Política de privacidad de Sefolá

1. Who We Are

Sefolá
Madrid, Spain
Email: contact@sefola.com
Website: https://sefola.com

Sefolá is the data controller of your personal data.

2. Data We Collect

We may collect:

  • Identification and contact data: name, email address, billing and shipping address, phone number.
  • Order information: products purchased, order dates, payment amount, chosen shipping method.
  • Payment information: payment method and transaction details (card data is processed by secure payment providers; we do not store full card numbers).
  • Communication data: emails or messages you send to us.
  • Usage data and cookies: IP address, device type, browser, pages visited, time spent on the site, via cookies and similar technologies.

3. How We Use Your Data and Legal Bases (GDPR)

We use your data for:

  • Processing your orders and delivering products
    • To manage orders, payments, shipping, and customer service.
    • Legal basis: performance of a contract.
  • Responding to your requests
    • To answer questions or resolve issues.
    • Legal basis: performance of a contract or legitimate interest.
  • Improving our website and services
    • To analyze site traffic and usage (e.g., which pages are visited).
    • Legal basis: legitimate interest, and consent where required for cookies/analytics.
  • Marketing communications (optional)
    • To send you news, offers, or updates if you choose to receive them.
    • Legal basis: your consent. You can withdraw consent at any time (unsubscribe link or contacting us).
  • Legal and security purposes
    • To comply with legal obligations (tax, accounting) and to prevent fraud or misuse.
    • Legal basis: legal obligation and legitimate interest.

4. Cookies and Similar Technologies

We use cookies to:

  • Make the website function (e.g., cart, login).
  • Remember your preferences.
  • Analyze traffic and improve performance.
  • Support marketing/advertising (if enabled).

5. How We Share Your Data

We do not sell your personal data. We share it only with trusted third parties who help us operate our business, such as:

  • Payment processors (to process your payments securely).
  • Shipping and logistics providers (to deliver your orders).
  • Email and marketing tools (to send order confirmations and, if you consent, marketing emails).
  • Analytics and technical service providers (to improve our website and hosting).

These service providers act as data processors and only process your data according to our instructions and for the purposes listed above.

We may also share data when required by law or to protect our rights, property, or safety.

6. International Data Transfers

Some of our providers may be located outside the European Economic Area (EEA).
When we transfer personal data outside the EEA, we take appropriate measures to protect it, such as:

  • Using countries with an adequacy decision from the European Commission, or
  • Using standard contractual clauses or similar safeguards, where required.

7. Data Retention

We keep your personal data only as long as necessary for the purposes described in this policy, including:

  • For orders: as long as needed to process your purchase and as required for tax and accounting obligations.
  • For customer service communications: as long as needed to resolve the issue and for a reasonable period afterwards.
  • For marketing: until you withdraw your consent or we no longer use the data for this purpose.

When data is no longer needed, we delete it or anonymize it.

8. Your Rights (GDPR)

If you are in the EU/EEA, you have the right to:

  • Access your personal data and get a copy.
  • Rectify inaccurate or incomplete data.
  • Erasure (“right to be forgotten”) in certain cases.
  • Restrict processing in certain situations.
  • Object to processing based on legitimate interest or to direct marketing.
  • Data portability, to receive your data in a structured, commonly used format and transmit it to another controller.

You also have the right to withdraw your consent at any time when processing is based on consent (for example, marketing emails). This does not affect the lawfulness of processing before withdrawal.

To exercise your rights, contact us at contact@sefola.com and clearly state your request. We may ask you to verify your identity.

You also have the right to lodge a complaint with a data protection authority, in particular in the EU country where you live or where you believe an issue has occurred. In Spain, this is the Agencia Española de Protección de Datos (AEPD).

9. Data Security

We take reasonable technical and organizational measures to protect your personal data against loss, misuse, unauthorized access, disclosure, alteration, or destruction.

However, no system is completely secure. While we strive to protect your data, we cannot guarantee absolute security.

10. Children’s Privacy

Our website is not directed at children under 16 years of age, and we do not knowingly collect personal data from children.
If you believe a child has provided us with personal data, please contact us so we can delete it where appropriate.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. Any changes will be posted on this page with an updated “Last updated” date.

We encourage you to review this page periodically to stay informed about how we process your data.12. Contact

For questions about this Privacy Policy or your personal data, please contact:

Sefolá
Madrid, Spain
Email: contact@sefola.com
Website: https://sefola.com