Privacy policy

This Privacy Policy provides information on the personal data processed by ITSASO USOBIAGA ECHEVERRIA Y OTRA CB., as Controller of the data and information provided by users as a result of accessing, registering with and purchasing articles on the website This Privacy Policy is applicable together with the Terms & Conditions of Purchase and the Cookies Policy.

On accessing or using the Services, you accept and authorise the collection, processing and communication of your personal data as established in this Privacy Policy as well as the use of cookies as described in our Cookies Policy.


Controller: ITSASO USOBIAGA ECHEVERRIA Y OTRA CB, (hereinafter the Owner or MINUSSE).

TAX no.: E75206094

Company address: Ametzagaña 21 Bajo, CP 20012 Donostia (Gipuzkoa)

Email address:

MINUSSE as the controller of personal data, and in accordance with the stipulations of article 28.3 of Regulation 2016/679 of the European Parliament and the Council, of 27 April 2016 (GDPR), has taken all of the organisational and security measures required to correctly process said data. It therefore offers you as a User of the service detailed, clear and concise information on how your data are processed, its purpose, retention policies, also explaining how to exercise your rights of access, rectification, deletion, portability, objection and restriction of processing, and how to withdraw your consent in the legally established terms.


Depending on the products or functionalities of the website, we will need you to provide different kinds of data. Generally speaking, we process the following kinds of data:

  • Identification data (name, surname, address, language, details for the purposes of contacting you or sending you products);
  • Financial or other information related to the orders you place, returns, etc.;
  • Connection, browsing, geolocation data (if you are browsing on your mobile phone), etc.;
  • Commercial information.
  • Information on your tastes and preferences.

When asking you to fill in your personal data in order to access a certain website function or service, we will mark some of the fields as mandatory, since these data are essential for being able to provide you with the service or to enable your access to the function in question. Please note that if you decide not to give us said data, you may find that you are unable to complete your registration as a user or that you cannot enjoy these services or functions.

How we use the information we receive. Reasons for processing your information.

  • To manage your registration as a user:When registering on the website, you must give your identification details, such as your username and email address, in order that we may process your registration and enable access to the functions of your personal account. The legal ground for processing said data is your consent as a User. Your data will be kept while you are registered and a member of the community, unless other periods of retention apply.
  • To develop, fulfil and perform the contract of sale, or for the services you have contracted with us on the website: This also includes managing delivery of the products acquired.
  • Communications:We may send you emails, messages and other types of communication related to the services, technical questions and changes in these. Said communications are considered to be a part of the Service and you cannot refuse them.
  • Commercial Communications (Advertising):If you sign up for our newsletter, we can use your data to contact you, by email and otherwise, in order to proceed with surveys, to manage your subscription, including the sending of personalised information on our products based on your browsing statistics and/or preferences. You can unsubscribe from the newsletter at any time and at no cost by the means indicated on every notification, or by writing to ……….@……….., indicating “Unsubscribe” as the subject.




To manage your registration as a user:

Data processing is necessary for the purposes of the terms & conditions regulating your use of the website. Registering as a User of our website requires us to process your personal data since we would otherwise be unable to manage your registration. In the event that you choose to use the access or start session function through a social media, the legal ground for processing your data is the consent you give at the moment of authorising the disclosure of your data from the social media.

Fulfilment and performance of the contract:

Processing your data is necessary for the purposes of executing the contract of sale that binds us to you.

Customer service:

We have a legitimate interest in responding to the queries you send us through the different means of contact made available to you on the website. If these queries are related to purchases or orders made, we will observe all legal obligations when processing your data.

Commercial Communications (Advertising):

The legal ground for processing your data for marketing purposes is the consent you give us, for example, when signing up for our newsletter and accepting to receive personalised information.


The amount of time we keep your data will depend on the reasons for its processing:

  • To manage your registration as a user:For the time that you remain a registered user.
  • To proceed with, fulfil and execute a contract of sale: For the amount of time required to manage the sale, including potential associated returns or complaints. Data associated to invoices or purchase receipts will be kept for six years, until the expiry of our legal trading and tax obligations.
  • To manage communications and customer service: for the amount of time required to deal with your request.
  • Commercial Communications (Advertising):Until you unsubscribe from the newsletter.

In any event, we will keep your personal data, duly safeguarded and protected, for the amount of time that liabilities could arise from their processing, according to the regulations in place at all times. Once the potential actions have expired in each case, we will proceed to delete your personal data.


Generally speaking, MINUSSE will not disclose your personal data to third parties unless legally obliged to do so or when you have expressly authorised us to do so on using our services.

However, to fulfil the purposes described in this document, we inform you that certain organisations which provide services to us could have access to some of your personal data, such as, for example:

  • Financial institutions or E-payment services.
  • Providers of technology services.
  • Providers of delivery and/or transport services.
  • Providers of marketing and advertising services.
  • Providers of website analytics services.

Some of these providers may be located outside of the EU, such as, for example, in the United States. In cases such as these, we inform you that we transfer these data with the adequate guarantees given that said providers hold the Privacy Shield certification, which you can read about in the following link:


We undertake to respect the confidential nature of your personal data and to guarantee the exercising of your rights. Particularly, independently of the purpose or legal ground according to which we process your data, you are free to exercise your:

  • Right of access: enables the interested party to know and obtain information on all personal data processed.
  • Right to rectification: enables the correcting of mistakes, modification of inexact or incomplete data and guarantees the accuracy of the information processed.
  • Right to erasure: enables you to request the deletion of the data being processed.
  • Right to object: right of the interested party to demand that their personal data are not processed, or that the processing is stopped.
  • Restricted processing:In certain circumstances, the interested parties can request the restricted processing of their data, in which case said data will only be kept to exercise or respond to complaints.
  • Data portability: interested parties can ask to receive the data referring to them and provided to us, or that – when technically possible – we send them to another data controller of their choice, in a structured, commonly used and machine-readable format.
  • Right not to be the subject of automated decision-making (and profiling): the right not to be the subject of a decision taken automatically which causes or has significant effects.

Furthermore, you have the right to withdraw the consent given at any time, without this affecting the legal ground for the processing carried out based on the consent you gave at the moment of providing us with your data.

If you wish to exercise any of the above rights, please send a letter with all of your details, to: ITSASO USOBIAGA ECHEVERRIA Y OTRA CB, c/ Ametzagaña 21 Bajo, CP 20012 Donostia (Gipuzkoa), or an email to, attaching a copy of your ID card or any other valid identity document.

Lastly, we inform you of your right to make a complaint to the relevant data protection control authority, and in particular, to the Spanish Data Protection Agency, AEPD (


  • Minors: The Services are exclusively intended for people older than 14 years of age; if you are under that age, you are expressly forbidden to register with and to use said Services. Given that the website does not have a parental authorisation system allowing people under the age of 14 to register on the platform, you guarantee that you are older than the said age. We reserve the right to ask you for any information (a copy of your ID card for example) necessary in order to be able to verify your age, and to delete or disable any account opened by a person under said age or in the event that you fail to provide the documentation requested within the deadlines established in said request.
  • Truthfulness:The user states that the personal data provided to MINUSSE are true and up to date. However, when updating its databases, MINUSSE will block unnecessary or ineffective data, such as for example emails returned by the server from addresses which are non-existent or have been deleted.
  • Security measures: MINUSSE will take the appropriate technical and organisational measures in regard to its information system, thereby fulfilling the principle of proactive responsibility, with a view to guaranteeing the security and confidentiality of the data stored, thus preventing its unauthorised alteration, loss, processing or access. This will be carried out taking account of the state of technology, the application costs and the nature, scope, context and purposes of the processing, as well as the risks of likelihood and seriousness associated to each of the processing actions.