Privacy policy

MEERMIN 1951, S.L. is committed to respecting users' privacy and ensuring the protection and security of their personal data. In compliance with current data protection regulations — in particular Regulation (EU) 2016/679 of the European Parliament and Council of 27 April 2016 ("GDPR") and Spanish Organic Law 3/2018 of 5 December on Personal Data Protection and Guarantee of Digital Rights — MEERMIN informs users through this Privacy Policy about how their personal data is collected and processed on the website https://eu.meermin.com/ (hereinafter, the "Website").

1. DATA CONTROLLER IDENTIFICATION

The controller responsible for the processing of your personal data is: MEERMIN 1951, S.L.
Tax ID (NIF): B57068413
Registered address: Calle Gremi de Crirurgians i Barbers 25, 07009, Palma, Balearic Islands, Spain.

2. PURPOSES OF DATA PROCESSING

The data controller processes personal data through the Website based on lawful grounds and always with full respect for users' rights and freedoms.

2.1 Purchase and return of MEERMIN products through the Website

  • Purpose: To manage product purchases and payments, including gift cards, and to handle returns of products bought online.
  • Legal basis: Performance of a contract.
  • Data types: Identification data, contact details, and information on transactions. Note: MEERMIN does not directly process customer banking information. Payment processing is handled via the customer's selected payment platform. Shopify stores only the last four digits of the credit card.

2.2 Creation and management of a user account on the Website

  • Purpose: To create and manage your MEERMIN user account, allowing you to view orders and redeem loyalty points.
  • Legal basis: Performance of a contract.
  • Data types: Identification and contact data.

2.3 Fraud prevention and transaction security

  • Purpose: To detect and prevent fraudulent transactions, identity theft, account takeovers, and unauthorized use of customer information through automated fraud screening.
  • Legal basis: Legitimate interests (Article 6(1)(f) GDPR) - protecting our business and customers from fraud and financial harm.
  • Data types: Name, email, phone, billing/shipping addresses, IP address, geolocation data, payment card information (type, last 4 digits, BIN, issuing country, verification results), transaction details, device/browser information.
  • Third-party controller: This processing is performed by NoFraud LLC (United States), acting as an independent data controller. See Section 3.1 for details on international transfers and safeguards.

2.4 Sending of commercial communications

  • Purpose: To send electronic marketing communications about MEERMIN products. Users may unsubscribe at any time using the link included at the bottom of each message.
  • Legal basis: Consent.
  • Data types: Identification and contact data.

2.5 Management of affiliation program applications

  • Purpose: To process your request to join the MEERMIN affiliate program.
  • Legal basis: Performance of pre-contractual measures.
  • Data types: Identification data, contact details, and personal circumstances.

All required fields in our forms are mandatory. If you do not provide the requested data or provide it incorrectly or incompletely, we will not be able to process your request.

3. DATA RECIPIENTS

3.1 Third-party controllers

In connection with certain processing activities, MEERMIN shares personal data with third-party data controllers who process such data for their own purposes:

Fraud Prevention Services

  • Recipient: NoFraud LLC (United States)
  • Purpose: Real-time fraud detection and prevention to protect against fraudulent transactions, identity theft, and unauthorized use of customer information
  • Legal basis: Legitimate interests (Article 6(1)(f) GDPR) - protecting our business and customers from fraud
  • Data shared: Name, email, phone, billing/shipping addresses, IP address, geolocation data, payment card information (type, last 4 digits, BIN, issuing country, verification results), transaction details, device/browser information
  • When: Data is shared automatically at the time of transaction processing
  • International transfer safeguards: Standard Contractual Clauses (SCCs) approved by the European Commission (Module 1: Controller to Controller)
  • Your rights: You may exercise your data protection rights directly with NoFraud at privacy@nofraud.com or view their privacy policy at https://www.nofraud.com/privacy/

Personal data collected via the Website will not be shared with other third parties, except where required by law.

3.2 Data processors

MEERMIN engages appropriate service providers to process users' data as data processors. These providers only process data for the purposes defined by MEERMIN and in accordance with its instructions, pursuant to Article 28 GDPR. These include:

  • Shopify Inc. (Canada) - E-commerce platform for order management, customer accounts, and payment processing. Shopify is certified under the EU-US Data Privacy Framework.
  • Klaviyo, Inc. (United States) - Email and marketing automation platform for sending commercial communications. Klaviyo is certified under the EU-US Data Privacy Framework.
  • Sendlane, Inc. (United States) - Email service provider for marketing communications. Sendlane ensures adequate protection under applicable adequacy decisions.
  • Loop Returns Inc. (Canada) - Returns management platform to facilitate product returns and exchanges. Loop Returns benefits from the European Commission's adequacy decision for Canada (commercial organizations).

4. INTERNATIONAL DATA TRANSFERS

User data may be transferred to countries outside the European Union. Such transfers are protected by appropriate safeguards to ensure your data receives adequate protection:

  • Shopify Inc. (Canada) - E-commerce platform. Benefits from the European Commission's adequacy decision for Canada (commercial organizations).
  • Loop Returns Inc. (Canada) - Returns management platform. Benefits from the European Commission's adequacy decision for Canada (commercial organizations).
  • Klaviyo, Inc. (United States) - Email marketing platform. Certified under the EU-US Data Privacy Framework.
  • Sendlane, Inc. (United States) - Email service provider. Benefits from applicable adequacy decisions.
  • NoFraud LLC (United States) - Fraud prevention services. Protected by Standard Contractual Clauses (SCCs) approved by the European Commission (Module 1: Controller to Controller), adopted June 4, 2021.

Any other international transfers will be subject to appropriate safeguards under Article 46 GDPR.

5. DATA RETENTION PERIOD

Personal data will be retained only for as long as necessary to fulfill the intended purposes, or until the user requests its deletion. Retention periods vary depending on the data processing activity:

  • Contact form submissions: Retained for the time needed to respond to the inquiry.
  • Commercial communications: Retained until the user opts out via the unsubscribe link or requests data deletion.
  • Purchase and return data: Retained for the duration necessary to manage purchases, returns, and any related complaints, and in any case for five (5) years.
  • User account data: Retained as long as the user remains registered or until deletion is requested.

6. USERS' RIGHTS

Users may exercise their rights of access, rectification, erasure, objection, restriction, and data portability at any time by submitting a request via the contact form available at:
https://help-eu.meermin.com/en-US/contact
Please specify the right you wish to exercise.

If you believe your rights have not been respected, you may file a complaint with the Spanish Data Protection Agency (AEPD). More information is available at: www.aepd.es

7. SECURITY MEASURES

MEERMIN implements appropriate technical and organizational measures to detect and mitigate risks, ensuring a level of security appropriate to the nature of the personal data. These measures are regularly reviewed and updated to ensure ongoing compliance with data protection laws.

8. UPDATES TO THIS POLICY

MEERMIN reserves the right to update or modify this Privacy Policy at any time. Any changes will be published on the Website to keep users informed.

Copyright 2026 © MEERMIN 1951 SL All rights reserved.