Privacy notice

What we store, why, and for how long.

Last updated: July 2026. This page is maintained by NostraMareFoods to explain exactly what happens to visitor data on nostramarefoods.com.

1. Who is responsible

Data controller: NostraMareFoods. Corporate office: Valencia Region, Spain · Logistics hub: Stockholm, Sweden. Contact for privacy questions: sales@nostramarefoods.com.

2. What we collect

  • Form submissions. Only what you type — name, company, email, country, product interest, volume, message. Used to answer wholesale enquiries.
  • Request metadata. A one-way hashed fingerprint of your IP address (never the raw IP), coarse country/city from Cloudflare, browser user-agent, referring page, and the paths you visit. Used to prevent abuse, size the audience, and — if a lawyer or law-enforcement request arrives — provide an audit trail.
  • Download log. When you download our catalog PDF we record the filename, timestamp, the same hashed-IP metadata, and the page you started from.

3. What we do NOT collect

  • Phone numbers, social-media handles, real names, or home addresses beyond what you type.
  • Tracking cookies, ad-network identifiers, or third-party analytics beacons.
  • Cross-site behaviour on other websites.
  • Precise (GPS-level) location.

A web browser physically cannot reveal a visitor's phone, social profiles, or home address — anyone claiming otherwise is misinforming you.

4. Legal basis (GDPR)

  • Form data: Art. 6(1)(b) — steps to enter into a business relationship at your request.
  • Access log & download audit: Art. 6(1)(f) — legitimate interest in securing our site, preventing abuse, and preserving evidence for lawful claims. Data is minimised (hashed IP, coarse geo) and never sold.

5. Retention

  • Leads: kept while you remain a prospective business contact, up to 3 years after last activity.
  • Access log & page views: 90 days rolling.
  • Download audit: 12 months rolling.

6. Sharing

We do not sell your data. We share it only with (a) our infrastructure providers (Cloudflare edge, Supabase-hosted database, email service) acting under strict processor agreements, and (b) authorities where compelled by valid legal process (court order, prosecutor's request). Anything shared with authorities is limited to the exact rows requested and preserved as read-only evidence.

7. Your rights

You can request access, correction, or erasure of your personal data at any time by emailing sales@nostramarefoods.com from the same address you used. We reply within 30 days. You may also lodge a complaint with the Spanish AEPD or the Swedish IMY.

8. Security

Data is stored encrypted at rest, transferred over TLS, and read only by our password-gated admin dashboard. IP addresses are hashed with a secret salt before storage so raw IPs never enter the database.

Contact