PRIVACY POLICY

Privacy Policy

Effective date: 2026-04-22

1. Introduction and Data Controller

{nombre_comercial} ("we", "us", or "our") is committed to protecting and respecting your privacy. This Privacy Policy describes how we collect, process, store, and protect your personal data when you visit our website ps602a901.weedspayments.com or place an order through our online store. This policy has been prepared in accordance with Regulation (EU) 2016/679 (General Data Protection Regulation, "GDPR") and applicable data protection laws within the European Economic Area (EEA) and Switzerland.

The data controller responsible for the processing of your personal data is:

{nombre_comercial}
Website: ps602a901.weedspayments.com
Email: {email}

If you have any questions about how we handle your personal data, please contact us using the details provided above or in Section 11 of this policy.

2. Data We Collect

We may collect and process the following categories of personal data:

  • Identity data: first name, last name, title, date of birth (where applicable).
  • Contact data: email address, postal address, telephone number.
  • Financial data: payment card details and billing address (processed securely by our payment service providers; we do not store full payment card numbers).
  • Transaction data: details of orders you have placed, purchase history, amounts paid, and delivery details.
  • Technical data: IP address, browser type and version, operating system, device identifiers, time zone setting, and browsing actions on our website.
  • Communication data: records of correspondence with our customer service team, including emails, chat messages, and contact form submissions.
  • Preference data: marketing preferences, product interests, and communication channel preferences.

We do not intentionally collect any special categories of personal data (such as data revealing racial or ethnic origin, political opinions, religious beliefs, health data, or sexual orientation). If you voluntarily provide such information, we will process it only to the extent strictly necessary and with your explicit consent.

3. Purposes of Processing

We process your personal data for the following purposes:

  • Order fulfillment: to process, manage, and deliver your orders, including payment processing, shipping, and customer communication regarding your purchase.
  • Account management: to create and maintain your customer account, if applicable.
  • Customer support: to respond to your inquiries, complaints, and requests.
  • Website improvement: to analyze website usage, diagnose technical issues, and improve the functionality and user experience of our online store.
  • Marketing communications: to send you promotional offers, newsletters, and product updates, only where you have provided your prior, explicit consent or where permitted by applicable law on the basis of an existing customer relationship.
  • Legal compliance: to comply with applicable legal and regulatory obligations, including tax, accounting, and anti-fraud requirements.
  • Fraud prevention: to detect, prevent, and investigate fraudulent transactions and other illegal activities.

4. Legal Basis

Under Article 6 of the GDPR, we rely on the following legal bases for processing your personal data:

  • Performance of a contract (Art. 6(1)(b)): Processing is necessary for the performance of a contract to which you are a party, or to take steps at your request prior to entering into a contract (e.g., processing your order).
  • Legitimate interests (Art. 6(1)(f)): Processing is necessary for our legitimate interests, such as improving our services, preventing fraud, and ensuring the security of our website, provided that such interests are not overridden by your fundamental rights and freedoms.
  • Consent (Art. 6(1)(a)): Where you have provided your explicit consent, for example for receiving marketing communications or the use of non-essential cookies. You may withdraw your consent at any time.
  • Legal obligation (Art. 6(1)(c)): Processing is necessary for compliance with a legal obligation to which we are subject, such as tax and accounting requirements.

5. Data Recipients

We may share your personal data with the following categories of recipients, strictly on a need-to-know basis and in accordance with applicable data protection legislation:

  • Payment service providers: to process transactions securely.
  • Shipping and logistics companies: to deliver your orders.
  • IT and hosting providers: to operate and maintain our website and infrastructure.
  • Analytics providers: to help us understand and improve website performance.
  • Professional advisors: including legal, accounting, and auditing professionals, as required.
  • Public authorities: where required by law, regulation, or legal proceedings.

We require all third-party recipients to process your data in accordance with our instructions and applicable data protection law. We do not sell, rent, or trade your personal data to any third party for their own marketing purposes.

6. International Transfers

Your personal data may be transferred to and processed in countries outside the EEA and Switzerland. Where such transfers occur, we ensure that an adequate level of data protection is maintained through one or more of the following safeguards:

  • Transfers to countries recognized by the European Commission as providing an adequate level of data protection (adequacy decisions).
  • Standard Contractual Clauses (SCCs) approved by the European Commission.
  • Binding Corporate Rules, where applicable.
  • Other legally recognized transfer mechanisms under the GDPR.

You may request a copy of the safeguards we have put in place by contacting us using the details provided in Section 11.

7. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected, including to satisfy any legal, accounting, or reporting obligations. Specifically:

  • Order and transaction data: retained for a minimum period required by applicable tax and commercial legislation (typically 7 to 10 years from the date of the transaction).
  • Customer account data: retained for the duration of your account and for a reasonable period thereafter to allow for reactivation or to address any outstanding matters.
  • Marketing data: retained until you withdraw your consent or unsubscribe, after which it will be promptly deleted or anonymized.
  • Technical and analytics data: retained for up to 26 months, after which it is aggregated or deleted.

When personal data is no longer required, we will securely delete or anonymize it.

8. Your Rights

Under the GDPR and applicable national legislation within the EEA and Switzerland, you have the following rights regarding your personal data:

  • Right of access (Art. 15 GDPR): You have the right to obtain confirmation as to whether we are processing your personal data and, if so, to receive a copy of that data along with information about the processing.
  • Right to rectification (Art. 16 GDPR): You have the right to request the correction of inaccurate personal data and the completion of incomplete personal data.
  • Right to erasure (Art. 17 GDPR): You have the right to request the deletion of your personal data where there is no compelling reason for its continued processing, subject to applicable legal retention obligations.
  • Right to data portability (Art. 20 GDPR): You have the right to receive your personal data in a structured, commonly used, and machine-readable format, and to transmit that data to another controller without hindrance.
  • Right to object (Art. 21 GDPR): You have the right to object to the processing of your personal data based on legitimate interests or for direct marketing purposes. Where you object to direct marketing, we will cease processing your data for that purpose without delay.
  • Right to restriction of processing (Art. 18 GDPR): You have the right to request the restriction of processing of your personal data in certain circumstances, for example when you contest the accuracy of the data or have objected to processing pending verification of our legitimate grounds.
  • Right to withdraw consent: Where processing is based on your consent, you may withdraw that consent at any time without affecting the lawfulness of processing carried out prior to the withdrawal.
  • Right to lodge a complaint: You have the right to lodge a complaint with a data protection supervisory authority in the EU/EEA member state of your habitual residence, place of work, or place of the alleged infringement.

To exercise any of the above rights, please contact us using the details provided in Section 11. We will respond to your request within one month, as required by law. In certain circumstances, this period may be extended by two further months, in which case we will inform you accordingly.

9. Security

We implement appropriate technical and organizational security measures to protect your personal data against unauthorized access, alteration, disclosure, loss, or destruction. These measures include, but are not limited to:

  • Encryption of data in transit using TLS/SSL protocols.
  • Secure storage of data on servers with restricted access controls.
  • Regular security assessments and vulnerability testing.
  • Access to personal data restricted to authorized personnel on a need-to-know basis.
  • Staff training on data protection obligations and best practices.

While we take all reasonable precautions, no method of transmission over the Internet or method of electronic storage is completely secure. We cannot guarantee absolute security but are committed to taking all practicable steps to protect your personal data.

10. Changes to This Policy

We reserve the right to update this Privacy Policy at any time to reflect changes in our practices, legal requirements, or operational needs. Any material changes will be posted on this page with an updated effective date. Where required by law, we will notify you directly (for example, by email) of significant changes and, if necessary, seek your renewed consent. We encourage you to review this policy periodically.

11. Contact

If you have any questions, concerns, or requests regarding this Privacy Policy or the processing of your personal data, please contact us at:

{nombre_comercial}
Email: {email}
Website: ps602a901.weedspayments.com

You also have the right to contact the relevant data protection supervisory authority in your jurisdiction if you believe that our processing of your personal data infringes applicable data protection legislation.

Last updated: 2026-04-22