Buyer Data Protection Policy

Here’s an English‑language Buyer Data Protection Policy tailored for your website FridgeEuroShop, with specific references to relevant Spanish and EU legislation:

Buyer Data Protection Policy

1. Introduction
At FridgeEuroShop (operated by Martin Naes Holger Wager, Alicante, Spain), we respect and protect your personal data. This Policy explains how we collect, process, store, and disclose Buyer data in compliance with EU General Data Protection Regulation (GDPR, Regulation (EU) 2016/679) and Spain’s Ley Orgánica 3/2018 (LOPDGDD) (Lawants).

2. Data Controller
Martin Naes Holger Wager (Avda Roentgen 3, 3°10, 03183 Alicante, Spain) is the data controller. We may appoint a Data Protection Officer (DPO) per GDPR Article 37 if required (European Union, Securiti).

3. What Data We Collect & Purpose
We collect only essential personal data, such as:
• Buyer name, billing/shipping address, email, phone number, transaction details.
Purpose: order fulfillment, payment processing, customer service, legal compliance, fraud prevention.
Processing is lawful under GDPR Article 6(b) (contract) and (c) (legal obligation) (European Union, European Union, reizlaw.com).

4. Legal Basis & Consent
We rely on contract, compliance obligations, or legitimate interests.
For optional marketing (e.g. newsletters), we obtain explicit consent that is freely given, informed, specific, and withdrawable at any time, in line with GDPR Article 6(a) and guidance (European Union). In Spain, parental consent is required for children under 14 per LOPDGDD guidelines (linklaters.com, Википедия).

5. Data Sharing & Third Parties
We only share data with trusted processors, such as logistics providers, payment processors, or legal authorities when required. Such agreements strictly comply with GDPR Article 28, ensuring that processors act only on our instructions and implement appropriate security measures (European Union).

6. International Transfers
If data is transferred outside the EU/EEA, we ensure compliance via adequacy decisions or Standard Contractual Clauses, as required under GDPR Chapter V (European Union, Securiti).

7. Data Retention
We retain personal data only for as long as necessary—i.e. duration of legal or contractual requirements. Details of retention periods are disclosed upon request.

8. Data Subject Rights
You have the rights to:
• Access your personal data (Article 15 GDPR)
• Rectify inaccurate data (Article 16)
• Erase data (“right to be forgotten,” Article 17)
• Restrict processing (Article 18)
• Object to processing (Article 21)
• Data portability (Article 20)
Please submit requests within one month; complex requests may be extended by two months with notice, free of charge (European Union).

9. Data Security & Breach Notification
We implement technical and organizational measures—such as encryption, pseudonymisation, secure hosting—to ensure data confidentiality and integrity in line with GDPR Article 32 and Spanish law Article 9 of LOPDGDD (European Union).
In case of a data breach likely to harm individual rights, we notify the Spanish Data Protection Authority (AEPD) within 72 hours, and affected individuals promptly, as required by GDPR Articles 33–34 (Securiti).

10. Data Protection by Design & Default
We embed privacy measures throughout our services—from default privacy-friendly settings to minimal data collection—pursuant to GDPR Article 25 (European Union, Википедия).

11. Cookies and Tracking
We inform you transparently about cookies and tracking technologies. For non-essential cookies, we obtain user consent in compliance with the ePrivacy Directive (Article 5(3)) and GDPR transparency principles (Википедия).

12. Supervisory Authority
The Spanish Data Protection Authority (Agencia Española de Protección de Datos – AEPD) and, where applicable, the Catalan or Basque regional agencies, oversee compliance with national data protection legislation (Википедия, Википедия).

13. Changes to Policy
We may update this policy to reflect regulatory changes. Updates will be posted promptly on our website with an effective date.

14. Contact & Complaints
For privacy inquiries, data subject requests, or to withdraw consent, contact us at wager.sales@gmail.com.
You also have the right to lodge a complaint with the AEPD or regional authority if you believe your rights are violated.

Summary Table