The Museum Code

Privacy Policy

Last updated: 01/05/2026

This Privacy Policy explains how THE MUSEUM CODE SL collects, uses, stores and protects the personal data of users who visit our website, make a purchase, create an account, contact us or use any of the services available through our online store.

We recommend that you read this Privacy Policy carefully. By using our website or providing us with your personal data, you acknowledge that you have been informed about the processing of your data under the terms set out in this policy.

1. Data controller

The data controller responsible for processing your personal data is:

Company: THE MUSEUM CODE SL

Tax ID / NIF: B26841528

Registered office: Avenida de la Estación 1, 5A, Almería, 04005, Spain

Contact email: contact@themuseumcode.com

For any matter related to privacy or data protection, you can contact us at:

contact@themuseumcode.com

Using the subject line:

Data Protection / Privacy

2. Personal data we process

We may process different categories of personal data depending on how you interact with our website, products or services.

2.1. Identification and contact details

We may process, among others:

Full name.

Email address.

Telephone number.

Billing address.

Shipping address.

Data necessary to manage the delivery of the order.

2.2. Purchase and transaction data

We may process information related to your purchases, such as:

Order number.

Products purchased.

Size, colour, model or variant selected.

Purchase date.

Purchase amount.

Shipping method selected.

Order status.

Purchase, return, exchange or incident history.

2.3. Payment data

Payments made on our website are managed through external payment providers and/or the Shopify platform.

THE MUSEUM CODE SL does not directly store your full bank card details. However, we may receive limited information related to the transaction, such as payment confirmation, amount, date, payment method used or transaction identifiers necessary to manage the order, prevent fraud and comply with legal obligations.

2.4. User account data

If you create an account in our store, we may process:

Account access or identification data.

Order history.

User preferences.

Saved addresses.

Information necessary to manage your account.

2.5. Communication data

When you contact us, we may process:

Your email address.

The content of your messages.

Information you voluntarily provide to us.

Customer support communication history.

2.6. Technical and browsing data

When you visit our website, we may process certain technical data, such as:

IP address.

Device identifiers.

Browser type.

Operating system.

Pages visited.

Date and time of access.

Interactions with the website.

Information obtained through cookies or similar technologies.

The use of cookies and similar technologies is specifically regulated in our Cookie Policy.

2.7. Data related to the QR code and associated digital services

If our products include QR codes, digital functionalities or associated services, we may process information related to:

QR code assigned to the product.

Status of the QR code: not activated, activated, scanned, linked or used.

Date and time of activation or use.

Content, link, profile or digital destination configured by the user, where applicable.

Technical data associated with access to or use of the QR code.

This data will be processed to enable the functioning of the purchased product, manage the activation or configuration of the QR code, provide the associated digital services, prevent misuse and resolve technical or customer support incidents.

3. Purposes of processing

We process your personal data for the following purposes:

3.1. Managing purchases and orders

We use your data to:

Process your order.

Confirm payment.

Prepare and ship the products.

Send communications related to the order.

Manage deliveries, exchanges, returns and refunds.

Resolve incidents related to the purchase.

3.2. Providing digital services associated with the product

When the product includes a QR code, digital profile, dynamic link or other technological functionality, we may process your data to:

Activate the QR code.

Link the product to content, a profile, a link or a digital destination.

Allow access to the configured content.

Manage changes or updates to the linked content.

Resolve technical incidents.

Protect the system against fraudulent, abusive or unauthorised use.

3.3. Customer support

We process your data to respond to queries, requests, complaints, incidents, communications about orders or any other matter you raise with us.

3.4. User account management

If you create an account, we will use your data to manage registration, allow access, save addresses, display order history and facilitate future purchases.

3.5. Sending commercial communications

If you give us your consent, we may send you commercial communications, promotions, news, product launches, discounts or other information related to THE MUSEUM CODE.

You may withdraw your consent at any time by using the unsubscribe link included in our communications or by writing to contact@themuseumcode.com.

3.6. Analysis, website improvement and user experience

We may use technical, browsing or interaction data to analyse the functioning of our website, improve the user experience, detect errors, measure campaign performance and understand how users interact with our store.

Where necessary, we will request your consent through the cookie banner or cookie management tool.

3.7. Security and fraud prevention

We process personal data to protect our website, systems, customers and business against fraudulent, illegal, unauthorised activities or activities contrary to our terms.

3.8. Compliance with legal obligations

We will also process your data when necessary to comply with legal, tax, accounting, administrative, consumer, data protection or any other obligations applicable to THE MUSEUM CODE SL.

4. Legal basis for processing

We process your personal data on the following legal bases:

4.1. Performance of a contract

We process your data when it is necessary to manage your purchase, prepare and ship your order, process payments, manage returns, activate digital services associated with the product or provide the services requested.

4.2. Compliance with legal obligations

We process certain data to comply with tax, accounting, administrative, legal and consumer protection obligations.

4.3. Consent

We process your data based on your consent when, for example:

You subscribe to our newsletter.

You accept non-essential cookies.

You agree to receive commercial communications.

You configure certain digital functionalities that require your consent.

You may withdraw your consent at any time, without affecting the lawfulness of processing carried out before such withdrawal.

4.4. Legitimate interest

We may process your data based on our legitimate interest to:

Prevent fraud.

Ensure website security.

Manage customer queries.

Improve our products and services.

Carry out basic internal analysis of the operation of our store.

Defend our rights in the event of claims.

We will always apply this legitimate interest in a proportionate manner and with respect for your rights and freedoms.

5. Data retention

We will retain your personal data only for as long as necessary to fulfil the purposes for which it was collected and, subsequently, for the periods necessary to comply with legal obligations or deal with possible liabilities.

In general:

Data related to orders, invoicing and transactions will be retained for the legally required periods.

Customer support data will be retained for the time necessary to manage the query or incident and, subsequently, for the period necessary to deal with possible claims.

User account data will be retained while your account remains active or until you request its deletion.

Data used for commercial communications will be retained until you withdraw your consent or unsubscribe.

Data related to cookies will be retained as indicated in our Cookie Policy.

Data associated with QR codes or digital services linked to the product will be retained for as long as necessary to provide the contracted service, maintain the functionality associated with the product, manage incidents or comply with legal obligations.

6. Recipients of the data

In order to provide our services, it may be necessary to share your personal data with third parties that help us operate the store, process payments, ship orders or provide technological services.

We may share data with:

Shopify, as the e-commerce platform that hosts and enables the operation of our online store.

Payment providers.

Transport and logistics companies, such as Correos, SEUR or other operators we may use.

Providers of technology services, hosting, website maintenance, email, analytics, security or customer support.

Marketing, newsletter or advertising tools, if we use them and always in accordance with applicable regulations.

Tax, accounting, legal or administrative advisers.

Public authorities, competent authorities, courts or tribunals where there is a legal obligation.

Shopify processes personal data to enable the functioning of the store and its services. Shopify may receive and process personal data of users located in the European Economic Area through its group entities, providers and subprocessors, in accordance with its own terms and privacy policies.

7. International data transfers

Some of our technology providers, including Shopify or other services we may use, may process data outside the European Economic Area.

Where international data transfers take place, we will seek to ensure that they are carried out with appropriate safeguards in accordance with applicable regulations, such as adequacy decisions, standard contractual clauses approved by the European Commission or other legally recognised mechanisms.

8. Commercial communications

We will only send you commercial communications by email or other electronic means where there is a legal basis to do so, especially when you have given us your consent or where the law allows communications related to products or services similar to those contracted.

You may unsubscribe from these communications at any time:

By using the unsubscribe link included in each commercial email.

By writing to contact@themuseumcode.com.

Even if you unsubscribe from commercial communications, we may continue to send you non-commercial communications related to orders, payments, shipping, returns, security, legal changes or contracted services.

9. Cookies and similar technologies

Our website may use cookies and similar technologies to enable its operation, remember preferences, analyse website usage, improve the user experience and, where applicable, display personalised advertising.

The use of non-essential cookies requires the user’s consent.

You can find more information about the cookies we use, their purposes, duration and configuration options in our Cookie Policy.

10. Minors

Our website, online store and associated digital services are not specifically directed at children under the age of 14.

Minors may use our website or purchase products only with the authorisation of their parents, guardians or legal representatives, where such authorisation is legally required.

In particular, children under the age of 14 must not provide us with personal data, create accounts, make purchases, activate QR codes, configure digital profiles or use digital services associated with the product without the authorisation of their parents, guardians or legal representatives.

Users over the age of 14 may give their consent to the processing of their personal data in the cases permitted by applicable regulations. However, where the purchase, contracting or use of a service legally requires the involvement or authorisation of their parents, guardians or legal representatives, such authorisation will be necessary.

If we become aware that we have collected personal data from a child under the age of 14 without the corresponding authorisation, we will delete it as soon as possible.

If you are a parent, guardian or legal representative and believe that a minor has provided us with personal data without authorisation, you can contact us at contact@themuseumcode.com.

11. Data security

We will adopt reasonable technical and organisational measures to protect personal data against loss, misuse, unauthorised access, disclosure, alteration or destruction.

However, no electronic transmission or storage system is completely secure. Therefore, although we work to protect your data, we cannot guarantee absolute security.

We recommend that you do not send us particularly sensitive information through unsecured channels.

12. User rights

You may exercise the rights recognised by data protection regulations, including:

Right of access.

Right to rectification.

Right to erasure.

Right to object.

Right to restriction of processing.

Right to data portability.

Right to withdraw consent at any time.

Right not to be subject to automated individual decisions, where applicable.

To exercise your rights, you can write to us at:

contact@themuseumcode.com

Using the subject line:

Exercise of data protection rights

We may request additional information to verify your identity before processing your request.

If you believe that we have not processed your personal data properly, you have the right to lodge a complaint with the Spanish Data Protection Agency.

13. Third-party links

Our website may include links to third-party websites, platforms, social networks or services.

THE MUSEUM CODE SL is not responsible for the privacy practices, content or terms of those third parties. We recommend that you review their privacy policies before providing them with any personal data.

14. Social networks

We may have profiles on social networks such as Instagram, TikTok, Facebook, Pinterest or other platforms.

When you interact with our social media profiles, your data may be processed both by THE MUSEUM CODE SL and by the relevant social media platform, in accordance with their respective privacy policies.

We are not responsible for how such platforms use your personal data.

15. Automated decision-making and profiling

As a general rule, we do not make decisions based solely on automated processing that produce legal effects concerning you or similarly significantly affect you.

However, some Shopify, advertising, analytics or product recommendation tools may use browsing, purchase or interaction information to personalise the user experience, show recommended products or measure campaigns.

Where this processing requires consent, it will be requested through the relevant tools, such as the cookie banner or available privacy options.

16. Changes to this Privacy Policy

We may update this Privacy Policy when necessary to reflect legal, technical, operational or commercial changes.

When we make relevant changes, we will update the “Last updated” date and, where necessary, inform you through additional means.

We recommend that you review this policy periodically.

17. Contact

For any matter related to this Privacy Policy or the processing of your personal data, you can contact us at:

THE MUSEUM CODE SL

Email: contact@themuseumcode.com

Address: Avenida de la Estación 1, 5A, Almería, 04005, Spain

Tax ID / NIF: B26841528

Museum is a platform you wear. A space for work in progress. Curate yourself
ENTER THE MUSEUM