Privacy Policy of KISAQO Coffee

Last updated: February 11, 2026

This Privacy Policy governs the processing of personal data on https://www.kisaqo.com (hereinafter, "the Website") by KISAQO Coffee (hereinafter, "KISAQO", "we" or "our"), with registered office at Calle Gran Capitán, 80, 04003 Almería (Spain), NIF Z1922196E, telephone +34 614 417 057, email: office@kisaqo.com.

Complies with:

- Regulation (EU) 2016/679 (GDPR)

- Organic Law 3/2018, of December 5, on Personal Data Protection and guarantee of digital rights (LOPDGDD)

- Law 34/2002, of July 11, on Information Society Services and Electronic Commerce (LSSI-CE)

Privacy contact: office@kisaqo.com (Data Protection Officer, if appointed: [DPO email]).

1. Applicable processing principles (Art. 5 GDPR)

We process your data lawfully, fairly, transparently, for specified purposes, minimising data collection, ensuring accuracy, limiting retention periods, maintaining integrity and confidentiality.

2. Information we collect

a) Data provided: Name, ID/NIF (billing), address, phone, email, bank details (tokenised).

b) Automatic data: IP, browser type, OS, pages visited (see Cookie Policy).

3. Legal bases for processing

- Contract performance (Art. 6.1.b GDPR): Orders, shipping, payments.

- Legal obligation (Art. 6.1.c): Tax (5 years, Law 58/2003 IRPF), warranties (2 years, RDL 1/2007).

- Consent (Art. 6.1.a): Marketing (opt-out).

- Legitimate interests (Art. 6.1.f): Fraud prevention, analytics (balanced against your rights).

4. Processing purposes

- Order/shipping/payment management.

- Customer service.

- Marketing (only with consent; right to object under Art. 21 LOPDGDD).

- Website analytics/service improvement.

- Legal compliance/fraud prevention.

5. Recipients and international transfers

Shared with: Stripe/PayPal (payments), carriers, Hostinger (hosting). All with Data Processor agreements (Art. 28 GDPR).

Transfers outside EEA: EU Standard Contractual Clauses (e.g., Google US).

6. Data retention periods

| Data | Period | Basis |

|------|--------|-------|

| Orders/invoices | 5 years (tax) + 10 years accounting | Law 58/2003 |

| Marketing | Until withdrawal | Consent |

| Web logs | 12 months | Legitimate interest |

Secure deletion or anonymization thereafter.

7. Your rights (Art. 15-22 GDPR)

Access, rectification, erasure, restriction, portability, objection.

Exercise: office@kisaqo.com (model form at www.aepd.es). Response: 1 month. Complaint: AEPD (www.aepd.es).

Automated decisions: None except basic marketing profiling (right to object).

8. Cookies

See [Cookie Policy](/cookie-policy).

9. Minors

Website for users 18+. We do not knowingly process minors' data.

10. Security

SSL encryption, firewalls, pseudonymization, DPIA assessments if applicable. Breach notification: 72h to AEPD/affected users (Art. 33-34 GDPR).

11. Third parties

Our providers comply with GDPR. Review their policies.

12. Changes

Significant changes notified by email/banner. Continued use = acceptance.

Questions: office@kisaqo.com.