Privacy Policy

Last updated: 27.09.2025.

1. Introduction

Welcome to Mandala Room (“we”, “us”, “our”). This Privacy & Cookie Policy explains how we collect, use, and protect your personal data when you use our website www.mandalaroom.com, purchase downloadable products, or interact with us (for example, by subscribing to our email list).

We are based in Spain and comply with the General Data Protection Regulation (GDPR), the Spanish data protection law, and also with applicable U.S. privacy laws including the California Consumer Privacy Act (CCPA/CPRA).

By using our website, you agree to the terms of this Privacy & Cookie Policy.

2. Information We Collect

We may collect the following information:

  • Personal details: name, email address (when subscribing to our newsletter, creating an account, or making a purchase).
  • Payment information: processed securely by Stripe (we do not store your credit card details).
  • Order information: digital downloads purchased through WooCommerce.
  • Usage data: IP address, browser type, device information, location (via Google Analytics or similar tools).
  • Marketing & cookies data: collected through cookies, tracking pixels (e.g., Google Ads, Meta Pixel), and email subscription forms.

3. How We Use Your Data

We use your data for:

  • Processing your purchases and providing access to downloads.
  • Sending you transactional emails related to your order.
  • Managing your subscription to our mailing list (via MailPoet or other email tools).
  • Improving our website performance and user experience (via Google Analytics, Google Fonts, YouTube embeds).
  • Marketing and remarketing campaigns (Google Ads, Meta Pixel, or similar).
  • Complying with legal obligations (e.g., accounting, tax requirements).

4. Legal Basis for Processing (GDPR)

We process your data based on the following legal grounds:

  • Contractual necessity: to provide purchased downloads.
  • Consent: for newsletter subscriptions and marketing cookies.
  • Legitimate interest: to improve our website and prevent fraud.
  • Legal obligation: to comply with accounting and tax laws.

5. Data Sharing

We may share your information with:

  • Stripe (payment processing).
  • WooCommerce & WordPress plugins used to run our store.
  • Google (Analytics, Ads, YouTube, Fonts).
  • Meta/Facebook/Instagram (if marketing pixels are active).
  • Service providers that help us with email marketing (e.g., MailPoet).

We do not sell your personal information.

6. Your Rights

Under GDPR (EU/EEA including Spain):

  • Right to access, rectify, erase, or restrict your data.
  • Right to object to processing and withdraw consent at any time.
  • Right to data portability.
  • Right to lodge a complaint with the Spanish Data Protection Authority (AEPD).

Under CCPA/CPRA (California, USA):

  • Right to know what personal data we collect and how we use it.
  • Right to request deletion of your personal data.
  • Right to opt out of sale or sharing of your personal data (we do not sell data).
  • Right to non-discrimination for exercising privacy rights.

To exercise your rights, contact us at: mandalaroom@mandalaroom.com.

7. Cookies & Tracking Technologies

Our website uses cookies and similar technologies.

Types of Cookies:

  • Essential cookies: required for website functionality (e.g., cart, checkout).
  • Analytics cookies: measure traffic and usage (Google Analytics).
  • Marketing cookies: personalize ads and track campaigns (Google Ads, Meta Pixel).
  • Preference cookies: remember language or region.

Managing Cookies:

  • In the EU/EEA, you will see a cookie consent banner allowing you to accept or reject non-essential cookies.
  • In the U.S., you can manage cookie preferences in your browser or via our cookie settings tool.

You can also disable cookies directly in your browser settings.

8. Data Retention

  • Order records: retained for up to 6 years for accounting/legal compliance.
  • Newsletter subscription data: retained until you unsubscribe.
  • Analytics data: stored according to Google’s retention settings (typically 26 months).

9. Security

We implement technical and organizational measures to protect your data. Payments are processed securely via Stripe using industry-standard encryption.

10. Children’s Privacy

Our website is not directed to children under 16 (or under 13 in the U.S.). We do not knowingly collect data from children.

11. International Data Transfers

Your data may be processed outside the EU (e.g., by Google, Meta, or Stripe in the U.S.). These companies comply with recognized data transfer mechanisms such as the EU–U.S. Data Privacy Framework or Standard Contractual Clauses.

12. Updates to This Policy

We may update this Privacy & Cookie Policy from time to time. The latest version will always be posted on this page.

13. Contact Us

If you have questions or requests about your personal data, contact us:

Mandala Room
Email: mandalaroom@mandalaroom.com
Business location: Altea, Spain

Shopping Cart
Scroll to Top