Privacy & Data Protection

At Lellaï, your privacy is as sacred to us as the modesty we represent. We believe that trust is the foundation of our relationship with the global Ummah. This Privacy Policy outlines how we collect, protect, and handle your personal data when you visit our boutique and acquire our pieces.

I. Data Controller (Who is responsible)

In accordance with the GDPR, the person responsible for your data is:

• Legal Identity: [-]
• Trade Name: Lellaï
• NIF: [-]
• Address: [-]
• Contact: info@lellai.com

II. The Data We Collect

We only collect information that is strictly necessary to provide you with the Lellaï experience:

• Identity & Contact: Your name, email address, and phone number.
• Shipping Information: Your physical address for the delivery of our garments.
• Financial Data (via SumUp): When you make a purchase, your payment details are processed directly by our secure partner, SumUp. Lellaï does not store or have access to your full credit card numbers or security codes.
• Technical Data: IP address, browser type, and usage data collected through cookies to improve our website’s performance.

III. Purpose and Legal Basis

We process your data based on the following legal grounds:

1. Contractual Necessity: To process your orders, manage shipping, and handle returns.
2. Consent: When you subscribe to our newsletter or «Journal» to receive updates on new drops.
3. Legal Obligation: To comply with Spanish tax laws and accounting regulations.
4. Legitimate Interest: To ensure the security of our website and prevent fraudulent transactions.

IV. Third-Party Service Providers

Lellaï shares your data only with essential partners who adhere to the same high standards of privacy:

• SumUp: For secure payment processing. SumUp is a regulated European financial institution.
• Logistics Partners: DHL, Correos, or other carriers to ensure your package travels safely from Spain to your door.
• Hosting & IT: Our web platform and email hosting providers located within the European Economic Area (EEA).

V. International Transfers

As a European brand, we prioritize storing your data within the EEA. Should any service provider be located outside this zone (such as certain email marketing tools), we ensure they are compliant with «Data Privacy Frameworks» or have signed «Standard Contractual Clauses» approved by the European Commission.

VI. Data Retention

We retain your personal information only for as long as is necessary:

• Order History: For the duration required by Spanish tax law (generally 5–6 years).
• Newsletter: Until you choose to withdraw your consent (via the «Unsubscribe» link).

VII. Your Rights (ARCO+)

Under the GDPR, you hold total control over your information. You may exercise the following rights at any time by emailing info@lellai.com:

• Access: Request a copy of the data we hold about you.
• Rectification: Correct any inaccurate information.
• Erasure (Right to be Forgotten): Request that we delete your data, provided it is no longer needed for legal or contractual obligations.
• Portability: Receive your data in a structured, digital format.
• Objection: Withdraw your consent for marketing at any time.

VIII. Security Measures

Lellaï implements advanced technical and organizational security measures. Our website uses SSL (Secure Sockets Layer) encryption to protect all data transmissions. Through our partnership with SumUp, your payments are protected by the highest level of encryption available in the European banking industry.

IX. Social Media & Interaction

If you interact with us via Instagram (@lellai_official), please note that those platforms have their own privacy policies. Lellaï is not responsible for the data management of these external social networks.

X. Updates to this Policy

We may refine this policy as Lellaï grows. Any significant changes will be communicated via our website or email.

Last updated: February 2026