Privacy Policy

1. Data Controller Identity

The data controller responsible for personal data processed through this website is:

• Legal name: WANDR International Group LLC
• Registered in: United States of America
• Contact email: operations@wandrinternational.com
• Website: wandrinternational.com
• Operating markets: USA · Spain · Portugal

For all data protection inquiries — including the exercise of rights under GDPR or CCPA — please contact us at operations@wandrinternational.com. We will respond within the legally required timeframes.

WANDR International Group LLC does not currently meet the thresholds requiring the mandatory appointment of a Data Protection Officer (DPO) under Article 37 GDPR. However, all data protection matters are handled directly by the management team and can be addressed through the contact above.

2. Scope of This Policy

This Privacy Policy applies when you:

• Browse or use any functionality of this website.
• Submit a contact or wholesale inquiry form.
• Communicate with us via email or other available channels.
• Enter into or discuss a B2B wholesale commercial agreement with us.

This website is intended exclusively for B2B wholesale purposes. We do not sell directly to end consumers. All data collected is used solely in the context of business-to-business commercial activities.

3. Categories of Personal Data Processed

Depending on your interaction with this website, we may process the following categories of personal data:

• Identification data: full name, company name, job title.
• Contact data: business email address, phone number, country.
• Navigation and usage data: IP address, browser type, language, pages visited, time on site, referring URL, server logs.
• Communication data: content of messages submitted via contact forms or email.
• Commercial data: product categories of interest, estimated order volume, target market, and any information provided in the context of a wholesale inquiry.
• Approximate geolocation data: derived from IP address, used to determine applicable legal jurisdiction and adapt content accordingly.

We do not collect special categories of personal data (as defined under Article 9 GDPR), such as racial or ethnic origin, political opinions, health data, or biometric data.

4. Purposes and Legal Bases (GDPR — EU/ES/PT)

We process personal data for the following purposes and on the following legal bases under Article 6 GDPR:

4.1 Website operation and security

Purpose: To ensure the correct display, technical administration, and security of this website.
Legal basis: Legitimate interests of the controller (Art. 6.1.f GDPR) in operating a secure and functional website.

4.2 Responding to wholesale inquiries

Purpose: To respond to contact form submissions and B2B wholesale requests.
Legal basis: Consent (Art. 6.1.a GDPR) when you initiate contact, and/or pre-contractual measures at your request (Art. 6.1.b GDPR).

4.3 Contract execution and commercial management

Purpose: To formalize and execute wholesale agreements, process orders, issue invoices, and manage the commercial relationship.
Legal basis: Contract performance (Art. 6.1.b GDPR) and compliance with legal accounting and tax obligations (Art. 6.1.c GDPR).

4.4 Statistical analysis and service improvement

Purpose: To analyze aggregated or pseudonymized usage data for website improvement and business strategy.
Legal basis: Legitimate interests (Art. 6.1.f GDPR), with data minimization and pseudonymization measures applied.

4.5 Fraud prevention and security

Purpose: To detect and prevent unauthorized access, misuse of services, or fraudulent activity.
Legal basis: Legitimate interests (Art. 6.1.f GDPR).

4.6 Legal compliance

Purpose: To comply with applicable fiscal, accounting, anti-money-laundering, and data protection obligations.
Legal basis: Legal obligation (Art. 6.1.c GDPR).

Where consent is the legal basis, you may withdraw it at any time without affecting the lawfulness of prior processing.

5. Data Retention Periods

Personal data will be retained only for as long as necessary to fulfill the purposes for which it was collected, and in accordance with applicable legal requirements:

• Wholesale inquiry data (no contract formed): Up to 24 months from the last interaction, after which data will be deleted or anonymized.
• Commercial partner / contract data: For the duration of the commercial relationship, and thereafter for up to 6 years to comply with applicable statutes of limitation under US, Spanish, and Portuguese law.
• Accounting and invoicing data: 6 years (Spain: Ley 58/2003 General Tributaria; Portugal: Art. 123 CIRC; USA: IRS requirements).
• Navigation/server log data: Up to 12 months, used solely for security and technical purposes.
• Cookie-based data: As specified in the consent mechanism at the time of collection; analytical cookies up to 13 months per CNIL/AEPD guidelines.

In Spain, data subject to legal claims will be "blocked" (conserved in restricted access) during applicable prescription periods in accordance with LOPDGDD requirements, before permanent deletion.

6. Recipients and Data Transfers

Personal data may be shared with the following categories of recipients, only to the extent necessary and under appropriate legal safeguards:

• Technology service providers: web hosting, CDN (Cloudflare), email services, analytics tools — acting as data processors under Art. 28 GDPR agreements.
• Professional advisors: legal counsel, accountants, and auditors where required.
• Public authorities: when required by applicable law or regulatory order.

We do not sell personal data to third parties. We do not share personal data for behavioral advertising or marketing purposes with external parties.

7. International Data Transfers

Personal data collected from EU/EEA residents is primarily processed within the EEA. Where transfers to third countries are necessary (e.g., use of US-based technology providers), we ensure an adequate level of protection through one of the following mechanisms:

• An adequacy decision by the European Commission; or
• Standard Contractual Clauses (SCCs) approved by the European Commission; or
• Other appropriate safeguards recognized under Chapter V GDPR.

Cloudflare, Inc. — our CDN and security provider — participates in the EU-U.S. Data Privacy Framework and provides SCCs for EEA data transfers. Details are available at cloudflare.com/gdpr.

8. Your Rights Under GDPR (EU/ES/PT)

If you are located in the EU, Spain, or Portugal, you have the following rights under Articles 15–22 GDPR:

• Right of access: To obtain confirmation of whether we process your personal data and to receive a copy.
• Right to rectification: To request correction of inaccurate or incomplete data.
• Right to erasure ("right to be forgotten"): To request deletion of your data when it is no longer necessary, or where other grounds under Art. 17 GDPR apply.
• Right to restriction of processing: To request that processing be limited in certain circumstances.
• Right to data portability: To receive your data in a structured, machine-readable format and transmit it to another controller, where technically feasible.
• Right to object: To object to processing based on legitimate interests, including direct marketing.
• Right not to be subject to automated decision-making: Including profiling with significant legal or similar effects, except where permitted under Art. 22 GDPR.

To exercise any of these rights, contact us at operations@wandrinternational.com with proof of identity. We will respond within 30 days (extendable by two months for complex cases, with prior notice).

You also have the right to lodge a complaint with the competent supervisory authority:

• Spain: Agencia Española de Protección de Datos (AEPD) — aepd.es
• Portugal: Comissão Nacional de Proteção de Dados (CNPD) — cnpd.pt

9. Your Rights Under CCPA/CPRA (California Residents)

If you are a California resident and the CCPA/CPRA applies to our processing of your data, you have the following rights:

• Right to know: To request disclosure of the categories and specific pieces of personal information collected about you, the sources, business purposes, and third parties with whom it is shared.
• Right to access and portability: To receive a copy of the personal information collected about you in the preceding 12 months, free of charge, in a portable format.
• Right to deletion: To request deletion of your personal information, subject to certain exceptions (e.g., legal obligations, security, pending transactions).
• Right to correct: To request correction of inaccurate personal information.
• Right to opt out of sale or sharing: WANDR International Group LLC does not sell or share personal information for cross-context behavioral advertising purposes. No opt-out mechanism is required for this purpose.
• Right to limit use of sensitive personal information: We do not process sensitive personal information beyond what is permitted under Cal. Civ. Code § 1798.121.
• Right to non-discrimination: You will not receive discriminatory treatment for exercising any of your CCPA rights.

To submit a verifiable consumer request, contact us at operations@wandrinternational.com. We will respond within 45 days (extendable by an additional 45 days with prior notice). Requests are free of charge (up to twice per 12-month period).

10. Minors

This website and its services are directed exclusively at businesses and professionals. We do not knowingly collect personal data from individuals under 18 years of age. If we become aware that personal data of a minor has been collected without appropriate consent, we will delete it immediately.

Under LOPDGDD (Spain), valid consent for minors requires parental consent for those under 14 years of age. Under Portuguese Law 58/2019, the minimum age for valid consent in information society services is 13 years. Given that this website is B2B only, these provisions are not expected to apply.

11. Cookies and Similar Technologies

This website may use cookies and similar technologies for the following purposes:

• Strictly necessary cookies: Required for the technical operation of the website. No consent required.
• Cloudflare security cookies: Used by Cloudflare for security, performance, and bot detection (including Turnstile). Processed under legitimate interests.
• Analytics cookies: Used to understand how visitors interact with the website (aggregated, anonymized data). Require consent under GDPR.

A cookie consent banner is displayed to EU/EEA visitors on first visit, in compliance with GDPR, LOPDGDD (Spain), and Lei 58/2019 (Portugal). You may withdraw or modify your consent at any time via the cookie settings panel.

12. Data Security

We implement appropriate technical and organizational measures to protect personal data against unauthorized access, accidental loss, disclosure, alteration, or destruction, in accordance with Article 32 GDPR. These measures include:

• HTTPS/TLS encryption for all data in transit.
• Cloudflare CDN and WAF protection against DDoS and injection attacks.
• Access control and authentication for internal systems.
• Regular security reviews and incident response procedures.

In the event of a personal data breach posing a risk to your rights and freedoms, we will notify the competent supervisory authority within 72 hours, and affected individuals where required under Art. 34 GDPR.

13. Policy Updates

This Privacy Policy may be updated to reflect changes in our data processing activities, applicable legislation, or service configuration. When changes are material or require renewed consent, we will notify you prominently (e.g., via website notice or email).

The date of the most recent update is displayed at the top of this page. Continued use of this website after the effective date of any update constitutes acceptance of the revised policy, to the extent permitted by law.

14. Contact

For any questions, concerns, or requests related to this Privacy Policy or the processing of your personal data, please contact us:

• Email: operations@wandrinternational.com
• Entity: WANDR International Group LLC
• Website: wandrinternational.com