Legal

Privacy Policy

Last updated, June 2026

Working template. This is an honest, GDPR-aware starting point, please have it reviewed by legal counsel and replace the "your …" fields with your registered details before relying on it.

Leopine ("we", "us") makes clothing for watch enthusiasts. We care about your data the way we care about a finished seam, it should be done properly and never shown off carelessly. This policy explains what we collect, why, and the control you have over it.

Who we are

The data controller is your registered company name, at your registered address in Barcelona, Spain, under tax ID (NIF/CIF) your number. For any privacy question, write to info@leopine.es.

What we collect

Order information, name, shipping and billing address, email, phone, and what you bought. Payment card details are handled by our payment providers, we never see or store the full number.
Account information, if you create an account, your email and order history.
Marketing, the email address you give us when you join the dispatch or a waitlist, with your consent.
Technical, basic device and usage data, and cookies (see our Cookie Policy). Analytics only run if you accept them.

Why we use it, and our legal basis

To fulfil your order, processing, shipping, support and returns. Legal basis: performance of a contract.
To send you marketing, dispatches, drops and waitlist news. Legal basis: your consent, which you can withdraw at any time.
To run and improve the site, security, fraud prevention, and (with consent) analytics. Legal basis: legitimate interest and/or consent.
To meet legal duties, tax, accounting and consumer-law obligations. Legal basis: legal obligation.

Who we share it with

Only the processors we need to run a shop: our commerce platform (Shopify), payment providers, shipping carriers (e.g. DHL, GLS), and our email tooling. Each is bound to handle your data only on our instructions. We never sell your data.

Security, and the role of our providers

Your order and account run on Shopify, our commerce platform, which hosts the store and processes payments through regulated, PCI-DSS-compliant providers. Card numbers are entered directly with the payment provider, they are never stored on, or visible to, Leopine. We rely on these providers' security measures and their obligation to notify us of incidents, and they act as our processors under written data-processing terms. We take your data seriously and will always meet our own duties as data controller; at the same time, to the fullest extent the law allows, we are not responsible for security incidents that originate within a third-party provider's own systems.

International transfers

Some providers process data outside the EEA. Where they do, transfers are covered by appropriate safeguards such as the European Commission's Standard Contractual Clauses.

How long we keep it

Order records for as long as tax and consumer law require (typically up to six years). Marketing data until you unsubscribe. Everything else only as long as it's useful for the purpose above.

Your rights

Under the GDPR you can ask us to: access your data, correct it, erase it, restrict or object to processing, and receive a portable copy. You can withdraw marketing consent at any time, every email has a one-click unsubscribe, or just reply and ask. To exercise any right, email info@leopine.es. You also have the right to complain to your local data-protection authority (in Spain, the AEPD).

Cookies

We use a small set of cookies and local storage, the essentials to run your cart and remember your wishlist, and analytics only if you opt in. Full detail is in our Cookie Policy.

Changes

If we change this policy we'll update the date above and, for material changes, let you know. Questions? info@leopine.es, a real person reads it.