Privacy Policy

Last updated: 12 December 2025

This Privacy Policy explains how “Rizdraws” (referred to as “we”, “us”, or “our”) collects, uses and protects your personal data when you visit our website, use our online shop or interact with us on social media or by email.

We are based in Spain and our processing of personal data is carried out in accordance with:

• Regulation (EU) 2016/679 – General Data Protection Regulation (“GDPR”)
• Organic Law 3/2018 of 5 December on the Protection of Personal Data and Guarantee of Digital Rights (“LOPDGDD”).

By using this website and our services, you acknowledge that you have read and understood this Privacy Policy.

1. Data Controller

The data controller responsible for your personal data is:

Diego Fonteriz Alvarez, trading as “Rizdraws”
Address: Calle Juan Antonio Alvarez Rabanal, 3 3ºB, 33011 Oviedo, Spain
Email: [email protected]
Website: https://www.rizdraws.com

If you have any questions about this Privacy Policy or how we handle your personal data, you can contact us at the email address above.

2. Scope of this Privacy Policy

This Privacy Policy applies to:

• Our main website and online shop (built on WordPress / WooCommerce)
• Any subdomains or additional shop pages linked from there
• Our communication channels related to the shop (email, contact forms, order messages, newsletter sign-ups, etc.)

It does not apply to third-party websites or platforms that you may reach via links from our site (for example, social networks or external payment pages). In those cases, their own privacy policies will apply.

3. Personal Data We Collect

We collect the following categories of personal data, depending on how you interact with us:

a) Identity and contact details

• First and last name
• Billing and shipping address
• Country of residence
• Email address
• Phone number (if you provide it)
• Company name and VAT / tax ID (if applicable for invoicing)

b) Order and account information

• Products purchased, order number, order history
• Billing details and transaction amount
• Chosen payment method (we do not store full card numbers; this is handled by the payment provider)
• Customer account details (username, encrypted password, order preferences) if you create an account

c) Communication data

• Messages sent via contact forms
• Emails you send to us
• Customer service notes and replies
• Comments or reviews left on our site (if enabled)

d) Marketing and preference data

• Newsletter subscription status
• Your communication preferences (for example, whether you want marketing emails)
• Wishlist or favourite products (if this feature is enabled)

e) Technical and usage data

• IP address and approximate location (country/city level)
• Browser type and version, operating system, device type
• Date, time and duration of visits
• Pages visited, click paths, and interaction with content
• Cookie identifiers and similar technologies (see section 8)

f) Social media data

If you interact with us on social media (for example, Instagram, TikTok, X/Twitter or others), we may see basic profile information and your messages, according to your privacy settings on those platforms. The social network’s own privacy policy will also apply.

4. How We Collect Your Data

We collect personal data in the following ways:

• Directly from you:
  When you place an order, create an account, contact us by email or form, subscribe to our newsletter, or participate in giveaways or campaigns.
• Automatically:
  Via cookies, server logs and similar technologies when you browse our website (for example, for basic shop functionality, security logs and, if you consent, analytics and marketing cookies).
• From third parties (in limited cases):
  • Payment service providers, who confirm that a payment was successful or failed
  • Shipping and logistics providers, who provide tracking information and delivery status
  • Email and marketing tools, which help us manage mailing lists and statistics

5. Purposes and Legal Bases for Processing

We process your personal data only when there is a valid legal basis under the GDPR. Below you can see what we use your data for and the corresponding legal bases:

a) To process and deliver your orders

• Managing orders, payments and refunds
• Preparing and sending invoices
• Organising shipping and providing tracking

Legal basis:

• Performance of a contract with you (Art. 6(1)(b) GDPR)
• Compliance with legal obligations (Art. 6(1)(c) GDPR), in particular accounting and tax obligations under Spanish law

b) To manage your customer account

• Creating and managing a user account (if you register)
• Allowing you to view your orders and saved information
• Resetting passwords and managing login details

Legal basis:

• Performance of a contract with you or steps taken at your request (Art. 6(1)(b) GDPR)

c) To provide customer support and communicate with you

• Responding to questions, order issues or product information requests
• Managing returns, incidents or complaints
• Contacting you about important updates related to your orders or your account

Legal basis:

• Performance of a contract or pre-contractual measures (Art. 6(1)(b) GDPR)
• Legitimate interest in providing a good customer service and maintaining our business (Art. 6(1)(f) GDPR)

d) To send you newsletters and marketing communications

• Sending you news about new collections, launches, events, discounts or special offers
• Sending abandoned cart reminders or product recommendations (if this functionality is enabled)

Legal basis:

• Your consent (Art. 6(1)(a) GDPR), when you actively subscribe to the newsletter or accept marketing
• Legitimate interest (Art. 6(1)(f) GDPR) to send similar products and offers to existing customers, always with an easy opt-out option

You can unsubscribe at any time by clicking the “unsubscribe” link in our emails or by contacting us.

e) To improve our website, products and services

• Analysing which pages are most visited and how users interact with the shop
• Detecting usability problems or errors
• Planning stock, launches and improvements based on anonymised or aggregated data

Legal basis:

• For strictly necessary technical data: legitimate interest in operating a functional and secure online shop (Art. 6(1)(f) GDPR)
• For non-essential analytics cookies: your consent (Art. 6(1)(a) GDPR), obtained through our cookie banner where required

f) To ensure security and prevent fraud

• Protecting the website and shop from attacks or abuse
• Detecting and investigating suspicious activity, fraudulent orders or payment issues
• Keeping logs necessary for security and compliance

Legal basis:

• Legitimate interest in protecting our business, customers and systems (Art. 6(1)(f) GDPR)
• Compliance with legal obligations (Art. 6(1)(c) GDPR), where applicable

6. Who We Share Your Data With

We do not sell your personal data. We only share it with:

• Payment service providers
  (e.g. card processors, PayPal, bank virtual POS or similar) to process payments securely.
• Shipping and logistics companies
  to deliver your orders and manage returns.
• Web hosting and IT providers
  who host our WordPress / WooCommerce site and keep it running.
• Email and marketing providers
  used to send transactional emails (order confirmations, shipping updates) and newsletters.
• Professional advisers
  such as accountants or legal advisors, when necessary to comply with legal and tax obligations.
• Public authorities
  when the law requires us to do so (e.g. tax authorities, courts).

All these third parties act either as data processors, following our instructions under a written agreement, or as independent controllers (for example, payment providers with their own legal obligations). In all cases, we limit the data disclosed to what is strictly necessary.

7. International Data Transfers

Some of our service providers may be located or may store data outside the European Economic Area (EEA). When we transfer data to countries that do not have an adequacy decision from the European Commission, we ensure that appropriate safeguards are in place, such as:

• Standard Contractual Clauses approved by the European Commission, and/or
• Other legally recognised mechanisms and additional security measures.

For transfers to countries or organisations covered by an adequacy decision, your data benefits from a level of protection essentially equivalent to that of the EU.

You can obtain more information about international transfers and a copy of the relevant safeguards by contacting us.

8. Cookies and Similar Technologies

8.1 What are cookies?

Cookies are small text files that are stored on your device (computer, tablet, smartphone, etc.) when you visit a website. They are widely used to make websites work, to improve their efficiency, and to provide information to the website owner.

Similar technologies (such as pixels, local storage or tracking scripts) can also be used for similar purposes. In this Policy we refer to all of them as “cookies” for simplicity.

8.2 Cookies we use on this website

Our shop is built on WordPress / WooCommerce, which uses cookies and similar technologies to function correctly. We may use the following categories of cookies:

1. Strictly necessary cookies
   These cookies are essential for the basic operation of the website and the online shop. Without them, core features such as the shopping cart, checkout or security protections would not work properly.
   Examples (may vary depending on configuration and plugins):
   • Cookies that remember what is in your cart and your current session
   • Cookies that manage login and account authentication
   • Cookies used to protect forms and prevent abuse
2. Preference / functional cookies
   These cookies allow the website to remember choices you make (such as language, currency or region) and provide enhanced, more personalised features.
3. Analytics / performance cookies
   These cookies help us understand how visitors use our site (for example, which pages are visited most often, how long users stay on a page, or if they encounter error messages). The information is usually aggregated and used to improve the website and your user experience.
   These cookies are not strictly necessary and will only be used if you give your consent where required by law.
4. Marketing / advertising cookies
   These cookies are used to show you relevant adverts or content based on your interests, or to measure the effectiveness of marketing campaigns. They may be set by us or by third parties (for example, advertising or social media partners).
   These cookies are not strictly necessary and will only be used if you give your consent where required by law.

8.3 Legal basis for cookies

• Strictly necessary cookies are used based on our legitimate interest in providing a functional, secure online shop and service (Art. 6(1)(f) GDPR).
• All other cookies (analytics, preference where not essential, marketing) are used based on your consent (Art. 6(1)(a) GDPR), obtained via our cookie banner or settings tool where required by applicable law.

You can withdraw your consent at any time or change your preferences through the cookie settings (if available) or by managing cookies in your browser.

8.4 Cookie banner and consent management

When you first visit our website, you may see a cookie banner or pop-up that:

• Informs you that we use cookies
• Offers you the option to accept all cookies, reject non-essential cookies, or customise your preferences (where implemented)

Your choices will be stored so that we do not ask for consent again on every page, although you may be asked again after a certain period has passed or if we change the cookies we use significantly.

8.5 How long are cookies stored?

The lifetime of cookies depends on their purpose:

• Session cookies: are temporary and are deleted when you close your browser.
• Persistent cookies: remain on your device for a defined period or until you delete them. Persistent cookies generally last from a few days up to a maximum of two years, unless you remove them earlier via your browser settings.

The exact duration may vary depending on the cookie and the tools used.

8.6 Managing and deleting cookies

You can control and manage cookies in several ways:

• Via our cookie banner / settings (if available), where you can enable or disable non-essential cookies; and
• Via your browser settings, where you can usually:
  • See which cookies are stored on your device
  • Delete cookies
  • Block cookies from specific websites
  • Block all cookies (although this may affect the functionality of our shop)

Instructions on managing cookies can usually be found in your browser’s help section (for example: Chrome, Firefox, Safari, Edge).

Please note that if you block or delete certain cookies, some parts of our website may not function properly, and you may not be able to use some features such as the shopping cart or checkout.

9. Data Retention

We keep your personal data only for as long as necessary for the purposes described above and to comply with legal obligations.

In particular:

• Orders, invoices and accounting records:
  Kept for at least 6 years from the end of the financial year, to comply with the Spanish Commercial Code and tax regulations.
• Customer accounts:
  For as long as your account remains active. If your account is inactive for 5 years, we may delete or anonymise your data, unless we must retain it for legal reasons.
• Newsletter and marketing data:
  Until you withdraw your consent or object to receiving marketing. We may keep proof of your consent and your opt-out for up to 3 years to demonstrate compliance.
• Customer service communications:
  Typically up to 5 years after resolving your request, particularly when they are relevant for legal or tax reasons.
• Technical logs and security data:
  Usually kept for 12–24 months, unless we need to keep them longer for security incidents or legal reasons.

When data is no longer needed, we will delete or irreversibly anonymise it.

10. Your Rights

Under the GDPR and Spanish data protection law, you have the following rights regarding your personal data:

• Right of access – to obtain confirmation about whether we process your data and access to that data.
• Right to rectification – to correct inaccurate or incomplete data.
• Right to erasure (“right to be forgotten”) – to request deletion of your data in certain situations.
• Right to restriction of processing – to limit processing in specific circumstances.
• Right to data portability – to receive your data in a structured, commonly used and machine-readable format and to transmit it to another controller, where legally applicable.
• Right to object – to object at any time, on grounds relating to your particular situation, to processing based on legitimate interests, including direct marketing.
• Right to withdraw consent – when processing is based on your consent, you may withdraw it at any time, without affecting the lawfulness of processing before withdrawal.
• Right not to be subject to automated individual decision-making, including profiling, where such decisions produce legal effects concerning you or similarly significantly affect you. We currently do not carry out such decisions.

To exercise these rights, please contact us at: [email protected] and clearly indicate:

• Which right you wish to exercise
• What data or processing your request refers to
• Proof of identity, if necessary, to protect your data

We will respond within one month of receiving your request, extendable by up to two further months in complex cases, as permitted by the GDPR. You will be informed if an extension is needed.

11. Right to Lodge a Complaint with a Supervisory Authority

If you believe that your data protection rights have been violated, you also have the right to lodge a complaint with a supervisory authority, in particular in the EU member state of your habitual residence, place of work, or the place of the alleged infringement.

In Spain, the relevant authority is:

Agencia Española de Protección de Datos (AEPD)
C/ Jorge Juan, 6
28001 – Madrid, Spain
Website: https://www.aepd.es

We would appreciate the opportunity to address your concerns first, so we kindly ask you to contact us before filing a complaint.

12. Security of Your Data

We take appropriate technical and organisational measures to protect your personal data against accidental or unlawful destruction, loss, alteration, unauthorised disclosure or access.

These measures include, where appropriate:

• Secure hosting and regular software updates
• Strong passwords and access controls
• Encryption and security protocols (such as HTTPS)
• Backups and monitoring for unusual activity

However, no system or transmission over the internet is completely secure. While we strive to protect your data, we cannot guarantee absolute security.

13. Children’s Privacy

Our shop and products are mainly aimed at adults. We do not intentionally offer services directly to children nor knowingly collect personal data from persons under 14 years old, which is the minimum age for valid consent in Spain.

If you are under 14, please ask a parent or guardian to place an order or contact us on your behalf.

If we discover that we have collected data from a minor under 14 without valid consent, we will take steps to delete that data as soon as possible.

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in the law, our services or how we process personal data.

When we make significant changes, we will:

• Update the “Last updated” date at the top of this page, and
• Where appropriate, notify you by email or via a notice on our website.

We encourage you to review this Privacy Policy periodically to stay informed about how we handle your personal data.

15. Contact

If you have any questions, concerns or requests regarding this Privacy Policy or your personal data, you can contact us at:

Name: Diego Fonteriz Alvarez (trading as “Rizdraws”)
Email: [email protected]
Postal address: Calle Juan Antonio Alvarez Rabanal, 3 3ºB, 33011 Oviedo, Spain