Privacy policy

COOKIE MOUSE – PRIVACY POLICY

Spain / European Union / Mexico

Last updated: June 9, 2026

In this Privacy Policy, we clearly inform you about how we process your personal data when you visit www.cookiemouse.com, make a purchase, contact COOKIE MOUSE, or interact with our content and communications.

This policy applies to the data processing carried out by COOKIE MOUSE within the framework of its e-commerce activities with customers and users located in Spain, other countries of the European Union, and Mexico, without prejudice to the mandatory rights that may correspond to you under the applicable regulations in your place of habitual residence.

1. Data Controller

Controller: COOKIE MOUSE, SOCIEDAD LIMITADA.

Tax Identification Number (NIF/CIF): B27599091.

Person responsible for website management and customer service: Pierre Calvignac.

Address: Avenida Europa 8, portal 4, 1B, 41920, San Juan de Aznalfarache, Seville, Spain.

Contact email address: info@cookiemouse.com.

Website: www.cookiemouse.com.

2. Applicable Regulations and Data Processing Principles

COOKIE MOUSE processes personal data in accordance with the applicable data protection regulations, including, where applicable, Regulation (EU) 2016/679 (GDPR), Organic Law 3/2018 on Personal Data Protection and Guarantee of Digital Rights, Law 34/2002 on Information Society Services and Electronic Commerce, as well as the applicable Mexican legislation on personal data protection in the private sector for processing activities affecting individuals located in Mexico.

Personal data shall be processed lawfully, fairly, and transparently, for specified, explicit, and legitimate purposes, and shall be adequate, relevant, and limited to what is necessary in relation to those purposes.

3. Data We May Collect

COOKIE MOUSE may process the following categories of personal data depending on the relationship you maintain with us and your use of the website: identification and contact data, billing and shipping data, data relating to purchases and returns, data necessary for customer service, website browsing and usage data, and information associated with commercial communications when you have requested to receive them or have given your consent.

If you contact COOKIE MOUSE, the processed data shall be those that you directly provide through forms, email, or other available communication channels.

COOKIE MOUSE does not ordinarily request particularly sensitive personal data for the sale of its products. Please do not provide unnecessary information or third-party data without sufficient legal authorization to do so.

4. Purposes of Data Processing

Your personal data may be processed to manage orders, purchases, payments, shipments, returns, refunds, and incidents related to products purchased through the website.

We may also process your data to respond to inquiries, information requests, complaints, or communications sent through our contact channels.

When you have authorized it or when there is another valid legal basis, we may send you commercial communications about products, news, launches, promotions, or content related to COOKIE MOUSE.

Likewise, we may process certain data to prevent fraud, manage website security, comply with legal, tax, and accounting obligations, and improve the browsing experience and the quality of our services through statistics, metrics, or analytics, always according to the cookie settings and tools effectively used on the website.

5. Legal Basis for Data Processing

The legal basis for processing your data for the purpose of managing orders, payments, shipments, returns, and customer service related to purchases is the performance of the contractual relationship or the application of pre-contractual measures requested by you.

The legal basis for processing related to compliance with tax, accounting, administrative, legal defense, or cooperation with authorities obligations is compliance with legal obligations applicable to COOKIE MOUSE.

The legal basis for sending commercial electronic communications when prior authorization is required shall be the data subject’s consent. You may withdraw such consent at any time without affecting the lawfulness of processing carried out prior to its withdrawal.

Certain processing activities related to website security, fraud prevention, operational improvement of services, or handling inquiries may, where appropriate, be based on the legitimate interest of COOKIE MOUSE, always after carrying out the corresponding balancing test and without overriding your rights and freedoms.

6. E-commerce Platform, Data Processors, and Recipients

The COOKIE MOUSE website is hosted and managed through the Shopify platform, an e-commerce service provider that supplies technical support and infrastructure for managing the online store and generally acts as a data processor with regard to customer data processed on behalf of COOKIE MOUSE under the terms established in its contractual and data protection documentation.

Likewise, your data may be communicated or accessible to payment providers, financial institutions, carriers and logistics operators, hosting or technical support providers, email marketing or customer service tools, legal, tax, or accounting advisors, and other entities whose intervention is necessary for the provision of the service or compliance with legal obligations.

COOKIE MOUSE does not sell or transfer personal data to third parties for their own commercial purposes.

7. International Data Transfers

Some of the providers used by COOKIE MOUSE, including Shopify infrastructure and certain technological or communication tools, may involve international transfers of data outside the European Economic Area or the user’s country of residence.

When such transfers occur, COOKIE MOUSE shall endeavor to ensure that they are covered by appropriate legal mechanisms, such as adequacy decisions, standard contractual clauses approved by the European Commission, or other valid safeguards in accordance with the applicable regulations.

If you would like more information about the relevant providers and the safeguards applied to international data transfers, you may request it through info@cookiemouse.com.

8. Data Retention

Personal data shall be retained for the time necessary to fulfill the purpose for which they were collected and subsequently for the limitation or retention periods required by the applicable regulations or while liabilities related to the processing may arise.

Data associated with a purchase shall be retained during the validity of the contractual relationship and during the legal periods required for tax, accounting, consumer protection, or legal defense purposes.

Data processed for commercial purposes shall be retained until you withdraw your consent, object to the processing, or request its deletion, and as long as they remain relevant for the purpose for which they were collected.

9. Rights of Users and Interested Parties

In accordance with the applicable regulations, you may exercise the rights of access, rectification, deletion, objection, restriction of processing, portability, and not to be subject to automated individual decisions where applicable.

If you are located in Mexico, you may also exercise, under the terms established by the applicable Mexican regulations, your rights of access, rectification, cancellation, and objection (ARCO rights), without prejudice to any other rights that may correspond to you.

To exercise your rights, you may write to info@cookiemouse.com indicating in the subject line “DATA PROTECTION – EXERCISE OF RIGHTS,” specifying the right you wish to exercise and the information necessary to process your request. COOKIE MOUSE may request additional reasonable information to verify your identity where necessary.

COOKIE MOUSE shall respond to your request within the legally established deadlines. Under the GDPR, this will generally occur within one month from receipt of the request, unless the complexity or number of requests justifies an extension in accordance with the law.

If you consider that the processing of your data does not comply with the applicable regulations, you may file a complaint with the Spanish Data Protection Agency or with the competent authority corresponding to your place of residence or applicable legislation.

10. Commercial Communications

COOKIE MOUSE shall only send electronic commercial communications where there is a valid legal basis to do so, particularly when you have requested them, subscribed to our newsletter, or provided your consent under the legally required terms.

You may unsubscribe from commercial communications at any time by using the link provided for that purpose in each communication, where applicable, or by writing to info@cookiemouse.com.

11. Cookies and Similar Technologies

The website may use its own and third-party cookies to enable its technical operation, remember certain preferences, analyze browsing activity, and, where applicable, display personalized content or advertising, always in accordance with the actual website configuration and the legally required consent options.

You can obtain additional information about the use of cookies, their settings, and how to withdraw your consent in the Cookies Policy and in the “Your Privacy Choices” section available on the website.

12. Social Media

COOKIE MOUSE may maintain profiles or presence on social media and platforms such as Instagram, Facebook, TikTok, or Pinterest, as well as other platforms that may be enabled in the future.

Users’ interaction with such profiles shall also be governed by the privacy policies, terms of use, and rules of each platform. COOKIE MOUSE shall not be responsible for the processing carried out by such platforms beyond the management of its own profile or page within them.

COOKIE MOUSE reserves the right to moderate or remove third-party content from its social profiles when it is unlawful, offensive, contrary to third-party rights, or incompatible with the applicable regulations or the rules of the platform itself.

13. Information Security

COOKIE MOUSE has adopted reasonable technical and organizational measures appropriate to the risk in order to protect personal data against unauthorized access, loss, destruction, alteration, or unlawful processing.

However, no transmission or storage system can guarantee absolute security. Therefore, although COOKIE MOUSE applies appropriate protective measures, it cannot guarantee the total invulnerability of systems against malicious incidents or circumstances beyond its reasonable control.

14. Minors

The website and COOKIE MOUSE products are not intended for independent contracting by minors without the intervention of their legal representatives where required under the applicable regulations.

COOKIE MOUSE does not knowingly request personal data from minors when there is no sufficient legal basis to do so. If you believe that a minor has improperly provided us with personal data, you may contact us to request its review or deletion.

15. Changes to the Privacy Policy

COOKIE MOUSE may modify this Privacy Policy to adapt it to legislative, case law, technical, or operational changes, as well as to modifications in the structure of the website or the services offered.

The current version shall always be the one published on the website on the date of consultation.