Privacy policy
Last updated: 28/03/2026
1. Data Controller
Controller: Aura Maya S.L. (hereinafter, “Aura Maya”)
Tax ID: B22713721
Address: Calle Solares nº15, 3º F, 18009 Granada, Spain
Email: info@auramayajewelry.com
Phone / WhatsApp: +1 (555) 948-8465
Aura Maya processes personal data in accordance with:
- Regulation (EU) 2016/679 (GDPR)
- Organic Law 3/2018 (LOPDGDD)
- applicable international data protection regulations where appropriate
2. Data we process and its origin
We collect data when:
You browse the website
Technical data:
- IP
- online identifiers
- cookies
- pages visited
- browsing events
You place an order or register
Identification and contact data:
- name
- surnames
- phone
- shipping/billing address
- order details
- information necessary for payment management (we do not store full card numbers)
You contact us
Through:
- WhatsApp Business
- web forms
- social media
Marketing and communications
When:
- you subscribe to the newsletter
- you accept advertising cookies
- you participate in promotions
- you complete surveys or reviews
Origin: the user themselves and similar technologies (see Cookie Policy).
3. Purposes and legal bases
We process your data for:
Management of purchases, payments, shipments, and customer service
Legal basis:
contract execution (Art. 6.1.b GDPR)
Includes:
- logistics management
- incidents
- returns
- warranty
- reasonable fraud prevention
Additional basis:
legitimate interest (Art. 6.1.f GDPR)
Transactional communications
Examples:
- order confirmation
- shipping status
- incidents
Legal basis:
contract (6.1.b)
Query handling
Form / email / WhatsApp / social media
Legal basis:
legitimate interest (6.1.f)
or pre-contractual measures (6.1.b)
Marketing
Includes:
- newsletter
- personalized campaigns
- remarketing
- abandoned cart recovery
Legal basis:
consent (6.1.a)
You can withdraw it at any time.
Analytics and service improvement
Includes:
- web metrics
- A/B testing
- non-intrusive segmentation
- campaign measurement
Legal basis:
consent (analytical/advertising cookies)
or legitimate interest for:
- security
- system stability
- fraud prevention
The corresponding balancing test has been carried out in accordance with the GDPR.
Digital advertising and customized audiences
We may use technologies such as:
- advertising pixels
- tracking tags
- online identifiers
for:
- measuring campaign performance
- creating customized audiences
- optimizing ads
Always with the user's prior consent in accordance with cookie regulations.
Compliance with legal obligations
Includes:
- tax regulations
- accounting regulations
- consumer regulations
- complaint forms
Legal basis:
legal obligation (6.1.c)
Security and fraud prevention
Includes:
reasonable monitoring of anomalous transactions and system protection
Legal basis:
legitimate interest (6.1.f)
Commercial profiles
We may create basic profiles based on:
- purchase history
- email interaction
- web browsing
Purpose:
product recommendation
We do not make automated decisions with legal effects on the user.
4. Data retention
Customers:
during the contractual relationship + up to 6 years (commercial obligations)
Tax data:
up to 4 years
Support inquiries:
up to 24 months
Marketing:
until consent is withdrawn or 24 months of inactivity
Cookies:
according to Cookie Policy
Afterwards:
anonymization or secure deletion
5. Recipients and data processors
We do not transfer data to third parties except:
- legal obligation
- operational necessity of the service
We work with providers who access data following our instructions:
E-commerce platform
Shopify or equivalent operators
Certain functionalities of the platform may imply technical co-responsibility in data processing.
Payment gateways
Stripe
Shop Pay
PayPal
or equivalent operators
Email marketing
Klaviyo or equivalent operators
Corporate email
Google Workspace or equivalent operators
Messaging
WhatsApp Business
The use of this channel may involve international transfers in accordance with Meta Platforms' policy.
Analytics
Google Analytics
Google Tag Manager
(prior consent)
Digital advertising
Meta
Google Ads
TikTok Ads
(prior consent)
These platforms may process online identifiers using advertising technologies.
Logistics and transport
National and international logistics operators necessary for order delivery
Technical services
IT support
cybersecurity
fraud prevention
technological infrastructure
6. International transfers
Some providers may be located outside the European Economic Area.
In these cases, we apply:
- European Commission adequacy decisions when they exist
- standard contractual clauses (SCC)
- additional security measures
These transfers may involve countries such as:
United States
Canada
other countries necessary for the provision of international logistics services
You can request additional information about these guarantees.
7. Rights of individuals
You can exercise your rights of:
- access
- rectification
- erasure
- objection
- restriction
- data portability
- withdrawal of consent
Email:
You can also file a complaint with:
Spanish Data Protection Agency
www.aepd.es
Users residing in Mexico may exercise their rights in accordance with applicable local regulations regarding personal data protection.
8. Mandatory nature of data
Fields marked with (*) are mandatory.
Without them:
we will not be able to provide the service.
You must provide truthful and updated data.
9. Commercial communications
We will only send communications:
if there is consent
or a prior contractual relationship in accordance with Art. 21 LSSI
You can unsubscribe at any time.
10. Minors
Our services are not intended for children under 14 years of age.
If we detect data processed without valid consent:
it will be deleted.
11. Security
We apply appropriate technical and organizational measures:
- encryption in transit
- access control
- backup copies
- data minimization
- password policies
However:
no system is completely secure.
12. External links
The site may contain external links.
Aura Maya is not responsible for their privacy policies.
13. Changes to the policy
We may update this policy when necessary.
We will always publish the current version with an updated date.
Contact
Aura Maya S.L.
Calle Solares nº15, 3º F
18009 Granada
España
Email: info@auramayajewelry.com
Phone / WhatsApp: +1 (555) 948-8465