Privacy Policy

Last updated: June 2026

1. Data Controller

DTC.shop (hereinafter “we”, “us”, or “our”) acts as the data controller for the processing of personal data collected through our website. Our registered office is in Spain.

2. Data We Collect

We collect the following categories of personal data:

  • Identity data: first name, last name, email address, phone number.
  • Address data: shipping address, billing address, country.
  • Transaction data: order details, payment history (payment data is handled by our payment processor Stripe, not stored by us).
  • Technical data: IP address, browser type, device information, cookies.

3. Legal Basis for Processing

We process your data based on the following legal grounds under GDPR:

  • Contract performance: to process and fulfill your orders.
  • Legitimate interest: to improve our services, prevent fraud, and ensure website security.
  • Consent: for marketing communications (where required).
  • Legal obligation: to comply with tax and accounting regulations.

4. Purpose of Processing

We use your data for:

  • Processing and delivering your orders.
  • Managing your account and customer relationship.
  • Communicating about order status, delivery, and support.
  • Complying with legal obligations (invoicing, tax records).
  • Improving our website and product offering.

5. Data Retention

We retain your personal data for as long as necessary to fulfill the purposes outlined in this policy, or as required by law (e.g., tax records retained for 4 years as required by Spanish law). Order data is retained for the duration of the warranty period plus applicable statutory periods.

6. Your Rights

Under GDPR, you have the following rights:

  • Access: request a copy of your personal data.
  • Rectification: correct inaccurate or incomplete data.
  • Erasure: request deletion of your data (subject to legal obligations).
  • Restriction: limit how we process your data.
  • Portability: receive your data in a structured, machine-readable format.
  • Objection: object to processing based on legitimate interest.

To exercise your rights, contact us at privacy@dtc.shop. You also have the right to lodge a complaint with the Spanish Data Protection Agency (AEPD).

7. Third-Party Services

We use the following third-party services that may process your data:

  • Stripe — payment processing (credit card data is handled entirely by Stripe).
  • Heroku — cloud hosting infrastructure.
  • Google Fonts — web font delivery.

8. Cookies

We use essential cookies to maintain your cart and session. No tracking or advertising cookies are used. The cart cookie is strictly necessary for the functionality of the store.

9. Contact

For questions about this privacy policy, contact us at privacy@dtc.shop.