1. Introduction

At Sport Extra Zoom (operated by Robert Benak), we respect and protect your personal data. This Policy explains how we collect, process, store, and disclose Buyer data in compliance with the EU General Data Protection Regulation (GDPR, Regulation (EU) 2016/679) and Spain’s Ley Orgánica 3/2018 (LOPDGDD).

2. Data Controller

Robert Benak (email: benak.robert90@gmail.com) is the data controller. If required, we may appoint a Data Protection Officer (DPO) in accordance with GDPR Article 37.

3. What Data We Collect & Purpose

We collect only essential personal data, such as:

  • Buyer name, billing/shipping address, email, phone number, transaction details.

Purpose: order fulfillment, payment processing, customer service, legal compliance, and fraud prevention.
Processing is lawful under GDPR Article 6(b) (contract) and (c) (legal obligation).

4. Legal Basis & Consent

We rely on contract, compliance obligations, or legitimate interests.
For optional marketing (e.g., newsletters), we obtain explicit consent that is freely given, informed, specific, and withdrawable at any time, in line with GDPR Article 6(a). In Spain, parental consent is required for children under 14 per LOPDGDD guidelines.

5. Data Sharing & Third Parties

We share data only with trusted processors, such as logistics providers, payment processors, or legal authorities when required. All agreements comply with GDPR Article 28, ensuring processors act only on our instructions and maintain proper security measures.

6. International Transfers

If data is transferred outside the EU/EEA, we ensure compliance via adequacy decisions or Standard Contractual Clauses, as required under GDPR Chapter V.

7. Data Retention

We retain personal data only as long as necessary to meet legal or contractual requirements. Retention periods are available upon request.

8. Data Subject Rights

You have the rights to:

  • Access your personal data (Article 15 GDPR)

  • Rectify inaccurate data (Article 16)

  • Erase data (“right to be forgotten,” Article 17)

  • Restrict processing (Article 18)

  • Object to processing (Article 21)

  • Data portability (Article 20)

Please submit requests within one month; complex requests may be extended by two months with notice, free of charge.

9. Data Security & Breach Notification

We implement technical and organizational measures—such as encryption, pseudonymisation, secure hosting—to protect data in line with GDPR Article 32 and LOPDGDD Article 9.
In case of a data breach likely to harm individual rights, we notify the Spanish Data Protection Authority (AEPD) within 72 hours and affected individuals promptly, as required by GDPR Articles 33–34.

10. Data Protection by Design & Default

We embed privacy measures throughout our services—from default privacy-friendly settings to minimal data collection—in accordance with GDPR Article 25.

11. Cookies and Tracking

We provide transparent information about cookies and tracking technologies. For non-essential cookies, we obtain user consent in compliance with the ePrivacy Directive (Article 5(3)) and GDPR transparency principles.

12. Supervisory Authority

The Spanish Data Protection Authority (Agencia Española de Protección de Datos – AEPD), and where applicable, regional agencies, oversee compliance with national data protection legislation.

13. Changes to Policy

We may update this policy to reflect regulatory changes. Updates will be posted on our website with an effective date.

14. Contact & Complaints

For privacy inquiries, data subject requests, or to withdraw consent, contact us at benak.robert90@gmail.com.
You also have the right to lodge a complaint with the AEPD or regional authority if you believe your rights are violated.