Legal

Privacy Policy

Last updated: June 25, 2026

This Privacy Policy explains how we collect, use and protect your personal data, in compliance with the EU General Data Protection Regulation (GDPR) and the Spanish Organic Law 3/2018 (LOPDGDD).

1. Data controller

Ronda Coffee, tax ID [NIF/CIF], registered at [Registered address, Barcelona]. Contact: hello@ronda.coffee.

2. Data we collect

  • Account data: name, email, delivery address, phone number.
  • Payment data: handled by our payment processor ([Stripe / Paddle]); we do not store full card numbers.
  • Subscription data: plan, roast preference, delivery history.
  • Technical data: IP address, browser, device and basic usage analytics — see our Cookie Policy.

3. Why we use your data

  • To deliver and manage your subscription (legal basis: contract).
  • To process payments and refunds (contract).
  • To comply with tax and accounting obligations (legal obligation).
  • To send service emails such as dispatch notifications and account changes (legitimate interest).
  • To send marketing emails — only with your consent, and you can unsubscribe anytime.

4. Sharing your data

We share data only with the following categories of recipients, as needed:

  • Payment processor ([Stripe / Paddle]).
  • Bike-courier and logistics partners in Barcelona.
  • Hosting and analytics providers.
  • Tax authorities and accountants where legally required.

We do not sell your personal data. Where a provider is outside the EEA, we ensure appropriate safeguards (Standard Contractual Clauses) are in place.

5. Retention

We keep account and order data for the duration of your subscription and for up to 6 years afterwards to comply with Spanish tax and accounting obligations. Marketing consents are kept until you withdraw them.

6. Your rights

You have the right to:

  • Access the personal data we hold about you.
  • Rectify inaccurate data.
  • Request deletion ("right to be forgotten"), subject to legal retention obligations.
  • Restrict or object to certain processing.
  • Data portability.
  • Withdraw consent at any time.

To exercise these rights, email hello@ronda.coffee. If you are unsatisfied with our response, you can file a complaint with the Spanish data protection authority, the Agencia Española de Protección de Datos (AEPD).

7. Security

We apply industry-standard technical and organisational measures to protect your data, including HTTPS, encrypted storage and access controls. No method of transmission over the Internet is 100% secure, but we work to protect your information.

8. Changes

Material changes to this policy will be communicated by email. The "Last updated" date above always reflects the current version.