Privacy policy

PRIVACY POLICY

Last updated: April 27, 2026

1. Data Controller

In accordance with Regulation (EU) 2016/679 (GDPR) and Organic Law 3/2018 on Personal Data Protection and Guarantee of Digital Rights (LOPDGDD), the following information is provided:

Data Controller: TESSERA ENGONI INVESTMENTS SL (hereinafter, the “Company”)
Contact Email: info@stola.es
Data Protection Officer (DPO): dpd@stola.es

The Company is responsible for processing the personal data collected through the website and online store.

 

2. Purpose of Data Processing

Your personal data will be processed for the following purposes:

a) Performance of a contract (Art. 6.1.b GDPR)

• Management of orders, payments, shipping, returns, and customer support
• Creation and management of user accounts

b) Compliance with legal obligations (Art. 6.1.c GDPR)

• Tax, accounting, and administrative obligations
• Fraud prevention

c) Legitimate interest (Art. 6.1.f GDPR)

• Improvement of services and user experience
• Platform security

d) Consent (Art. 6.1.a GDPR)

• Sending commercial communications
• Use of non-essential cookies
• Personalized advertising

Users may withdraw their consent at any time.

 

3. Categories of Data Processed

We process the following categories of data:

• Identification data: first name, surname
• Contact data: email, phone number, address
• Financial data: payment information (managed through secure payment gateways)
• Browsing data: IP address, device information, cookies
• Purchase history and preferences

We do not process special categories of personal data (Art. 9 GDPR).

 

4. Source of the Data

Data is obtained:

• Directly from the user
• Automatically through cookies and similar technologies
• Through service providers (e.g. Shopify, payment gateways)

 

5. Recipients of the Data

Your data may be shared with:

• Technology providers (e.g. Shopify) acting as data processors
• Financial institutions and payment gateways
• Logistics and shipping companies
• Public authorities, when legally required

All providers operate under agreements in compliance with Article 28 GDPR.

 

6. International Transfers

Due to the use of Shopify and other providers, international data transfers outside the European Economic Area may occur.

These transfers are carried out in accordance with:

• Standard Contractual Clauses (Art. 46 GDPR)
• Adequacy decisions of the European Commission, where applicable

 

7. Data Retention Period

Personal data will be retained:

• For the duration of the contractual relationship
• During legally required retention periods (tax and commercial obligations)
• Until consent is withdrawn for processing activities based on consent

Afterwards, data will be blocked in accordance with Article 32 LOPDGDD.

 

8. User Rights

You may exercise the following rights:

• Access
• Rectification
• Erasure
• Objection
• Restriction of processing
• Data portability

You also have the right to:

• Withdraw consent at any time
• Not be subject to automated decision-making

To exercise your rights, contact:
dpd@stola.es

You may also file a complaint with the:
Spanish Data Protection Agency (AEPD)
www.aepd.es

 

9. Commercial Communications

Commercial communications will only be sent if:

• Prior consent has been obtained, or
• There is a prior contractual relationship in accordance with Article 21 LSSI-CE

You may unsubscribe at any time.

10. Cookies

Cookies are small text files stored on your device (computer, smartphone, or tablet) when you visit a website. They allow, among other things, the recognition of users, the storage of preferences, and the improvement of browsing experience.

This website uses both first-party and third-party cookies.
The use of non-essential cookies is based on user consent in accordance with Article 22 LSSI-CE.

This website uses the following categories of cookies:

a) Technical Cookies (Necessary)

These cookies enable the basic functioning of the website and the provision of requested services.

Examples:

• Session management
• Checkout process
• Security

Legal basis: legitimate interest (Art. 6.1.f GDPR)
These cookies do not require consent.

 

b) Preference or Personalization Cookies

These cookies allow information to be remembered so users can access the service with personalized features.

Examples:

• Language
• Currency
• Regional settings

Legal basis: consent (Art. 6.1.a GDPR)

 

c) Analytics Cookies

These cookies allow analysis of user behavior to improve services.

Examples:

• Google Analytics
• Shopify Analytics

Legal basis: consent (Art. 6.1.a GDPR)

 

d) Marketing or Advertising Cookies

These cookies are used to display personalized advertising based on user behavior.

Examples:

• Facebook Ads
• Google Ads
• Shopify marketing tools

Legal basis: consent (Art. 6.1.a GDPR)

 

11. Third-Party Cookies

This website uses third-party cookies, particularly from:

• Shopify Inc. (e-commerce platform)
• Google LLC (analytics and advertising)
• Meta Platforms Inc. (Facebook/Instagram)

These third parties may carry out international data transfers outside the European Economic Area.

 

12. International Transfers

The use of third-party cookies may involve international data transfers.

These are carried out in accordance with:

• Standard Contractual Clauses approved by the European Commission (Art. 46 GDPR)
• Adequacy decisions, where applicable

 

13. Consent Management

When you first access this website, a cookie banner will appear allowing you to:

• Accept all cookies
• Reject all non-essential cookies
• Configure your preferences

Consent may be withdrawn at any time.

 

14. How to Disable or Delete Cookies

You may allow, block, or delete cookies through your browser settings:

• Chrome: https://support.google.com/chrome/answer/95647
• Safari: https://support.apple.com
• Firefox: https://support.mozilla.org
• Edge: https://support.microsoft.com

Please note that disabling cookies may affect the proper functioning of the website.

 

15. Data Retention

Cookies will be retained for the time necessary to fulfill their purpose, depending on each type:

• Session cookies: deleted when the browser is closed
• Persistent cookies: retained for up to 24 months

16. Data Security

The Company applies appropriate technical and organizational measures in accordance with Article 32 GDPR to ensure data security.

However, absolute security on the Internet cannot be guaranteed.

 

17. Minors

The services are not intended for individuals under 18 years of age.
If the processing of minors’ data is detected, it will be deleted immediately.

 

18. Third-Party Services (Shopify)

The online store is hosted on Shopify, which acts as a data processor.

However, certain Shopify processing activities may make Shopify an independent data controller. We recommend reviewing their privacy policy: https://www.shopify.com/legal/privacy

 

19. Modifications

This policy may be updated for legal or technical reasons. Users are encouraged to review it periodically.