Privacy Policy

Last Updated: December 12, 2025

Year Book 360 is committed to protecting your privacy. This policy explains how we collect, use, store, and protect your personal information in compliance with the General Data Protection Regulation (GDPR) and Spanish data protection laws.

1. Information We Collect

1.1 Personal Information

We collect information that you provide directly to us, including:

  • Name and contact information (email address, phone number, postal address)
  • Account credentials (username, password)
  • Payment information (processed securely through third-party providers)
  • Order history and preferences
  • Communication preferences
  • Information provided through contact forms or customer service interactions

1.2 Automatically Collected Information

When you visit our website, we automatically collect:

  • Device and browser information
  • IP address and location data
  • Pages visited and time spent on our website
  • Referring website and search terms
  • Cookie data (see our Cookie Policy)

2. How We Use Your Information

We use the collected information for the following purposes:

  • Order Processing: To process and fulfill your orders, including shipping and customer service
  • Account Management: To create and maintain your account and preferences
  • Communication: To send order confirmations, updates, and respond to inquiries
  • Marketing: To send newsletters and promotional materials (with your consent)
  • Website Improvement: To analyze usage patterns and improve our services
  • Legal Compliance: To comply with legal obligations and protect our rights

3. Legal Basis for Processing

Under GDPR, we process your data based on:

  • Contract Performance: Processing necessary to fulfill our contractual obligations
  • Consent: Where you have explicitly consented to processing
  • Legitimate Interests: For business operations, fraud prevention, and service improvement
  • Legal Obligation: To comply with applicable laws and regulations

4. Information Sharing

We do not sell your personal information. We may share information with:

4.1 Service Providers

Third-party vendors who assist with payment processing, shipping, email delivery, and website hosting. These providers are contractually obligated to protect your information.

4.2 Legal Requirements

When required by law, court order, or government regulation, or to protect our rights and safety.

4.3 Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred to the successor entity.

5. Data Security

We implement appropriate technical and organizational measures to protect your personal information, including:

  • Secure Socket Layer (SSL) encryption for data transmission
  • Secure servers with restricted access
  • Regular security audits and updates
  • Employee training on data protection
  • Password-protected systems and access controls

6. Data Retention

We retain your personal information for as long as necessary to fulfill the purposes outlined in this policy, unless a longer retention period is required by law. Order information is retained for accounting and tax purposes for the legally required period.

7. Your Rights

Under GDPR, you have the following rights:

  • Access: Request access to your personal data
  • Rectification: Request correction of inaccurate information
  • Erasure: Request deletion of your data (right to be forgotten)
  • Restriction: Request limitation of processing
  • Portability: Request transfer of data to another controller
  • Objection: Object to processing based on legitimate interests
  • Withdraw Consent: Withdraw consent for marketing communications at any time

To exercise these rights, contact us at [email protected]. We will respond within one month.

8. Cookies and Tracking

We use cookies and similar technologies to enhance your experience. For detailed information, please see our Cookie Policy.

9. Third-Party Links

Our website may contain links to third-party websites. We are not responsible for the privacy practices of these external sites. We encourage you to review their privacy policies.

10. International Data Transfers

While we primarily operate within the European Union, some service providers may be located outside the EU. In such cases, we ensure appropriate safeguards are in place to protect your data.

11. Children's Privacy

Our services are not directed to individuals under 16 years of age. We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us immediately.

12. Changes to This Policy

We may update this privacy policy periodically. Changes will be posted on this page with an updated revision date. Significant changes will be communicated via email or website notice.

13. Data Protection Officer

For privacy-related questions or to exercise your rights, contact our data protection team:

Email: [email protected]
Subject Line: Privacy Inquiry
Phone: +34 639 279 142
Address: Rúa de Elle, 57, 32600 Verín, Ourense, Spain

14. Supervisory Authority

You have the right to lodge a complaint with the Spanish Data Protection Agency (Agencia Española de Protección de Datos - AEPD) if you believe your data protection rights have been violated.

Terms & Conditions Cookie Policy Refund Policy