Privacy policy

At Pietra by Bianca we protect your privacy and process your personal data transparently, in accordance with the General Data Protection Regulation (GDPR) and applicable Spanish law.

1. Data controller
[Legal name pending] · Address: Cádiz, Spain · Email: [email protected]

2. Data we collect
- Contact data: name, email and phone when you write to us or complete a form.
- Order data: name, delivery address and payment details needed to process and deliver your order.
- Browsing data: IP address, browser, pages visited and time on site, via first- and third-party cookies (see Cookie policy).
- Communication data: the content of the emails and messages you send us.
We do not process special categories of data (GDPR Art. 9).

3. Purposes and legal bases
- Order and delivery management — performance of the contract (Art. 6(1)(b)).
- Customer service — legitimate interest (Art. 6(1)(f)).
- Newsletter — explicit, revocable consent (Art. 6(1)(a)).
- Legal and accounting obligations — (Art. 6(1)(c)).
- Website analytics — legitimate interest, subject to cookies (Art. 6(1)(f)).

4. Retention. Order data is kept for the duration of the contract and the subsequent legal periods (5 years for tax records in Spain). Newsletter subscription, until you unsubscribe.

5. Recipients. We do not sell or share your data for commercial purposes. We may share it with:
- Shopify Inc., as the e-commerce platform hosting the store and processing orders (data processor).
- Carriers, for delivery (name and address only).
- Payment gateways (Shopify Payments / PayPal or others), to process the transaction; we do not store card data.
- Email and web-analytics providers, as data processors under contract.
- Public authorities, where required by law.
Some providers may be located outside the European Economic Area; in that case we ensure adequate safeguards under the GDPR (standard contractual clauses, adequacy decisions).

6. Your rights. Access, rectification, erasure, restriction, portability, objection and withdrawal of consent, by writing to [email protected]. You may also lodge a complaint with the Spanish Data Protection Agency (AEPD) — www.aepd.es.

7. Security. We apply reasonable technical and organisational measures; data is transmitted over SSL/TLS encryption.

8. Changes. We may update this policy; the current version is always available here with its update date.