Privacy policy
Note — unofficial translation. This English version is provided for convenience only. The legally binding version of this document is the Spanish one, available at /legal/privacidad. In the event of any discrepancy between the two versions, the Spanish text shall prevail.
At Jamonarea Online SL we take the protection of your personal data seriously. This policy explains, in clear language, what data we collect, what we use it for, who we share it with and what rights you have over it, in accordance with Regulation (EU) 2016/679 (GDPR) and the Spanish Organic Law 3/2018 on the Protection of Personal Data and the Guarantee of Digital Rights (LOPDGDD).
Data controller
- Identity: Jamonarea Online SL
- Tax ID (NIF): B37501764
- Postal address: Filiberto Villalobos 35, 37770 Guijuelo, Salamanca (Spain)
- Contact and data protection email: info@jamongourmet.es
- Telephone: +34 623 76 35 49
For any matter related to the processing of your personal data, you may contact the email address indicated.
Personal data we collect
We process only the data necessary to provide our services:
- Identifying and contact data: first and last name, postal address for shipping and billing, email and telephone.
- Payment data: managed directly by the external payment gateway. We do not store full bank card details or payment credentials on our servers.
- Order data: purchase history, amounts, products and shipping preferences.
- Browsing data and server logs: IP address, browser type, pages visited and date/time of access, for security and fraud-prevention purposes.
- Voluntary data: that which you provide to us in email communications or forms.
Purposes of the processing
We use your data for the following purposes:
- Order management: processing, preparation, shipping and tracking of the products purchased.
- Customer service: responding to your enquiries, managing incidents and complaints.
- Billing: issuing invoices and complying with tax and accounting obligations.
- Informative communications: sending news, promotions or a newsletter, only if you have given express consent (opt-in).
- Website improvement and security: aggregate usage analysis and prevention of unauthorised access.
Legal basis for the processing
- Performance of the sales contract (art. 6.1.b GDPR): to process your orders and provide the service.
- Legal obligation (art. 6.1.c GDPR): for billing and the retention of tax documentation.
- Consent (art. 6.1.a GDPR): for sending commercial communications by email.
- Legitimate interest (art. 6.1.f GDPR): for site security, fraud prevention and service improvement.
Retention period
- Contractual and billing data: kept for a minimum of 6 years from the date of the transaction, in accordance with the Spanish Commercial Code and applicable tax regulations.
- Marketing data: until you withdraw consent.
- Server logs: for the period strictly necessary for security purposes, normally no longer than 12 months.
- Customer-service enquiries: for the time necessary to resolve them and the applicable legal limitation periods.
Once the periods have elapsed, the data will be deleted or anonymised.
Recipients and disclosures
To provide the service, we share strictly necessary data with the following recipients, all of them subject to data-processor contracts:
- Transport and courier companies: for the physical delivery of the order (name, address, telephone).
- Payment gateway: for charging the transaction.
- Transactional email provider: for sending order confirmations and notifications.
- Cloudflare: as the website’s CDN and security services provider.
- Ecwid: as the technical e-commerce platform that supports the online shop.
We do not make disclosures to third parties for their own commercial purposes. No international data transfers outside the European Economic Area (EEA) are foreseen, except in the case of Cloudflare, for which appropriate safeguards exist through Standard Contractual Clauses (SCC) approved by the European Commission.
User rights
You may exercise the following rights over your personal data at any time:
- Access to the data we process about you.
- Rectification of inaccurate or incomplete data.
- Erasure (“right to be forgotten”) when it is no longer necessary.
- Objection to the processing for reasons related to your particular situation.
- Restriction of the processing in the legally provided cases.
- Portability of the data you have provided to us, in a structured format.
- Withdrawal of the consent given, without retroactive effects.
- Lodging a complaint with the Spanish Data Protection Agency (AEPD), www.aepd.es, if you consider that the processing does not comply with the regulations.
How to exercise the rights
To exercise any of the above rights, send an email to info@jamongourmet.es indicating:
- The right you wish to exercise.
- First and last name.
- A copy of your ID or equivalent identifying document to verify your identity.
We will reply within a maximum of one month from receipt of the request.
Cookies and analytics
This site uses:
- Necessary technical cookies for the operation of the shopping cart and the session. These cookies do not require prior consent.
We do not use advertising cookies or cross-site tracking.
Usage analytics
This site uses Cloudflare Web Analytics, operated by Cloudflare, Inc. (United States), with international transfers under Standard Contractual Clauses (SCC) and the EU–US Data Privacy Framework (DPF).
Cloudflare Web Analytics is a cookieless tool: it does not set cookies in your browser and does not process personally identifiable data. It only aggregates traffic anonymously (pages visited by URL, country, device type and referrer).
For this reason, under art. 22.2 of the Spanish LSSI, no prior consent is required for this analytics.
You may consult Cloudflare’s privacy policy at https://www.cloudflare.com/privacypolicy/.
Modifications to the policy
We may update this policy to reflect legal or service changes. We will give at least 15 days’ notice through publication on the website and, where applicable, by email to the affected persons.
Last updated
20 May 2026.