Buyer Data Protection Policy
Here’s an English‑language Buyer Data Protection Policy tailored for your website Fridgevera, with specific references to relevant Spanish and EU legislation:
Buyer Data Protection Policy
Buyer Data Protection Policy
- Introduction
At Fridgevera, we respect and protect your personal data. This Policy explains how we collect, process, store, and disclose Buyer data in compliance with the EU General Data Protection Regulation (GDPR, Regulation (EU) 2016/679) and Spain’s Ley Orgánica 3/2018 (LOPDGDD). - Data Controller
Fridgevera (Spain) acts as the data controller. A Data Protection Officer (DPO) may be appointed if required under GDPR Article 37. - What Data We Collect & Purpose
We collect only essential personal data, such as:
- Buyer name
- Billing/shipping address
- Phone number
- Transaction details
Purpose: order fulfillment, payment processing, customer service, legal compliance, fraud prevention.
Processing is lawful under GDPR Article 6(b) (contract) and 6(c) (legal obligation).
- Legal Basis & Consent
We rely on contract, compliance obligations, or legitimate interests.
For optional marketing (e.g., newsletters), we obtain explicit consent that is freely given, informed, specific, and withdrawable at any time per GDPR Article 6(a).
In Spain, parental consent is required for children under 14 per LOPDGDD. - Data Sharing & Third Parties
We only share data with trusted processors such as logistics providers, payment processors, or legal authorities when required. All partners comply with GDPR Article 28 and only act under our instructions. - International Transfers
If data is transferred outside the EU/EEA, we ensure compliance through adequacy decisions or Standard Contractual Clauses, in accordance with GDPR Chapter V. - Data Retention
We retain personal data only as long as necessary for contractual, operational, or legal reasons. Detailed retention periods are available upon request. - Data Subject Rights
You have the right to:
- Access your data (Art. 15)
- Rectification (Art. 16)
- Erasure (Art. 17)
- Restrict processing (Art. 18)
- Data portability (Art. 20)
- Object to processing (Art. 21)
Requests are answered within one month, extendable by two months for complex cases.
- Data Security & Breach Notification
We implement effective security measures including encryption, secure hosting, and pseudonymisation. In case of breaches likely to affect rights or freedoms, we notify the AEPD within 72 hours and affected individuals without delay. - Data Protection by Design & Default
We apply GDPR Article 25 principles, ensuring privacy-focused data handling and minimal data collection. - Cookies and Tracking
We inform users transparently about the use of cookies. Non-essential cookies require prior consent under the ePrivacy Directive and GDPR rules. - Supervisory Authority
The Spanish Data Protection Authority (Agencia Española de Protección de Datos – AEPD) oversees compliance. - Changes to Policy
Updates will be posted on our website with an effective date. - Contact & Complaints
For privacy inquiries or to exercise your rights, contact us:
Email: info@fridgevera.com
You may also file a complaint with the AEPD if you believe your rights are violated.
Summary Table
| Key Clause | Applicable Law / Article |
|---|---|
| Lawfulness & transparent info | GDPR Art. 5, 6, 12; Spanish LOPDGDD Art. 2, 9 |
| Consent (marketing, cookies) | GDPR Art. 6(a); ePrivacy Directive Art. 5(3) |
| Processor obligations | GDPR Art. 28; LOPDGDD |
| Breach notifications | GDPR Art. 33–34; Spanish law rules |
| Data subject rights | GDPR Arts. 15–22; LOPDGDD |
| Security by design/default | GDPR Art. 25; LOPDGDD Art. 9 |
