Privacy Policy - StoreTics

1. Who We Are

Company name: Storetics Technology Sociedad Limitada
NIF/CIF: B56317001
Registered address: Avda. Gran Vía, 94, Esc. E, Baja D, 36203 Vigo (Pontevedra), Spain
Registro Mercantil: Registro Mercantil de Pontevedra, Sección 8, Hoja PO-76581
Email: storetics@outlook.com
Website: https://storetics.com

In compliance with the LSSI-CE (Ley 34/2002), the identity and contact details of the entity operating this website are set out above.

Storetics Technology Sociedad Limitada ("Storetics", "we", "us") is the data controller for personal data collected in connection with account registration, billing, customer support, and use of the Storetics website and platform.

Where Storetics processes personal data on behalf of a customer as a data processor (for example, marketplace order data ingested through the platform), we process that data only to provide the Service under the customer's instructions. The customer remains responsible for its own lawful basis and notices to its end-buyers or other data subjects. The processor terms are set out in Section 12 of the Storetics Terms and Conditions.

2. Personal Data We Collect

2.1 Account and Registration Data

When you register for or access the Storetics platform, we collect:

full name and job title of the account holder and authorised users;
business email address;
company name, registered address, and VAT/NIF number;
phone number (if provided);
account credentials (passwords are stored in hashed form only).

2.2 Billing and Payment Data

To issue invoices and process payments by bank transfer, we collect:

billing address and company tax identification number;
bank transfer references and confirmation records;
invoice history and subscription records.

We do not store card numbers or online payment credentials. All payments are made by bank transfer; no payment card data passes through our systems.

2.3 Usage and Technical Data

When you use the platform or visit our website, we may collect:

IP address;
browser type, operating system, and device identifiers;
pages accessed, features used, and request timestamps;
API access logs, including timestamps and request metadata;
error and diagnostic logs.

2.4 Communications Data

When you contact us by email or through a support channel, we collect your name and email address, the content of your message and any attachments, and records of correspondence and support interactions.

2.5 Marketing Data

If you have consented or we have a legitimate interest, we may hold email address and name for product update and newsletter communications, along with marketing preference records and opt-out history.

2.6 Marketplace Order Data

When marketplace orders are synchronised through the Service, order data (including personal data) passes through Storetics' systems solely to route it to the Customer's connected platform or fulfilment system. Storetics does not use this data for any other purpose.

2.7 Data You Do Not Need to Provide

Providing personal data is necessary to create an account and use the Service. Fields marked as mandatory during registration are required to fulfil our contract with you. Optional fields may be left blank.

3. How and Why We Use Your Data

When Storetics acts as a data controller, we process personal data only where we have a lawful basis to do so under Article 6 of the GDPR. The table below sets out our controller processing purposes and the corresponding lawful basis. Where Storetics processes marketplace order data on behalf of a Customer, the Customer is responsible for the lawful basis for that processing.

Purpose	Lawful Basis
Creating and managing your account	Contract (Art. 6(1)(b))
Providing and operating the Service	Contract (Art. 6(1)(b))
Processing payments and issuing invoices	Contract (Art. 6(1)(b))
Providing customer support	Contract (Art. 6(1)(b))
Sending service-critical notices (security alerts, billing notices, platform updates)	Contract (Art. 6(1)(b))
Complying with tax, accounting, and legal obligations under Spanish and EU law	Legal obligation (Art. 6(1)(c))
Maintaining security, preventing fraud, and detecting abuse	Legitimate interests (Art. 6(1)(f))
Improving platform features and performance	Legitimate interests (Art. 6(1)(f))
Sending product news, feature updates, and commercial communications to existing customers	Legitimate interests (Art. 6(1)(f)) or consent where required
Technical logging, diagnostics, and performance monitoring	Legitimate interests (Art. 6(1)(f))
Sending marketing to non-customers	Consent (Art. 6(1)(a))

Where we rely on legitimate interests, you may object to that processing at any time (see Section 8). Where we rely on consent, you may withdraw it at any time without affecting the lawfulness of processing carried out before withdrawal.

4. Sharing Your Data

We do not sell personal data to third parties.

We may share personal data with service providers that process data on our behalf, subject to appropriate contractual and data protection terms. These providers may include:

cloud hosting and infrastructure providers (servers, databases, file storage);
email delivery providers (for transactional and operational emails);
customer support and helpdesk software providers;
error-monitoring and diagnostic services;
accounting and invoicing software providers.

We may also share data where required by law, court order, or regulatory authority, or where necessary to protect the rights, property, or safety of Storetics, its customers, or others.

In the event of a merger, acquisition, or sale of all or part of our business, personal data held by us may be transferred to the acquiring entity, subject to the same data protection commitments set out in this Policy.

We will not share your personal data with any third party for their own marketing purposes without your explicit consent.

Third-party marketplaces, sales channels, fulfilment platforms, or other integrations connected by the Customer are independent third-party services selected by the Customer and are governed by their own terms and privacy notices.

5. Security

We implement appropriate technical and organisational measures to protect personal data against unauthorised access, alteration, disclosure, or destruction. These include:

encrypted transmission of data in transit using TLS/SSL;
access controls restricting data access to authorised personnel only;
account passwords stored using one-way hashing algorithms;
role-based permissions within the platform limiting access by function;
regular monitoring of systems for security vulnerabilities.

No method of transmission over the internet or electronic storage is completely secure. While we strive to use commercially reasonable means to protect your personal data, we cannot guarantee its absolute security.

If you know or suspect that your account credentials have been compromised, please contact us immediately at storetics@outlook.com so we can take prompt action.

6. International Data Transfers

Storetics is based in Spain (EU). Where we use sub-processors located outside the European Economic Area (EEA), we ensure that appropriate safeguards are in place in accordance with Chapter V of the GDPR, such as:

Standard Contractual Clauses (SCCs) approved by the European Commission;
transfers to countries with an EU adequacy decision; or
other legally recognised transfer mechanisms.

You may request details of the specific safeguards applicable to any international transfer of your data by contacting us at the address in Section 10.

7. How Long We Keep Your Data

We retain personal data only for as long as necessary for the purpose for which it was collected, or as required by law.

Data category	Retention period
Account and registration data	For the duration of the Subscription plus 3 years after termination
Billing records and invoices	6 years from the invoice date (Spanish tax law obligation)
Usage and technical logs	Up to 12 months from collection
Support communications	3 years from the date of the last communication
Marketing preference records	Until you withdraw consent or object, plus 1 year thereafter

After the applicable retention period, data is securely deleted or anonymised. Where we are required by law to retain data for longer periods (e.g., for tax or legal proceedings), we will retain it for the legally required duration.

8. Your Rights

Under the GDPR and Spain's Ley Orgánica 3/2018 (LOPD-GDD), you have the following rights in relation to your personal data:

Right of access (Art. 15): You may request a copy of the personal data we hold about you and information about how we process it.
Right to rectification (Art. 16): You may ask us to correct inaccurate or incomplete personal data.
Right to erasure (Art. 17): You may ask us to delete your personal data where it is no longer necessary for the purpose for which it was collected, where you withdraw consent, or where processing is unlawful, subject to our legal retention obligations.
Right to restriction (Art. 18): You may ask us to suspend processing of your data in certain circumstances (e.g., while a dispute about accuracy is pending).
Right to portability (Art. 20): Where processing is based on contract or consent and carried out by automated means, you may request your data in a structured, machine-readable format.
Right to object (Art. 21): You may object at any time to processing based on legitimate interests, including profiling and direct marketing. Where you object to direct marketing, we will stop processing immediately.
Automated decision-making (Art. 22): We do not make decisions about you based solely on automated processing that produce legal or similarly significant effects.
Right to withdraw consent: Where processing is based on consent, you may withdraw it at any time by contacting us or using any unsubscribe or preference control we make available. Withdrawal does not affect the lawfulness of prior processing.

To exercise any of these rights, contact us at storetics@outlook.com. We will respond within one month. We may ask you to verify your identity before processing your request. There is no charge for exercising your rights, except in cases of manifestly unfounded or excessive requests.

If you are an end-buyer whose order data was processed through Storetics because a seller uses the Service, you should exercise your rights directly with that seller. Storetics processes that order data on the seller's behalf and will forward requests to the relevant seller where appropriate.

If you are not satisfied with our response, you have the right to lodge a complaint with the Spanish data protection authority:

Agencia Española de Protección de Datos (AEPD)

C/ Jorge Juan, 6 — 28001 Madrid

https://www.aepd.es

9. Cookies

The Storetics platform uses strictly necessary cookies only. These are small files essential for the platform to operate: session management, authentication, security (CSRF protection), and recording your acknowledgement of this notice. They cannot be disabled without affecting core platform functionality.

We do not use analytics, advertising, or tracking cookies. If this changes, we will update this Policy before deploying any non-essential cookies, and request consent where required by law. You may also clear cookies at any time through your browser settings.

10. Contact and Data Protection Enquiries

For any questions, requests, or concerns relating to this Privacy Policy or the processing of your personal data, please contact us at:

Storetics Technology Sociedad Limitada

Avda. Gran Vía, 94, Esc. E, Baja D

36203 Vigo (Pontevedra), Spain

storetics@outlook.com

We do not have a formally designated Data Protection Officer (DPO), as one is not required under GDPR for our scale of processing. All data protection matters are handled directly by our management team at the address above.

11. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or for other operational reasons.

Material changes will be communicated by email or by a prominent notice on our website at least 14 days before they take effect.

The date at the top of this document indicates when it was last updated. We encourage you to review this Policy periodically. The updated Policy applies from the effective date stated in the updated version.