Privacy Policy
Last updated: January 2026.
Data controller: cialiscomprar.com — Calle Jorge Juan, 6, 03002 Alicante (Alacant), Spain.
Contact: contact form.
At cialiscomprar.com we process your personal data in full compliance with European data protection law. This Privacy Policy explains what data we collect, for what purpose, how long we retain it, to whom we disclose it and what your rights are, in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council (GDPR) and Spanish Organic Law 3/2018 on Personal Data Protection and Digital Rights Guarantee (LOPDGDD).
1. Data Controller
Name: cialiscomprar.com
Address: Calle Jorge Juan, 6, 03002 Alicante (Alacant), Spain
Contact: Via the contact form available on the website
We are not required to designate a Data Protection Officer (DPO) under Article 37 of the GDPR given the volume and nature of our processing activities. For any query relating to the processing of your personal data, you may contact us directly through the contact form.
2. Personal Data We Collect
We collect only the personal data strictly necessary for managing your orders and providing our services. We do not collect data that is not necessary for these purposes.
| Category | Specific data | How collected |
|---|---|---|
| Identity data | Full name | Order form |
| Contact data | Email address | Order form |
| Delivery data | Full postal address (street, number, postcode, city) | Order form |
| Transaction data | Amount, date and order reference. We do not store full card numbers — payment data is processed directly by the certified payment gateway | Order system |
| Technical browsing data | IP address, browser type, pages visited, date/time of access (server technical data) | Automatically by the web server |
Data we do NOT collect: We do not collect phone numbers (not required), we do not store health data or medical history, we do not collect special category data under Article 9 GDPR. Products purchased form part of order history, but are not recorded as health data and are not used to create medical profiles.
3. Purposes and Legal Basis for Processing
| Purpose | Legal basis (GDPR) |
|---|---|
| Order management and processing | Art. 6(1)(b) — Performance of a contract to which the data subject is party |
| Shipment and delivery | Art. 6(1)(b) — Performance of contract |
| Invoicing and compliance with tax obligations | Art. 6(1)(c) — Compliance with a legal obligation |
| Customer service and incident management | Art. 6(1)(b) — Performance of contract |
| Fraud prevention and system security | Art. 6(1)(f) — Legitimate interests of the controller |
| Anonymous statistical analysis of website usage | Art. 6(1)(f) — Legitimate interests (anonymised data, no individual identification possible) |
We do not use your data for commercial communications or direct marketing without your explicit consent. We do not carry out profiling or automated decision-making with legal effects on users.
4. Data Retention
- Order and billing data (name, address, amount, date): retained for 5 years from the order date, in accordance with Spanish tax and commercial law obligations
- Email address for order-related communications: retained for the duration of the contract and until any pending incident is resolved
- Technical browsing data (server logs): retained for a maximum of 12 months
- Once retention periods expire, data will be securely deleted or irreversibly anonymised
5. Recipients and Data Transfers
Your personal data may be shared with the following types of third parties, strictly to the extent necessary to provide the service:
- Certified payment gateways: for secure payment processing. These entities act as data processors under confidentiality agreements and comply with PCI-DSS payment security standards. They do not receive health data or product history
- Courier and delivery companies: receive name and postal address solely for delivery purposes. They do not receive information about the contents of the shipment beyond what is necessary for logistics
- Public authorities and competent authorities: when required by legal obligation (Spanish Tax Agency, Courts and Tribunals)
We do not sell, transfer or rent your personal data to third parties for commercial or marketing purposes.
6. International Data Transfers
All data processing described in this policy takes place within the European Economic Area (EEA). We do not transfer personal data to third countries outside the EEA. Should an international transfer become necessary in the future, appropriate safeguards will be ensured in accordance with Chapter V of the GDPR.
7. Your Rights as a Data Subject
Under the GDPR, you have the following rights regarding your personal data:
Right of access (Art. 15)
Know what personal data we process about you, for what purpose, for how long and to whom it has been disclosed.
Right of rectification (Art. 16)
Request correction of inaccurate or incomplete data concerning you.
Right to erasure (Art. 17)
Request deletion of your data when it is no longer necessary for the purpose for which it was collected, provided there is no legal obligation to retain it.
Right to restriction (Art. 18)
Request restriction of processing in certain circumstances (e.g. while the accuracy of the data is being verified).
Right to portability (Art. 20)
Receive your data in a structured, commonly used and machine-readable format, to transmit it to another data controller.
Right to object (Art. 21)
Object to processing based on legitimate interests, including profiling.
How to exercise your rights: You can exercise any of these rights by sending us a request through the contact form, indicating the right you wish to exercise, your identifying details and, if possible, your order number. We will respond within a maximum of 30 days of receiving the request, in accordance with Article 12 of the GDPR.
8. Right to Lodge a Complaint with the Supervisory Authority
If you believe that processing of your personal data infringes applicable regulations, you have the right to lodge a complaint with the Spanish Data Protection Agency (Agencia Española de Protección de Datos — AEPD), which is the competent supervisory authority for cialiscomprar.com as a Spanish-based company:
- Website: www.aepd.es
- Postal address: C/ Jorge Juan, 6, 28001 Madrid, Spain
- Phone: +34 901 100 099 / +34 912 663 517
We encourage you to contact us first through our contact form to attempt to resolve any issue before approaching the supervisory authority.
9. Security of Your Data
We have implemented the technical and organisational measures necessary to ensure the security of your personal data and prevent its alteration, loss, processing or unauthorised access:
- 256-bit SSL encryption on all communications between your browser and our server
- No storage of full credit card details — transactions are processed in PCI-DSS certified environments
- Restricted access to personal data — only authorised staff can access the data necessary for their function
- Regular backups in secure environments
- Incident response procedures — in the event of a security breach affecting your data, you will be notified in accordance with Article 34 of the GDPR where required
10. Cookies
This website uses technically necessary cookies strictly required for the functioning of the shopping cart and navigation. We do not use advertising tracking cookies or third-party marketing cookies without your prior consent. For more information about the cookies we use and how to manage them, please see our Cookie Policy.
11. Changes to this Privacy Policy
We reserve the right to modify this Privacy Policy to comply with legislative changes or new processing practices. Any material change will be prominently communicated on the website at least 30 days before it takes effect. The date of the most recent update will always be visible at the top of this document.
12. Privacy Contact
For any query relating to the processing of your personal data, the exercise of your rights or any aspect of this Privacy Policy, contact us through the contact form. Please identify your query as "Data protection" for faster handling. We respond within a maximum of 30 days.
See also our Legal Liability page for information on the terms of use of this website.
