We only collect and process the personal data necessary to manage your interactions with our store. This includes:
Identification Data: Full name, surname.
Contact Information: Shipping address, billing address, email address, phone number.
Transactional Data: Products purchased, order numbers, payment tracking status (payment card details are processed directly by secure encrypted external gateways and are never stored on our servers).
Electronic Connection Data: IP address, browsing behavior via cookies.
Your personal data is collected and processed based on the following statutory legal grounds:
To Execute a Contract (GDPR Art. 6.1.b): Processing is mandatory to fulfill your orders, process secure payments, handle shipments of artisanal goods, and manage returns or post-sale customer service.
Explicit Consent (GDPR Art. 6.1.a): When you check the explicit, un-marked box to join our Newsletter, we process your email address to send commercial updates, marketing campaigns, and news regarding our indigenous community initiatives. You may revoke this consent at any time.
Compliance with Legal Obligations (GDPR Art. 6.1.c): To fulfill fiscal, accounting, and tax bookkeeping duties required by Spanish Tax Authorities (Agencia Tributaria).
Personal data will be stored only for the duration required to satisfy the purposes for which it was gathered:
E-commerce Purchases: For the duration of the commercial transaction, and subsequently for a period of 5 years to comply with Spanish civil liability laws, and 6 years under commercial accounting regulations (Código de Comercio).
Newsletter Subscription: Until the User exercises their right to erasure or unsubscribes via the link included in every communication.
Your data will not be sold, rented, or yielded to third parties under any circumstances. Access is restricted strictly to authorized service providers essential to running our platform:
Logistics and courier firms (for physical shipment distribution).
Payment processors and gateways (Stripe, PayPal, WooCommerce).
Hosting providers and web development tools.
International Transfers: If any technological data processing provider is located outside the European Economic Area (EEA), we guarantee that transfers are protected under Standard Contractual Clauses (SCCs) approved by the European Commission, ensuring equivalent data safety.
Under the GDPR, you possess absolute control over your information. You may exercise the following rights free of charge by sending an email accompanied by a copy of an official identity document to peacefulniah@gmail.com:
Right of Access: To find out what data we are processing about you.
Right of Rectification: To correct inaccurate or incomplete data.
Right to Erasure (Right to be Forgotten): To request the deletion of your data when it is no longer necessary for the purposes it was gathered.
Right to Object: To stop the processing of your data for marketing or profiling purposes.
Right to Data Portability: To receive your data in a structured, machine-readable format.
Right to Restriction of Processing: To temporarily freeze how your data is used under legal dispute conditions.
If you believe your data protection rights have been violated, you have the statutory right to lodge a formal complaint with the Spanish Data Protection Agency (AEPD) via their website www.aepd.es.