★ Free tracked shipping · 8-12 days30-day return if unusedCREATH Mat Set · Acupressure mat + neck pillowCurated in Europe3-year EU statutory warranty★ Free tracked shipping · 8-12 days30-day return if unusedCREATH Mat Set · Acupressure mat + neck pillowCurated in Europe3-year EU statutory warranty

Privacy policy.

What data we collect, what we use it for, and what your rights are. In compliance with GDPR and the Spanish LOPDGDD.

1. Data controller

  • Legal name: CREATH LAB, S.L.
  • Tax ID (NIF/CIF): [CIF — TO FILL]
  • Address: [FULL ADDRESS — TO FILL]
  • Email: info@creathlab.com
  • Data Protection Officer (DPO): not mandatorily required. For any matter related to personal data, write to info@creathlab.com.

2. What data we collect

The data we process varies depending on your interaction with us:

  • If you place an order: name, surname, ID document number (when invoicing requires it), shipping and billing address, email, phone, payment data (processed by our payment provider — we don't store card numbers).
  • If you subscribe to the newsletter: email and, optionally, name.
  • If you write to us: the content of the message and any data you choose to share.
  • If you browse the website: technical data such as IP address, browser type, pages visited and duration (see Cookie Policy).

3. What we use your data for and legal basis

PurposeLegal basis
Manage your order (shipping, billing, customer service)Contract performance
Comply with legal obligations (tax, accounting, consumer)Legal obligation
Send commercial communications or newsletterConsent
Improve the website and prevent fraudLegitimate interest

4. How long we keep your data

  • Order data: throughout the contractual relationship and applicable legal periods (minimum 6 years for tax and accounting obligations).
  • Newsletter data: until you unsubscribe (one click in any email).
  • Contact/inquiry data: until your request is resolved plus a maximum of 12 additional months.

5. Who we share your data with

We only share data with providers we need to deliver the service. All are bound by GDPR-compliant data processor contracts:

  • Shopify (Canada / USA) — e-commerce platform. International transfer covered by the Standard Contractual Clauses of the European Commission.
  • Stripe (Ireland / USA) — payment processor.
  • DSers + logistics provider — order management and delivery. We share your name, shipping address and email with the logistics operator so they can deliver the package. International transfer covered by the Standard Contractual Clauses where applicable.
  • Transactional email provider (EU) — sending confirmations and newsletter.

We don't sell your data. Ever. To anyone.

6. Your rights

As data subject, you have the right to:

  • Access: ask what data of yours we hold.
  • Rectification: correct it if inaccurate.
  • Erasure ("right to be forgotten"): delete it when no longer necessary.
  • Objection: object to a specific processing.
  • Restriction: ask us to limit processing.
  • Portability: receive your data in a structured format.
  • Revoke consent at any time (without retroactive effect).

To exercise any of these rights, write to info@creathlab.com indicating the right exercised and attaching a copy of your ID or equivalent document. We'll respond within a maximum of 30 days.

7. Complaints to the AEPD

If you believe we are not properly handling your request, you have the right to file a complaint with the Spanish Data Protection Agency: www.aepd.es · C/ Jorge Juan, 6 · 28001 Madrid.

8. Security

We apply reasonable technical and organisational measures to protect your data: HTTPS encryption across the entire website, system access controls, encrypted backups and internal privacy training. No system is 100% secure, but we do what's in our hands.

9. Changes to this policy

If we update this policy, we'll publish the new version here with the update date. If changes are substantial, we'll notify you by email.

Last updated: 10 May 2026.