Privacy Policy

1. Data Controller

URBNSEA is the data controller responsible for your personal data. For any questions regarding data processing, please contact us at: [email protected]

2. Personal Data We Collect

We collect the following categories of personal data:

• Identity data: first name, last name

• Contact data: email address, phone number, shipping address, billing address

• Transaction data: purchase history, payment details (processed securely by Stripe)

• Technical data: IP address, browser type, device information

• Usage data: pages visited, products viewed, time spent on site

• Marketing data: newsletter preferences and communication consents

3. Legal Basis for Processing

We process your personal data based on the following legal grounds under Article 6 of the GDPR:

• Contract performance: to process your orders, manage deliveries, and provide customer support

• Legitimate interest: to improve our website, prevent fraud, and analyze website usage

• Consent: for marketing communications and non-essential cookies

• Legal obligation: to comply with tax, accounting, and other legal requirements

4. How We Use Your Data

Your personal data is used to:

• Process and fulfill your orders

• Manage your account and provide customer support

• Send order confirmations and delivery updates

• Send marketing communications (with your consent)

• Improve our website and product offerings

• Prevent fraud and ensure website security

• Comply with legal and regulatory obligations

5. Data Sharing

We may share your personal data with:

• Payment processors (Stripe) for secure transaction processing

• Print-on-demand partners for order fulfillment

• Shipping carriers for delivery

• Google Analytics for website analysis (anonymized)

We do not sell your personal data to third parties. All our partners are required to comply with GDPR and process data only as instructed by us.

6. International Transfers

Some of our service providers may process data outside the European Economic Area (EEA). In such cases, we ensure appropriate safeguards are in place, including Standard Contractual Clauses approved by the European Commission.

7. Data Retention

We retain your personal data for as long as necessary to fulfill the purposes for which it was collected:

• Account data: until you request account deletion

• Transaction data: 7 years (legal/tax requirements)

• Marketing consent: until withdrawn

• Technical/usage data: 26 months

8. Your Rights (GDPR Articles 15-22)

Under the GDPR, you have the following rights:

• Right of access: request a copy of your personal data

• Right to rectification: correct inaccurate data

• Right to erasure ('right to be forgotten'): request deletion of your data

• Right to restrict processing: limit how we use your data

• Right to data portability: receive your data in a portable format

• Right to object: object to processing based on legitimate interest

• Right to withdraw consent: withdraw consent at any time for marketing

• Right to lodge a complaint: contact your national data protection authority

To exercise any of these rights, please contact us at [email protected]. We will respond within 30 days.

9. Cookies

We use cookies and similar technologies to enhance your browsing experience. You can manage your cookie preferences through our cookie consent banner. For more details, see our cookie settings.

• Essential cookies: required for website functionality (no consent needed)

• Analytics cookies: help us understand website usage (requires consent)

• Marketing cookies: used for personalized advertising (requires consent)

10. Data Security

We implement appropriate technical and organizational measures to protect your personal data, including:

• SSL/TLS encryption for all data transfers

• Secure payment processing through PCI-compliant providers

• Regular security assessments

• Access controls and authentication

11. Changes to This Policy

We may update this Privacy Policy from time to time. Any changes will be posted on this page with an updated revision date. We encourage you to review this policy periodically.

12. Contact & Supervisory Authority

For any questions or concerns about this Privacy Policy or our data practices, please contact us at:

Email: [email protected]

You also have the right to lodge a complaint with the Portuguese Data Protection Authority (CNPD):

Comissão Nacional de Proteção de Dados

https://www.cnpd.pt