Privacy policy

1. Data controller

Controller: MerCaps

Contact: info@mercaps.com

Data Protection Officer: privacy@mercaps.com

MerCaps processes your personal data lawfully, fairly and transparently in accordance with GDPR (EU) 2016/679 and applicable Spanish data protection law.

2. Data we collect

• Identification data: name, email, phone.
• Shipping and billing data: address, postal code, city, country.
• Account data: login credentials, order history.
• Payment data: processed by secure providers (Redsys, Stripe); we do not store full card numbers.
• Technical data: IP address, browser, cookies (see Cookie Policy).

3. Purposes and legal basis

We process data for registration, orders, customer support, referrals and marketing based on contract, legitimate interest or consent as applicable.

4. Data retention

We retain data while your account is active or as required by law. Billing data is kept for statutory tax periods (typically 4 years).

5. Recipients and transfers

We do not transfer data outside the EEA unless adequate safeguards are in place.

• Payment providers (Redsys, Stripe).
• Shipping carriers.
• Hosting and email infrastructure providers.

6. Your rights

Exercise your rights at Privacy & data or privacy@mercaps.com.

• Access, rectification, erasure, restriction, objection and portability.
• Withdraw consent at any time.
• Lodge a complaint with the Spanish DPA (AEPD).

7. Security

We use HTTPS, hashed passwords, restricted admin access and regular backups.

8. Minors

The store is not directed at children under 16. We do not knowingly collect data from minors.

9. Policy changes

We may update this policy. The current version will be published on this page with the update date.