Privacy Policy

Last Update: February 2026

1. Introduction

Sandro Sandri is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website and make purchases. This policy complies with the General Data Protection Regulation (GDPR) and Portuguese data protection laws.

2. Data Controller

Data Controller: Sandro Sandri

Contact Email: sandrosandri.bysousa@gmail.com

If you have any questions about this Privacy Policy or our data practices, please contact us using the email address above.

3. Data We Collect

We collect the following types of personal data:

  • Identity Data: Name, email address
  • Contact Data: Shipping address, billing address, phone number, postal code, city, country
  • Payment Data: Payment method information (processed securely by Stripe - we do not store full payment card details)
  • Transaction Data: Purchase history, order details, product preferences, sizes selected
  • Profile Data: Account information, preferences, favorites, shopping cart contents
  • Technical Data: IP address, browser type, device information, website usage data
  • Marketing Data: Newsletter subscription preferences, marketing communications consent

4. How We Use Your Data

We use your personal data for the following purposes:

  • Order Processing: To process and fulfill your purchases, including shipping and delivery
  • Customer Service: To respond to your inquiries, provide support, and handle returns
  • Account Management: To manage your account, process payments, and maintain your order history
  • Marketing Communications: To send you newsletters, promotional offers, and updates about new collections (only with your consent)
  • Website Improvement: To analyze website usage, improve our services, and enhance user experience
  • Legal Compliance: To comply with legal obligations, including tax and accounting requirements

5. Legal Basis for Processing

We process your personal data based on the following legal grounds under GDPR:

  • Contract Performance: Processing necessary to fulfill purchase contracts and deliver products
  • Consent: For marketing communications and newsletter subscriptions (you can withdraw consent at any time)
  • Legitimate Interests: For website analytics, fraud prevention, and business operations
  • Legal Obligation: To comply with tax, accounting, and other legal requirements

6. Data Processors

We use third-party service providers who act as data processors:

  • Stripe: Payment processing and secure payment handling. Stripe processes payment information in accordance with their Privacy Policy and PCI-DSS standards. We do not store full credit card details.
  • Vercel: Website hosting and infrastructure services
  • Resend: Email delivery services for transactional and marketing emails
  • Formspree: Form submission handling for waitlist and contact forms

All data processors are contractually obligated to protect your data and comply with GDPR requirements.

7. Your Rights Under GDPR

You have the following rights regarding your personal data:

  • Right of Access: Request a copy of your personal data we hold
  • Right to Rectification: Request correction of inaccurate or incomplete data
  • Right to Erasure: Request deletion of your personal data ("right to be forgotten")
  • Right to Restrict Processing: Request limitation of how we process your data
  • Right to Data Portability: Receive your data in a structured, machine-readable format
  • Right to Object: Object to processing based on legitimate interests or for marketing purposes
  • Right to Withdraw Consent: Withdraw consent for marketing communications at any time

To exercise any of these rights, please contact us at sandrosandri.bysousa@gmail.com. We will respond to your request within 30 days.

8. Cookies

Our website uses cookies and similar technologies to:

  • Maintain your shopping cart and preferences
  • Remember your login status
  • Analyze website traffic and usage
  • Improve website functionality

You can control cookies through your browser settings. However, disabling cookies may affect website functionality.

Types of cookies we use:

  • Essential Cookies: Required for website functionality (shopping cart, authentication)
  • Analytics Cookies: Help us understand how visitors use our website
  • Functional Cookies: Remember your preferences and settings

9. Data Security

We implement appropriate technical and organizational measures to protect your personal data:

  • Encryption of data in transit (HTTPS/TLS)
  • Secure password storage using bcrypt hashing
  • Access controls and authentication
  • Regular security audits and updates
  • Secure payment processing through Stripe

However, no method of transmission over the Internet is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.

10. Data Retention

We retain your personal data only for as long as necessary:

  • Account Data: Retained while your account is active
  • Order Data: Retained for 7 years for tax and accounting purposes (as required by Portuguese law)
  • Marketing Data: Retained until you unsubscribe or withdraw consent
  • Technical Data: Retained for up to 2 years for analytics purposes

After the retention period, we will securely delete or anonymize your data.

11. International Data Transfers

Your data may be transferred to and processed in countries outside the European Economic Area (EEA), including the United States (for Stripe and other service providers). We ensure appropriate safeguards are in place, including:

  • Standard Contractual Clauses approved by the European Commission
  • Service providers certified under appropriate data protection frameworks

12. Children's Privacy

Our website is not intended for children under 16 years of age. We do not knowingly collect personal data from children. If you believe we have collected data from a child, please contact us immediately.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new Privacy Policy on this page and updating the "Last Update" date. Your continued use of our website after changes constitutes acceptance of the updated policy.

14. Contact Us

If you have questions, concerns, or wish to exercise your rights under GDPR, please contact us:

Email: sandrosandri.bysousa@gmail.com

You also have the right to lodge a complaint with the Portuguese data protection authority (Comissão Nacional de Proteção de Dados - CNPD) if you believe your data protection rights have been violated.

Your Cart

Your cart is empty

Continue Shopping
Subtotal €0
View Cart Checkout