Privacy policy
1. Controller & contact
Controller: LEBA Tattoo Equipment
Address: Av. Andalucia 90, 29007 Malaga, Spain
Data Protection contact: info@lebatattoo.com
2. Scope & purpose
This Policy explains how LEBA collects, uses, stores and shares personal data when you browse or purchase from our website, contact support, sign up to newsletters, or otherwise interact with LEBA.
3. Categories of personal data we collect
• Identity data: name, date of birth (if provided)
• Contact data: email, postal address, telephone number
• Payment data: payment card details (handled by payment processor — we do not store full card numbers), billing information
• Order data: purchased items, SKU, serial numbers, shipping/delivery info
• Technical data: IP address, device, browser, cookies and usage data
• Communications: emails, support tickets, photos/videos you provide for warranty claims
• Marketing data: newsletter preferences, campaign interactions
4. Legal basis for processing
We process personal data based on one or more of the following grounds:
• Contract performance (processing orders and delivering goods)
• Legal obligations (tax, accounting, customs)
• Legitimate interests (fraud prevention, improving services, direct marketing with opt-out)
• Consent (where required, e.g. marketing emails)
5. Purposes of processing
We use personal data to:
• Process and ship orders, manage billing and payments
• Provide customer service and warranty support
• Handle returns, refunds and claims
• Comply with legal obligations (tax, customs declarations)
• Send transactional messages (order confirmations, shipping notices)
• Send marketing (if you consent or have not opted out)
• Improve the website and prevent fraud
• Maintain records for invoicing and audits
6. Data sharing & third parties
We share personal data with:
• Payment processors (Stripe, PayPal, etc.) for payment authorization
• Carriers (FedEx) for shipping and customs declarations
• IT and hosting providers (Shopify/Wix, email services, analytics)
• Trusted service providers (ERP, accounting, legal advisors)
• Authorities if legally required (tax, customs or judicial requests)
All processors are bound by contract and required to implement appropriate security measures.
7. International transfers
Where data is transferred outside the EEA (e.g., shipping partner servers), we ensure appropriate safeguards (standard contractual clauses) or rely on adequacy decisions where applicable.
8. Data retention
• Order & transactional data: retention for at least 5 years for tax and warranty purposes (Spain/EU requirements).
• Marketing data: retained until consent withdrawal.
• Support and warranty evidence (photos/videos): retained for the period necessary to handle the claim and for legal compliance, normally up to 5 years.
9. Your rights
Under GDPR (EU residents) you have:
• Right of access
• Right to rectification
• Right to erasure (subject to legal retention obligations)
• Right to restriction of processing
• Right to data portability
• Right to object to processing (where applicable)
• Right to withdraw consent
To exercise your rights contact: info@lebatattoo.com. We respond within legal timeframes (usually one month).
10. Security
We implement technical and organizational measures to protect data (encryption, access controls, secure hosting). However, no system is 100% secure — if a breach occurs we will notify authorities and affected individuals as required by law.
11. Cookies & tracking
We use cookies for site functionality, analytics and, with consent, marketing. A Cookie Policy and banner should be provided on site with an option to manage preferences.
12. Minors
Our products are intended for professional tattoo artists (18+). We do not knowingly collect personal data from minors.
13. Complaints & supervisory authority
If you are based in the EU you may lodge a complaint with your national Data Protection Authority (in Spain: AEPD).