Links ✨

Website Privacy Policy

stahrlust.com

I. PRIVACY AND DATA PROTECTION POLICY

In compliance with the legislation in force, Stahrlust (hereinafter also referred to as the “Website”) undertakes to adopt the necessary technical and organizational measures, according to the level of security appropriate to the risk of the data collected.

Laws Included in This Privacy Policy

This privacy policy is adapted to current Spanish and European legislation regarding the protection of personal data on the Internet. In particular, it complies with the following regulations:

  • Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 (GDPR), on the protection of natural persons regarding the processing of personal data and the free movement of such data.
  • Organic Law 3/2018, of 5 December, on the Protection of Personal Data and the Guarantee of Digital Rights (LOPD-GDD).
  • Royal Decree 1720/2007, of 21 December, approving the Regulation implementing Organic Law 15/1999 on the Protection of Personal Data.
  • Law 34/2002, of 11 July, on Information Society Services and Electronic Commerce (LSSI-CE).

Identity of the Data Controller

The Data Controller for personal data collected on Stahrlust is:
Ana Montiel Moreno, NIF: 26831431E
(hereinafter, the “Controller”).

Contact Information:

  • Address: Ana Montiel Moreno, Camino San Alberto Bloque 10 3A, ES 29010 Málaga, Spain
  • Phone: +34 636 011 527
  • Email: stahrlust@outlook.es

Registration of Personal Data

In compliance with the GDPR and LOPD-GDD, Users are informed that personal data collected by Stahrlust through forms on its web pages will be incorporated and processed in our data file in order to facilitate, expedite, and fulfill commitments established between Stahrlust and the User, or to maintain the relationship established in the forms completed by the User, or to respond to a request or inquiry.

In accordance with Article 30(5) of the GDPR, a record of processing activities is maintained, specifying the processing purposes and other relevant details required under the GDPR.

Principles Applicable to Personal Data Processing

The processing of the User’s personal data will adhere to the following principles, in accordance with Article 5 of the GDPR and Articles 4 and subsequent of Organic Law 3/2018:

  1. Lawfulness, Fairness, and Transparency: User consent will always be required, with full transparency about the purposes for collecting personal data.
  2. Purpose Limitation: Data will be collected for specified, explicit, and legitimate purposes.
  3. Data Minimization: Only data strictly necessary for the stated purposes will be collected.
  4. Accuracy: Data must be accurate and kept up to date.
  5. Storage Limitation: Data will be kept only for as long as necessary for processing purposes.
  6. Integrity and Confidentiality: Data will be processed in a manner ensuring appropriate security and confidentiality.
  7. Accountability: The Controller is responsible for compliance with all these principles.

Categories of Personal Data

The only categories of data processed on Stahrlust are identification data. No special categories of personal data (Article 9 of the GDPR) are processed.

Legal Basis for Processing Personal Data

The legal basis for processing personal data is consent.
Stahrlust undertakes to obtain the User’s express and verifiable consent for one or more specific purposes.

The User may withdraw their consent at any time, with withdrawal being as simple as granting it. As a general rule, withdrawing consent will not affect the use of the Website.

Whenever Users are required to provide data via forms (e.g., to make inquiries or requests), they will be informed if the completion of certain fields is mandatory because such data is essential for the proper performance of the requested action.

Purposes of Personal Data Processing

Personal data is collected and managed by Stahrlust for the purpose of facilitating, expediting, and fulfilling commitments between the Website and the User, or to maintain relationships established through forms, or to respond to requests or inquiries.

Additionally, data may be used for commercial, operational, and statistical purposes, or for marketing studies to improve the Website’s content, performance, and user experience.

Users will be informed at the time of data collection about the specific purposes of processing.

Data Retention Periods

Personal data will be retained for the minimum time necessary for processing purposes, and in any case for a maximum of 18 months, or until the User requests its deletion.

At the time of data collection, Users will be informed about the duration of storage or the criteria used to determine it.

Recipients of Personal Data

User data may be shared with the following recipients or categories of recipients:
https://developers.google.com/analytics/

If the Controller intends to transfer personal data to a third country or international organization, Users will be informed of the destination and whether an adequacy decision by the European Commission exists.

Personal Data of Minors

In accordance with Articles 8 of the GDPR and 7 of Organic Law 3/2018, only Users aged 14 or older may lawfully consent to the processing of their personal data by Stahrlust.
For minors under 14, parental or guardian consent is required, and processing is lawful only to the extent that such authorization has been given.

Confidentiality and Security of Personal Data

Stahrlust undertakes to implement the necessary technical and organizational measures to ensure the security of personal data, preventing accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or access.

The Website uses an SSL (Secure Socket Layer) certificate to ensure that data transmission between the server and the User is secure and encrypted.

However, as Stahrlust cannot guarantee the absolute invulnerability of the Internet or the absence of fraudulent access by hackers, the Controller commits to notifying the User without undue delay of any data breach likely to result in a high risk to the rights and freedoms of individuals.

Personal data will be treated as confidential, and the Controller will ensure that confidentiality is respected by employees, partners, and any third parties who may access the data.

User Rights

The User has the following rights under the GDPR and Organic Law 3/2018:

  1. Right of Access: To obtain confirmation whether Stahrlust processes their personal data and access such data.
  2. Right to Rectification: To request correction of inaccurate or incomplete data.
  3. Right to Erasure (“Right to be Forgotten”): To request deletion of data when it is no longer necessary, consent is withdrawn, or processing is unlawful.
  4. Right to Restriction of Processing: To request limitation of data processing under certain circumstances.
  5. Right to Data Portability: To receive their data in a structured, machine-readable format and transfer it to another controller.
  6. Right to Object: To object to data processing, including profiling.
  7. Right Not to Be Subject to Automated Decisions: To avoid decisions based solely on automated processing.

Requests must include:

  • Full name and a copy of the User’s ID (or valid equivalent).
  • A clear statement specifying the request.
  • Address for notifications.
  • Date, signature, and any supporting documents.

Contact for exercising rights:

  • Postal Address: Ana Montiel Moreno, Camino San Alberto Bloque 10 3A, ES 29010 Málaga, Spain
  • Email: stahrlust@outlook.es

Links to Third-Party Websites

The Website may include hyperlinks to external websites operated by third parties not associated with Stahrlust.
Each third party is responsible for its own data protection policies and practices.

Complaints to Supervisory Authorities

If the User believes that their data is being mishandled, they have the right to judicial protection and to file a complaint before a supervisory authority, particularly in their habitual residence, place of work, or where the alleged infringement occurred.

In Spain, the supervisory authority is the Spanish Data Protection Agency (AEPD):
👉 https://www.aepd.es/

II. ACCEPTANCE AND CHANGES TO THIS PRIVACY POLICY

It is necessary for the User to have read and agreed to the conditions concerning the protection of personal data contained in this Privacy Policy and to consent to the processing of their personal data as described. Use of the Website implies acceptance of this Privacy Policy.

Stahrlust reserves the right to modify this Privacy Policy at its discretion or due to legal, jurisprudential, or regulatory changes.
Updates will not be explicitly notified to Users. It is recommended that Users periodically review this page to stay informed of any modifications.

This Privacy Policy was last updated on October 30, 2025, to comply with Regulation (EU) 2016/679 (GDPR) and Organic Law 3/2018 on Personal Data Protection and the Guarantee of Digital Rights.