Privacy Policy
This Privacy Policy describes how Shipibo Store (shipibostore.com) collects, uses, stores, and protects your personal data. It applies to all personal information collected through the website, including the shopping cart, checkout process, newsletter subscription form, and any other interaction on the site. By using this website or placing an order, you acknowledge that you have read and understood this Policy in full.
1. Identity of the Data Controller
The entity responsible for the processing of your personal data is:
Full Name: Romeo Laulate Diaz
RUC (Peruvian Tax ID): 10053938634
Type: Persona Natural con Negocio — Artesano Textil
SUNAT Activity Codes: CIIU 1629 (artisan manufacture) / CIIU 4773 (retail)
Fiscal Address: Cal. Atahualpa N° 1650, Iquitos, Loreto, Perú
Email: romeo.haux@gmail.com
Phone / WhatsApp: +51 910 658 670
Website: shipibostore.com
Governing Law: Republic of Peru — Ley 29733 (Personal Data Protection Law) and DS 003-2013-JUS
As the data controller, Shipibo Store determines the purposes and means of processing your personal data and is solely responsible for its lawful handling in accordance with Peruvian law and, where applicable, the European Union General Data Protection Regulation (GDPR) for buyers located in the European Economic Area.
2. Data We Collect
We collect only the personal data strictly necessary for the purposes described in this Policy. We do not collect sensitive data such as health information, religious beliefs, biometric data, or political opinions.
2.1 Data collected when placing an order
Full name: Required to process your order, issue the tax receipt (boleta de venta) required by SUNAT, and coordinate delivery with the courier.
Email address: Required to send you the order confirmation, dispatch notification, tracking information, and tax receipt. Also used for customer support communication related to your order.
Shipping address (street, city, country, postal code): Required to deliver your order to the correct location. Shared with the courier company for the sole purpose of delivery.
Phone number: Required so that the courier can contact you in case of delivery issues, redelivery scheduling, or customs requirements in your country.
Payment data: Processed exclusively by Niubiz (VisaNet Perú S.A.C.), the payment gateway integrated into our checkout. Shipibo Store does not store, access, or retain your card number, CVV, or full banking credentials. The processing, storage, and security of payment card data is handled entirely within Niubiz’s certified payment environment. Niubiz accepts Visa, Mastercard, and American Express cards issued both in Peru and internationally.
2.2 Data collected via newsletter subscription
Email address: Collected only when you explicitly and voluntarily submit your email through our newsletter subscription form. Subscription constitutes your consent to receive promotional and informational communications from Shipibo Store. The newsletter subscription form is developed and hosted natively on shipibostore.com; your email address is stored on our web server and is not shared with any third-party email marketing platform.
Subscription date and IP address: Retained as technical proof of your consent, as required by data protection law. This data is not used for any other purpose.
2.3 Data collected automatically when you visit the website
Session cookies: Our website uses strictly necessary session cookies to maintain the state of your shopping cart and your browsing session while you navigate the site. These cookies are temporary and are deleted when you close your browser. We do not use analytics cookies, advertising cookies, or any third-party tracking technology. See Section 7 for full details.
Server logs: Our hosting infrastructure, located in the United States, automatically records standard web server access logs including IP address, browser type, pages requested, date and time of access, and referring URL. These logs are used exclusively for security monitoring, technical troubleshooting, and server administration. They are not used for behavioral analysis or marketing profiling.
2.4 Data we do NOT collect
We do not use Google Analytics, Meta Pixel, or any other third-party analytics or advertising tracking tool. We do not collect data regarding race, ethnicity, religion, sexual orientation, health status, or political opinions. We do not store payment card details. We do not build behavioral profiles. We do not share your data with advertising networks.
3. Purposes and Legal Basis for Processing
Every processing activity we carry out has a specific, documented legal basis. We do not process your personal data for purposes beyond those listed here without first obtaining your explicit consent.
3.1 Processing and fulfilling your order
Legal basis: Contractual necessity. Processing your data is required to execute the purchase contract. Without it, we cannot fulfill, ship, or support your purchase.
3.2 Issuing tax receipts (boleta de venta) required by SUNAT
Legal basis: Legal obligation. Peruvian tax law requires us to issue an electronic tax receipt for every transaction and to archive these records for a minimum of five years. This processing obligation cannot be refused or limited by the data subject.
3.3 Shipping and delivery coordination
Legal basis: Contractual necessity. Sharing your name, address, and phone number with the courier is essential to deliver your order to the address you specified.
3.4 Payment processing via Niubiz
Legal basis: Contractual necessity. Transmitting the data required by Niubiz to process your payment is an unavoidable part of executing the purchase contract.
3.5 Customer support, complaints, and dispute resolution
Legal basis: Legitimate interest of the controller. Retaining order and communication records is necessary to resolve disputes, respond to warranty claims, and process returns and refunds.
3.6 Fraud prevention and transaction security
Legal basis: Legitimate interest. Protecting the business and our customers from fraudulent orders, payment fraud, and chargeback abuse.
3.7 Newsletter and promotional communications
Legal basis: Explicit consent. You actively submitted your email to subscribe. This consent may be withdrawn at any time by contacting us at romeo.haux@gmail.com. Withdrawal does not affect the lawfulness of processing carried out before withdrawal.
3.8 Compliance with Peruvian export and customs regulations
Legal basis: Legal obligation. SUNAT Aduanas requires the declaration of exported goods, including buyer name and address, for every international shipment via Declaración Simplificada de Exportación (DSE) or Declaración Aduanera de Mercancías (DAM).
3.9 Server security and technical operation
Legal basis: Legitimate interest. Retaining server access logs is necessary to detect unauthorized access, debug technical issues, and maintain site security.
We do not use your data for automated decision-making or profiling that produces legal effects or significantly affects you.
4. Data Sharing and Third-Party Processors
Shipibo Store does not sell, rent, trade, or otherwise commercially transfer your personal data to third parties. Data is shared only with the following recipients, for the specific purposes stated.
4.1 Niubiz (VisaNet Perú S.A.C.)
Payment processing. Niubiz is the payment gateway integrated into our checkout and is responsible for the secure processing and storage of your payment card data. Niubiz is a Peruvian-regulated payment processor operating under the oversight of the Superintendencia de Banca, Seguros y AFP (SBS). Data transferred to Niubiz includes: cardholder name, card number, expiry date, CVV, billing email, and transaction amount. Niubiz’s privacy practices are governed by their own privacy policy and by SBS regulations applicable to payment processors in Peru.
4.2 Courier and logistics companies
Delivery. We share your recipient name, delivery address, and phone number with the courier or postal service handling your shipment. This data is used exclusively for the purpose of delivering your order and is not retained by the courier beyond the delivery lifecycle.
4.3 SUNAT (Peruvian Tax Authority)
Tax and customs compliance. Buyer name and transaction details are reported to SUNAT as required by Peruvian tax law for electronic receipt issuance. For international orders, export declaration data including buyer name and shipping address is filed with SUNAT Aduanas.
4.4 Web hosting provider (USA)
Infrastructure. Our website is hosted on servers located in the United States. The hosting provider processes data on our behalf as a data processor, meaning they store and serve the data necessary to operate the website. This includes order data, customer accounts, newsletter subscriber emails, and server logs. The hosting provider does not have access to or use of your data beyond what is technically necessary to operate the servers.
4.5 INDECOPI or Peruvian courts
Legal compliance. In the event we receive a valid court order or regulatory request from INDECOPI or another competent authority, we may be required to disclose relevant personal data. We will notify you of such requests to the extent permitted by law.
No other sharing occurs. Any sharing beyond what is described above requires your prior written consent.
5. International Data Transfers
Your personal data is subject to international transfers in two specific contexts.
Web hosting in the USA: Our website and all data stored on it — including customer orders, accounts, and newsletter subscriptions — are hosted on servers located in the United States. This means your personal data is stored in and processed from the USA. The USA does not have a formal adequacy decision from the European Commission; however, we contractually require our hosting provider to implement appropriate safeguards for the protection of your data.
Courier delivery in your country: When we ship your order internationally, your name, address, and phone number are transferred to the courier and, where applicable, to postal services operating in your country of residence. These entities are governed by the data protection laws of their respective jurisdictions.
By purchasing from Shipibo Store, you explicitly acknowledge and, where legally required, consent to these international transfers as described.
6. Data Retention Periods
We retain your personal data only for as long as necessary to fulfill the stated purposes and no longer than required by applicable law.
6.1 Order and transaction records
Minimum 5 years from the transaction date, as mandated by the Peruvian Código Tributario. This retention period cannot be shortened at the buyer’s request, as it is a legal obligation.
6.2 Export and customs declarations
Minimum 5 years in accordance with SUNAT Aduanas regulations for international shipments.
6.3 Customer account and purchase history
Duration of the customer relationship plus 5 years for tax compliance and dispute resolution purposes.
6.4 Newsletter subscriber data
Until you unsubscribe. Upon unsubscription, your email is removed from the active subscriber list. The consent record (submission date and IP) may be retained for up to 3 years as proof of consent.
6.5 Customer support and complaint records
3 years from the date of resolution, to support the defense of potential future claims.
6.6 Server access logs
Up to 12 months, in line with standard hosting security practices.
6.7 Fraud prevention records
Up to 3 years in cases of confirmed or suspected fraudulent activity.
After the applicable retention period, data is securely deleted or irreversibly anonymized.
7. Cookies
Our website uses only strictly necessary session cookies. We do not use advertising cookies, analytics cookies, or any third-party tracking cookies.
7.1 Session cookies (strictly necessary)
Session cookies are small temporary files stored in your browser while you navigate the site. They are required for the website to function correctly. Specifically, they maintain the contents of your shopping cart as you browse, preserve your checkout session state, and manage your login state if you have a customer account.
Session cookies do not track your behavior across websites, do not collect personally identifiable information beyond what is technically necessary to maintain your session, and are automatically deleted when you close your browser. No consent is required for strictly necessary cookies under applicable law, as they are essential to the operation of the service you have requested.
7.2 No third-party cookies
We do not load Google Analytics, Meta Pixel, advertising networks, retargeting scripts, social media tracking buttons, or any other third-party code that sets cookies on your device. Your browsing behavior on shipibostore.com is not tracked by any external party.
7.3 Browser cookie controls
You may control, block, or delete cookies through your browser settings. Please note that blocking session cookies will prevent the shopping cart from functioning and will make it impossible to complete a purchase on our site.
8. Data Security
We implement appropriate technical and organizational security measures to protect your personal data against unauthorized access, alteration, disclosure, accidental loss, or destruction.
8.1 HTTPS / TLS encryption
All data transmitted between your browser and our website is encrypted in transit using TLS (Transport Layer Security), verifiable via the padlock in your browser’s address bar.
8.2 Payment security via Niubiz
All payment card data is handled exclusively within Niubiz’s certified payment environment. Niubiz operates under regulatory oversight by the SBS and implements security standards for payment processing in Peru. Shipibo Store never handles raw card data at any point in the transaction.
8.3 Access controls
Access to customer data in our WordPress/WooCommerce backend is limited to authorized personnel, protected by strong passwords and two-factor authentication.
8.4 Hosting security
Our USA-based hosting provider maintains server-level security including firewall protection, malware scanning, intrusion detection, and automated backup systems.
8.5 Inherent limitations
No internet transmission or electronic storage method is 100% secure. By providing your personal data to us, you acknowledge and accept this inherent risk. In the event of a data breach likely to result in a high risk to your rights and freedoms, we will notify you in accordance with applicable law without undue delay.
9. Peruvian Personal Data Registry (RNPDP)
In accordance with Article 28 of Law 29733, Shipibo Store is required to register its personal data banks with the Registro Nacional de Protección de Datos Personales (RNPDP), administered by the Autoridad Nacional de Transparencia y Acceso a la Información (ANTAIP).
Our customer data bank is in the process of registration with ANTAIP. The official registry number will be published in this section of the Privacy Policy once registration is confirmed. Until then, this Policy constitutes our public commitment to the principles of Ley 29733: lawfulness, consent, purpose limitation, proportionality, quality, security, and disposition.
For verification and queries regarding the RNPDP: www.gob.pe/minjus
10. Your Rights
Under Peruvian Law 29733, you hold the following ARCO rights over your personal data. EU/EEA residents hold additional rights under the GDPR as noted below.
10.1 Right of Access (Acceso)
You may request confirmation of whether we process personal data about you and, if so, receive a full copy of that data along with information about the purposes of processing, the categories of data held, and the recipients to whom data has been disclosed.
10.2 Right of Rectification (Rectificación)
You may request the correction of any inaccurate, incomplete, or outdated personal data we hold about you.
10.3 Right of Cancellation / Erasure (Cancelación)
You may request the deletion of your personal data. This right is subject to our legal retention obligations: data required for tax compliance (minimum 5 years under the Código Tributario) cannot be deleted until the retention period expires. Such data will be restricted to compliance use only until it can be lawfully deleted.
10.4 Right of Opposition (Oposición)
You may object to the processing of your personal data where that processing is based on our legitimate interests. We will cease processing unless we can demonstrate compelling legitimate grounds that override your interests, rights, and freedoms, or unless processing is necessary for legal claims.
10.5 Additional rights for EU/EEA residents (GDPR)
Data portability (Art. 20 GDPR): You may request your personal data in a structured, machine-readable format for transfer to another controller where technically feasible.
Restriction of processing (Art. 18 GDPR): You may request that we limit how we use your data in certain circumstances, such as while the accuracy of data is contested.
Right to object to direct marketing: You may object at any time to the processing of your data for newsletter or promotional purposes, with immediate effect and without justification.
Right to lodge a complaint: You may file a complaint with your national data protection supervisory authority. Examples: AEPD (Spain), CNIL (France), ICO (United Kingdom), Garante (Italy).
10.6 How to exercise your rights
Submit a written request to romeo.haux@gmail.com. Your request must include your full name, the email address associated with your account or purchase, a copy of your identity document for verification, and a clear description of the right you wish to exercise.
We will acknowledge your request within 5 business days and respond in full within 20 calendar days as required by Law 29733. We may extend this by an additional 20 days in complex cases, with prior written notification.
11. Children’s Privacy
Shipibo Store does not knowingly collect personal data from individuals under the age of 18. Our website and services are directed exclusively at adults. If you are a parent or legal guardian and believe your minor child has provided us personal data without your consent, contact us immediately at romeo.haux@gmail.com and we will delete that information promptly.
By making a purchase or subscribing to our newsletter, you represent that you are at least 18 years of age.
12. Third-Party Links
Our website may contain links to third-party websites such as courier tracking portals. These external sites are not operated by Shipibo Store and are entirely outside our control. This Privacy Policy does not apply to them. We accept no responsibility for their content, privacy practices, or data handling. We encourage you to review the privacy policy of every external site you visit.
13. Changes to This Privacy Policy
Shipibo Store reserves the right to update this Privacy Policy at any time to reflect changes in applicable law, changes to our data processing activities, or new features added to the website.
The revised Policy will always be published at shipibostore.com/privacy-policy with an updated effective date. For material changes that significantly affect your rights or how we use your data, we will notify registered customers by email at least 15 days before the change takes effect.
Continued use of the website after publication of a revised Policy constitutes acceptance of the updated terms.
14. Contact
For any question, request, complaint, or concern regarding the processing of your personal data, or to exercise any of the rights described in Section 10:
Controller: Romeo Laulate Diaz — RUC 10053938634
Email: romeo.haux@gmail.com
WhatsApp: +51 910 658 670
Postal Address: Cal. Atahualpa N° 1650, Iquitos, Loreto, Perú
Response time: Within 20 calendar days per Ley 29733