Privacy Policy

Last updated: March 24, 2026

Who we are

Bioactive Pharma Europe S.L. («we», «us», or «our») is the data controller responsible for your personal data collected through our website http://boparafarma.com (the «Site»).

Company details:
Bioactive Pharma Europe S.L.
C/ Josep Ricart, 41
08980 Sant Feliu de Llobregat, Barcelona, España

Contact:
If you have any questions about this Privacy Policy or our data practices, please contact us at support@boparafarma.com.

Legal Basis for Processing

We process your personal data based on the following lawful bases under the GDPR:

  • Performance of a contract (e.g., processing your orders and managing your account)
  • Legitimate interests (e.g., fraud prevention, website improvement, direct marketing where permitted)
  • Your consent (e.g., non-essential cookies and marketing communications)
  • Legal obligations (e.g., tax, accounting, and invoicing requirements under Spanish law)

How We Use Your Data

We use your personal data to:

  • Process and fulfill your orders
  • Provide customer support and manage your account
  • Improve our website and services
  • Send transactional emails and order updates
  • Comply with legal and tax obligations
  • (Only with your consent) send marketing communications

Comments

When visitors leave comments on the Site, we collect the data shown in the comments form, and also the visitor’s IP address and browser user agent string to help spam detection.

An anonymized string created from your email address (also called a hash) may be provided to the Gravatar service to see if you are using it. The Gravatar service privacy policy is available here: https://automattic.com/privacy/. After approval of your comment, your profile picture is visible to the public in the context of your comment.

Media

If you upload images to the website, you should avoid uploading images with embedded location data (EXIF GPS) included. Visitors to the website can download and extract any location data from images on the website.

Cookies and Similar Technologies

We use cookies and similar technologies to provide essential site functionality, improve performance, and (if applicable) enable personalized marketing. We use a cookie consent management tool to obtain your explicit consent for non-essential cookies.

  • Essential cookies: Necessary for the website to function (e.g., session management, shopping cart, login). These do not require consent.
  • Performance/Analytics cookies: Collect anonymized data on site usage (we currently do not use third-party analytics tools).
  • Marketing cookies: For personalized ads or remarketing (if enabled).

Non-essential cookies are blocked until you give consent via our cookie banner. You can manage or withdraw consent at any time through the banner or by contacting us. We keep records of your consent choices for audit purposes.
Specific cookies include:

  • WordPress/WooCommerce cookies for login, comments, screen options (last 1–2 weeks or 1 year)
  • WooCommerce session cookies for cart functionality
  • Stripe/WooPayments essential payment cookies (no consent needed)

We do not use cookies for automated decision-making with legal effects.

Embedded content from other websites

Articles on this Site may include embedded content (e.g., videos, images, articles). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website. These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content.

Payment Processing

When you make a purchase, we use WooCommerce Stripe Gateway and/or WooPayments. We do not store your full credit card details on our servers. Payment data is securely processed by Stripe (privacy policy: https://stripe.com/privacy) or WooPayments. Stripe may collect billing address, email, and transaction data for processing and fraud prevention.

Who we share your data with

We share your personal data only as necessary and under strict data processing agreements that ensure GDPR compliance:

  • Service providers and processors: Hostinger (hosting), LiteSpeed (caching), Elementor Pro / Ultimate Addons for Elementor (page building), SureMail (email), WPML (multilingual), YITH WooCommerce Wishlist, Variation Swatches, Cart Abandonment Recovery, and other WooCommerce extensions.
  • Payment processors: Stripe / WooPayments (for orders).
  • Legal requirements: Authorities if required by law.
  • Business transfers: In the event of a merger or acquisition.

We do not sell your personal data. No sharing for marketing purposes without your consent.

How long we retain your data

  • Comments and metadata: Retained indefinitely (to automatically approve follow-up comments).
  • Orders and account data: Retained as long as necessary for legal and accounting purposes (e.g., 6–10 years for invoices under Spanish law) or until you request deletion.
  • Inactive accounts: May be deleted after prolonged inactivity.
    You can request deletion of your data at any time (except where we are legally required to keep it).

What rights you have over your data

Under the GDPR (and applicable laws such as CCPA/CPRA if you are in California), you have the right to:

  • Access, rectify, or erase your personal data
  • Restrict or object to processing
  • Data portability
  • Withdraw consent (where processing is based on consent)
  • Lodge a complaint with a supervisory authority (e.g., AEPD in Spain)

For CCPA/CPRA (if applicable): Right to know, delete, opt-out of sale/sharing, limit sensitive data use, and non-discrimination.

To exercise any of these rights, please email support@boparafarma.com. We will respond within one month (extendable under GDPR).

Data Security

We implement reasonable technical and organizational measures to protect your data (e.g., encryption, secure hosting). However, no method of transmission or storage is 100% secure.

International Transfers

Your data may be transferred outside the EEA (e.g., to US-based Stripe servers). We ensure appropriate safeguards are in place, such as Standard Contractual Clauses (SCCs) approved by the European Commission.

Children’s Privacy

Our Site is not intended for children under 16. We do not knowingly collect personal data from children.

Changes to This Privacy Policy

We may update this policy from time to time. The updated version will be posted here with a new “Last updated” date.

Buscar
Carrito de compra
Scroll al inicio