Last updated: 22 August 2025

1) Who We Are

ZipTrip Labs, S.L. (“ZipTrip”, “we”, “us”).
Company ID (CIF): B92 123 456
Address: Calle de la Imprenta 27, 3ºB, 28012 Madrid, Spain
Email: privacy@ziptrip.example | Phone: +34 911 23 45 67
Data Protection Officer: Marta Valverde — dpo@ziptrip.example

2) Data We Collect

• Account & orders: name, email, phone, shipping/billing addresses, order details, payment status (card data handled by payment processors).

• Support: messages via email/chat/forms, returns, warranties.

• Device & usage: IP, device IDs, cookies, pages viewed, UTM/referrer, session duration, performance.

• Marketing (opt-in): newsletter status, preferences, interactions (opens/clicks).

• Social: your public handle and comments if you interact with our profiles.
  We don’t intentionally collect special-category data; if ever required, we’d ask for explicit consent.

3) Purposes & Legal Bases (GDPR)

• Order processing, delivery, customer care — contract.

• Billing/tax compliance — legal obligation.

• Fraud prevention & security — legitimate interest / legal obligation.

• Product improvement & analytics — legitimate interest (you may object).

• Email/SMS marketing & remarketing — consent (withdraw anytime).

• Service notices & policy updates — legitimate interest / legal obligation.

4) Retention

• Customer & invoicing: during the relationship and statutory periods (generally 5–6 years in Spain).

• Support: up to 3 years from last contact.

• Marketing: until you unsubscribe or after 24 months of inactivity.

• Cookies/analytics: per our Cookie Policy.

5) Sharing with Processors

We use service providers under data processing agreements, including:

• Payments: Stripe, PayPal (secure tokenized processing).

• Logistics: carriers/fulfilment partners.

• Hosting & tools: cloud hosting, email delivery, helpdesk.

• Analytics/ads: Google Analytics, Meta Ads (subject to consent where required).

• Comms: newsletter/SMS platforms (e.g., Klaviyo or similar).
  They must keep data confidential and act only on our instructions.

6) International Transfers

When data leaves the EEA, we rely on EU Standard Contractual Clauses or comparable safeguards. You can request details.

7) Your Rights

Access, rectification, erasure, restriction, portability, and objection. You can also withdraw consent at any time.
To exercise rights, email privacy@ziptrip.example with proof of identity. You may complain to the AEPD or your local authority.

8) Children

Our services aren’t directed to children under 14. If we discover data from a child without proper authorization, we’ll delete it.

9) Security

We apply appropriate technical/organizational measures: encryption in transit, access controls, backups, minimization, periodic reviews.

10) Cookies

We use first- and third-party cookies for site functionality, statistics, and (with consent) advertising/remarketing. See our Cookie Policy for details and preference management.

11) Marketing Communications

We contact you for marketing only if you opt in (e.g., checkout or signup). Unsubscribe via any email link or by contacting us.

12) Changes

We may update this policy and will post the new version with an updated date. Material changes will be communicated by reasonable means.

13) Contact

ZipTrip Labs, S.L.
Calle de la Imprenta 27, 3ºB, 28012 Madrid, Spain
Email: privacy@ziptrip.example — Phone: +34 911 23 45 67