EN-Privacybeleid
Last updated: [INSERT DATE]
Introduction
[BUSINESS NAME] ("we", "us", or "the seller") respects your privacy and attaches great importance to the protection of your personal data. In this privacy policy, we explain what personal data we process, why we do so, how long we retain it, and what rights you have.
We process your personal data in accordance with the General Data Protection Regulation (GDPR / AVG).
Data controller
[BUSINESS NAME] [ADDRESS] Chamber of Commerce (KvK) number: [KVK NUMBER] Email: [EMAIL ADDRESS]
What personal data do we process?
We process the following categories of personal data:
When placing an order:
- First and last name
- Delivery and billing address
- Email address
- Phone number
- Payment information (processed by our payment service provider — we do not receive complete bank details or credit card numbers)
- Order history
When using our website:
- IP address
- Browser type and version
- Device type and operating system
- Pages visited and time spent on the website
- Referring website
- Cookies (see our separate Cookie Policy)
When contacting us:
- Content of your message
- Contact information you provide
Why do we process your data? (Purpose and legal basis)
| Purpose | Legal basis |
|---|---|
| Processing your order (handling, invoicing, shipping) | Performance of contract (art. 6(1)(b) GDPR) |
| Communication about your order | Performance of contract |
| Customer service and complaint handling | Performance of contract / legitimate interest |
| Compliance with legal obligations (such as tax retention) | Legal obligation (art. 6(1)(c) GDPR) |
| Improvement of our website and services | Legitimate interest (art. 6(1)(f) GDPR) |
| Fraud prevention and security | Legitimate interest |
| Sending newsletters (if you have subscribed) | Consent (art. 6(1)(a) GDPR) |
With whom do we share your data?
We share your personal data with third parties only to the extent necessary for the performance of the contract or to comply with a legal obligation. We have data processing agreements with:
- Shopify (e-commerce platform — hosting our website and order processing) — established in Ireland (EU)
- [PAYMENT PROVIDER — e.g. Mollie, Shopify Payments] (payment processing)
- [SHIPPING CARRIER — e.g. PostNL, DHL] (delivery of your order)
- [EMAIL SERVICE PROVIDER if used — e.g. Mailchimp, Klaviyo] (email communication)
- Dutch Tax Authority (Belastingdienst) (only when legally required)
We never sell your data to third parties for commercial purposes.
Transfers outside the EU
Some of our processors (such as Shopify) may process data outside the European Economic Area. In that case, we ensure that the transfer complies with GDPR, for example via Standard Contractual Clauses approved by the European Commission.
How long do we retain your data?
| Data category | Retention period |
|---|---|
| Order data and invoices | 7 years (tax retention obligation art. 52 AWR) |
| Customer account (if created) | Until you delete your account |
| Email communication | 2 years after last contact |
| Newsletter subscriptions | Until you unsubscribe |
| Website analytics (anonymized) | 26 months |
After the retention period expires, your data is securely deleted or anonymized.
Security of your data
We take appropriate technical and organizational measures to protect your personal data against loss or unlawful processing. These include:
- SSL/TLS encryption of all data transmission via the website (HTTPS)
- Secure storage with recognized processors (Shopify, payment provider)
- Limited access to personal data — only we have access
- Regular review of security measures
Your rights
Under GDPR, you have the following rights:
- Right of access — you can request what personal data we process about you.
- Right to rectification — you can have incorrect data corrected.
- Right to erasure ("right to be forgotten") — you can request deletion of your data, subject to legal retention obligations.
- Right to restriction — you can request that we limit the processing of your data.
- Right to data portability — you can request your data in a common format to transfer to another party.
- Right to object — you can object to processing based on legitimate interest.
- Right to withdraw consent — if processing is based on your consent, you can withdraw it at any time.
To exercise these rights, please send an email to [EMAIL ADDRESS]. We will respond to your request within 30 days. To verify your identity, we may ask for additional information.
Filing a complaint
If you have a complaint about the processing of your personal data, we ask you to first contact us. You also always have the right to file a complaint with the Dutch Data Protection Authority:
Autoriteit Persoonsgegevens P.O. Box 93374, 2509 AJ The Hague, Netherlands Website: https://autoriteitpersoonsgegevens.nl
Changes to this privacy policy
We may update this privacy policy from time to time. The most current version is always available on our website. We recommend that you consult this page regularly.