top of page

Privacy Policy

Onda Moda – Luxury Fashion Boutique
Last Updated: 10/01/2025

At Onda Moda, we are committed to protecting the privacy and confidentiality of our customers’ personal information. As a luxury fashion boutique serving discerning clients across Mexico, we recognize that trust is the foundation of our brand. This Privacy Policy explains how we collect, use, store, and protect your personal data when you visit our website (www.ondamoda.com), make a purchase, create an account, subscribe to our communications, or interact with our customer service.
By using our website or providing us with your personal information, you agree to the practices described in this policy.

1. Information We Collect

We only collect the personal data necessary to provide a safe and personalized luxury shopping experience:

  • Identity and Contact Information: Full name, email address, phone number, shipping and billing address.

  • Transaction Data: Order history, purchase details, payment method (card type, expiration, and issuer — never stored by us), tax ID (RFC) for invoicing.

  • Technical and Behavioral Information: IP address, device type, browser, operating system, pages visited, time spent, and click behavior (collected via cookies and analytics tools).

  • Preferences and Communications: Product interests, newsletter subscriptions, responses to surveys or promotional campaigns, interactions with customer service.

We do not collect sensitive personal data (e.g., racial or ethnic origin, religious beliefs, health information) unless you voluntarily provide it for a specific purpose (e.g., customized adjustments).

2. How We Use Your Information

Your data is used solely for the following purposes:

  • To process, fulfill, and deliver your orders accurately and on time.

  • To issue legally valid invoices and comply with tax obligations under Mexican law.

  • To provide customer service, respond to inquiries, and manage returns or exchanges.

  • To personalize your browsing experience, recommend products suited to your preferences, and send marketing communications (only with your prior consent).

  • To improve website functionality, product offerings, and overall customer experience through anonymous analysis.

  • To prevent fraud, unauthorized access, and illegal activities.

  • To comply with applicable legal and regulatory obligations.

We do not use your data for automated decision-making or profiling that produces legal effects or significantly affects you.

3. Legal Basis for Processing

Under the Mexican Federal Law on Protection of Personal Data Held by Private Parties (LFPDPPP), we rely on the following legal bases:

  • Contract Performance — to fulfill your purchase and delivery.

  • Legitimate Interest — to enhance security, prevent fraud, and optimize service.

  • Consent — for newsletter subscriptions, targeted advertising, and other non-essential processing.

  • Legal Obligation — for tax reporting, anti-money laundering measures, and compliance with authorities.

You may withdraw your consent at any time without affecting the lawfulness of processing based on prior consent.

4. How We Share Your Information

We do not sell, rent, or market your personal data to third parties for marketing purposes.
We may share your information only with:

  • Payment processors (e.g., Stripe, PayPal, Mercado Pago) — to handle transactions securely. We never store full card data.

  • Logistics companies (e.g., Estafeta, DHL, FedEx) — to deliver your purchases.

  • Technology providers (e.g., Wix, Shopify, Google Analytics, Meta Pixel) — to operate and optimize our website. These partners are contractually required to protect your data and only use it for the purposes we specify.

  • Legal and regulatory authorities — if required by law, court order, or to protect our rights, property, or security.

All third parties are selected based on high security standards and are bound by strict confidentiality agreements.

5. Data Security

Your information is protected with top-tier technical and organizational measures, including:

  • SSL/TLS encryption for all data transmissions.

  • Secure, PCI-DSS-compliant payment gateways.

  • Restricted access to personal data within our team.

  • Regular security audits and vulnerability assessments.

  • Data retention policies aligned with legal requirements (e.g., tax records kept for 5 years; customer data deleted after 3 years of inactivity or upon request).

Although no digital system is completely risk-free, we take all reasonable steps to protect your information from unauthorized access, disclosure, alteration, or destruction.

6. Cookies and Tracking Technologies

Our website uses cookies and similar technologies to:

  • Keep your session active during checkout.

  • Remember your preferences (e.g., language, currency).

  • Analyze site performance and user behavior via Google Analytics (anonymized data).

  • Display personalized advertising on external platforms (e.g., Meta, Google) — only if you have given consent.

You can manage or disable cookies through your browser settings. Disabling essential cookies may prevent you from completing purchases. We provide a cookie consent banner on your first visit, where you can accept, reject, or customize your preferences.
For more details, see our Cookie Policy.

7. International Data Transfers

To ensure uninterrupted service, your data may be transferred outside Mexico — for example, to our e-commerce platform provider (Shopify, based in Canada), payment processors (Stripe, based in the U.S.), or analytics services (Google, based in the U.S.).
These transfers comply with Mexican data protection law. We ensure recipients are bound by contractual clauses, recognized safeguards, or adequacy frameworks guaranteeing an equivalent level of protection.

8. Your Rights — ARCO

As a data subject under Mexican law, you have the right to:

  • Access — know what personal data we hold about you.

  • Rectify — correct inaccurate or incomplete information.

  • Cancel — request deletion of your data, subject to legal retention requirements.

  • Object — object to the processing of your data for marketing or other non-essential purposes.

To exercise your ARCO rights, send a written request to:

privacy@ondamoda.com

Attn: Data Protection Officer
[Insert Complete Business Address]

Include:

  • Your full name and contact information

  • A clear description of your request

  • A copy of an official ID (INE, passport, etc.)

We will respond within 20 business days, as required by law. No fee will be charged to exercise these rights.

9. Minor Privacy

Onda Moda does not knowingly collect personal data from individuals under 18. If you are under 18, you should not use our website or provide personal information. If we learn we have inadvertently collected data from a minor, we will delete it immediately upon notification.

10. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. The most recent version will always be posted on this page with the “Last Updated” date.
Significant changes will be communicated by email to registered customers and via a prominent notice on our website.

11. Contact Us

For questions, concerns, or requests regarding your personal data, please contact our Data Protection Officer:
📧 Email: privacy@ondamoda.com

bottom of page