Privacy Policy (GDPR)

At EL Hacker Ético, we value and respect the privacy of our customers and visitors. This policy explains how we collect, use, and protect your personal information in compliance with the General Data Protection Regulation (GDPR) (EU) 2016/679.

1. Data Controller

• Trade name: EL Hacker Ético
• Website: https://shop.elhackeretico.com
• Contact email: shop@elhackeretico.com

The data controller is EL Hacker Ético.

2. Personal Data We Collect

We may collect the following personal data:

• Identification data: name, surname, shipping/billing address.
• Contact details: email, phone number.
• Payment data: information necessary to process purchases (managed through secure payment gateways; we do not store complete card details).
• Browsing data: IP address, browser type, cookies.
• Comments and reviews: data included in contact forms or product reviews.

3. Purpose of Processing

We use your personal data to:

• Process and manage orders, payments, and shipments.
• Manage your user account.
• Handle inquiries and requests through contact forms.
• Enable publication of product reviews and comments.
• Prevent fraud and improve site security.
• Send marketing communications if you give explicit consent.

4. Legal Basis for Processing

According to the GDPR, the legal basis for processing your data is:

• Execution of a contract (product purchases, order shipping).
• Consent of the data subject (contact forms, newsletter subscription, comments).
• Legitimate interest (fraud prevention, service improvement).
• Compliance with legal obligations (tax, accounting, and security).

5. Data Recipients

Your data may be shared only with:

• Secure payment service providers and gateways (e.g., PayPal, Stripe, Redsys).
• Shipping and logistics companies to process deliveries.
• Technology providers who help us maintain the website (hosting, anti-spam, analytics).
• Public authorities when there is a legal obligation.

We never sell or transfer your data to third parties for commercial purposes.

6. Data Retention

• Customer data is retained for the duration of the contractual relationship and thereafter for the time required to meet legal obligations (e.g., invoicing: 6 years under tax law).
• Comments and reviews are stored indefinitely unless the user requests their deletion.
• Data collected for marketing purposes will be kept until you withdraw your consent.

7. User Rights

You may exercise your GDPR rights (ARCO-POL) at any time:

• Access: know what data we hold about you.
• Rectification: correct inaccurate or incomplete data.
• Erasure (“Right to be Forgotten”): request deletion of your data.
• Objection: object to certain processing, such as marketing communications.
• Portability: receive your data in a structured format.
• Restriction: limit the use of your data in certain cases.

To exercise your rights, please email us at shop@elhackeretico.com, attaching a copy of your ID document.

8. Cookies

Our website uses cookies to improve the user experience, remember preferences, and analyze traffic.
You can configure or disable cookies in your browser. For more details, please see our Cookie Policy.

9. Data Security

We apply appropriate technical and organizational measures to ensure the confidentiality, integrity, and availability of your data, preventing unauthorized access, alteration, or loss of information.

10. International Data Transfers

We do not carry out international data transfers outside the European Economic Area (EEA), except in the case of technology providers that guarantee an adequate level of protection (e.g., services with Standard Contractual Clauses approved by the European Commission).

11. Supervisory Authority

If you believe your rights have not been respected, you can file a complaint with the Spanish Data Protection Agency (AEPD): https://www.aepd.es.