Privacy Policy
Last updated: 15 June 2026.
At MARKETING ESTHETIC STUDIOS SL (“NovaGrafix”, “we”) we are committed to protecting your privacy. This policy explains what personal data we process, for what purpose, for how long and what rights you have, in accordance with Regulation (EU) 2016/679 (GDPR) and Spanish Organic Law 3/2018 on the Protection of Personal Data and guarantee of digital rights (LOPDGDD).
1. Data controller
- Holder: MARKETING ESTHETIC STUDIOS SL
- Tax ID: B19472091
- Address: Carrer del Pintor Borrassà, 59, 08205 Sabadell, Barcelona (España)
- Email: info@novagrafix.es
- Website: novagrafix.es
2. Data we process
- Identification and contact data: name, surname, email and phone.
- Shipping and billing addresses, and tax details (Tax ID).
- Data about your orders and the files or designs you upload for printing.
- Payment data: payment is processed by Stripe; we do not store your full card number.
- Account data (securely managed credentials) and, where applicable, the sales code associated with your account.
- Browsing and device data (see the Cookie Policy).
3. Purposes and legal basis
| Purpose | Legal basis (GDPR) |
|---|---|
| Create and manage your account; process, produce and deliver your orders. | Performance of the contract (art. 6.1.b) |
| Issue invoices and comply with tax and accounting obligations. | Legal obligation (art. 6.1.c) |
| Customer service and handling of incidents and returns. | Performance of the contract / legitimate interest (art. 6.1.b/f) |
| Fraud prevention and platform security. | Legitimate interest (art. 6.1.f) |
| Management of the sales-rep programme and commission payments (if applicable). | Performance of the contract / legal obligation (art. 6.1.b/c) |
| Sending commercial communications and news. | Consent (art. 6.1.a), revocable |
| Analytics or marketing cookies. | Consent (art. 6.1.a) |
4. Retention periods
We keep your data while your account is active and a contractual relationship exists. Once it ends, we block the data and keep it only for the legally required periods (for example, commercial and accounting obligations, as well as tax and warranty ones). Data processed with your consent is kept until you withdraw it.
5. Recipients and data processors
To provide the service we share data with providers that act as data processors, bound by contract under art. 28 of the GDPR:
- Stripe — payment processing.
- Resend — sending your order emails (confirmation, shipping, invoices).
- Google (Firebase) — authentication, database and file storage.
- Vercel — website hosting and delivery.
- Transport and courier companies — for delivering your orders.
We do not sell or transfer your data to third parties, except by legal obligation.
6. International transfers
Some of these providers (Stripe, Google, Vercel or Resend) may process data outside the European Economic Area, mainly in the USA. Such transfers rely on valid protection mechanisms: the EU-US Data Privacy Framework and/or the Standard Contractual Clauses approved by the European Commission, together with additional safeguards where appropriate.
7. Your rights
You may exercise your rights of access, rectification, erasure, objection, restriction of processing, portability and to withdraw consent at any time. To do so, write to us at info@novagrafix.es stating the right you wish to exercise; we may ask you to prove your identity. We will respond within a maximum of one month.
If you consider that we have not properly handled your request, you may lodge a complaint with the Spanish Data Protection Agency (aepd.es).
8. Source of the data
We process the data you provide to us directly when you register, buy or contact us. We do not obtain data from external sources.
9. Automated decisions
We do not make automated decisions with legal effects on you, nor do we create profiles that significantly affect you.
10. Minors
Our services are aimed at people over 18 years of age. We do not knowingly collect data from minors without the consent of their legal guardians.
11. Security
We apply technical and organisational measures to protect your data (encryption in transit, access control and tokenised payment through Stripe). However, no system is 100% infallible.
12. Changes to this policy
We may update this policy to adapt it to legal changes or changes in our services. We will publish the current version on this page, indicating its update date.
