Privacy policy
Last updated: 27 May 2026
Gift the Glow is built so giving for joy feels simple and honest. This policy explains what personal data we process, why, and your rights under the EU General Data Protection Regulation (GDPR) and Spanish Organic Law 3/2018 (LOPDGDD). We do not sell your data.
Data controller
The controller of your personal data is:
- Tingmar Soluciones, S.L.
- Tax ID (CIF): B01790617
- Address: c/Pablo Picasso, 10, 28222 Majadahonda, Spain
- Email: a.fischer@marnico.es
The same entity operates this website and receives donations processed through it.
We have not appointed a Data Protection Officer, as we are not required to do so.
Data we collect
Depending on how you use the site, we may process the following categories:
- Navigation and technical data: cookie identifier (
gifttheglow), session identifier, IP address, pages visited, interface language, browser user agent, HTTP referer, screen resolution (width and height), and automated traffic signals (bots). - Donation data: amount, currency, frequency (one-time or monthly), Stripe checkout session identifiers, email address if you provide one at checkout for receipts, and technical identifiers that link a visit to a payment.
- Payment data: card and payment method details are entered directly with Stripe. We do not store card numbers or payment credentials on our servers.
- Operational logs: technical copies of payment events and, when the database is unavailable, local fallback logs on the server.
Purposes and legal basis
- Process your donation (including one-time and monthly payments, confirmations, and receipts): performance of pre-contractual measures and contract (Art. 6(1)(b) GDPR).
- Meet legal obligations for accounting, tax, and record-keeping: legal obligation (Art. 6(1)(c) GDPR).
- Operate, maintain, and protect the site (visit logging, abuse prevention, rate limiting, error diagnosis, and service improvement): legitimate interests (Art. 6(1)(f) GDPR), balanced against your rights.
- Technically link a visit to a payment for support and internal traceability: legitimate interests (Art. 6(1)(f) GDPR).
We do not use your data for advertising or commercial profiling.
Retention
We keep personal data only as long as needed for the purposes above and, where applicable, for periods required by law (for example, accounting and tax obligations).
Navigation records are kept while relevant for security, service operation, and internal operational analysis. You may request deletion when data is no longer necessary, unless we must retain it by law.
Cookies and similar technologies
We use strictly necessary cookies for the site to function:
gifttheglow— identifies returning visits and links technical sessions. Duration: up to 12 months. Purpose: site operation and internal traceability.- PHP session cookie — maintains the browser session for the duration of your visit.
We do not use third-party advertising or commercial tracking cookies on this site.
When you pay, you are redirected to Stripe, which may use its own cookies under its policy.
You can configure or delete cookies in your browser. Disabling technical cookies may affect how the site works.
Recipients and processors
We share personal data only when necessary to provide the service:
- Stripe Payments Europe, Ltd. (and, where applicable, Stripe group entities) — payment processing, fraud prevention, and receipts. Privacy policy: stripe.com/privacy.
- IONOS — website and database hosting in Spain.
These providers act as processors or independent controllers as appropriate, with contractual and security safeguards required by the GDPR.
International transfers
The site and database are hosted in Spain. However, Stripe may process data outside the European Economic Area when necessary to provide payment services. In those cases, Stripe applies GDPR safeguards such as Standard Contractual Clauses or other recognized measures.
Your rights
You may exercise your rights of access, rectification, erasure, objection, restriction of processing, and data portability (where applicable) by emailing a.fischer@marnico.es, stating which right you wish to exercise and verifying your identity if needed.
We will respond within one month, extendable where permitted by law.
If you believe processing does not comply with applicable law, you may lodge a complaint with the Spanish Data Protection Agency (AEPD).
Security
We apply reasonable technical and organizational measures to protect personal data, including encrypted traffic (HTTPS), access controls on infrastructure, and rate limiting to reduce abuse.
Minors
This site is not directed at children under 14. If you are a parent or guardian and believe a minor has provided us with personal data, email a.fischer@marnico.es to request deletion.
Changes to this policy
We may update this policy to reflect legal or service changes. The current version will always be published on this page with the corresponding update date.