Privacy Policy · Startoner
This Privacy Policy regulates the processing of personal data that CHICTRATEC S.L. (hereinafter, "Startoner") carries out on the website www.star-toner.com in compliance with the UK GDPR / EU General Data Protection Regulation (Regulation (EU) 2016/679) and the UK Data Protection Act 2018 (UK customers).
1. Data controller
- Identity: CHICTRATEC S.L. ("Startoner")
- CIF: B72834534
- Address: Calle Océano Atlántico 38, Palmones, 11379 Los Barrios, Cádiz, Spain
- Email: info@star-toner.com
- Phone: +34 651 78 80 90
2. Data Protection Officer (DPO)
Startoner is not legally obliged to appoint a Data Protection Officer under Art. 37 GDPR. For any privacy enquiry you can contact the controller directly via info@star-toner.com with the subject "Privacy".
3. Data we process
- Identification and contact data: name, surname, tax / VAT ID (for invoicing), shipping and billing address, phone, email.
- Transactional data: order history, amounts, payment methods (card data are processed by the payment gateway · Stripe / Shop Pay / PayPal · Startoner does not store the PAN).
- Account data: login credentials, preferences, wish list.
- Usage and device data: IP address, cookie identifiers, browser type, operating system, navigation events (only with explicit consent for analytics or advertising cookies).
- Communication data: content of messages you send us (email, contact form, WhatsApp).
4. Purposes and lawful bases (Art. 6 GDPR)
| Purpose | Lawful basis | Retention period |
|---|---|---|
| Order management and delivery, after-sales, warranty and returns | Performance of contract (Art. 6.1.b GDPR) | Duration of contract + 6 years (Limitation Act 1980 UK) |
| Tax and accounting obligations | Legal obligation (Art. 6.1.c GDPR; HMRC requirements; Companies Act 2006) | 6 years (HMRC); 10 years (Spanish records) |
| Customer account management | Performance of contract (Art. 6.1.b GDPR) | While account active; 12 months after inactivity |
| Newsletter / commercial communications | Consent (Art. 6.1.a GDPR; PECR 2003 UK) | Until consent withdrawn |
| Analytics and advertising cookies | Consent (Reg. 6 PECR 2003 UK; ePrivacy Directive EU) | Until withdrawal; max. 24 months |
| Strictly necessary cookies (session, cart, language) | Legitimate interest in service operation (Art. 6.1.f GDPR; PECR exemption) | Session or technical minimum |
| Fraud prevention | Legitimate interest (Art. 6.1.f GDPR) | 1 year from transaction |
| Complaints and disputes | Legitimate interest / legal obligation | Until time-bar + 1 year |
5. Data recipients
We share data exclusively with processors necessary to deliver the service:
- Shopify International Limited (e-commerce platform · EU/US)
- Stripe / PayPal / Shop Pay (payment gateways)
- Correos Express, GLS, DHL, Royal Mail / Parcelforce (shipping)
- Klaviyo Inc. (email marketing and CRM · only with consent)
- Google LLC (Google Analytics 4, Google Ads · only with cookie consent)
- Judge.me (review management)
- Meta Platforms / Microsoft Bing (advertising and measurement · only with consent)
No transfers to third parties for other purposes except by legal obligation.
6. International transfers
Some processors (Shopify, Stripe, Klaviyo, Google, Meta) are headquartered or process data in the United States. These transfers are covered by:
- The UK-US Data Bridge / EU-US Data Privacy Framework, approved by UK Government extension and EU Commission Adequacy Decision of 10 July 2023; and/or
- UK International Data Transfer Agreement (IDTA) / EU Standard Contractual Clauses (SCCs) approved by Decision 2021/914, with supplementary measures (encryption in transit and at rest, access controls).
You can request a copy of the SCCs/IDTA by writing to info@star-toner.com.
7. Your rights
Under Art. 15 to 22 of the UK / EU GDPR you can exercise the following rights:
- Access: know what data we process (Art. 15).
- Rectification: correct inaccurate data (Art. 16).
- Erasure / "right to be forgotten": deletion when no longer necessary (Art. 17).
- Restriction of processing: temporary block (Art. 18).
- Portability: receive data in a structured, commonly-used format (Art. 20).
- Objection: in particular to direct marketing and profiling (Art. 21).
- Not be subject to automated decisions: including profiling (Art. 22).
- Withdraw consent: at any time, without affecting prior processing (Art. 7.3).
You can exercise them by emailing info@star-toner.com with a copy of your ID. We respond within the maximum period of one month (Art. 12.3 GDPR).
8. Complaint to the supervisory authority
If you believe the processing of your data does not comply with regulations, you have the right to lodge a complaint with the relevant supervisory authority:
- UK · Information Commissioner's Office (ICO): ico.org.uk · 0303 123 1113
- EU · your local Data Protection Authority (e.g. Spanish AEPD, French CNIL, German BfDI).
9. Mandatory nature of data
The data requested in order and registration forms are necessary for performance of the contract. Refusal to provide them prevents processing of the order. Data requested for the newsletter are voluntary: refusal only prevents receipt of commercial communications.
10. Automated decisions and profiling
Startoner uses product recommendations and email segmentation based on purchase and browsing history (profiling). These decisions do not produce significant legal effects on the customer and are made solely for commercial purposes. You can object to profiling at any time under Art. 21.2 GDPR.
11. Cookies
Cookie use is governed by our Cookie Policy. You can review and modify your preferences at any time by clicking "Cookies" in the footer.
12. Changes
Startoner may update this Policy. The current version with its last-updated date is always available on this page. If changes affect consent-based processing, we'll request fresh consent.
Last updated: 27 April 2026.