
9. Security
We implement appropriate technical and organizational measures to protect your personal data, including encryption in transit (TLS), access controls, and regular security reviews. However, no method of transmission over the internet is 100% secure.
10. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of significant changes by posting a notice on our website or sending you an email. The “Last updated” date at the top reflects the most recent revision.
11. Contact
For questions about this policy, contact us at: privacy@emociongift.com