Privacy Policy

bikeBearingKits. For data protection matters, please contact us through the website contact form. Full identification details and, where applicable, fiscal address will be provided in the legal notice or contractual documentation.

• Identification and contact: full name, email address, phone number, postal address.
• Commercial data: order history, product preferences, commercial communications.
• Billing: billing address, tax information (e.g. VAT/NIF). Payment data is processed by secure third parties.
• Technical data: IP address (possibly anonymized), browser type, pages visited, browsing times.
• Customer support: messages and requests you send us.

• Consent (Art. 6.1.a): direct marketing, non‑essential cookies and promotional communications.
• Contract (Art. 6.1.b): processing orders, managing the customer account and providing customer service.
• Legitimate interest (Art. 6.1.f): web analytics, service improvement, fraud prevention and site security.
• Legal obligation (Art. 6.1.c): compliance with tax, accounting and invoicing duties.

• Process and manage orders for products.
• Provide customer service and technical support.
• Manage payments and invoicing.
• Send order‑related communications.
• Improve our products and services.
• Comply with legal and tax obligations.
• Prevent fraud and ensure security.
• Website usage analytics (anonymized data when applicable).
• Direct marketing (only with your consent).

• Service providers: hosting, payment processors, shipping/logistics, web analytics. All under DPAs and GDPR compliance.
• Competent authorities: when required by law or to protect our legal rights.
• Logistics companies: for product delivery (only data necessary for shipping).

Some service providers may be located outside the EEA. In such cases, we ensure that adequacy decisions apply, EU Standard Contractual Clauses are used, additional safeguards are implemented where necessary, and explicit consent is obtained when required.

• Active customers: while you maintain an active account with us.
• Orders: 7 years (Spanish tax invoicing requirements).
• Marketing: until you withdraw consent.
• Technical/analytics data: 26 months (e.g. Google Analytics, depending on configuration).
• Consent records: 3 years to demonstrate compliance.

• Right of access, rectification, erasure, restriction, portability and objection.
• Right to withdraw consent at any time where processing is based on consent.

To exercise your rights, use our website contact form. We will respond to your request within 7 business days.

• TLS encryption in transit.
• Restricted access to personal data for authorized staff only.
• Regular security audits.
• Data Processing Agreements with all providers.
• Incident response procedures.
• Regular staff training on data protection.

Our services are intended for individuals over 16 years of age. We do not knowingly collect personal data from minors without parental consent. If we discover we have collected such data without consent, we will delete it immediately.

We may update this policy to reflect changes in our practices or legal requirements. We will notify significant changes by email or with a prominent notice on our website. The last update date is indicated at the top of this policy.

If you have questions about this privacy policy or how we process your personal data, you can contact us via the website contact form. We are committed to responding within 7 business days.