Privacy Policy

Website: tesseratextile.com · Last updated: June 17, 2026

1. Data Controller

  • Controller: Gonzalo Porras Suárez
  • Tax ID (NIF): ES35599677R
  • Address: Avda. Doutor Tourón nº 30, 1ºB, 36600 Vilagarcía de Arousa, Pontevedra, Galicia, Spain
  • Email: [email protected]

This Privacy Policy explains how the Controller collects, uses, and protects the personal data of users of the website tesseratextile.com (the “Website”), in accordance with Regulation (EU) 2016/679 (GDPR) and the Spanish Organic Law 3/2018 (LOPDGDD).

2. What Data We Collect and Why

2.1 Checkout (Purchases)

When a user places an order, we collect: name, email address, and shipping address.

  • Purpose: manage the order, arrange shipment, and send the confirmation email.
  • Legal basis: performance of a contract (Article 6(1)(b) GDPR).
  • Retention: as long as required by applicable tax and commercial obligations.
  • Note: payment card data is collected and processed exclusively by Stripe — the Controller does not have access to it.

2.2 B2B Quote Request Form

When a business user requests a quote, we collect: name, company, email, phone, quantity, and project description.

  • Purpose: to respond to the quote request and manage the resulting commercial relationship.
  • Legal basis: legitimate interest and/or pre-contractual measures (Article 6(1)(b) and (f) GDPR).
  • Retention: for as long as the commercial relationship lasts or while there remains a genuine interest in the request.

2.3 Newsletter Subscription

When a user subscribes to the newsletter, we collect their email address.

  • Purpose: to send commercial communications about products, offers, and news.
  • Legal basis: explicit consent (Article 6(1)(a) GDPR).
  • Retention: until the user unsubscribes.

The user may unsubscribe at any time by contacting [email protected].

2.4 Administration Panel

The administration panel does not collect any data from regular users. It is intended exclusively for the internal use of the Controller and is not accessible to the general public.

3. Who We Share Data With

To operate the Website, we rely on the following third-party service providers:

Stripe Payments Europe, Ltd.

Payment processor. Processes payment data under its own privacy policy. Located in Ireland (EU).

stripe.com/en-es/privacy

Resend

Transactional email delivery platform, used to send order confirmations and notifications.

resend.com/legal/privacy-policy

Cloudflare, Inc.

Web infrastructure and DNS provider. May process IP addresses and traffic data.

cloudflare.com/privacypolicy

4. International Data Transfers

  • Stripe operates from Ireland (EU) — no transfer outside the EEA for payment processing.
  • Resend is based in the United States. Transfers are carried out under Standard Contractual Clauses approved by the European Commission.
  • Cloudflare operates a global network. Transfers are carried out under appropriate mechanisms including the EU-U.S. Data Privacy Framework (DPF) and/or Standard Contractual Clauses.

5. Data Retention

Personal data is retained only for as long as necessary for the purposes described in Section 2, and in any event for as long as required to comply with applicable legal obligations, particularly tax and commercial obligations under Spanish law.

6. Your Rights

Under the GDPR, you may exercise the following rights:

  • Access — obtain confirmation of whether we process your data.
  • Rectification — request correction of inaccurate or incomplete data.
  • Erasure — request deletion when data is no longer necessary.
  • Restriction — request that we limit processing in certain circumstances.
  • Objection — object to processing, including for direct marketing.
  • Portability — receive your data in a structured, machine-readable format.

To exercise these rights, write to [email protected]. If you consider your rights have not been adequately addressed, you may lodge a complaint with the Spanish Data Protection Agency at aepd.es.

7. Automated Decision-Making and Profiling

We do not carry out automated decision-making or profiling that produces legal effects concerning users or significantly affects them.

8. Data Protection Officer

Given the scale of our processing activities, the appointment of a Data Protection Officer (DPO) is not mandatory under applicable regulations, and we have therefore not appointed one. Any query may be addressed directly to the Controller at [email protected].

9. Security Measures

The Controller has adopted appropriate technical and organizational measures to ensure a level of security appropriate to the risk, including the use of reputable third-party providers (Stripe, Resend, Cloudflare) that maintain their own security and compliance standards.

10. Cookies

For detailed information about the cookies used on this Website, please refer to our Cookie Policy.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We recommend reviewing this page periodically. The “Last updated” date at the top indicates when it was last revised.

12. Contact

For any questions about this Privacy Policy, contact us at [email protected].

Privacy Policy | Tessera Textile