Carolina Mar Studio
Last updated · May 2026

Privacy Policy

This Privacy Policy describes how Carolina Mar Studio (the "Controller") processes personal data of visitors and customers, in accordance with Regulation (EU) 2016/679 (GDPR) and Spanish Organic Law 3/2018 on Personal Data Protection (LOPDGDD).

Data Controller

Carolina Mar Studio · A Coruña, Spain · hola@carolinamar.studio

Data we collect

  • Identification and contact data (name, email, phone)
  • Billing and shipping address
  • Order history and payment metadata (we do not store full card numbers)
  • Technical data (IP address, browser, device) and cookie identifiers
  • Communications you send us (email, contact form)

Purposes and legal basis

  • To process and ship your orders — performance of a contract (Art. 6.1.b GDPR).
  • To comply with tax, accounting and consumer-protection obligations — legal obligation (Art. 6.1.c GDPR).
  • To send commercial newsletters — your prior consent (Art. 6.1.a GDPR), which you may withdraw at any time.
  • To improve the site through analytics and to ensure security — our legitimate interest (Art. 6.1.f GDPR), balanced against your rights.

Retention

We keep your data only for as long as necessary for the purposes above and to comply with legal obligations (e.g. invoices are kept for at least 6 years under Spanish commercial law).

Recipients and international transfers

Personal data may be shared with the providers strictly required to operate our service: payment processors (e.g. Stripe), shipping carriers, hosting and email providers. Where any provider is located outside the European Economic Area, transfers are protected by the European Commission's Standard Contractual Clauses or an adequacy decision.

Your rights

You have the right to access, rectify, erase, restrict, port and object to the processing of your data, and to withdraw consent at any time. To exercise these rights, write to hola@carolinamar.studio with proof of identity. You may also lodge a complaint with the Spanish Data Protection Agency (AEPD — aepd.es).

Security

We apply appropriate technical and organisational measures to protect your data against unauthorised access, loss or alteration, including encryption in transit (HTTPS) and access controls.