Privacy Policy
Legal Information
In compliance with Article 10 of Law 34/2002, of July 11, on Information Society Services and Electronic Commerce (LSSI-CE), we provide the following identifying information:
- Company name: Elena Sas (Sas Mandalina)
- NIF: 54954454W
- Registered office: Av. Cortes Valencianas 9, ground floor. L'Eliana, 46183, Valencia.
- Contact email: helena@helenasas.es
- Phone: +34 630 91 69 23
- Activity: Online sale of cosmetic and facial care products
1. Data Controller
Elena Sas (Sas Mandalina), henceforth «"THE ONE RESPONSIBLE"», is the Data Controller of the User's personal data and informs you that this data will be processed in accordance with the provisions of:
- Regulation (EU) 2016/679 of 27 April 2016 (GDPR) on the protection of natural persons with regard to the processing of personal data
- Organic Law 3/2018, of December 5, on the Protection of Personal Data and Guarantee of Digital Rights (LOPDGDD)
2. Personal Data We Collect and Purpose
2.1. Data Collected During Purchase
Legal basis: Contract execution
When you place an order in our online store, we collect the following data:
Required information:
- Name and surname
- Email address
- Contact phone number
- Shipping address (street, number, postal code, city, province, country)
- Billing address (if different from shipping address)
- NIF/DNI (for invoicing)
Purpose of treatment:
- Order management and processing
- Invoice issuance
- Product shipment management
- Communications related to your order (confirmation, shipment, issues)
- Handling claims, returns or warranties
- Compliance with legal obligations (retaining invoices for 6 years)
Storage period:
- Customer data with completed order: 6 years since the last purchase (legal tax obligation)
- Data on abandoned shopping carts without completing a purchase: 30 days
2.2. Payment Details
Legal basis: Contract execution
Important: We do NOT store your credit/debit card data on our servers.
Payment details are processed directly by:
- Redsys (secure payment gateway), whose privacy policy can be found at: https://www.redsys.es/politica-privacidad
We only receive confirmation of whether the payment has been approved or rejected, but we never have access to your complete card details.
2.3. User Account Details
Legal basis: Contract execution + Consent
If you create an account on our website, in addition to purchase details, we store:
- Order history
- Saved addresses
- Communication preferences
Purpose:
- Facilitate future purchases
- Managing your customer area
- Personalized product recommendations
Storage period:
- As long as your account remains active
- If it carries 3 years without activity, We will delete your account after notifying you by email.
2.4. Newsletter and Commercial Communications
Legal basis: Consent
If you subscribe to our newsletter using the specific form or by checking the box during checkout, we collect:
- Email address
- Name (optional)
Purpose:
- Sending commercial communications about our products, offers and news
- Facial care tips and valuable content
Tool used: Brevo (email marketing provider), whose privacy policy can be found at: https://www.brevo.com/legal/privacypolicy/
Storage period:
- Until you request to unsubscribe from the newsletter
- You can unsubscribe at any time using the link that appears in all our emails.
2.5. Contact Form
Legal basis: Consent
When you use our contact form, we collect:
- Name
- Telephone (optional)
- Message/inquiry
Purpose:
- Answer your inquiry
- Customer service
Storage period: 1 year from the moment we respond to your inquiry
2.6. Opinions and Reviews
Legal basis: Consent
If you leave a review about a product or service:
- Name or alias (whichever you choose to display)
- Comment/Review
- Assessment
Reviews can be published in:
- Our website
- Google Reviews
Storage period: As long as the product remains on sale and you do not request its removal
3. Transfer of Data to Third Parties
THE PERSON IN CHARGE We do NOT sell or transfer your personal data to third parties for commercial purposes.
However, in order to provide the online sales service, It is necessary to share your data with the following service providers (data processors):
3.1. Suppliers Necessary for the Execution of the Service
| Supplier | Shared data | Purpose | Data location |
|---|---|---|---|
| Redsys | Billing information | Payment processing | Spain/EU |
| GLS / UPS | Name, phone number, shipping address | Shipping management | Spain/EU |
| Hostinger | All data from the website | Hosting and storage | EU |
| Brevo | Email, name (if subscribed) | Email marketing | EU/USA with standard clauses |
| WooCommerce (Automattic) | Order and customer data | ecommerce platform | USA with clauses like |
3.2. Analytics and Advertising Tools
| Tool | Data processed | Purpose | International transfer |
|---|---|---|---|
| Google Analytics 4 | Anonymized IP, web behavior, demographics | Statistical analysis of web usage | USA (Google LLC) – Standard Contractual Clauses |
| Meta Pixel (Facebook) | IP, web behavior, interactions | Personalized advertising and remarketing | USA (Meta Platforms) – Standard Contractual Clauses |
You can object to the use of these tools by configuring cookies on our website or by installing browser extensions such as "Google Analytics Opt-out".
3.3. Other Legally Mandatory Transfers
Your data may be shared with:
- Tax and fiscal authorities (AEAT) – Legal obligation to keep invoices
- State Security Forces and Corps when there is an ongoing investigation
- Courts and Tribunals when there is a court order
4. International Data Transfers
Some of the providers mentioned (Google Analytics, Meta Pixel, Brevo) have servers located in USA.
These transfers are made under:
- Standard Contractual Clauses approved by the European Commission
- Compliance with Adequate Protection according to post-Schrems II regulations
You can consult the specific guarantees at:
5. User Rights
As the owner of your personal data, you have the following rights:
✓ Right of Access
To know what personal data we have about you.
✓ Right of Rectification
Correct inaccurate or incomplete data.
✓ Right to Erasure
Request the deletion of your data ("right to be forgotten").
✓ Right of Limitation
Request that your data not be processed while a claim is being resolved.
✓ Right to Portability
Receive your data in a structured format and transfer it to another controller.
✓ Right to Oppose
To object to the processing of your data for direct marketing purposes.
Important exception: We will not be able to delete data from completed orders for 6 years due to legal tax obligations.
6. How to Exercise Your Rights
You can exercise your rights in the following ways:
- By email: helena@helenasas.es
- By mail: Av. Cortes Valencianas 9, ground floor. L'Eliana, 46183, Valencia.
- From your account: By accessing "My Account" > "Personal Data"«
Required documentation:
- Copy of DNI/NIE or identification document
- Clearly specify which right you wish to exercise.
Response time: Maximum 1 month from the receipt of your application.
7. Complaint to the Supervisory Authority
If you believe that the processing of your personal data does not comply with current regulations, you have the right to file a complaint with:
Spanish Data Protection Agency (AEPD)
- C/ Jorge Juan, 6
- 28001 Madrid
- Web: https://www.aepd.es
- Tel: 901 100 099 / 91 266 35 17
8. Data Security
THE PERSON IN CHARGE guarantees that it has implemented appropriate technical and organizational measures to protect your personal data:
Technical Measurements
- SSL certificate (encrypted HTTPS connection)
- Hosting on secure servers with DDoS protection
- Periodic encrypted backups
- Regular security updates for WordPress and plugins
- Restricted access to databases using strong passwords
Organizational Measures
- Secure Password Policy
- Access to data is limited to authorized personnel.
- Data protection training for staff with access
- Confidentiality agreements with suppliers
9. Minors
Our products are aimed at over 18 years old.
If we detect that a minor has registered without parental consent, we will immediately delete their data.
10. Privacy Policy Update
This policy may be modified to adapt to regulatory changes or changes in our services.
Last update: December 2025
Any substantial changes will be notified at least 15 days in advance through:
- Notice on the website
- Email to registered customers
11. Cookies
The use of cookies on this website is regulated in our Cookie policy.
12. Contact
For any questions regarding this Privacy Policy:
- E-mail: helena@helenasas.es
- Phone: +34 630 91 69 23
- Address: Av. Cortes Valencianas 9, ground floor. L'Eliana, 46183, Valencia.
By using our website and making a purchase, you agree to this Privacy Policy.
English 
Spanish