Privacy Policy

1. Data Controller

The controller of your personal data is:

Agnieszka Obcowska
VAT: ESY6520064S
Address: C/ Beniel 12, 03193 Torrevieja, Spain
E-mail: afrosalonspain@gmail.com

If you have questions about this Privacy Policy or your personal data, contact us using the e-mail above.

2. What data we collect

Depending on how you use our website, we may collect the following personal data:

a) Contact and communication data
When you contact us (e.g., via contact form or e-mail), we may process: name, e-mail address, phone number (if provided), and message content.

b) Order and payment data (online shop)
When you place an order, we process: name, billing and shipping address, e-mail, phone number (if provided), ordered products, order status, and communication related to the order.

Please note: we do not store full payment card details. Payments are processed securely by our payment provider (see Section 6).

c) Technical data
IP address, device and browser information, basic logs used for security, fraud prevention, and troubleshooting.

3. Why we process your data (purposes)

We process personal data to:

  • respond to inquiries and communicate with you,
  • process and fulfill orders, provide customer support,
  • process payments and prevent fraud,
  • ensure website security and proper operation,
  • comply with legal obligations (e.g., accounting and tax requirements).

4. Legal basis (GDPR)

We process your personal data based on:

  • Consent (Art. 6(1)(a)) — e.g., when you submit an inquiry via a form,
  • Contract performance (Art. 6(1)(b)) — e.g., to fulfill your order and provide customer service,
  • Legal obligation (Art. 6(1)(c)) — e.g., accounting/tax duties,
  • Legitimate interests (Art. 6(1)(f)) — e.g., website security, fraud prevention, improving service quality.

5. Data retention (how long we keep data)

We keep personal data only as long as necessary:

  • inquiry/contact data: up to 12 months after the last contact (unless further communication is needed),
  • order and invoice data: for the period required by applicable law,
  • technical logs: for a limited period needed for security and troubleshooting.

6. Who we share data with (recipients)

We share personal data only when necessary, for example with:

  • Payment provider: Stripe (to process payments and prevent fraud),
  • Hosting/IT providers (website operation, maintenance, security),
  • Delivery/courier providers (if/when physical shipping is used),
  • Accounting/tax services (if required).

Service providers process data under appropriate agreements and only to the extent necessary to deliver their services.

7. Cookies and similar technologies

Our website may use cookies and similar technologies:

  • Essential cookies required for the website to function,
  • Functional cookies (e.g., language preferences),
  • Analytics/marketing cookies only if enabled and (where required) after your consent.

You can manage cookie preferences through the cookie banner/settings (if available).

8. Your rights

Under GDPR, you have the right to:

  • access your data,
  • rectify inaccurate data,
  • erase data (where applicable),
  • restrict processing,
  • data portability (where applicable),
  • object to processing based on legitimate interest,
  • withdraw consent at any time (where processing is based on consent),
  • lodge a complaint with the supervisory authority (in Spain: AEPD).

To exercise your rights, contact us at: afrosalonspain@gmail.com.

9. Data security

We apply appropriate technical and organizational measures to protect personal data against unauthorized access, loss, alteration, or disclosure.

10. International transfers

Some service providers (including payment processors) may process data outside the EEA. Where required, we use appropriate safeguards (such as Standard Contractual Clauses) to protect your data.

11. Changes to this Privacy Policy

We may update this Privacy Policy from time to time. The “Last updated” date at the top shows the latest version.