Privacy Policy

The data controller is Bianca's Pots & Pans, a sole trader based in Pueblo Nuevo de Guadiaro, 11360 San Roque, Cádiz, Spain. For any privacy-related enquiry or request, contact us at lucsoft.sl@gmail.com.

When you sign in with Google, we receive your name, email address, and profile photo from your Google account.

When you place an order, we collect your delivery address, payment method choice, and order details (items, quantities, totals).

We also collect usage data through Firebase Analytics and Google Analytics (pages visited, actions taken, device and browser type).

Order fulfilment — to process and deliver your orders. Legal basis: performance of a contract (Art. 6(1)(b) GDPR).

Account management — to let you view your order history and manage your account. Legal basis: performance of a contract (Art. 6(1)(b) GDPR).

Service improvement — to understand how users interact with the platform. Legal basis: our legitimate interest in improving the service (Art. 6(1)(f) GDPR).

Communication — to send order confirmations and status updates. Legal basis: performance of a contract (Art. 6(1)(b) GDPR).

We use session cookies set by Firebase Authentication to keep you signed in. These are strictly necessary and cannot be disabled.

We also use Google Analytics and Firebase Analytics to measure usage. These tools may set analytics cookies on your device. You can opt out of Google Analytics by installing the Google Analytics Opt-out Browser Add-on available at tools.google.com/dlpage/gaoptout.

Google LLC (United States) — Firebase Authentication, Firestore database, Firebase Analytics, and Google Analytics. Google is certified under the EU-U.S. Data Privacy Framework.

We do not sell your personal data. We do not share it with any other third party except as required by law.

Account and order data is retained for as long as your account is active and for up to 5 years after your last order, as required by Spanish tax law (Ley General Tributaria).

Analytics data is retained in accordance with Google's standard retention policies.

You can request deletion of your account and associated data at any time by emailing us.

Under the GDPR and Spanish data protection law (LOPDGDD), you have the right to: access your personal data; rectify inaccurate data; request erasure ('right to be forgotten'); restrict or object to processing; and request data portability.

To exercise any of these rights, email us at lucsoft.sl@gmail.com. We will respond within 30 days.

If you believe we have not handled your data correctly, you have the right to lodge a complaint with the Spanish Data Protection Agency (Agencia Española de Protección de Datos — AEPD) at www.aepd.es.

We may update this policy from time to time. The current version will always be published on this page. Significant changes will be communicated by email where possible.