Ships from Tenerife · EU 5–7 days · Free shipping over 100€

Privacy Policy

Also available in German (Deutsch).

1. Data Controller

Ben Flagmeyer / FanuFacture
C/ Mar Cantábrico 18, Casa 31
38612 El Médano, Tenerife, Spain
Email: contact@imperfectly-perfect.shop
Phone: +34 627 657 305

2. Overview of Data Processing

We only process personal data to the extent necessary to provide our online shop and services. Processing is carried out on the basis of the EU General Data Protection Regulation (GDPR) and the Spanish Ley Orgánica 3/2018 (LOPDGDD).

3. Legal Bases

We process your data on the following legal bases:

  • Art. 6(1)(a) GDPR (Consent): Newsletter subscription, contact inquiries
  • Art. 6(1)(b) GDPR (Contract performance): Order processing, payment, shipping, customer communication
  • Art. 6(1)(c) GDPR (Legal obligation): Tax retention obligations, invoicing
  • Art. 6(1)(f) GDPR (Legitimate interest): IT security, fraud prevention, service improvement

4. Collection and Storage of Personal Data

4.1 Server Log Files

When you visit our website, information is automatically transmitted to our server (server log files): IP address, date and time of request, URL accessed, referrer URL, browser and operating system used, amount of data transferred, HTTP status code.

Legal basis: Art. 6(1)(f) GDPR (legitimate interest in IT security).
Retention period: 30 days, then automatically deleted.

4.2 Orders

When you place an order, we collect: name, email address, shipping address, order details. Payment processing is handled exclusively by Stripe (see section 6.1) — we do not store any credit card or bank details.

Legal basis: Art. 6(1)(b) GDPR (contract performance).
Retention period: 10 years (statutory retention obligation for business records under Spanish commercial law).

4.3 Newsletter

When you subscribe to our newsletter, we store your email address to send product news and drop notifications. Registration uses a double opt-in process: after entering your email, you receive a confirmation email with an activation link.

You can unsubscribe from the newsletter at any time — an unsubscribe link is included in every newsletter email.

Legal basis: Art. 6(1)(a) GDPR (consent).
Retention period: Until withdrawal of consent (unsubscription).

4.4 Contact Inquiries (WhatsApp, Email)

When you contact us by email or WhatsApp, your details are stored for processing the inquiry. When contacting via WhatsApp, your data is also processed by Meta Platforms Ireland Ltd. (see section 6.4).

Legal basis: Art. 6(1)(a)/(b) GDPR (consent or pre-contractual measures).
Retention period: Until completion of the inquiry, maximum 12 months.

5. Cookies and Local Storage

This website uses no tracking cookies and no analytics tools.

We only use:

  • Local browser storage (localStorage): To store your shopping cart. This data does not leave your browser.
  • Technically necessary cookies: Session cookies for the admin area (not for regular visitors).

Since we do not use tracking or marketing cookies, no cookie consent banner is required.

6. External Service Providers and Data Transfers

6.1 Stripe (Payment Processing)

We use Stripe, Inc., 354 Oyster Point Blvd, South San Francisco, CA 94080, USA for payment processing. When placing an order, your payment data is transmitted directly to Stripe and processed there. We only receive confirmation of payment status from Stripe.

Stripe processes your data on the basis of Standard Contractual Clauses (SCC) pursuant to Art. 46(2)(c) GDPR.

Stripe's privacy policy: https://stripe.com/privacy

6.2 Resend (Email Delivery)

We use Resend, Inc. (USA) to send order confirmations, shipping notifications and newsletter emails. Your email address is transmitted to Resend for this purpose.

Legal basis: Art. 6(1)(b) GDPR (contract performance) or Art. 6(1)(a) GDPR (newsletter).
Resend processes data on the basis of Standard Contractual Clauses (SCC).

6.3 Railway (Hosting)

Our website is hosted by Railway Corp. (USA). Each time our website is accessed, data (see 4.1 Server Log Files) is transmitted to Railway's servers.

Legal basis: Art. 6(1)(f) GDPR (legitimate interest in reliable website operation).

6.4 WhatsApp / Meta

We offer the option to contact us via WhatsApp. WhatsApp is operated by Meta Platforms Ireland Ltd., 4 Grand Canal Square, Dublin 2, Ireland. When you contact us via WhatsApp, your data (phone number, message content) is processed by Meta.

WhatsApp privacy policy: https://www.whatsapp.com/legal/privacy-policy

Legal basis: Art. 6(1)(a) GDPR (consent through active contact initiation).

6.5 Instagram

We link to our Instagram profile. When you click the link, you are redirected to Instagram (Meta Platforms Ireland Ltd.). Data collection by Instagram only occurs there. No Instagram data is loaded or tracking pixels embedded on our website.

6.6 Google Maps (Map Embed)

On our events page, we embed Google Maps as an iframe to display event locations. Provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. When the map loads, data (including your IP address and location data) is transmitted to Google. Google may set cookies in this context.

Legal basis: Art. 6(1)(f) GDPR (legitimate interest in displaying event locations).
Google's privacy policy: https://policies.google.com/privacy

6.7 Spotify (Embedded Player)

On certain product pages, we embed the Spotify player as an iframe to demonstrate NFC products. Provider: Spotify AB, Regeringsgatan 19, 111 53 Stockholm, Sweden. When the player loads, data (including your IP address) is transmitted to Spotify. Spotify may set cookies in this context.

Legal basis: Art. 6(1)(f) GDPR (legitimate interest in product demonstration).
Spotify's privacy policy: https://www.spotify.com/legal/privacy-policy/

6.8 FacturaDirecta (Invoice Generation)

We use the service FacturaDirecta (Spain) for invoice generation. When you place an order, your billing data (name, address, email, order details) is transmitted to FacturaDirecta to create a proper invoice.

Legal basis: Art. 6(1)(c) GDPR (legal obligation for invoicing).

7. Your Rights

You have the following rights regarding your personal data:

  • Access (Art. 15 GDPR) — What data we have stored about you
  • Rectification (Art. 16 GDPR) — Correction of inaccurate data
  • Erasure (Art. 17 GDPR) — Deletion of your data, provided no retention obligation exists
  • Restriction of processing (Art. 18 GDPR)
  • Data portability (Art. 20 GDPR) — Provision of your data in a machine-readable format
  • Objection (Art. 21 GDPR) — Objection to processing based on legitimate interests
  • Withdrawal of consent (Art. 7(3) GDPR) — Possible at any time, without giving reasons

To exercise your rights, contact us by email: contact@imperfectly-perfect.shop

8. Right to Lodge a Complaint with a Supervisory Authority

You have the right to lodge a complaint with a data protection supervisory authority. The competent authority for us is:

Agencia Española de Protección de Datos (AEPD)
C/ Jorge Juan 6, 28001 Madrid, Spain
https://www.aepd.es

Alternatively, you may contact the data protection authority of your country of residence.

9. Obligation to Provide Data

The provision of personal data is neither legally nor contractually required. However, certain data (name, address, email) is necessary for processing an order. Without this data, we cannot fulfil the purchase contract.

Providing an email address for the newsletter is voluntary.

10. Changes to This Privacy Policy

We reserve the right to update this privacy policy to reflect changes in legal requirements or changes to our data processing. The current version published on our website applies.

Last updated: April 2026