Powered by Smartsupp

Privacy Policy

Last updated: 10/01/2025

This Privacy Policy explains how Trippy Haven (“we”, “us”, “our”), operating the website Trippy Haven (the “Site”), collects, uses, and protects your personal data when you visit our Site, create an account, or place an order. We are committed to complying with applicable data protection laws, including the EU General Data Protection Regulation (GDPR).

By using this Site, you agree to the practices described in this Privacy Policy.

1. Data controller

The data controller responsible for your personal data is:

Trippy Haven
Av. de las Regiones, 2, 28941 Fuenlabrada, Madrid, Spain
Email: info@trippyhaven.es

If you have any questions about this Policy or how we handle your data, you can contact us at the email above.

2. What data we collect

We may collect and process the following types of personal data:

  1. Identification and contact data

    • Name

    • Billing and shipping address

    • Email address

    • Phone number (if provided)

  2. Account data

    • Username and password

    • Order history

    • Preferences (e.g. language, marketing preferences)

  3. Order and payment data

    • Products ordered

    • Order dates and amounts

    • Partial payment information (we do not store full card numbers; payments are processed by secure third-party payment providers)

  4. Technical and usage data

    • IP address

    • Device information, browser type, operating system

    • Pages visited, time and date of visits, clickstream data

    • Cookies and similar tracking technologies (see Section 6)

  5. Communication data

    • Messages you send via contact forms or email

    • Support requests and related notes

We do not intentionally collect special categories of personal data (e.g. health data) unless you voluntarily provide such information in communications with us.

3. How we use your data and legal bases

We process your personal data for the following purposes and on the following legal bases (under GDPR):

  1. To process and deliver your orders

    • Managing orders, payments, and shipping

    • Sending order confirmations and updates
      Legal basis: Performance of a contract (Art. 6(1)(b) GDPR)

  2. To create and manage your account

    • Account registration and login

    • Saving preferences and order history
      Legal basis: Performance of a contract and legitimate interests (Art. 6(1)(b), (f) GDPR)

  3. To provide customer support

    • Answering questions, resolving issues, and handling complaints
      Legal basis: Performance of a contract and legitimate interests (Art. 6(1)(b), (f) GDPR)

  4. To send service-related communications

    • Notices about changes to our terms, policies, or services
      Legal basis: Legal obligations and performance of a contract (Art. 6(1)(c), (b) GDPR)

  5. To send marketing communications (where applicable)

    • Newsletters, offers, and updates (only with your consent or where allowed by law)
      Legal basis: Consent and/or legitimate interests (Art. 6(1)(a), (f) GDPR)
      You can opt out at any time by using the unsubscribe link or contacting us.

  6. To improve and protect our Site

    • Analytics, statistics, and performance monitoring

    • Preventing fraud, abuse, and security incidents
      Legal basis: Legitimate interests (Art. 6(1)(f) GDPR)

4. Cookies and tracking technologies

We use cookies and similar technologies to:

  • Enable essential Site functions (e.g. cart, login)

  • Remember your preferences

  • Analyze traffic and usage patterns

  • Support marketing and advertising (where applicable)

You can manage or disable cookies through your browser settings. Some features of the Site may not function properly if cookies are disabled.

We may use third-party analytics tools (e.g. Google Analytics) subject to their own privacy policies. Where required, we will obtain your consent for non-essential cookies.

5. Data sharing and third-party recipients

We do not sell your personal data. We may share your data with trusted service providers who act as data processors on our behalf, including:

  • Payment processors

  • Shipping and logistics providers

  • IT hosting and infrastructure providers

  • Analytics and marketing tools (where applicable)

  • Professional advisors (e.g. legal, accounting) where necessary

These providers are only allowed to process your data according to our instructions and in compliance with applicable data protection laws.

We may also disclose data where required by law, during legal proceedings, or to protect our rights, property, or safety.

6. International transfers

If your personal data is transferred outside the EU/EEA, we will ensure an adequate level of protection through:

  • Adequacy decisions by the European Commission, or

  • Standard contractual clauses (SCCs), or

  • Other appropriate safeguards as allowed by law.

You may contact us for more information about specific safeguards used.

7. Data retention

We retain your personal data only for as long as necessary for the purposes described in this Policy, including:

  • For orders: for as long as required by tax, accounting, and legal obligations.

  • For accounts: as long as your account is active.

  • For marketing: until you withdraw your consent or object to processing.

  • For logs and security data: for a reasonable period to detect and prevent abuse.

When data is no longer needed, it will be securely deleted or anonymized.

8. Your rights under GDPR

If you are in the EU/EEA, you have the following rights regarding your personal data:

  • Right of access: To obtain confirmation and a copy of your data.

  • Right to rectification: To correct inaccurate or incomplete data.

  • Right to erasure (“right to be forgotten”): To request deletion in certain circumstances.

  • Right to restriction of processing: To limit processing in specific situations.

  • Right to data portability: To receive your data in a structured, commonly used format and have it transferred to another controller.

  • Right to object: To object to processing based on legitimate interests or to direct marketing.

  • Right to withdraw consent: Where processing is based on consent, you can withdraw it at any time.

To exercise your rights, contact us at info@trippyhaven.es. We may need to verify your identity before responding.

You also have the right to lodge a complaint with your local data protection authority, for example:

  • Spain: Agencia Española de Protección de Datos (AEPD)

9. Security

We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, loss, or misuse. However, no method of transmission or storage is completely secure, and we cannot guarantee absolute security.

10. Children

Our Site is not intended for use by children under 18. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us so we can delete it.

11. Changes to this Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. The updated version will be posted on this page with a revised “Last updated” date. We encourage you to review this Policy regularly.