Privacy Policy

Last updated: January 2026

At Brotika we respect your privacy and we take the protection of your personal data seriously. This policy explains what information we collect, how we use it, who we share it with and what rights you have over it.

1. Data controller

  • Controller: Brotika
  • Address: Avenida Pío 5, Madrid, Spain
  • Email: hola@brotika.com
  • Brand: Brotika

2. What data we collect

Data you give us

  • Account and orders: first name, last name, postal address, email, phone.
  • Payments: card data is processed directly by our payment provider (Shopify Payments / Stripe / PayPal). Brotika does not store full card numbers.
  • Communications: emails or messages you send us via chat, email or social media.
  • Newsletter: your email, if you subscribe voluntarily.

Data we collect automatically

  • Browsing data: device type, operating system, browser, pages visited (via analytics cookies; see Cookie Policy).
  • IP address, to detect fraud and improve security.

3. What we use it for

  • To process and ship your order (legal basis: performance of the contract).
  • To assist you when you contact us (legal basis: performance of the contract / legitimate interest).
  • To meet tax and accounting obligations (legal basis: legal obligation).
  • To send you the newsletter if you've subscribed (legal basis: explicit consent, revocable at any time).
  • To improve the website and shopping experience through analytics (legal basis: consent; analytics cookies can be declined).

4. How long we keep it

  • Order data: 5 years from the last purchase (tax obligation).
  • Newsletter data: until you unsubscribe.
  • Browsing data: 24 months maximum.
  • After those periods, we delete or anonymize it.

5. Who we share it with

Only with the providers strictly necessary to deliver your order and run the store. They all sign data processing agreements compliant with the GDPR:

  • E-commerce platform (Shopify Inc.)
  • Payment processors (Shopify Payments, Stripe, PayPal)
  • Courier companies
  • Transactional and marketing email providers
  • Tax and accounting advisors

We never sell your data to third parties for commercial purposes.

6. International transfers

Some of our providers (such as Shopify) are based in the USA. Transfers are carried out under the safeguards set out in the GDPR (the European Commission's standard contractual clauses).

7. Your rights

You can exercise the following rights at any time:

  • Access: find out what data of yours we hold.
  • Rectification: correct inaccurate data.
  • Erasure ("right to be forgotten"): delete your data when it's no longer needed.
  • Objection: object to a specific processing activity.
  • Restriction: have us keep your data without using it.
  • Portability: receive your data in a structured format.
  • Withdraw the consent given for newsletter or cookies.

To exercise them, email us at hola@brotika.com. We respond within 30 days at most.

If you believe we haven't handled your request properly, you have the right to lodge a complaint with the Spanish Data Protection Agency.

8. Security

We apply appropriate technical and organizational measures to protect your data: HTTPS encryption across the whole site, restricted admin access, backups, and certified providers. If we detected a security breach that could affect you, we would notify you within 72 hours.

9. Minors

Brotika is not aimed at children under 14. If we discover we have collected a minor's data without parental consent, we delete it immediately.

10. Changes

We may update this policy to adapt it to regulatory or business changes. The version in force is the one published on this page; significant changes are notified by email.