24-48h shipping in SpainFree 30-day returns100% secure payments with StripeDirect support within 24h
Jolnir
Cart

Legal

Privacy policy

Last updated: 21 April 2026

At Jolnir we take privacy seriously. This policy explains what personal data we collect through jolnirsport.com, for what purposes, how long we keep it, with whom we share it and how you can exercise your rights, all in accordance with EU Regulation 2016/679 (GDPR) and Spanish Organic Law 3/2018 on Data Protection (LOPDGDD).

1. Data controller

2. Data we process and purposes

a) Order management and invoicing

  • Data: name and surname, email, phone, shipping and billing address, purchase history.
  • Purpose: process your order, handle payment, deliver the products, issue the invoice and comply with tax and accounting obligations.
  • Legal basis: performance of the sales contract (art. 6.1.b GDPR) and compliance with legal obligations (art. 6.1.c GDPR).

b) Transactional communications

  • Data: email, order details.
  • Purpose: send you the order confirmation, shipping and tracking notifications, and return-related messages.
  • Legal basis: performance of the contract.

c) Newsletter and marketing

  • Data: email, preferred language, subscription date and source.
  • Purpose: inform you about news, offers, product launches and useful content for athletes.
  • Legal basis: your consent (art. 6.1.a GDPR), which you can withdraw at any time using the unsubscribe link in every email or writing to info@jolnirsport.com.

d) Customer support

  • Data: whatever you provide by email or contact form.
  • Purpose: respond to your queries, complaints and requests.
  • Legal basis: your consent and/or performance of the contract.

e) Browsing and cookies

  • Data: IP address, device identifiers, language preferences, cart contents, cookies.
  • Purpose: keep the site working, remember your preferences, and, where applicable, measure aggregate usage.
  • Legal basis: legitimate interest in operating the site (technical cookies) and consent for any other category. Details in the Cookie policy.

3. Retention periods

  • Order and invoice data: six (6) years from the last invoice, as required by Spanish Commercial Code and tax rules.
  • Newsletter data:until you withdraw your consent ("unsubscribe").
  • Support queries: as long as needed to resolve them plus up to three (3) years for possible legal defence.
  • Browsing data and cookies: see Cookie policy.

4. Recipients and processors

To operate the store we rely on GDPR-compliant providers with whom we have signed data processing agreements:

  • Stripe Payments Europe, Ltd. — payment processing. We neither store nor see your card number; Stripe processes it under PCI-DSS.
  • Resend, Inc. — transactional and newsletter email delivery.
  • Supabase, Inc. — database where we store orders and newsletter subscribers.
  • Amazon EU S.à r.l. — through Multi-Channel Fulfillment (MCF), collects the product from the warehouse and ships it to your address; also manages returns.
  • Vercel Inc. — hosting and delivery of the website.

We do not sell or share your data with third parties for commercial purposes. We will only disclose data to public authorities when required by law.

5. International transfers

Some providers have their headquarters in the United States (e.g. Stripe Inc., Resend Inc., Vercel Inc.). These transfers rely on (i) the EU-US Data Privacy Framework where the provider is certified and (ii) the Standard Contractual Clauses approved by the European Commission, with additional safeguards where appropriate. In all cases data is processed under protection levels equivalent to European standards.

6. Your rights

You can exercise the following rights at any time by writing to info@jolnirsport.comwith the subject "GDPR" and evidence of your identity:

  • Access: know what data we process about you.
  • Rectification: correct inaccurate or incomplete data.
  • Erasure: ask us to delete your data when no longer necessary or when you withdraw consent.
  • Objection: object to processing based on your particular situation.
  • Restriction: restrict processing while a complaint is resolved.
  • Portability: receive your data in a structured format and transfer it to another controller.
  • Withdraw consent at any time, without affecting the lawfulness of prior processing.

If you believe your rights have not been properly addressed, you can lodge a complaint with the Spanish Data Protection Agency (www.aepd.es).

7. Security

We apply appropriate technical and organisational measures: HTTPS, password hashing, database access control, audit logs, and encryption in transit and at rest with our providers.

8. Minors

Jolnir services are not addressed to children under 14. If you are a minor, you need consent from your parent or legal guardian to provide personal data.

9. Changes to this policy

We may update this policy to reflect changes in law, technology or our operations. The last-updated date appears at the top of the document. If the changes are material, we will notify you by email or with a prominent notice on the site.