Privacy Policy

Last updated:

1. Data Controller

The data controller responsible for your personal data is:

2. Data We Collect

We collect the following categories of personal data:

• Contact and order data: full name, email address, telephone number, delivery address, and order notes submitted through the order form.
• Communication data: messages sent to us by email or phone.
• Technical data: IP address, browser type and version, device type, operating system, referring URL, pages visited, and time spent on the site. This data is collected via cookies and server logs.
• Consent records: records of the consent you provide, including cookie consent preferences and the GDPR checkbox on the order form.

We do not collect sensitive special-category data (such as health data, biometric data, or financial payment data). Payment processing, if applicable, is handled by a third-party payment service provider and we do not store card details.

3. Legal Bases for Processing

We process your data on the following legal grounds under Article 6 GDPR:

• Performance of a contract (Art. 6(1)(b)): processing your order, arranging delivery, handling returns, and communicating about your purchase.
• Compliance with a legal obligation (Art. 6(1)(c)): retaining invoicing and financial records as required under Dutch tax law (Belastingdienst).
• Legitimate interests (Art. 6(1)(f)): preventing fraud, ensuring website security, and improving our site based on aggregated analytics data.
• Consent (Art. 6(1)(a)): placing optional analytics or marketing cookies on your device, where you have given explicit consent via our cookie banner.

4. Purposes of Processing

We use your personal data for the following purposes:

• Processing and fulfilling your order and communicating order status.
• Arranging delivery through our logistics partner (PostNL or similar carrier).
• Processing returns and refunds in accordance with our Refund Policy.
• Responding to enquiries sent to our customer service.
• Complying with applicable Dutch and EU legal obligations.
• Detecting and preventing fraudulent transactions.
• Analysing aggregated, anonymised website usage data to improve our services (where consent is given for analytics cookies).

5. Data Sharing and Recipients

We do not sell, rent, or trade your personal data. We may share your data with the following categories of recipients, strictly for the purposes set out above:

• Delivery and logistics partners (e.g. PostNL): name and delivery address to fulfil your order.
• IT and hosting providers: our website is hosted on servers within the European Economic Area (EEA). Hosting providers are bound by data processing agreements.
• Analytics providers: aggregated, anonymised data only, where you have consented to analytics cookies.
• Public authorities: where required by applicable law, court order, or regulatory authority.

Any third party we engage is required to process personal data only on our documented instructions and to maintain appropriate technical and organisational security measures.

6. International Data Transfers

We process and store your data within the European Economic Area (EEA). Where any tool or service provider is located outside the EEA, we ensure an adequate level of protection through Standard Contractual Clauses approved by the European Commission or another appropriate safeguard under Chapter V GDPR.

7. Data Retention Periods

We retain personal data for the following periods:

• Order and customer data: seven (7) years from the date of the transaction, to comply with Dutch fiscal record-keeping requirements (Artikel 52 AWR).
• Customer service correspondence: two (2) years from the date of the last communication.
• Consent records: retained for as long as the consent is relevant and for three (3) years thereafter for dispute resolution purposes.
• Technical/log data: up to twelve (12) months, then anonymised or deleted.

After the applicable retention period, data is securely deleted or anonymised.

8. Your Rights Under GDPR

As a data subject in the EEA, you have the following rights:

• Right of access (Art. 15): you may request a copy of the personal data we hold about you.
• Right to rectification (Art. 16): you may ask us to correct inaccurate or incomplete data.
• Right to erasure (Art. 17): you may request deletion of your data, subject to legal retention obligations.
• Right to restriction of processing (Art. 18): you may ask us to restrict processing in certain circumstances.
• Right to data portability (Art. 20): where processing is based on consent or contract, you may receive your data in a structured, machine-readable format.
• Right to object (Art. 21): you may object to processing based on legitimate interests.
• Right to withdraw consent: where processing is based on consent, you may withdraw at any time without affecting the lawfulness of prior processing.

To exercise any of these rights, please contact us at the details in Section 1. We will respond within one (1) month. If you are unsatisfied with our response, you have the right to lodge a complaint with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens): www.autoriteitpersoonsgegevens.nl.

9. Security Measures

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, accidental loss, destruction, or alteration. These measures include HTTPS encryption, access controls, and regular security reviews. Whilst we take all reasonable steps to secure your data, no internet transmission can be guaranteed to be 100% secure.

10. Cookies

We use cookies and similar tracking technologies on this website. Please refer to our Cookie Policy for full details of the cookies we use, their purposes, and how to manage your preferences.

11. Changes to This Policy

We may update this Privacy Policy from time to time. The date at the top of this page indicates when it was last revised. Where changes are material, we will notify you by a prominent notice on our website or by email if we hold your contact details.

12. Contact Us

For any questions, requests, or complaints relating to this Privacy Policy or our data processing activities, please contact us: