Privacy Policy

This Privacy Policy describes how Isla Regalos ("we", "us", "our"), accessible at islaregalos.com, collects, uses, and protects personal data in accordance with Regulation (EU) 2016/679 (General Data Protection Regulation - GDPR) and Spanish Organic Law 3/2018 on Personal Data Protection and Digital Rights Guarantee (LOPDGDD).

Data Controller: Isla Regalos, located in Spain. Contact: [email protected]

By using this website, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with these terms, please refrain from using our services.

2.1. Browsing Data: We automatically collect certain information when you visit our site, including: IP address (anonymized where possible), browser type and version, operating system, referring URL, pages visited and time spent, date and time of access, and interaction with affiliate links.

2.2. Cookies and Similar Technologies: We use cookies and similar tracking technologies as detailed in our Cookie Policy. This includes both our own cookies and third-party cookies from Amazon Associates and analytics providers.

2.3. Voluntarily Provided Information: If you contact us via email, we collect the information you provide, including your email address and message content.

2.4. We DO NOT collect: sensitive personal data (racial origin, political opinions, religious beliefs, health data, sexual orientation), payment information (all transactions occur directly on Amazon), or data from minors under 14 years of age intentionally.

We process your personal data based on the following legal grounds:

3.1. Legitimate Interest (Article 6.1.f GDPR): To operate and improve our website, analyze traffic and usage patterns, ensure security and prevent fraud, and display relevant product recommendations. We have conducted a balancing test to ensure our legitimate interests do not override your fundamental rights and freedoms.

3.2. Consent (Article 6.1.a GDPR): For the use of non-essential cookies and similar tracking technologies. You may withdraw your consent at any time through your browser settings or our cookie management tools.

3.3. Legal Obligation (Article 6.1.c GDPR): To comply with applicable laws, regulations, and legal processes.

3.4. Contract Performance (Article 6.1.b GDPR): To respond to your inquiries when you contact us.

We use collected data exclusively for the following purposes:

- To provide and maintain our website functionality

- To analyze website traffic and user behavior to improve our content and services

- To track affiliate conversions through the Amazon Associates program

- To respond to your inquiries and provide customer support

- To comply with legal obligations

- To detect, prevent, and address technical issues and security threats

We DO NOT use your data for: automated individual decision-making or profiling with legal effects, selling or renting to third parties, unsolicited marketing communications (we do not send newsletters), or purposes incompatible with those stated above.

We share personal data only with the following categories of recipients:

5.1. Amazon Associates Program: As participants in the Amazon Associates affiliate program, Amazon receives data about clicks on affiliate links and subsequent purchases. Amazon processes this data according to its own privacy policy.

5.2. Hosting Providers: Our website is hosted on servers that may process technical data necessary for website operation.

5.3. Analytics Providers: We may use analytics services that collect anonymized or aggregated data about website usage.

5.4. Legal Requirements: We may disclose data when required by law, court order, or governmental authority.

We DO NOT sell, rent, or trade your personal data to third parties for their marketing purposes.

Some of our service providers (such as Amazon and hosting services) may process data outside the European Economic Area (EEA). When such transfers occur, we ensure appropriate safeguards are in place:

- Standard Contractual Clauses (SCCs) approved by the European Commission

- Adequacy decisions by the European Commission for certain countries

- Other appropriate safeguards as required by Article 46 GDPR

You may request information about the specific safeguards applied to your data by contacting us at [email protected]

We retain personal data only for as long as necessary for the purposes described in this policy:

- Analytics data: Maximum 26 months, then automatically deleted or anonymized

- Server logs: Maximum 90 days

- Affiliate tracking data: According to Amazon's retention policies (typically 24 hours to 90 days)

- Email communications: Until resolution of the inquiry, plus 3 years for legal compliance

- Cookie consent records: 3 years from the date of consent

After these periods, data is securely deleted or anonymized so that it can no longer be associated with you.

As a data subject in the European Union, you have the following rights:

8.1. Right of Access (Article 15): Obtain confirmation of whether we process your data and request a copy.

8.2. Right to Rectification (Article 16): Request correction of inaccurate or incomplete data.

8.3. Right to Erasure (Article 17): Request deletion of your data when it is no longer necessary, you withdraw consent, or you object to processing.

8.4. Right to Restriction (Article 18): Request limitation of processing under certain circumstances.

8.5. Right to Data Portability (Article 20): Receive your data in a structured, commonly used format.

8.6. Right to Object (Article 21): Object to processing based on legitimate interests, including profiling.

8.7. Right to Withdraw Consent: Withdraw consent at any time without affecting the lawfulness of prior processing.

8.8. Right to Lodge a Complaint: File a complaint with the Spanish Data Protection Agency (AEPD) at www.aepd.es or your local supervisory authority.

To exercise these rights, contact us at [email protected]. We will respond within one month, extendable by two additional months for complex requests. Identity verification may be required.

We implement appropriate technical and organizational measures to protect personal data against unauthorized access, alteration, disclosure, or destruction, including:

- HTTPS encryption for all data transmission

- Regular security updates and monitoring

- Access controls and authentication

- Secure hosting infrastructure

However, no method of transmission over the Internet or electronic storage is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.

Our website is not directed at children under 14 years of age. We do not knowingly collect personal data from children under 14. If you are a parent or guardian and believe your child has provided us with personal data, please contact us immediately at [email protected], and we will take steps to delete such information.

In accordance with Spanish law (LOPDGDD Article 7), the processing of personal data of minors under 14 requires parental or guardian consent.

We reserve the right to modify this Privacy Policy at any time. Changes will be effective immediately upon publication on this page with an updated "Last updated" date.

We encourage you to review this policy periodically. Your continued use of the website after any changes constitutes acceptance of the modified policy.

For material changes that significantly affect your rights, we will make reasonable efforts to provide notice through the website.

For any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Email: [email protected]

We will endeavor to respond to all legitimate requests within the timeframes required by applicable law.