Privacy & cookies policy
Last updated: 12 May 2026
This policy explains how DripItBro handles your personal data under Regulation (EU) 2016/679 (GDPR), Spain's Organic Law 3/2018 on Personal Data Protection (LOPDGDD) and Law 34/2002 on Information Society Services (LSSI-CE).
1. Data controller
The data controller is Olga Savikovskaia, sole-trader in Spain (DripItBro), with fiscal address in Valencia, Spain. For supplies and purchases on the DripItBro brand, Vitalii Ionov — sole-trader in Spain, NIE Y5805328G, also based in Valencia — acts as joint controller.
Contact email for privacy matters: [email protected].
2. Categories of data we process
We process only the data strictly necessary for the purposes set out below:
- Identification and contact data: name, company, email, phone.
- Request data: segment, estimated volume, free-text message from the wholesale form.
- Order and billing data: shipping address, NIF/NIE/CIF when the customer is a business, amount and payment method.
- Browsing data: IP address (anonymised in analytics), device type, pages visited, identifiers from accepted cookies.
- Communications data: the content of your messages to [email protected] or equivalent channels.
3. Purposes and legal basis
We process your data for the following purposes, each with its own legal basis:
- Respond to wholesale and B2B form requests and send you a quote — pre-contractual measures at the data subject's request (art. 6.1.b GDPR).
- Process orders, payments, shipping and invoicing — performance of a contract (art. 6.1.b) and compliance with tax obligations (art. 6.1.c).
- Send commercial communications about our own similar products to existing customers — legitimate interest (art. 6.1.f GDPR, art. 21.2 LSSI-CE), with an opt-out in every email.
- Website analytics — consent (art. 6.1.a GDPR; art. 22 LSSI-CE for the cookies).
- Marketing and remarketing — consent (art. 6.1.a GDPR; art. 22 LSSI-CE).
4. Retention periods
We keep your data only for as long as needed for the purpose it was collected for:
- Form requests without a purchase: 12 months after the last contact, then deleted or anonymised.
- Customer data with an order: throughout the commercial relationship and afterwards for legal prescription periods (up to 6 years for accounting and tax obligations under the Spanish Commercial Code and General Tax Law).
- Marketing data based on consent: until you withdraw consent or after 24 months without interaction.
- Cookies: as stated in the cookie table in section 7. Your consent choice is stored for 12 months.
5. Recipients and processors
We do not sell your data. We share information, only as strictly necessary, with the following processors, all bound by a written agreement and adequate safeguards:
- Vercel Inc. (USA): Website hosting and performance metrics (Vercel Analytics). International transfer covered by the European Commission's Standard Contractual Clauses.
- Google Ireland Limited (Ireland) — Google Analytics 4: Site-usage analytics with IP anonymisation. Loaded only after consent.
- Stripe Payments Europe Ltd. (Ireland): Card-payment processing. Card data is handled directly by Stripe; we do not store it.
- Resend (USA): Transactional email delivery (order and form confirmations). Standard Contractual Clauses.
- Jotform Inc. (USA): Collection and storage of wholesale-form submissions. Standard Contractual Clauses.
- Migadu (Switzerland): Mail server for [email protected]. Switzerland is covered by a European Commission adequacy decision.
6. Your rights
You can exercise the following rights free of charge at any time, as granted by articles 15–22 GDPR:
- Access: find out what data we hold about you and obtain a copy.
- Rectification: correct inaccurate or incomplete data.
- Erasure (right to be forgotten): delete data that is no longer necessary.
- Objection: object to processing based on legitimate interest or to direct marketing.
- Restriction: ask us to keep your data without further processing while we verify a request.
- Portability: receive your data in a structured format and port it to another controller.
- Withdraw consent: at any time, without affecting earlier consent-based processing.
To exercise any of these rights, write to [email protected] with "Privacy — [right you want to exercise]" in the subject and a copy of your ID. We will reply within one month at most.
If you believe we have not handled your right correctly, you can lodge a complaint with the Spanish Data Protection Agency (AEPD), C/ Jorge Juan 6, 28001 Madrid, online portal https://sedeagpd.gob.es.
7. Cookies and similar technologies
We only install non-essential cookies after you explicitly accept them in the banner. The cookies we use are:
| Cookie | Category | Purpose | Duration | Provider |
|---|---|---|---|---|
| dripitbro_cookie_consent | Necessary | Remembers your cookie choice (stored in localStorage). | 12 months | DripItBro (first-party) |
| dripitbro_cart | Necessary | Keeps items in your shopping cart between pages (localStorage). | Session | DripItBro (first-party) |
| _ga, _ga_* | Analytics | User and session identifier for Google Analytics 4. IP anonymised. | 24 months | Google Ireland Ltd. |
| _vercel_analytics | Analytics | Aggregated site-performance metrics (Web Vitals). | Session | Vercel Inc. |
| __stripe_mid, __stripe_sid | Necessary (payment) | Fraud prevention during checkout. Only set when you start the payment flow. | 12 months / 30 minutes | Stripe Payments Europe Ltd. |
You can change your choice at any time from the "Cookie preferences" link in the footer, or disable cookies in your browser settings. If you disable them, some features (cart, checkout) may not work correctly.
8. International transfers
Some of our processors (Vercel, Google, Resend, Jotform, Stripe) process data outside the European Economic Area. In those cases we ensure an adequate level of protection through (a) European Commission adequacy decisions where available, (b) Standard Contractual Clauses approved by the Commission, or (c) EU–U.S. Data Privacy Framework certifications where applicable.
9. Minors
Our products are intended for adults over 18. We do not knowingly process data from minors. If you believe a minor has provided us with data, please email [email protected] and we will delete it.
10. Changes to this policy
We may update this policy to reflect legal or service changes. Any changes will be posted on this page, and if substantial we will notify you by email before they take effect.
11. Contact
For any questions about this policy or to exercise your rights, please email [email protected].