Privacy Policy

Updated: Dec 18, 2024

Data Controller

In compliance with Regulation (EU) 2016/679 (GDPR) and Spanish Organic Law 3/2018 (LOPD-GDD), we inform you about the processing of your personal data on the website lithofan.com.

Data controller

Owner: Carlos Alberto Torres Peregrino — Litofanias Artesanal
Email: soporte@lithofan.com
Country: España

Data We Collect and Legal Basis

We collect only the data strictly necessary to provide the service. Below is a breakdown of what data we process and the legal basis legitimizing each processing activity under Art. 6 GDPR:

👤

Account data

Art. 6.1.b — Contract performance

Name and email address

🖼️

Photographs

Art. 6.1.b — Contract performance

Images uploaded for the lithophane

📊

Analytics

Art. 6.1.a — Explicit consent

Browsing data (Google Analytics)

✉️

Contact

Art. 6.1.f — Legitimate interest

Contact form messages

Purpose and Retention Periods

Your data is used exclusively for the purposes described and retained for the legally required periods or those necessary to provide the service:

Data typeRetention period

Account and order data

5 years after end of relationship

Uploaded photographs

30 days after delivery

Analytics cookies (_ga, _gid)

Max. 2 years

Email communications

2 years

Tax and commercial retention periods may extend storage as required by the Spanish Commercial Code and tax regulations.

Data Processors and Transfers

We engage the following data processors who access your data only under our instructions and with appropriate contractual safeguards (Art. 28 GDPR):

Own hosting infrastructure

Data storage and image processing

European Union

No international transfer

Google LLC (Google Analytics)

Web traffic analytics — only with prior consent

USA

Standard Contractual Clauses (Decision 2021/914) + EU-US Data Privacy Framework

Transactional email provider

Service notifications and email delivery

EU / EEA

No international transfer

We do not sell or share your data with third parties for advertising or marketing purposes.

Security Measures

We apply appropriate technical and organizational security measures in accordance with Art. 32 GDPR to protect your data against unauthorized access, accidental loss or destruction:

🔐

bcrypt encryptionPasswords with high cost factor

🔒

HTTPS/TLSAll communications encrypted in transit

👥

Role-based accessMinimum necessary access per function

💾

BackupsAutomatic periodic backups

🔍

AuditsRegular security reviews

🚨

Breach notificationCommunication within legal deadlines (Art. 33/34)

Your Rights (ARCO+)

As a data subject, you may exercise the following rights at any time by emailing soporte@lithofan.com with the subject "GDPR Rights Request", indicating the right you wish to exercise and attaching a copy of your ID. We respond within a maximum of 30 calendar days (Art. 12 GDPR).

👁️

Access

Know what data we process about you

✏️

Rectification

Correct inaccurate or incomplete data

🗑️

Erasure

Delete your data when no longer needed

⏸️

Restriction

Limit use in certain circumstances

📦

Portability

Receive your data in structured format

🚫

Objection

Object to processing of your data

You can also delete your account directly from Profile → Security → Delete account. If unsatisfied with our response, you may lodge a complaint with the Spanish Data Protection Agency (aepd.es).

Legal Notice Cookie Policy