Privacy Policy

Last updated: June 2025
This Privacy Policy explains how ScalpCared collects, uses and protects your personal data in accordance with the General Data Protection Regulation (GDPR) and applicable Spanish and European Union law.

1. Who we are

ScalpCared is an e-commerce store operating at scalpcared.com, based in Barcelona, Spain. We are the data controller responsible for your personal information.

For any privacy-related questions, contact us at: support@scalpcared.com

2. What data we collect

When you visit or make a purchase from ScalpCared, we may collect the following personal data:

  • Identity data: name and surname
  • Contact data: email address, phone number (if provided)
  • Delivery data: shipping address
  • Payment data: billing information (processed securely by our payments platform — we do not store card details)
  • Transaction data: details of products purchased and order history
  • Technical data: IP address, browser type, device, pages visited and time spent on the site
  • Marketing data: email address and communication preferences if you subscribe to our newsletter or complete the Scalp Quiz

3. How we use your data

We use your personal data for the following purposes:

  • To process and fulfil your orders, including sending order confirmations and shipping updates
  • To manage returns, refunds and customer service requests
  • To send you marketing communications if you have given your consent (you can unsubscribe at any time)
  • To personalise your experience and provide product recommendations (e.g. via the Scalp Quiz)
  • To comply with legal and fiscal obligations
  • To improve our website and product offering through anonymised analytics

4. Legal basis for processing

We process your data based on the following legal grounds under GDPR Article 6:

  • Contract performance: processing your orders and managing your account
  • Legitimate interest: fraud prevention, improving our services and website security
  • Consent: sending marketing emails and newsletters. You may withdraw your consent at any time
  • Legal obligation: compliance with tax and accounting requirements

5. Who we share your data with

We do not sell your personal data. We may share it with trusted third parties strictly to operate our business:

  • Our e-commerce and payments platform: processes orders and payments securely on our behalf
  • Our logistics and fulfilment partner: receives your name and shipping address solely for the purpose of delivering your order
  • Our email marketing platform: used to send order confirmations and newsletters
  • Our web analytics provider: anonymised traffic and behaviour analytics to improve our site
  • Our customer support email provider: used to manage and respond to support requests

All third parties are required to process your data securely and only for the purposes we specify.

6. International data transfers

Some of our service providers are based outside the European Economic Area (EEA), including in the United States. These transfers are protected by Standard Contractual Clauses (SCCs) approved by the European Commission, ensuring your data receives an equivalent level of protection.

Our logistics and fulfilment partner operates outside the EEA. Your name and delivery address are shared solely for the purpose of fulfilling your order.

7. How long we keep your data

  • Order data: 5 years for accounting and legal compliance purposes
  • Marketing data: until you unsubscribe or withdraw consent
  • Technical / analytics data: up to 26 months
  • Customer service communications: 2 years

8. Your rights under GDPR

As a resident of the EU or EEA, you have the following rights regarding your personal data:

  • Right of access: request a copy of the data we hold about you
  • Right to rectification: ask us to correct inaccurate or incomplete data
  • Right to erasure: request deletion of your personal data ("right to be forgotten")
  • Right to restriction: ask us to limit how we use your data
  • Right to portability: receive your data in a structured, machine-readable format
  • Right to object: object to processing based on legitimate interest or for direct marketing
  • Right to withdraw consent: at any time, for processing based on consent

To exercise any of these rights, contact us at support@scalpcared.com. We will respond within 30 days. You also have the right to lodge a complaint with the Spanish data protection authority: Agencia Española de Protección de Datos (AEPD).

9. Cookies

ScalpCared uses cookies and similar technologies to improve your browsing experience, analyse site traffic and support our marketing activities. These include:

  • Essential cookies: required for the site to function (cart, session, security)
  • Analytics cookies: to understand how visitors use the site
  • Marketing cookies: used to personalise ads and measure campaign performance

You can manage your cookie preferences at any time through your browser settings.

10. Data security

We take reasonable technical and organisational measures to protect your personal data against unauthorised access, loss or misuse. All payment transactions are encrypted via SSL and processed securely. We never store full payment card details on our systems.

11. Children's privacy

ScalpCared is not directed at children under the age of 16. We do not knowingly collect personal data from minors. If you believe a minor has provided us with personal data, please contact us at support@scalpcared.com and we will delete it promptly.

12. Changes to this policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. The date at the top of this page indicates when it was last revised. We encourage you to review it periodically.

13. Contact

For any questions or requests relating to this Privacy Policy or your personal data, please contact us: