Privacy Policy

Last updated: April 2025

At Barna Flow, we take your privacy seriously. This policy explains what personal data we collect, how we use it, and your rights under the General Data Protection Regulation (GDPR).

This policy applies to all visitors and customers of barnaflow.com, including anyone who makes a purchase, creates an account, or signs up for our emails.

1. Who we are

Barna Flow is a European ecommerce brand selling premium pilates grip socks and accessories, designed in Barcelona, Spain.

Data controller: Barna Flow
Email: contact@barnaflow.com
Location: Barcelona, Spain


2. What data we collect

Depending on how you interact with us, we may collect the following:

  • When you place an order
  • Name, email address, delivery address, billing address, phone number, and payment information (processed securely by Shopify Payments — we never see your full card details).
  • When you create an account
  • Name, email address, and order history.
  • When you sign up for emails
  • Email address and, if provided, your first name.
  • When you browse our site
  • Device information, IP address, browser type, pages visited, and time spent — collected automatically via cookies and analytics tools.

3. How we use your data

We use your data only for the following purposes:

  • To process and fulfil your orders, including shipping notifications and delivery updates
  • To manage your account and respond to enquiries
  • To send marketing emails, if you have opted in (you can unsubscribe at any time)
  • To improve our website and understand how customers shop with us
  • To comply with our legal obligations (e.g. tax and accounting records)

4. Legal basis for processing

Under GDPR, we process your data under one of the following lawful bases:

  • Contract — to fulfil your orders and manage your account
  • Legitimate interests — to improve our site and understand our customers
  • Consent — for marketing emails and non-essential cookies
  • Legal obligation — for financial records and regulatory compliance

5. Who we share your data with

We do not sell your personal data. We share it only with trusted third-party service providers who help us operate our business:

  • Shopify — our ecommerce platform and payment processor
  • Shipping carriers (e.g. Correos, Colissimo, MRW) — to deliver your order
  • Email marketing provider (e.g. Klaviyo) — to send order confirmations and newsletters
  • Analytics tools (e.g. Google Analytics) — to understand site performance

All third parties are required to process your data in accordance with applicable privacy laws.


6. Cookies

We use cookies to make our website work properly and to understand how visitors use it. These include:

  • Essential cookies — required for the site to function (e.g. your shopping cart)
  • Analytics cookies — help us understand traffic and behaviour on the site
  • Marketing cookies — used to show relevant ads on other platforms (only with your consent)

You can manage your cookie preferences at any time via the cookie banner on our site or through your browser settings.


7. How long we keep your data

We retain your data only as long as necessary:

  • Order data — kept for 7 years to comply with EU tax and accounting regulations
  • Account data — retained while your account is active; deleted within 30 days of account closure on request
  • Marketing data — retained until you unsubscribe or withdraw consent
  • Analytics data — retained in aggregated, anonymised form

8. Your rights

Under GDPR, you have the right to:

  • Access the personal data we hold about you
  • Correct inaccurate or incomplete data
  • Delete your data ("right to be forgotten"), subject to legal obligations
  • Restrict how we process your data in certain circumstances
  • Data portability — receive your data in a machine-readable format
  • Object to processing based on legitimate interests or for direct marketing
  • Withdraw consent at any time, without affecting prior lawful processing

To exercise any of these rights, email us at contact@barnaflow.com. We will respond within 30 days.

If you are not satisfied with our response, you have the right to lodge a complaint with your national data protection authority. In Spain, this is the Agencia Española de Protección de Datos (AEPD) at aepd.es.


9. Data transfers outside the EU

Some of our third-party providers (such as Shopify and Google Analytics) may process data outside the European Economic Area (EEA). Where this occurs, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses approved by the European Commission.


10. Children's privacy

Our website and products are not directed at children under the age of 16. We do not knowingly collect personal data from minors. If you believe a child has provided us with their data, please contact us and we will delete it promptly.


11. Changes to this policy

We may update this privacy policy from time to time. When we do, we will update the date at the top of this page. For significant changes, we may notify you by email if you have an account with us.


12. Contact us

For any privacy-related questions, requests, or concerns, please reach out to us at:

contact@barnaflow.com
Barna Flow, Barcelona, Spain

Customers are saying

4.98 (47)
Verified

Discover more in our FAQ

How long does it take to process an order?

Do you ship internationally?

What is your return policy?

What are your sizing options?