Privacy policy

1. Data controller

• Controller: [Full legal name pending]
• Trade name: Sésara
• VAT / Tax ID: [pending]
• Address: [pending]
• Email: hola@sesara.es

2. Data we collect

We collect only data strictly necessary for the service you request.

2.1 Wholesale form

• Name
• Company
• Professional email
• Country
• Message (optional)

2.2 DTC store orders

Payment data (card number, holder) is collected and processed directly by our payment provider Stripe Payments Europe Limited (PCI-DSS compliant). Sésara does not store any banking data.

• Name, surname
• Shipping address
• Email
• Phone (for delivery incidents)

3. Purposes and legal basis

• Respond to your request (dossier, enquiry). Basis: consent (art. 6.1.a GDPR).
• Process your order and delivery, including invoicing. Basis: contract performance (art. 6.1.b).
• Fulfil legal obligations (tax, accounting). Basis: legal obligation (art. 6.1.c).
• Send commercial communications (newsletter), only with your express consent. You may unsubscribe at any time. Basis: consent (art. 6.1.a).

4. Retention period

• Wholesale leads: up to 2 years from last contact, unless earlier removal is requested.
• Customers with orders: duration of the commercial relationship plus 6 years for legal obligations.
• Web contact data: up to 1 year from receipt.

5. Recipients (processors)

We share strictly necessary data with the following processors, all under art. 28 GDPR agreements:

• Google (Sheets, Gmail): lead storage. Safeguards: EU Standard Contractual Clauses.
• Cloudflare Inc. (hosting, CDN). Safeguards: EU SCCs + DPA.
• Hostinger (email hola@sesara.es). EU servers.
• Stripe Payments Europe (DTC payments). PCI-DSS Level 1.
• n8n (automation). EU instance.

We do not transfer data to third parties for commercial purposes other than those described.

6. International transfers

Some providers (Google, Stripe, Cloudflare) may process data outside the EEA. In all cases we apply adequate safeguards via Standard Contractual Clauses approved by the European Commission and/or the EU-US Data Privacy Framework.

7. Your rights

• Access your personal data.
• Rectify inaccurate or incomplete data.
• Erase your data (right to be forgotten), when applicable.
• Restrict processing in certain cases.
• Object to processing based on your particular situation.
• Portability: receive your data in a structured format and transfer it to another controller.
• Withdraw consent at any time without affecting past lawful processing.

8. How to exercise your rights

Email hola@sesara.es stating the right you wish to exercise. We will reply within one month maximum. We may request a copy of an official ID to verify your identity.

9. Complaint to supervisory authority

If you believe your data is not being processed lawfully you may lodge a complaint with the Spanish Data Protection Agency (AEPD): aepd.es, or the supervisory authority in your country of residence.

10. Updates

We may update this policy occasionally. The current version, dated on this page, will always be available here.

Questions about this policy: hola@sesara.es.