Legal
Privacy policy
Last updated: 26 May 2026
|versión 1.0
1. Data controller
- Identity: Antonio Ginés Clares Franco (hereinafter "Velclare")
- Tax ID (NIF): 49172139W
- Address: Avenida de la Constitución, N.º 37, 30152 Murcia, Spain
- Email: concierge@velclare.com
- Phone: +34 640 60 38 77
- Website: www.velclare.com
A Data Protection Officer (DPO) has not been appointed as it is not mandatory under Article 37 of the GDPR (natural person not carrying out large-scale processing).
2. Personal data we collect
The personal data we process comes from the following sources:
- Contact / lead form: name, email address, phone (optional), message.
- Purchase process: full name, shipping and billing address, email, phone, payment data (processed by Shopify Payments, not stored by Velclare).
- Newsletter subscription: email address.
- Web browsing: IP address, browser type, pages visited, time on site, device information (collected via cookies with your prior consent).
- User account: name, email, order history.
No special category data is collected (Art. 9 GDPR). The minimum age to use this website is 18 years.
3. Purposes and legal bases for processing
| Purpose | Legal basis | Retention period |
|---|---|---|
| Managing and fulfilling purchase orders | Performance of a contract (Art. 6(1)(b) GDPR) | Duration of the contractual relationship + 5 years (tax obligations) |
| Responding to enquiries and contact requests | Consent (Art. 6(1)(a) GDPR) | Until resolution of the enquiry + 1 year |
| Sending marketing communications / newsletter | Consent (Art. 6(1)(a) GDPR) | Until consent is withdrawn |
| User account management | Performance of a contract (Art. 6(1)(b) GDPR) | While the account remains active + 1 year after closure |
| Statistical analysis and website improvement | Consent (Art. 6(1)(a) GDPR) — analytics cookies | According to each cookie's duration (see Cookie Policy) |
| Personalised advertising on external platforms | Consent (Art. 6(1)(a) GDPR) — marketing cookies | According to each cookie's duration (see Cookie Policy) |
| Compliance with legal and tax obligations | Legal obligation (Art. 6(1)(c) GDPR) | As required by law (5-10 years) |
| Fraud prevention and site security | Legitimate interest (Art. 6(1)(f) GDPR) | Maximum 12 months |
4. Automated decisions and profiling
Velclare does NOT make decisions based solely on automated processing that produce legal effects concerning the data subject or similarly significantly affect them (Article 22 GDPR).
5. Recipients and data processors
Personal data may be disclosed to the following recipients or data processors:
| Provider | Service | Location | Safeguards |
|---|---|---|---|
| Shopify Inc. | E-commerce platform and payments | Canada / USA | EU-US Data Privacy Framework (DPF) |
| Vercel Inc. | Hosting, CDN and performance analytics | USA | EU-US Data Privacy Framework (DPF) |
| MongoDB Atlas | Database | EU región (Ireland) | Data in EEA |
| Resend Inc. | Transactional email | USA | EU-US Data Privacy Framework (DPF) |
| Google LLC | Google Analytics 4, Google Tag Manager | USA | EU-US Data Privacy Framework (DPF) |
| Meta Platforms Inc. | Meta Pixel (advertising) | USA | EU-US Data Privacy Framework (DPF) |
| Sentry (Functional Software Inc.) | Error tracking | USA | EU-US Data Privacy Framework (DPF) |
| Upstash | Rate limiting (Redis) | EU región (Frankfurt) | Data in EEA |
In addition, data may be disclosed to carriers (DHL, UPS, Nacex, FedEx, Correos, among others) exclusively for order delivery, as well as to public authorities where required by law.
Personal data is not sold or transferred to third parties for their own commercial purposes.
6. International data transfers
Some of the data processors listed above are located in the United States. All transfers are covered by the EU-US Data Privacy Framework (DPF), an adequacy programme recognised by the European Commission (Adequacy Decision of 10 July 2023).
Where the DPF does not apply, Standard Contractual Clauses approved by the European Commission are used as an appropriate safeguard pursuant to Article 46(2)(c) of the GDPR.
You may request a copy of the safeguards adopted by writing to concierge@velclare.com.
7. Data subject rights
As a data subject, you may exercise the following rights:
- Access: know what personal data we process about you.
- Rectification: request the correction of inaccurate or incomplete data.
- Erasure (right to be forgotten): request the deletion of your data when it is no longer necessary.
- Objection: object to the processing of your data in certain circumstances.
- Restriction: request the restriction of processing.
- Portability: receive your data in a structured, commonly used and machine-readable format.
- Withdrawal of consent: at any time, without affecting the lawfulness of prior processing.
How to exercise your rights: send an email to concierge@velclare.com stating your full name, the right you wish to exercise and a copy of your identity document for verification. We will respond within a maximum of 30 days.
Complaint to the supervisory authority: if you believe that the processing of your data does not comply with current regulations, you may file a complaint with the Spanish Data Protection Agency (AEPD): www.aepd.es.
8. Security measures
Velclare has adopted the technical and organisational measures necessary to ensure the security and integrity of personal data, preventing their alteration, loss, unauthorised processing or access, in accordance with the state of the art, the nature of the data and the risks to which they are exposed. Measures include:
- Encrypted communications via HTTPS/TLS protocol.
- Encrypted storage at rest in databases.
- Access control with enhanced authentication.
- Regular backups and disaster recovery.
- Error and vulnerability monitoring (Sentry).
- Rate limiting to prevent brute-force attacks (Upstash Redis).
10. Changes to this privacy policy
Velclare reserves the right to modify this Privacy Policy to adapt it to legislative changes, case law or industry practices. Any modification will be published on this page with the updated date. Users are encouraged to review this policy periodically.