Privacy policy
PRIVACY POLICY
This Privacy Policy governs the processing of the personal data of users, customers and visitors of the website www.fleshlight.eu and its associated language or territorial versions.
This policy has been prepared in accordance with Regulation (EU) 2016/679, General Data Protection Regulation, Spanish Organic Law 3/2018 on the Protection of Personal Data and the guarantee of digital rights, and Spanish Law 34/2002 on information society services and electronic commerce.
1. Data controller
The data controller of the personal data processed through this website is:
Fleshlight International, S.L.
Tax ID No. (CIF/NIF): ESB91871202
Registered address: C/ Torre de los Herberos, 23, Polígono Industrial Carretera de la Isla, 41703 Dos Hermanas, Seville, Spain
Email address for privacy-related matters: eucustomerservice@fleshlight.com
2. Personal data we may process
Depending on your relationship with us and the functionalities you use, we may process the following categories of data:
a) Identification and contact data: first name, surname(s), postal address, billing address, delivery address, telephone number, email address and country or region.
b) User account data: login credentials, order history, preferences, account settings, saved items, products added to the cart, wishlist or similar functionalities.
c) Purchase and transaction data: products purchased, purchase date, amounts, discounts applied, returns, incidents, warranties, order status and communications related to the purchase.
d) Payment data: information necessary to manage payment for orders. Full card data or other payment method data will be processed, where applicable, by the corresponding payment service providers, without the controller necessarily storing the full card number, unless this is technically essential and in accordance with the applicable security standards.
e) Customer service data: queries, complaints, return requests, photographs or documentation that the user may send to evidence an incident, defect or error in the order.
f) Marketing and commercial preference data: email address, first name, surname(s), preferences expressed by the user, consent for commercial communications, unsubscribes or withdrawals.
g) Data relating to browsing and use of the website: IP address, online identifiers, device data, browser, language, country, pages visited, products viewed, interactions with the website, abandoned cart, source of the visit, cookies and similar technologies.
h) Data derived from the use of chat, virtual assistants or recommendation tools: messages entered by the user, queries, interactions, preferences or information necessary to provide assistance, recommend products or resolve questions.
3. Special consideration regarding the nature of the website
The website sells products intended for adults. Although the controller does not generally request specially protected data, it should be taken into account that certain operations —for example, the products viewed or purchased, the preferences voluntarily provided, interaction with recommendation tools or responses to certain forms— could allow inferences to be drawn regarding aspects of the user’s intimate sphere.
For this reason, the controller will apply enhanced criteria of minimisation, confidentiality, access limitation and storage limitation. Where certain processing operations may reveal aspects relating to the user’s sex life or intimate sphere and, in certain cases, allow inferences to be drawn regarding the user’s sexual orientation or other specially protected data, such processing will be carried out only where there is an appropriate legal basis and, where necessary, the user’s explicit consent or another exception provided for in Article 9 of the GDPR applies.
The user must not provide specially protected data unless it is strictly necessary for the specific purpose requested and there is an express requirement to do so.
4. Purposes of processing and legal basis
We process personal data for the following purposes and on the legal bases indicated below:
|
Purpose |
Legal basis |
|
Allow browsing of the website and ensure its technical and secure operation. |
Legitimate interest of the controller and, where applicable, consent for non-technical cookies. |
|
Create and manage a user account. |
Performance of a contract or implementation of pre-contractual measures. |
|
Process orders, payments, billing, delivery, returns and warranties. |
Performance of the sales contract and compliance with legal obligations. |
|
Manage queries, requests for information, complaints or incidents. |
Performance of a contract, implementation of pre-contractual measures and legitimate interest in assisting the user and defending the controller’s rights. |
|
Manage returns, defective or incorrect products, including the analysis of photographs or documentation provided. |
Performance of the contract, compliance with legal obligations and legitimate interest in verifying the incident. |
|
Send transactional or service communications related to orders, account, returns, security or relevant changes. |
Performance of the contract and compliance with legal obligations. |
|
Send commercial communications, promotions, discounts, newsletters or marketing campaigns. |
User consent and, where applicable, a prior contractual relationship under the terms permitted by the LSSI for similar products or services, always offering a simple mechanism to object. |
|
Manage the loyalty programme, discounts, promotions or associated benefits. |
Performance of the programme terms and consent where appropriate. |
|
Personalise the user experience, display related products or remember preferences. |
Consent, performance of a contract or legitimate interest, depending on the degree of personalisation and the type of data used. Where sensitive inferences may be generated, a reinforced legal basis will be required. |
|
Carry out statistical analysis, audience measurement, website improvement and commercial performance analysis. |
Consent for non-exempt analytical cookies and legitimate interest in aggregated or anonymous analyses. |
|
Carry out behavioural advertising, retargeting, campaign measurement, advertising pixels or browsing-based segmentation. |
User consent. |
|
Prevent fraud, abusive uses, unauthorised access, security incidents or unlawful activities. |
Legitimate interest of the controller and compliance with legal obligations. |
|
Comply with tax, accounting, commercial, consumer, regulatory obligations or authority requests. |
Compliance with legal obligations. |
|
Formulate, exercise or defend claims. |
Legitimate interest and, where applicable, Article 9(2)(f) GDPR where special categories of data are involved. |
5. Commercial communications
The user will only receive commercial communications where they have given their consent or where there is a prior contractual relationship that legally permits this in relation to similar products or services.
Each commercial communication will include a free, clear and simple mechanism to unsubscribe or withdraw consent. Withdrawal of consent will not affect the lawfulness of processing carried out before such withdrawal.
Commercial communications based on sensitive profiles or intimate preferences will not be sent unless valid consent exists and, where applicable, explicit consent.
6. Cookies and similar technologies
The website uses its own and third-party cookies and similar technologies to enable the technical operation of the site, manage the cart and the purchase process, remember preferences, analyse use of the website and, where applicable, display personalised advertising.
Technical or strictly necessary cookies may be installed without consent where they are essential to provide the requested service. Non-exempt analytical, advertising, affiliate, tracking or personalisation cookies will only be installed where the user has given their consent through the corresponding settings panel.
The user may accept, reject or configure cookies at any time through the panel enabled on the website.
For more information, please see the Cookie Policy.
7. Data recipients
Personal data may be communicated or made available to the following categories of recipients where necessary for the purposes indicated:
a) E-commerce platform, hosting, website maintenance and technology service providers, including Shopify.
b) Payment service providers, payment gateways, financial institutions and fraud prevention systems.
c) Transport, logistics, warehousing, distribution and delivery or return management companies.
d) Customer service providers, ticketing systems, chat, virtual assistants or support tools.
e) Email marketing, communication automation, CRM, loyalty programme or preference management providers.
f) Analytics, measurement, digital advertising, social media, affiliate, retargeting or campaign measurement providers, always in accordance with the user’s consent preferences.
g) Group companies or entities linked to the Fleshlight brand, where necessary for administrative, commercial, logistics, technological or regulatory compliance management.
h) Legal advisers, auditors, insurers, administrative authorities, public bodies, judges and courts where there is a legal obligation, valid request or need to defend rights.
Providers that process data on behalf of the controller will act as processors and must offer sufficient guarantees in accordance with Article 28 of the GDPR.
8. International data transfers
Certain technology, e-commerce platform, analytics, advertising, support, payment providers or group entities are located outside the European Economic Area or process data from third countries.
Where international data transfers take place, the Controller will adopt the safeguards provided for in the GDPR, including, where applicable, European Commission adequacy decisions, standard contractual clauses, binding corporate rules or other valid mechanisms.
In particular, the use of Shopify and certain technology providers may involve processing or access from countries outside the European Economic Area. The user may request additional information about the safeguards applied using the contact details indicated in this policy.
9. Storage periods
Personal data will be stored for the time necessary to fulfil the purpose for which it was collected and, thereafter, for the periods necessary to comply with legal obligations or possible liabilities.
By way of guidance:
a) User account data: while the account remains active and, after its closure, for the period necessary to address possible liabilities.
b) Order, billing and transaction data: for the period required by the applicable tax, accounting, commercial and consumer regulations.
c) Customer service, incident, return and complaint data: for the time necessary to manage the request and, thereafter, for the limitation period of possible actions or liabilities.
d) Data processed for commercial purposes: until the user withdraws their consent, unsubscribes or objects to the processing. A minimum suppression list may be retained to prevent further unwanted communications.
e) Data relating to cookies: for the periods indicated in the Cookie Policy or in the settings panel.
f) Data processed for fraud prevention or security: for the time necessary to investigate and prevent abusive, fraudulent or unlawful conduct and, where applicable, for the limitation period for liabilities.
g) Data that may reveal particularly sensitive information: it will be stored applying enhanced minimisation criteria and only for the time strictly necessary.
Once the applicable periods have ended, the data will be erased, anonymised or blocked where appropriate in accordance with the applicable regulations.
10. User rights
The user may exercise the following rights:
a) Right of access.
b) Right to rectification.
c) Right to erasure.
d) Right to object.
e) Right to restriction of processing.
f) Right to data portability.
g) Right to withdraw consent at any time.
h) Right not to be subject to decisions based solely on automated processing, including profiling, where they produce legal effects or similarly significantly affect the user.
To exercise these rights, the user may contact:
Email address: eucustomerservice@fleshlight.com
Postal address: Fleshlight International, S.L., C/ Torre de los Herberos, 23, 41703 Dos Hermanas, Seville, Spain.
The request must clearly indicate the right the user wishes to exercise and allow the applicant to be identified. Where there are reasonable doubts as to the user’s identity, additional information strictly necessary to verify it may be requested.
The user also has the right to lodge a complaint with the Spanish Data Protection Agency or with the competent supervisory authority in their country of residence.
11. Security and confidentiality
The controller will apply appropriate technical and organisational measures to protect personal data against unauthorised access, loss, destruction, alteration, unlawful disclosure or unlawful processing.
These measures will be applied taking into account the nature of the data processed, the context of the processing, the state of the art, the existing risks and, in particular, the possible sensitivity of certain purchases, preferences or interactions carried out on a website for adult products.
Personnel and providers with access to personal data will be subject to confidentiality obligations.
12. Minors
The website is intended exclusively for adults. The use of the website and the purchase of products by minors are not permitted.
If the controller becomes aware that it has processed personal data of a minor without a valid legal basis, it will proceed to erase such data as soon as possible.
13. Virtual assistants, recommendations and AI-generated content
The website may incorporate assistance, recommendation or chatbot tools. Queries entered by the user may be processed to respond to their request, provide support, advise on products or improve the user experience.
The user must not enter particularly sensitive information, third-party data or information unnecessary for the query in such tools. Where the tools are used for personalisation, commercial recommendation or preference analysis, the processing will be carried out in accordance with the legal bases indicated in this policy and, where applicable, on the basis of the user’s consent.
14. Links to third parties
The website may contain links to third-party pages, social media, affiliate platforms, blogs, live camera services, wholesalers or other external sites.
The controller does not control such sites or their privacy practices. The user must review the applicable privacy policies before providing personal data to third parties.
Some of the aforementioned sites are restricted to adults.
15. Changes to the policy
The controller may amend this Privacy Policy where necessary to adapt it to legal, technical, organisational or website operational changes.
Where changes are relevant, the user will be informed by appropriate means and, where necessary, their consent will be obtained again.