1. Data Controller
In accordance with Regulation (EU) 2016/679 (GDPR) and Organic Law 3/2018 (LOPDGDD), you are informed that the data controller is Estudios ONA, contactable via email at project.ona.e@gmail.com
2. What personal data do we collect?
We may collect the following categories of data:
a) Purchase data
- Full name
- Billing and shipping address
- ID number / Tax ID (if required for invoicing)
- Phone number
- Payment information (processed by secure payment gateways)
b) User account data
- User
- Order history
c) Contact data
When using the contact form:
- Name
- Message
d) Browsing data
- IP address
- MAC address
- Browser type
- Operating system
- Pages visited
- Cookies (see Cookies Policy)
3. Purpose of data processing
We process data to:
- Manage orders and shipments
- Issue invoices
- Respond to inquiries
- Handle returns and refunds
- Comply with legal obligations (tax, accounting, consumer law)
- Send marketing communications (if consent is given)
- Improve browsing experience
- Prevent fraud
4. Legal basis for processing
Data processing is based on:
- Contract performance (purchase management)
- User consent (forms, newsletter, cookies)
- Legal obligation (invoicing, tax regulations)
- Legitimate interest (fraud prevention, service improvement)
5. Data retention
Data will be retained:
- While a contractual relationship exists
- For the periods required by tax regulations (minimum 4 years)
- Until the user requests deletion (where applicable)
- For marketing communications, until consent is withdrawn
6. Data recipients
The following may have access to data:
- Hosting providers
- WordPress and WooCommerce platform
- Payment gateways (PayPal, Redsys, etc.)
- Shipping companies
- Tax/accounting advisors
- Technology providers (email marketing, CRM)
All of them act as data processors and ensure GDPR compliance.
Data will not be shared with third parties unless required by law.
7. International data transfers
If providers located outside the European Economic Area are used (e.g., certain email marketing services), compliance with GDPR will be ensured through:
- Standard Contractual Clauses approved by the European Commission
- Adequacy decisions
- Or other legally valid mechanisms
8. User rights
Users may exercise the following rights:
- Access
- Rectification
- Erasure
- Restriction of processing
- Data portability
- Objection
Requests can be made by emailing project.ona.e@gmail.com, attaching a copy of an identification document.
Users may also lodge a complaint with the Spanish Data Protection Agency (AEPD):
https://www.aepd.es
9. Data security
Appropriate technical and organizational measures are applied to ensure:
- Confidentiality
- Integrity
- Availability of data
- Protection against unauthorized access
The website uses HTTPS protocol (SSL).
10. Cookies
This website uses first-party and third-party cookies for:
- Technical operation of the website
- Statistical analysis
- Personalization
Users can accept, reject, or configure cookies through the settings banner.
For more information, see the Cookies Policy.
11. Minors
We do not intentionally collect data from children under 14 years of age. If detected, such data will be deleted immediately.
12. Changes
We reserve the right to modify this Privacy Policy to adapt it to legal updates or changes in our activities.

