Shipping throughout Europe

Privacy Policy

1. General Information and Data Controller

Cacto Studio values the privacy of its users. This Privacy Policy explains how we collect, use, share, and protect your personal data when you visit and make purchases in our e-commerce. This policy is fully compliant with the General Data Protection Regulation (GDPR — EU Regulation 2016/679).

The data controller is Cacto Studio, headquartered in Girona, Spain. For any queries regarding the privacy of your data, you can contact us via the email address provided on our website.

2. Data We Collect

We collect only the data strictly necessary to process your orders and improve your shopping experience. This includes:

  • Identification and contact data: First name, surname, email address, and phone number.

  • Delivery and billing data: Shipping address, billing address, and tax information (such as VAT number, where applicable).

  • Browsing data: IP address, device type, cookies, and browsing history on our website, in accordance with our Cookie Policy.

3. Legal Basis and Purpose of Processing

We process your personal data based on the following legal grounds under the GDPR:

  • Contract performance: To process your purchases, prepare and dispatch your orders, and ensure they are delivered correctly to your address.

  • Consent: To send our newsletter with news, festive inspiration, and promotions, if you choose to subscribe. You may unsubscribe at any time and at no cost.

  • Legitimate interest: To ensure the security of our website, prevent fraud, and continuously improve our services.

  • Compliance with legal obligations: To meet the legal, tax, and accounting requirements established by European and Spanish legislation.

4. Sharing Data with Third Parties

Cacto Studio does not sell or trade your personal data to third parties. We share your information exclusively with partners essential to the provision of our service:

  • Transport and logistics companies responsible for delivering your orders.

  • Secure payment platforms that process financial transactions using encryption.

  • Web hosting services and email marketing tools.

All our partners rigorously comply with the GDPR and are located within the European Union or operate under equivalent legal guarantees.

5. Data Retention

Your personal data is retained only for the period strictly necessary to fulfil the purposes described in this policy, including the legal, tax, and accounting obligations set out in European and Spanish legislation (generally up to 5 years for billing data).

6. Your Rights (GDPR)

As a data subject, you have the full right to:

  • Access: View the personal data we hold about you.

  • Rectification: Correct inaccurate or incomplete information.

  • Erasure: Request the deletion of your data from our database, where applicable.

  • Restriction and objection: Limit or object to the processing of your data in certain circumstances.

  • Portability: Receive your data in a structured format and transfer it to another entity.

  • Complaint: Lodge a complaint with the Agencia Española de Protección de Datos (AEPD), at www.aepd.es, if you believe your data is being processed inappropriately.

To exercise any of these rights, simply send us an email with your request. We will respond within a maximum of 30 days.