Privacy policy

Handeera Privacy Policy

Last updated: April 25, 2025

1. Introduction

Welcome to Handeera, the comprehensive 360° craft platform that includes e-commerce, online courses, a search engine for in-person courses, the sale of materials, and legal services for artisans. This Privacy Policy aims to inform you about how we collect, use, share, and protect your personal information when you use our platform and services.

Handeera (hereinafter, "we", "our", "us", "the platform") is committed to protecting your privacy and complying with all applicable laws and regulations, including the European Union’s General Data Protection Regulation (GDPR).

2. Data Controller

The data controller responsible for processing your personal data is Handeera, with registered office at C/ Sant Pere nº 29, esc.1, bxos 1a. 17400 Breda (Girona) and tax identification number C.I.F. B-22454466.

For any questions related to this Privacy Policy or the processing of your personal data, you may contact our Data Protection Officer at:

Email: privacidad@handeera.com
Postal address: C/ Sant Pere nº 29, esc.1, bxos 1a. 17400 Breda (Girona)
Telephone: 667259798

3. Information We Collect

3.1 Information you provide to us

Registration data: Name, email address, password, postal address, telephone number, payment information.
User profile: Photograph, biography, artistic interests, skills, portfolio.
For artisans/instructors: Professional information, certifications, legal documentation, banking information.
User-generated content: Reviews, comments, messages, uploaded works, course materials.
Transaction information: Purchase details, course enrollments, payments, billing information.

3.2 Information we collect automatically

Usage data: Pages visited, time spent, navigation patterns, interactions with the platform.
Device data: Device type, operating system, browser, IP address, unique identifiers.
Location data: General geographic location based on IP address or, with your consent, precise location.
Cookies and similar technologies: Information collected through cookies, pixels, and other tracking technologies (see our Cookie Policy).

3.3 Information from third parties

Social networks: If you connect your account with third-party services such as Google, Facebook, Instagram, or WhatsApp, we may receive information from those services.
Payment providers: Information related to your transactions through our payment processors.
Public sources: Information lawfully available from public records.

4. Purposes of Processing

We use your personal information for the following purposes:

Purpose	Legal basis	Retention period
Provide and manage our services (e-commerce, courses, in-person course search, sale of materials, legal services)	Performance of a contract	During the contractual relationship and up to 5 years thereafter
Process payments and transactions	Performance of a contract	10 years (tax obligations)
Connect buyers with artisans/instructors	Performance of a contract and legitimate interest	During the contractual relationship and up to 2 years thereafter
Send service-related communications	Performance of a contract	During the contractual relationship
Send commercial communications and newsletters	Consent	Until consent is withdrawn
Improve and personalize our services	Legitimate interest	3 years from collection
Usage analysis and statistics	Legitimate interest	In aggregated and anonymized form: indefinitely
Fraud prevention and security	Legitimate interest and legal obligation	5 years from the incident
Compliance with legal obligations	Legal obligation	As required by applicable legislation

5. Information Sharing

We may share your personal information with the following categories of recipients:

5.1 Other platform users

When you use our platform, certain information may be visible to other users:

If you are a buyer: username, published reviews, public interactions on the platform.
If you are an artisan/instructor: professional profile, portfolio, ratings, courses offered, products for sale.

5.2 Artisans and instructors

To facilitate product delivery or course provision, we share relevant information with artisans and instructors, such as:

Contact details for delivery or course-related communication.
Specific order or enrollment details.
Relevant preferences for service personalization.

5.3 Service providers

We work with third parties who help us operate our platform:

Payment processors (financial transactions)
Hosting and cloud computing services
Analytics and marketing services
Customer support services
Logistics and shipping services

These providers only have access to the information necessary to perform their functions and are contractually obligated to maintain the confidentiality and security of the data.

5.4 Social media platforms

We integrate social media services such as Google, Facebook, Instagram, and WhatsApp. When you interact with these features or access our platform through these services, we may share information with them and they may provide us with information about you, in accordance with their privacy policies.

5.5 Authorities and legal compliance

We may disclose your information when required by law, judicial process, or governmental request, or when we believe in good faith that disclosure is necessary to:

Comply with legal obligations
Protect our rights or property
Prevent or investigate potential wrongdoing
Protect the personal safety of users or the public

5.6 Corporate transactions

In the event of a merger, acquisition, asset sale, or reorganization, your information may be transferred as part of that transaction. We will notify you before your information is transferred and becomes subject to a different privacy policy.

6. International Data Transfers

Some of our service providers and partners may be located outside the European Economic Area (EEA). When we transfer your data outside the EEA, we ensure that appropriate safeguards are implemented to guarantee a similar level of protection:

European Commission adequacy decisions
Standard contractual clauses approved by the European Commission
Binding corporate rules
Approved certification mechanisms

You may request more information about these safeguards by contacting our Data Protection Officer.

7. Data Security

We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, disclosure, alteration, or destruction:

Encryption of sensitive data
Restricted access based on the need-to-know principle
Intrusion detection and prevention systems
Regular security audits
Staff training in security practices
Incident response plans

However, no system is completely secure. We recommend that you take precautions to protect your access credentials and notify us immediately if you suspect unauthorized use of your account.

8. Your Rights

In accordance with data protection legislation, you have the following rights:

Right of access: Obtain confirmation as to whether we process your data and access to it.
Right to rectification: Correct inaccurate or incomplete data.
Right to erasure: Request the deletion of your data under certain circumstances.
Right to restriction: Request the restriction of processing in certain cases.
Right to data portability: Receive your data in a structured format and transmit it to another controller.
Right to object: Object to processing based on legitimate interest or for direct marketing purposes.
Rights related to automated decisions: Not to be subject to decisions based solely on automated processing that produce legal or similarly significant effects.
Right to withdraw consent: Withdraw consent at any time, without affecting the lawfulness of processing based on prior consent.

To exercise these rights, you may contact our Data Protection Officer via privacidad@handeera.com or by postal mail at C/ Sant Pere nº 29, esc.1, bxos 1a. 17400 Breda (Girona). We will respond to your request within a maximum period of one month, which may be extended by an additional two months in particularly complex cases.

If you believe that we have not adequately addressed your rights, you may file a complaint with the competent data protection authority.

9. Cookies and Similar Technologies

We use cookies and similar technologies to improve your experience, analyze traffic, and personalize content. You can control how these technologies are used through your browser settings or via our cookie preferences panel.

For more information on how we use cookies, please see our Cookie Policy.

10. Integration with Social Networks and Third-Party Services

Our platform integrates with various third-party services:

10.1 Social media buttons and integrations

We incorporate buttons and features from Google, Facebook, Instagram, and WhatsApp that allow content sharing or login with your account on these platforms. These features may collect data about your IP address and the pages you visit, and may set cookies to function properly.

10.2 Third-party APIs

We use third-party APIs to provide functionalities such as maps to locate in-person courses, payment processing, and communication delivery. These services may collect and process certain information in accordance with their own privacy policies.

10.3 Plugins and widgets

We may incorporate third-party plugins or widgets that enhance the functionality of our platform. These may collect usage data and share it with their providers.

We recommend reviewing the privacy policies of these third-party services to understand how they handle your information.

11. Protection of Minors

Our services are not directed at minors under the age of 16. We do not knowingly collect personal information from minors. If we discover that we have collected personal information from a minor without verification of parental consent, we will take steps to delete that information as soon as possible.

If you are a parent or guardian and believe that your child has provided us with personal information, please contact us immediately.

12. Changes to this Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or for other operational, legal, or regulatory reasons. We will publish the new version on our platform with a revised "last updated" date.

For significant changes, we will provide a prominent notice, such as an email notification or an announcement on our platform, before the changes take effect. We recommend reviewing this policy periodically to stay informed about how we protect your information.

13. Contact

If you have questions, comments, or concerns about this Privacy Policy or our privacy practices, please do not hesitate to contact us:

Data controller: Handeera Digital Craft SL
Address: C/ Sant Pere nº 29, esc.1, bxos 1a. 17400 Breda (Girona)
Contact email: info@handeera.com
Telephone: 667259798
Data Protection Officer: privacidad@handeera.com

Name	Description
PHPSESSID	Preserves the visitor's session state across page requests.
feed-categories-filter	Stores status of category filters on custom feed page.
feed-login-advice-closed	Stores if closed message about login advice in custom feed.
form_key	Protects visitor's data from Cross-Site Request Forgery Attacks.
guest-view	Stores the Order ID that guest shoppers use to retrieve their order status. Used in “Orders and Returns” widgets.
login_redirect	Preserves the destination page the customer was loading before being directed to log in.
mage-banners-cache-storage	Stores banner content locally to improve performance.
mage-cache-sessid	The value of this cookie triggers the cleanup of local cache storage.
mage-cache-storage	Local storage of visitor-specific content that enables ecommerce functions.
mage-cache-storage-section-invalidation	Forces local storage of specific content sections that should be invalidated.
mage-messages	Tracks error messages and other notifications that are shown to the user, such as the cookie consent message, and various error messages. The message is deleted from the cookie after it is shown to the shopper.
persistent_shopping_cart	Stores the key (ID) of persistent cart to make it possible to restore the cart for an anonymous shopper.
private_content_version	Appends a random, unique number and time to pages with customer content to prevent them from being cached on the server.
section_data_ids	Stores customer-specific information related to shopper-initiated actions such as display wish list, checkout information, etc.
user_allowed_save_cookie, cookie_consent	Stores the user's cookie consent state for the current domain.
X-Magento-Vary	Configuration setting that improves performance when using Varnish static content caching.

Name	Description
easybanner	Preserves the visitor's preferences and stats regarding shown popup blocks.
store	Remembers the user's selected language version of a website.

Name	Description
product_data_storage	Stores configuration for product data related to Recently Viewed / Compared Products.
recently_compared_product	Stores product IDs of recently compared products.
recently_compared_product_previous	Stores product IDs of previously compared products for easy navigation.
recently_viewed_product	Stores product IDs of recently viewed products for easy navigation.
recently_viewed_product_previous	Stores product IDs of recently previously viewed products for easy navigation.
_fbp	This cookie is installed by Facebook to store and track visits across websites.

Name	Description
dc_gtm_*	Throttles request rate when Google Analytics is deployed with Google Tag Manager.
_ga, _gat, _gid, _ga_, _gat_	This cookie is installed by Google Analytics. They are used to collect information about how visitors use our website. We use the information to compile reports and to help us improve the website. The cookies collect information in a way that does not directly identify anyone.