Privacy policy
(Last revision: June 26, 2025 – updated contact email)
0. Quick Glossary
- Web / Site: imbeautyshop.com and subdomains.
- User: Individual who browses, purchases, or contacts.
- Responsible: PIP AVANT, S.L. (IM Beauty).
- Services: Online sale of niche cosmetics and after-sales service.
1. Identity of the Responsible
| Data | Information |
|---|---|
| Company name | PIP AVANT, S.L. |
| CIF | B19789833 |
| Address | Av. Tres 14, 08130 Santa Perpètua de Mogoda (Barcelona) |
| info@imbeautyshop.com | |
| Phone | +34 650 156 331 |
| Commercial registry | RM Barcelona, Sheet B-617629, Registration 1.st (June 20, 2024) |
| Unique administrator | Icídar Castillo Cuesta – NIF 52179531Y |
| Data Protection Officer (DPO) | Not applicable (art. 37 GDPR). Inquiries at info@imbeautyshop.com |
2. Scope of application
This policy applies to the use of the Web, to purchases made, and to any interaction (forms, chat, official social media). The processing carried out by linked third-party sites is excluded.
3. Origin and categories of data we process
| Origin | Data (examples) | GDPR Category |
|---|---|---|
| Purchase form | Name, surname, ID/NIF, address, email, phone, order details, payment method | Identification, transactional |
| Customer account | Credentials, preferences, wish-list | Identification, personal characteristics |
| Newsletter / SMS | Email, mobile, preferences | Contact |
| Cookies and logs | IP, device, browser, pages visited | Browsing data |
| Customer service | Conversations, attachments, incident history | Communications |
| Social Media | Nick, photo, likes/public comments | Publicly disclosed data |
We do not request special categories (health, biometrics, etc.).
4. Purposes and legal bases
| Purpose | Description | Base art. 6 GDPR |
|---|---|---|
| A. Online purchases | Process orders, manage payments and delivery | b) Execution of the contract |
| B. Customer service | Resolve inquiries, returns, guarantees | b) Contract / f) Legitimate interest |
| C. Accounting and taxation | Invoicing, obligations to the Tax Agency | c) Legal obligation |
| D. Fraud prevention | Detection of irregular transactions | f) Legitimate interest |
| E. Direct marketing | Newsletter, personalized offers, remarketing | a) Consent |
| F. Web analytics | Navigation and performance metrics | a) Consent / f) Legitimate interest |
| G. Management of raffles | Verify participants and deliver prizes | a) Consent |
| H. Regulatory compliance | Attend to rights and judicial requirements | c) Legal obligation |
5. Retention periods
| Data | Retention | Justification |
|---|---|---|
| Orders and invoices | 6 years | Art. 30 Commercial Code |
| Contact forms | 12 months | AEPD – Directory Guide |
| Newsletter | Until voluntary cancellation | Withdrawal of consent |
| Access logs | 12 months | Security/network |
| Cookies | According to cookie table | LSSI-CE / AEPD Guide |
| Claims / guarantees | 5 years after closure | Civil prescription |
Once the periods have expired, the data is blocked and can only be unlocked for administrative claims, judicial matters, or audits.
6. Processors and recipients
We transfer data only to essential providers:
| Category | Provider (country) | Guarantee |
|---|---|---|
| E-commerce platform | Shopify Inc. (Canada) | Adequacy decision |
| Image hosting | Shopify CDN (USA) | SCC 2021 + encryption |
| Payment gateways | Stripe EU (IE), PayPal EU | Within EU / SCC |
| Logistics | Correos, Correos Express (ES) | Contract processor |
| Email marketing | Klaviyo Inc. (USA) | SCC |
| Analytics | Google LLC (USA) | SCC + anonymized IP |
| Advertising | Meta Platforms Ireland (IE) | Within EEA |
7. International transfers
- Shopify → Canada (adequate level).
- Google, Klaviyo, Meta → USA under SCC + supplementary measures (encryption in transit and at rest, field minimization, pseudonymization).
We inform and request your consent for cookies from these third parties when required by the AEPD.
8. Rights of the data subjects
You have the right to access, rectification, deletion, opposition, limitation, portability, and not to be subject to automated decisions.
Free exercise: send an email to info@imbeautyshop.com or a postal letter (Ref. GDPR) to our address. Attach, if applicable, a copy of an identification document.
Response time: 1 month (extendable another month if complex).
Complaint: before the Spanish Agency for Data Protection.
9. Information security
We apply: TLS 1.3 encryption, managed firewall, restricted access to the control panel, daily backups, anti-malware monitoring, and annual risk assessment. All staff sign NDAs and protocols for managing incidents and security breaches (72 h).
10. Profiles and automated decisions
The email marketing system can segment users based on purchases and browsing to send more relevant content.
- Effects: only discounts or recommendations; orders are not automatically rejected.
- You can oppose by sending an email to info@imbeautyshop.com or through the link “Cancel subscription.”
11. Processing of minors' data
We do not sell to minors under 16 years old. If we detect registrations of minors without parental consent, we will delete the account.
12. Social networks
The use of our profiles on Instagram, TikTok, Facebook, or Pinterest is governed by the conditions of each platform. We will process your data only to manage giveaways, respond to messages, or moderate comments, based on your consent and our legitimate interest in maintaining corporate presence.
13. Cookies
We use technical cookies and, upon acceptance, analytical and advertising cookies. Complete details in the Cookie Policy.
14. Changes in the policy
We may update this policy to reflect regulatory or business changes. We will notify you (via email or banner) if the changes affect your rights.
Any questions?
Write to info@imbeautyshop.com or call us at +34 650 156 331.