Bloohawk LogoBloohawk Text Logo
FREE shipping · 48-72h

Privacy policy

Last updated: April 27, 2026

This policy describes how [NOMBRE LEGAL O RAZÓN SOCIAL] (hereinafter 'Bloohawk', 'we') collects, uses, and protects your personal data when you visit bloohawk.com or make a purchase. It complies with Regulation (EU) 2016/679 (GDPR), Spanish Law 34/2002 on Information Society Services (LSSI-CE), and any applicable national data protection laws of the user's country of residence.

1. Company information

In accordance with Article 10 of the LSSI, the following identification details for the website operator are provided:

Owner
[NOMBRE LEGAL O RAZÓN SOCIAL]
Legal form
[Persona física | Sociedad Limitada | etc.]
Tax ID
[NIF/CIF]
Email
info@bloohawk.com
Activity
Venta online de gafas con filtro de luz azul y accesorios relacionados

2. Data controller

The controller of your personal data is [NOMBRE LEGAL O RAZÓN SOCIAL], with the identification details listed above. For any data-related inquiries, write to us at info@bloohawk.com.

3. Personal data we process

We collect only the data strictly necessary for the purposes described in section 4. Specifically:

  • Identification data: first and last name.
  • Contact data: email address and shipping postal address.
  • Order data: products purchased, amounts, dates, and delivery address.
  • Payment data: your card or payment method details are processed directly by our payment provider. We do not store your card data.
  • Technical data: IP address, browser, device, and cookie identifiers when you browse the site. We only process this information if you have given your consent through the cookie banner.
  • Marketing data: your email and your interactions with our newsletter emails, if you have voluntarily subscribed.

4. Purposes of processing

We process your personal data for the following purposes:

  • To process, ship, and deliver your order.
  • To process payment and issue invoices, and to comply with the associated accounting and tax obligations.
  • To handle your inquiries, support, and complaints.
  • To improve the website's operation through aggregated analytics, only if you have accepted analytical cookies.
  • To send you information about launches and brand news, if you have subscribed to our newsletter.
  • To detect and prevent fraud, abuse, and violations of the site's terms.
  • To comply with applicable legal obligations.

5. Legal basis for processing

Each purpose is grounded in one of the following legal bases under the GDPR:

  • Order management (shipping, payment, support): performance of the contract (Art. 6(1)(b) GDPR).
  • Retention of invoices and accounting data: compliance with a legal obligation (Art. 6(1)(c) GDPR), in accordance with applicable tax and commercial legislation.
  • Sending the newsletter: your consent, given when you subscribe (Art. 6(1)(a) GDPR). You may withdraw it at any time by clicking the unsubscribe link included in every email.
  • Analytical cookies and site improvement: your consent, given through the cookie banner (Art. 6(1)(a) GDPR).
  • Fraud detection and site security: our legitimate interest in protecting Bloohawk and its users (Art. 6(1)(f) GDPR).

6. Retention period

We retain your data for the time necessary to fulfill the purposes described and, subsequently, for the periods required by law:

  • Order, billing, and accounting data: as Bloohawk operates from Spain, its accounting is governed by Spanish law, which requires retention of up to six years under the Commercial Code and tax legislation.
  • Newsletter data: until you withdraw your consent or unsubscribe.
  • Technical data and cookies: according to the period configured for each service (typically between 6 and 14 months for Google Analytics).
  • Support data: up to three years from the last interaction, unless the inquiry is linked to an order whose data is retained for the tax retention period.

7. Recipients and providers

We do not sell or transfer your data to third parties for commercial purposes. To operate the service, we rely on the following providers, who act as data processors under Article 28 of the GDPR pursuant to data processing agreements:

  • Stripe Payments Europe Ltd. (Irlanda): card payment processing and associated methods.
  • Vercel Inc. (EE. UU.): website hosting.
  • Amazon Web Services EMEA SARL (Luxemburgo): order data hosting (DynamoDB) and transactional email delivery (Amazon SES).
  • Resend, Inc. (EE. UU.): newsletter email delivery.
  • Google Ireland Limited: Google Analytics 4 and Google Tag Manager, only if you have accepted analytical cookies.

These providers access your data exclusively to deliver the services contracted by Bloohawk and are contractually bound to protect the information in accordance with the GDPR.

Additionally, we may disclose your data to public authorities (such as the tax authority, courts, or law enforcement bodies) where there is a legal obligation to do so.

8. International transfers

Some of the providers listed in section 7 are entities based in the United States. When transfers outside the European Economic Area occur, they are carried out under the safeguards provided by the GDPR:

  • Standard Contractual Clauses (SCCs) approved by the European Commission.
  • Adherence to the EU–U.S. Data Privacy Framework (DPF), where the provider is certified.
  • Additional technical and organizational measures to ensure a level of protection equivalent to that of the European framework.

You can request more details about these safeguards by writing to us at info@bloohawk.com.

9. Your rights

As a data subject, the GDPR grants you the following rights, which you may exercise free of charge at any time:

  • Access: to know what personal data we process about you.
  • Rectification: to correct inaccurate or incomplete data.
  • Erasure: to request the deletion of your data when it is no longer necessary.
  • Objection: to object to the processing of your data in certain cases.
  • Restriction: to request that we limit processing while a request is being verified.
  • Portability: to receive your data in a structured format and transfer it to another controller.
  • Withdrawal of consent: where processing is based on your consent, you may withdraw it at any time without affecting the lawfulness of prior processing.
  • Complaint: to lodge a complaint with the supervisory authority if you believe the processing does not comply with the regulation.

To exercise any of these rights, write to us at info@bloohawk.com. We will respond to your request within a maximum of one month.

To ensure that the request comes from the data subject, we may ask you to verify your identity before processing it (for example, by providing a copy of an identification document).

Automated decision-making: we do not carry out automated decision-making, including profiling, that produces legal effects on you or similarly significantly affects you.

If you believe the processing does not comply with the GDPR, you may lodge a complaint with the your national data protection authority.

10. Cookies

This site uses technical cookies necessary for its operation and, with your consent, analytical cookies to understand how the site is used and to improve it. You can review the details, periods, and revoke your consent in our Cookie policy.

11. Minors

We do not knowingly collect personal data from minors under 16 years of age. If you believe a minor has provided data without the consent of their parents or legal guardians, contact us at info@bloohawk.com and we will delete it without delay.

12. Changes to this policy

We may update this policy to reflect changes in our services, applicable legislation, or our practices. When changes are substantial, we will notify you through available channels (for example, a notice on the site or an email to subscribers). The date of the last update appears at the beginning of this document.

13. Contact

For any inquiries regarding this policy or the processing of your personal data, write to us at info@bloohawk.com.