top of page

Privacy policy

Who are we?

 

This Privacy Policy explains how Kombucha Republik S.L. (“Kombucha Republik” or “we“) collects and uses personal data when you visit and make purchases on our online store at https://www.kombucharepublik.es/tienda (the “Website“). Kombucha Republik S.L. is the data controller for the purposes of the Spanish General Data Protection Regulation (“Spanish GDPR“) and the Data Protection Act 2018.

If you have any questions about this Privacy Policy or how we process personal data, you can contact us at:

Email: info@kombucharepublik.es

Postal address: C/ Vitoria 4 office 101 09004 Burgos SPAIN

What this Privacy Policy covers

 

This Privacy Policy applies to personal data we collect when you:
 

  • Browse the Website

  • Create a customer account

  • Place an order as a registered customer or as a guest

  • Sign up to receive marketing communications

  • Contact us for any reason (for example, with a question or complaint).


It does not apply to third-party websites or services that may be linked from our Website (for example, payment providers’ pages or social media platforms). Those services have their own privacy policies.s Privacy P

What personal data do we collect?

 

We collect personal data that you voluntarily provide to us when interacting with the Website. This includes information you provide when:

  • Creating a customer account: first name, last name, email address, password, phone number (optional), billing/delivery address (optional), VAT number (for business customers).

  • Placing an order (registered or guest): first name, last name, email address, phone number, billing address, delivery address, VAT number (where relevant), order details, communication related to the order.

  • Contacting us: name, contact details, and the content of your message.

  • Signing up for marketing: name, email address, and your marketing preferences.


We use this data to process orders, manage your account, respond to inquiries, and send marketing communications (with your consent).

Purposes and legal bases for processing

 

1. Creating and Managing Your Customer Account
We process your account data to:

  • Create your customer account.

  • Allow access and management of your personal data and orders.

  • Provide customer assistance related to the account.


Legal basis: performance of a contract (Article 6.1.b of Spain GDPR). In certain cases, legitimate interest (Article 6.1.f) in operating an efficient e-commerce platform may also apply.
Processing and Delivering Your Orders

2. We process personal data provided in connection with an order (including guest orders) in order to:

  • Accept and confirm your order.

  • Process payment with our payment partners.

  • Prepare and deliver products to the address you specify.

  • Communicate order-related information (confirmation, delivery updates, returns or complaints).


Legal basis: performance of a contract (Article 6.1.b of the Spanish GDPR). Without this data we cannot complete your purchase.


3. Complying with Legal and Regulatory Obligations
We keep certain records of your transactions and communications in order to:
 

  • Comply with tax, accounting and corporate record-keeping obligations.

  • Respond to requests from public authorities where we are legally required to do so.

  • Comply with consumer protection and product safety regulations.


Legal basis: compliance with legal obligations (Article 6.1.c of the Spanish GDPR).


4. Managing Our Relationship and Providing Customer Support
We use your contact details and correspondence to:
 

  • Respond to your questions and requests.

  • Handle complaints and claims relating to defective products.

  • Notify you about changes to our terms or this Privacy Policy.


Legal basis: performance of a contract (Article 6.1.b) and/or our legitimate interest in providing good customer service and protecting our legal position (Article 6.1.f).


5. Sending Marketing Communications
If you choose to receive marketing communications (for example, about new products, promotions or events), we will use your name and email address to send you such communications.

Legal basis: your consent (Article 6.1.a of the Spanish GDPR) or legitimate interests (Article 6.1.f), where permitted by Spanish e‑privacy rules, including the “soft opt-in” regime. You can withdraw consent or opt out of marketing at any time by clicking the unsubscribe link in our emails or by contacting us directly.

Payment processes

We do not collect or store your full payment card details. Payment is processed through a secure provider (for example, Stripe or PayPal). Only the necessary data is transmitted:

  • Name

  • Billing address

  • Order total and order ID


The payment provider may collect additional information directly from you and your device (such as card details, device identifiers or IP address) in order to process the transaction and prevent fraud. The use of your personal data by that provider is governed by its own privacy policy, which we encourage you to read.

Delivery and courier services

To deliver your order, we share the necessary delivery details with our logistics partners and courier companies, including:

  •  Name

  • Delivery address

  • Phone number

  • Email address (where necessary for delivery updates)

  • Order reference


This information is provided either manually by entering the data into the courier’s web portal. We only share the data required for the courier to perform delivery and related tracking or notification services.

How long do we keep your data?

We keep personal data only for as long as necessary for the purposes for which it was collected, and to comply with legal, accounting, or reporting obligations. In particular:

  • Customer accounts: we retain your account data for as long as your account is active. If you request deletion of your account, it will be deactivated and personal data associated with the account will be deleted or anonymised, except for data we are required to keep for legal or accounting purposes.

  • Orders (including guest orders): order information is normally retained for up to six (6) years from the end of the relevant financial year, in accordance with spanish requirements.

  • Marketing data: we retain your preferences and related personal data until you unsubscribe or object. A minimal record of your opt-out may be kept to avoid future mailings.

  • Customer support correspondence: we retain correspondence for as long as necessary to resolve your query or complaint, and for a reasonable period afterwards (normally up to six (6) years).


In the event of a dispute, investigation or audit, data may be retained for the duration of the proceedings and the applicable limitation period.

Do we share your data?

We do not sell your personal data. We may share your personal data with the following categories of recipients, only to the extent necessary for the purposes described in this Privacy Policy:

  • Service providers: such as IT hosting providers, e-commerce platform providers, email service providers, customer support tools, and professional advisers (e.g., lawyers or accountants) who provide services to us and are subject to confidentiality and data protection obligations.

  • Payment providers: third-party payment processors who handle your payments and card details.

  • Delivery and logistics partners: courier companies and fulfilment providers who deliver orders or handle returns.

  • Group companies and business partners: where necessary for internal administration, reporting or to support our e-commerce operations.

  • Public authorities and regulators: where we are legally obliged to do so (for example, to tax authorities, police or data protection authorities) or where disclosure is necessary to protect our rights, our customers or others.


Where we use service providers to process personal data on our behalf, we ensure that they only process the data according to our instructions and under a written data processing agreement as required by the Spanish GDPR.

International transfers

Some of our service providers or group companies may be located outside Spain, or may use servers situated outside Spain. If personal data is transferred to a country that has not been recognised by the Government of Spain as providing an adequate level of data protection, we will ensure that appropriate safeguards are in place, such as using standard contractual clauses approved under Spanish legislation, or implementing other lawful transfer mechanisms under the Spanish GDPR. You can contact us using the details above if you would like more information about how we protect personal data in relation to international transfers.

Data security

We take appropriate technical and organisational measures to protect your personal data against unauthorised access, accidental loss, destruction or damage. These measures include, for example:

  • Using secure (HTTPS) connections for the Website;

  • Restricting access to personal data to authorised staff and service providers on a need-to-know basis;

  • Using hashed passwords for customer accounts;

  • Maintaining appropriate backup and logging procedures;

  • Regularly reviewing our security policies and practices.


However, no system can be completely secure. While we do our best to protect your personal data, we cannot guarantee the security of information transmitted to or from the Website over the internet.

Your rights

Under the Spanish GDPR and the Data Protection Act 2018, you have a number of rights in relation to your personal data. These rights are subject to certain conditions and exemptions. In particular, you may have the right to:

  • Access: request confirmation as to whether we process your personal data and obtain a copy of the personal data we hold about you.

  • Rectification: request that we correct inaccurate or incomplete personal data about you.

  • Erasure: request that we delete your personal data, for example where it is no longer necessary for the purposes for which it was collected, or where you withdraw your consent (where applicable). This is sometimes called the “right to be forgotten”.

  • Restriction: request that we restrict the processing of your personal data in certain circumstances (for example, while we verify the accuracy of your data or assess an objection).

  • Data portability: request to receive personal data that you have provided to us in a structured, commonly used and machine-readable format, and have it transferred to another controller, where the processing is based on your consent or on a contract and is carried out by automated means.

  • Objection: object at any time to the processing of your personal data where the legal basis is our legitimate interests. We will stop processing your data unless we can demonstrate compelling legitimate grounds that override your interests, rights and freedoms, or where processing is necessary for the establishment, exercise or defence of legal claims.

  • Direct marketing: you have an absolute right to object at any time to the processing of your personal data for direct marketing purposes, including profiling related to direct marketing. If you object, we will stop using your data for this purpose.

  • Withdraw consent: where we rely on your consent to process personal data (for example, for certain types of marketing), you can withdraw your consent at any time. This does not affect the lawfulness of processing before you withdrew your consent.


To exercise any of these rights, please contact us using the contact details in section 1. We may request additional information to confirm your identity and ensure your right to access your personal data (or to exercise other rights).

Contact us

If you have any questions or concerns about how we use your personal data, or if you wish to exercise your rights, you can contact us at:

Email: info@kombucharepublik.es

Postal address: C/ Vitoria 4 office 101 09004 Burgos SPAIN

We will respond to your request as soon as reasonably possible and in any event within the time limits set out in the Spanish GDPR (generally one month).

bottom of page