Privacy Policy
Last updated: 20 April 2026
This Privacy Policy explains how RSZ Type S.L. ("we", "us", "our", "Resistenza Type") collects, uses, and protects your personal data when you visit rsztype.com or purchase our fonts.
We take your privacy seriously. This policy is written to be as clear as possible — no legal filler. If something is unclear, write to us at info@resistenza.es and we'll explain.
1. Who we are
Data Controller RSZ Type S.L. Calle Cádiz 57 p11 46005 Valencia — Spain VAT / NIF: ESB98968985 Email: info@resistenza.es
We are the entity responsible for the personal data collected through this website.
2. What data we collect
We collect only what we need to sell you fonts and communicate with you.
When you buy a font:
- Name, billing address, email
- VAT number (if you're a business)
- Payment information (processed directly by Stripe — we never see or store your full card number)
- Order history and licence details
When you subscribe to our newsletter:
- Email address
- Language preference and interaction data (opens, clicks — tracked by Mailchimp)
When you browse the website:
- Technical data such as IP address, browser type, device type, pages visited
- Analytics data (if you consent) — see Section 6 on Cookies
When you contact us:
- Whatever information you include in your message (name, email, message content)
We do not knowingly collect data from anyone under 16 years of age.
3. Why we collect it (legal bases)
Under the GDPR we need a legal basis to process your data. Ours are:
| Purpose | Legal basis |
|---|---|
| Processing your font order and delivering the licence | Contract (GDPR Art. 6.1.b) |
| Issuing invoices and keeping accounting records | Legal obligation (GDPR Art. 6.1.c — Spanish tax law requires 6-year retention) |
| Sending you newsletters | Consent (GDPR Art. 6.1.a) — you can withdraw at any time |
| Website analytics and advertising cookies | Consent (GDPR Art. 6.1.a) — managed through our cookie banner |
| Responding to your questions | Legitimate interest (GDPR Art. 6.1.f) |
| Preventing fraud and abuse | Legitimate interest (GDPR Art. 6.1.f) |
4. Who we share it with
We share your data only with trusted third parties that help us run the business. Each one acts either as a data processor (they work for us under a contract) or as an independent controller (they have their own privacy rules).
Fontdue Inc. (USA) — our e-commerce platform provider. Processes orders, hosts the website, stores customer data. Fontdue Privacy Policy
Stripe, Inc. (USA / Ireland) — handles payments. We never store your card details. Stripe Privacy Policy
The Rocket Science Group LLC / Mailchimp (USA) — manages our newsletter. Only used if you've subscribed. Mailchimp Privacy Policy
Google LLC (USA) — provides Google Analytics 4 and Google Ads. Active only if you accept analytics/marketing cookies. Google Privacy Policy
Our accountant (Spain) — receives invoice data for tax and bookkeeping purposes as required by Spanish law.
Some of these providers are based outside the EU. When this happens, the transfer is covered by either the EU–US Data Privacy Framework or Standard Contractual Clauses approved by the European Commission.
We do not sell your personal data. Ever.
5. How long we keep it
- Order and invoice data: 6 years, as required by Spanish tax law (Ley General Tributaria)
- Customer account data on Fontdue: as long as your account is active, then deleted on request
- Newsletter email: until you unsubscribe or ask us to remove it
- Website analytics: up to 14 months (Google Analytics default retention)
- Contact form messages: up to 2 years, unless a longer retention is justified by ongoing communication
6. Cookies
We use cookies to make the website work and, with your consent, to understand traffic and run marketing campaigns. Our cookie banner lets you accept or reject non-essential cookies.
Essential cookies (no consent needed — the site can't work without them):
- Fontdue session and shopping cart cookies
- Your cookie preference itself (
rsz_cookie_consent) - Your light/dark theme choice (
rsz-theme)
Analytics & marketing cookies (only with your consent):
_ga,_ga_*— Google Analytics 4 — traffic analysis (retention: up to 2 years)_gcl_*— Google Ads — conversion tracking (retention: up to 90 days)- Mailchimp tracking cookies — newsletter engagement metrics
You can change your preferences any time via the "Cookie settings" link in the footer.
7. Your rights
Under the GDPR you have the right to:
- Access — ask us what data we hold about you
- Rectification — ask us to correct wrong or incomplete data
- Erasure — ask us to delete your data (where legally possible — we can't delete invoices required by tax law)
- Restriction — ask us to pause processing while a dispute is resolved
- Portability — receive your data in a machine-readable format
- Objection — object to processing based on legitimate interest
- Withdraw consent — at any time, for any processing based on consent (this won't affect processing done before you withdrew)
To exercise any of these rights, email info@resistenza.es. We'll respond within 30 days.
If you believe we haven't handled your data properly, you can file a complaint with the Spanish Data Protection Authority: AEPD — Agencia Española de Protección de Datos C/ Jorge Juan 6, 28001 Madrid www.aepd.es
8. Security
We use reasonable technical and organisational measures to protect your data (HTTPS, access controls, encrypted payments via Stripe). No system is perfectly secure — if a data breach ever occurred that put your rights at risk, we'd notify you and the AEPD within 72 hours, as required by law.
9. Changes to this policy
We may update this policy from time to time. The "Last updated" date at the top reflects the latest version. Significant changes affecting your rights will be communicated via email (to newsletter subscribers) or a banner on the website.
10. Contact
Questions, requests, complaints — one address: info@resistenza.es
We read everything and we reply.