Privacy Policy

The controller responsible for processing the personal data we collect through this website and our services is the entity that owns DTF.pro, whose identifying details are set out below. You may contact us with any matter relating to the processing of your data or to the exercise of your rights.

Trading name

DTF.pro

Registered name

NEROLF S.L.U.

Tax ID (NIF)

B19378447

Registry details

Registro Mercantil de Cáceres, Sección 8, Hoja CC-17568

Registered address

Calle Claudio Ptolomeo, Nave 3, Polígono Industrial Las Capellanías, 10005 Cáceres (España)

Email

hola@dtf.pro

Telephone

+34 655 087 864

Website

dtf.pro

For matters specifically relating to privacy and data protection, you may write to us at hola@dtf.pro or at the general contact email indicated above, stating in the subject line that your query concerns data protection. Given the volume and nature of our activity, we are not required to appoint a Data Protection Officer (DPO); should an appointment become necessary at any time, we would publish their contact details in this same policy.

We process only the data we need in order to provide you with our on-demand, personalised DTF textile printing service, to manage your account and orders, and to comply with our legal obligations. Depending on how you interact with us, we may process the following categories of data:

• Identifying data: forename and surname or company name, and tax ID (NIF/CIF) where we invoice a business or self-employed person.
• Contact data: email address, telephone number, and delivery and billing addresses.
• Customer account data: username, encrypted password, preferences (language and theme), order history, and saved templates or designs.
• Order and billing data: products purchased (DTF by the metre, A4/A3 sheets, the repeats service), the specifications of the gang sheet configured in the builder, amounts, VAT, payment method (card via the Redsys payment gateway or bank transfer) and transaction details. Card details are entered directly on the bank's secure payment page and at no time pass through our servers, nor are they stored by us.
• Uploaded files and designs: the images, artwork and files you upload in order to manufacture your personalised products, together with the gang sheet builder parameters.
• Browsing and device data: IP address, cookie identifiers, browser and device type, pages visited and interaction with the site. This data is only collected with your consent where it goes beyond what is strictly necessary for the site to function.

We do not deliberately request or process special categories of data (health, beliefs, etc.). We ask that you do not include special category data in the files you upload unless strictly necessary; should you do so, we will process it solely in order to produce the order you place with us. Our services are aimed at adults and we do not knowingly collect data relating to minors.

We process your data for specific, legitimate purposes, each with its own legal basis under Article 6 of the GDPR. The following list sets out what we use your data for and the legal grounds for doing so:

• To process, manufacture and deliver your order: processing your files and builder configuration, printing the made-to-measure products, arranging delivery and dealing with incidents and returns. Legal basis: performance of the contract to which you are a party (Art. 6(1)(b) GDPR).
• To manage your customer account: registration, login, storage of templates and preferences, and access to your history. Legal basis: performance of the contract and, where applicable, your consent on registering (Art. 6(1)(b) and 6(1)(a) GDPR).
• To comply with legal obligations: issuing and retaining invoices, accounting, and responding to requests from tax or consumer authorities. Legal basis: compliance with a legal obligation (Art. 6(1)(c) GDPR), in accordance with the applicable commercial and tax legislation.
• To ensure the security of the site and prevent fraud: technical logs, detection of misuse and protection of our systems. Legal basis: legitimate interest in information security (Art. 6(1)(f) GDPR).
• To deal with your queries and provide support: responding to the requests you send us by email, contact form or telephone. Legal basis: performance of the contract or pre-contractual measures and our legitimate interest in assisting you (Art. 6(1)(b) and 6(1)(f) GDPR).
• Web analytics: measuring use of the site and improving the experience by means of Google Analytics 4. Legal basis: your consent (Art. 6(1)(a) GDPR), given via the cookie banner.
• Marketing and remarketing: sending you commercial communications about our products and services and displaying personalised advertising via Meta Pixel. Legal basis: your consent (Art. 6(1)(a) GDPR). If you are already a customer, we may inform you about our own similar products and services on the basis of our legitimate interest, and you may object at any time (Art. 21.2 of the LSSI-CE).

The price of our products is shown excluding VAT by default; VAT and delivery charges are calculated and clearly displayed before you confirm payment. The cut-off time for same-day production is 12:00. This processing arises from the contractual relationship and does not involve automated decisions producing significant legal effects concerning you.

We retain your data only for as long as is necessary to fulfil the purpose for which it was collected and to address any liabilities that may arise, after which we apply the statutory blocking and erasure periods. By way of guidance:

Customer account data

Mientras mantengas la cuenta activa; se eliminan cuando solicitas la baja, salvo bloqueo legal.

Order and billing data

Durante la relación y, posteriormente, los plazos legales mercantiles y fiscales (con carácter general, hasta 6 años conforme al Código de Comercio y hasta 4-5 años en el ámbito tributario).

Uploaded files and designs

El tiempo necesario para producir el pedido y atender garantías o reclamaciones; después se eliminan o anonimizan, salvo que los hayas guardado como plantilla en tu cuenta.

Support and query data

Hasta la resolución de la consulta y el plazo de prescripción de eventuales reclamaciones.

Analytics and marketing data

Hasta que retires tu consentimiento o transcurra el periodo de caducidad de las cookies; los registros de marketing se conservan mientras no te opongas o canceles tu suscripción.

Once these periods have elapsed, your data is securely erased or anonymised so that you can no longer be identified.

Your data is not disclosed to third parties save where required by law or where it is essential in order to provide the service to you. To operate, we rely on suppliers who process data on our behalf (data processors), with whom we have entered into the corresponding contracts in accordance with Article 28 of the GDPR and who process the data solely in accordance with our instructions:

• Hosting and web infrastructure provider and e-commerce platform (WooCommerce/WordPress), which hosts the site, your account and the files you upload.
• Carriers and logistics platform to handle deliveries within Spain and Europe (carriers such as GLS or Correos via SendCloud), to whom we provide the delivery data that is strictly necessary.
• Banking and payment-collection entities for payment by bank transfer, as well as our accountancy firm or invoicing software for the fulfilment of accounting and tax obligations.
• Payment gateway: Redsys Servicios de Procesamiento, S.L. and the acquiring bank, which process the data necessary to collect card payments. Card details are entered directly on the bank's secure page and never pass through our servers.
• Transactional email: Resend, Inc. (United States), which sends service emails (order confirmation, registration, password recovery). This entails an international transfer of data covered by the EU-U.S. Data Privacy Framework and, failing that, by standard contractual clauses.
• Website hosting: Vercel, Inc. (United States), with the same safeguards (Data Privacy Framework and standard contractual clauses).
• Analytics and advertising providers (Google, in connection with Google Analytics 4, and Meta, in connection with Meta Pixel), solely where you have given your consent via the cookie banner.
• Public authorities, law enforcement and the courts, where there is a legal obligation to disclose.

As a general rule, your data is processed within the European Economic Area (EEA). However, some of our providers —such as Resend (sending of transactional emails), Vercel (website hosting) and the analytics and advertising providers Google and Meta— may involve the processing of data in the United States or other countries outside the EEA.

In such cases, transfers are carried out with the appropriate safeguards provided for in Chapter V of the GDPR: adequacy decisions of the European Commission (including certification under the EU-US Data Privacy Framework where the provider has adhered to it) or, failing that, Standard Contractual Clauses (SCCs) approved by the European Commission, together with additional protective measures where necessary. Some of these transfers are necessary for the very provision of the service (for example, the sending of transactional emails via Resend or the hosting of the site on Vercel) and are covered by the EU-U.S. Data Privacy Framework or by standard contractual clauses; others (Google, Meta) take place only if you have consented to the use of analytics or advertising cookies. You may request further information about the safeguards applied by writing to hola@dtf.pro.

As the data subject, the GDPR and the LOPDGDD afford you a number of rights which you may exercise free of charge at any time:

• Access: to find out whether we process your data and to obtain a copy of it.
• Rectification: to correct inaccurate or incomplete data.
• Erasure (right to be forgotten): to request that we delete your data where it is no longer necessary or you withdraw your consent, unless we are required to retain it by a legal obligation.
• Objection: to object to processing based on our legitimate interest and to commercial communications.
• Restriction of processing: to ask us to suspend the processing of your data in the cases provided for by law.
• Portability: to receive your data in a structured, commonly used format, or to have us transmit it to another controller where technically feasible.
• Withdrawal of consent: to revoke at any time the consent you have given (for example, for cookies or marketing), without this affecting the lawfulness of the processing carried out beforehand.

To exercise your rights, send us a request to hola@dtf.pro or to the address indicated in section 1, identifying yourself appropriately and stating the right you wish to exercise. We will respond within a maximum period of one month from receipt of the request, which may be extended in accordance with the GDPR where the complexity or number of requests so warrants. You can also manage much of your data and preferences directly from your customer account.

If you consider that the processing of your data does not comply with the regulations, or that we have not properly handled the exercise of your rights, you have the right to lodge a complaint with the Spanish Data Protection Agency (AEPD), with offices at C/ Jorge Juan, 6, 28001 Madrid, and electronic registry at www.aepd.es. Lodging such a complaint is free of charge and does not require legal representation. Nevertheless, we would be grateful if, before approaching the AEPD, you would contact us so that we can try to resolve any issue.

Likewise, for the out-of-court resolution of consumer disputes, you may have recourse to the official complaint forms (hojas de reclamaciones), the Consumer Arbitration Boards (Juntas Arbitrales de Consumo) or an alternative dispute resolution entity accredited under Spanish Law 7/2017 of 2 November.

We have adopted the technical and organisational measures necessary to ensure the security of your data and to prevent its alteration, loss, or unauthorised processing or access, in accordance with Article 32 of the GDPR and taking into account the state of the art, the costs of implementation and the nature of the data processed. These include:

• Encryption of communications using the HTTPS/TLS protocol and encrypted storage of passwords.
• Access controls based on the principle of least privilege, so that only authorised personnel can access the data necessary for their role.
• Regular backups and measures to ensure the availability and resilience of the systems.
• Selection of suppliers and processors who offer sufficient guarantees of GDPR compliance.
• Regular review and updating of security measures and of internal data protection procedures.

In the event of a security breach affecting your personal data and entailing a high risk to your rights, we will inform you without undue delay and will notify the AEPD on the terms provided for by the regulations.

We use cookies and similar technologies for the proper functioning of the site and, subject to your consent, for analytics and advertising purposes. We distinguish the following types:

• Technical and necessary cookies (first-party): these manage your session, the shopping basket and your theme and language preferences. They are essential for the site to work and do not require your consent.
• Analytics cookies (Google Analytics 4): these help us understand how you use the site so that we can improve it. They are only activated if you accept them.
• Marketing and advertising cookies (Meta Pixel): these allow us to measure campaigns and show you personalised advertising. They are only activated if you accept them.

When you access the site we display a banner from which you can accept, reject or configure non-essential cookies, in accordance with Article 22.2 of the LSSI-CE and the AEPD's guidelines. You can change or withdraw your consent at any time from the cookie settings panel, and you can also manage cookies through your browser. For further details, please see our Cookies Policy.

We may update this Privacy Policy to bring it into line with legislative or case-law developments or changes to our services. We will always publish the current version on this website and will indicate the date of the last update. Where the changes are substantial and affect processing based on your consent, we will inform you appropriately in order to obtain it again should that be necessary. We recommend that you review this page periodically to stay informed about how we protect your data.