Privacy Policy

We take care of your personal information. This policy describes how your data are collected, used, shared, and your rights, when you visit or purchase on www.wembi.com (the “Site”).

1) Controller

NANCY ADAM SL – CIF: ES-B56183965
Address: Carrer Joan Miró 34, 5/2, 08005 Barcelona, Spain
Contact e-mail: contact@wembi.com

(“WEMBI”, “we”, “us”, “our”)

2) Applicable legal framework

We process your data in accordance with:

  • GDPR (Regulation (EU) 2016/679),

  • LOPDGDD (Ley Orgánica 3/2018, Spain),

  • LSSI-CE (Ley 34/2002, Spain) for electronic communications and cookies,

  • and the applicable national laws of the user’s country of residence within the EU.

3) Data we collect

a) Browsing data (“device information”)
IP address, browser, time zone, cookie/SDK identifiers, pages viewed, referring pages, search queries, technical logs, tags/pixels.

b) Order and account data (“order information”)
Name, e-mail, phone, billing and shipping addresses, cart contents, payment data (handled by the payment provider), notes and preferences, customer service communications.

c) Communications & marketing
Consents, subscriptions, marketing e-mail opens/clicks (if opted in).

d) Social media / UGC (where applicable)
Profile/handle identifiers, content submitted to us for UGC.

We do not knowingly collect data from minors without parental authorization.

4) Purposes and legal bases

  • Contract performance: order intake, payment, invoicing, shipping, customer service.

  • Legitimate interest: fraud prevention, security, Site/product improvement, aggregated statistics.

  • Legal obligation: accounting and tax obligations, responses to authorities.

  • Consent: non-essential/marketing cookies, newsletters, personalized advertising.

5) Cookies & similar technologies

We use technical (essential) cookies and, with your consent, analytics and advertising cookies. In line with LSSI-CE, you can accept/refuse categories at any time via our banner/preferences center. Refusing non-essential cookies does not affect the Site’s core features.

6) How we use your data

  • Fulfil your orders (payment, logistics, confirmations).

  • Communicate with you (support, order information).

  • Detect risks and fraud (notably via IP address/technical signals).

  • Improve and optimize the Site (aggregated analytics).

  • Send you personalized marketing communications with your consent or as otherwise permitted by law.

7) Sharing with third parties (processors)

We share data with strictly necessary service providers:

  • Shopify (e-commerce platform / store hosting).

  • Payment providers (encrypted and secure processing), logistics (carriers), marketing (e-mailing, automation), analytics (audience measurement), and IT support.

  • Public authorities where required by law (subpoena, warrant, lawful request).

Each provider acts under our contractual instructions (GDPR/LOPDGDD) with appropriate safeguards.

8) Targeted advertising & analytics

With your consent, we may use analytics and adtech tools to measure audience and deliver personalized ads.
You can withdraw consent at any time via the cookie banner and/or the unsubscribe links in our e-mails.

Useful opt-outs:

  • Facebook/Instagram: ad settings in your account

  • Google: ads settings / Google Analytics opt-out module

  • Industry portals (DAA/EDAA) available in your country

9) International transfers

Some providers may be located outside the EEA (e.g., Canada/United States). We then rely on a valid transfer mechanism (adequacy decision, EU–US Data Privacy Framework where applicable, or Standard Contractual Clauses). Contact us for details on the safeguards in place.

10) Data retention

  • Orders: for the time necessary to perform the contract + legal obligations (e.g., tax/accounting).

  • Account/marketing: until consent is withdrawn/request for deletion or prolonged inactivity, then anonymization.

  • Technical logs: short periods proportionate to security and anti-fraud.

11) Security

We implement appropriate technical and organizational measures (in-transit encryption, access control, data minimization) to protect your data. No system is perfectly secure.

12) Minors

The Site is not intended for minors. If you believe a minor has provided us with data, please contact us for deletion.

13) Your rights (EU)

You have the rights to access, rectify, erase, restrict, object (including to direct marketing), data portability, and to withdraw consent (without affecting prior lawful processing). You also have the right not to be subject to a decision based solely on automated processing, including profiling, producing legal effects concerning you.

Exercise your rights: contact contact@wembi.com stating your request. We may verify your identity. Response time: 1 month (extendable depending on complexity).

Complaint to a supervisory authority:

  • Spain: AEPD (Agencia Española de Protección de Datos), C/ Jorge Juan, 6, 28001 Madrid – sedelectronica.aepd.es

  • France: CNIL, 3 Place de Fontenoy, TSA 80715, 75334 Paris Cedex 07 – cnil.fr
    Or your local competent authority in the EU.

14) Commercial communications (LSSI-CE)

We send marketing e-mails only with your prior consent or, where applicable, within an existing customer relationship for similar products/services. You may unsubscribe at any time via the link in each e-mail.

15) “Do Not Track”

At present, we do not alter our practices in response to “Do Not Track” signals. You can manage your preferences via our cookie banner.

16) Changes to this policy

We may update this policy to reflect legal, technical, or operational changes. The update date appears at the top. Changes take effect upon publication.

17) Contact

For any questions, to exercise rights, or to make a complaint: contact@wembi.com