1. Data Controller

The Data Controller is Lichi Skincare S.L. (full identifying details, including CIF and Registry entry).

2. Types of Data Collected

• Identifying Data: Name, address, email, phone.
• Payment Data: Transaction processing information (full card details are not stored).
• Navigation Data: IP address, device, cookies.
• Commercial Data: Purchase history, newsletter subscriptions.

3. Purposes and Legal Basis

• Contract Execution (Art. 6.1.b GDPR): Order management, billing, and service provision.
• Legal Obligation (Art. 6.1.c GDPR): Tax and accounting compliance.
• Consent (Art. 6.1.a GDPR): Newsletter, marketing cookies.
• Legitimate Interest (Art. 6.1.f GDPR): Site security, fraud prevention.

4. Data Retention Periods

• Customer Data: Contract duration + 5 years (tax/legal purposes).
• User Accounts: Until the user requests account cancellation.
• Newsletters: Until consent is withdrawn.

5. Recipients and International Transfers

Data is only transferred when necessary for service provision: courier companies (InPost, GLS), payment gateways (PayPal, Bizum, Redsys), web platform (WooCommerce, WPML).

• International Transfers: The use of Google Analytics and Facebook Pixel may involve transferring data to the USA. Lichi Skincare S.L. guarantees these transfers comply with GDPR by utilizing the EU-US Data Privacy Framework or Standard Contractual Clauses (SCC).

6. User Rights

Users have the right to access, rectification, erasure, restriction, objection, data portability, and withdrawal of consent. Requests should be sent to: info@lichiskincare.com. Users may file a complaint with the Spanish Data Protection Agency (AEPD).