Privacy Policy

Effective date: October 21, 2025

Orosi Bioterma S.A. (“we,” “our,” “us”) respects your privacy and is committed to protecting your personal data. This Privacy Policy explains how we collect, use, store, and protect your information when you interact with our website, make a purchase, or visit our points of sale.

We comply with the General Data Protection Regulation (GDPR) of the European Union and the Costa Rican Data Protection Law No. 8968 (Ley de Protección de la Persona frente al Tratamiento de sus Datos Personales).

1. Who We Are

Orosi Bioterma S.A. is a skincare company based in Costa Rica that develops products formulated with thermal spring water.

We offer products through our e-commerce website and physical points of sale.

For privacy-related inquiries, you can contact us at:

Email: admin@orosidermotermal.com 

2. Personal Data We Collect

We may collect the following types of personal data when you interact with us:

  • Full name
  • Email address
  • Phone number
  • Shipping address and billing information
  • Payment details (processed securely via third-party payment gateways)
  • Account information (if you create an account on our website)
  • Communication records (emails, support messages, or feedback)

We collect only the data necessary to provide our services, comply with legal obligations, and ensure a smooth shopping experience.

3. Purpose of Data Processing

We use your personal data for the following purposes:

  • Account creation and management
  • Order processing and delivery of your purchases
  • Customer support and communication regarding orders or inquiries
  • Electronic billing in accordance with Costa Rican law
  • Service improvement (for example, understanding user preferences or issues)
  • Legal compliance, such as tax and accounting requirements

We do not sell or rent your personal information to third parties.

4. Data Sharing with Third Parties

We only share your data with trusted third parties when necessary to provide our services:

  • Payment processors (for secure online payments)
  • Shipping and logistics partners (for delivering your orders)
  • IT and hosting providers (to operate our website securely)

All third parties are required to process your data in accordance with GDPR and Costa Rican Law 8968, and only for the purposes we specify.

5. Legal Basis for Processing (GDPR)

Under the GDPR, our legal bases for processing your personal data include:

  • Contract performance: When processing your orders or account requests.
  • Legal obligation: For compliance with tax and accounting requirements.
  • Legitimate interests: To maintain and improve our services.
  • Consent: When you accept our terms during checkout or contact us voluntarily.

6. Data Security

We take your data security seriously.

Orosi Bioterma S.A. implements the following measures to protect your personal data:

  • SSL/TLS encryption for all online transactions
  • Restricted employee access to personal data
  • Secure payment gateways that comply with PCI-DSS standards
  • Regular system monitoring to prevent unauthorized access

7. Data Retention

We retain your data only as long as necessary for the purposes described above or as required by law.

When data is no longer needed, it is securely deleted or anonymized.

8. Your Rights

Depending on your location, you have the following rights under GDPR and Costa Rican Law 8968:

  • Right to access your data
  • Right to correct inaccurate or incomplete data
  • Right to request deletion (“right to be forgotten”)
  • Right to restrict or object to processing
  • Right to data portability
  • Right to withdraw consent at any time

To exercise these rights, contact us at admin@orosidermotermal.com.

We will respond to your request within the legal timeframe.

9. Cookies and Tracking

At this time, Orosi Bioterma does not use cookies or third-party analytics tools to track browsing behavior.

If this changes in the future, we will update this policy and request your explicit consent before enabling cookies.

10. International Data Transfers

If we transfer your data outside Costa Rica or the European Union, we ensure it is protected with appropriate safeguards, such as Standard Contractual Clauses or equivalent legal mechanisms under GDPR.

11. Policy Updates

We may update this Privacy Policy from time to time to reflect changes in our practices or legal obligations.

You will be notified of any significant updates via email.

The latest version will always be available on our website.

12. Contact Us

If you have any questions, concerns, or requests about your personal data or this Privacy Policy, please contact:

Email: admin@orosidermotermal.com

Orosi Bioterma S.A.

Costa Rica