The privacy law General Data Protection Regulation (AVG) has applied to the entire European Union since May 25, 2018. Internationally, the law is called General Data Protection Regulation (GDPR). The European Privacy Act applies to all companies and organizations that record personal data of customers, staff or other persons from the EU.
Personal data we use ?
We process your personal data because you use our services and/or because you provide this data to us yourself. Below is an overview of the personal data we process:
- First and last name
- Gender (optional)
- Address information
- Phone number (optional)
- E-mail address
- Information about your order on our website
- Bank account number
For what purpose do we use personal data ?
We process your personal data for the following purposes:
- Processing your payment
- To be able to call you or send you an email if this is necessary for our customer service to carry out
- To inform you about changes in our products and delivery times
- To offer you the possibility to create an account
- To deliver products to you
- To inform you about news, promotions and discounts
- We also process personal data if we are legally obliged to do so, such as data that we need for our tax return.
Sharing personal data with third parties
We share your personal data with various third parties if this is necessary for the execution of the agreement and to meet a possible legal obligation, for example if the police requires it in case of a suspected crime. With companies that process your data on our behalf, we conclude a processing agreement to ensure the same level of security and confidentiality of your data. We remain responsible for these processes. We work together with the following companies;
In order to process payments in our webshop, we use the platform of Mollie. Mollie processes your name, address and place of residence data and payment information such as your bank account or credit card number. Mollie has taken appropriate technical and organizational measures to protect your personal data. Mollie reserves the right to use your data to further improve its services and in this context, to share (anonymized) data with third parties. All of the above guarantees regarding the protection of your personal data also apply to those parts of Mollie's services for which it engages third parties. Mollie will not retain your data any longer than is legally permitted.
We collect reviews through the platform of Kiyoh. If you leave a review through Kiyoh, you are required to provide your name, city and email address. Kiyoh shares this information with us, so we can link the review to your order. Kiyoh also publishes your name and residence on its own website. In some cases Kiyoh may contact you to provide an explanation of your review. In case we invite you to leave a review, we share your name and email address with Kiyoh. They will only use this data to invite you to leave a review. Kiyoh has taken appropriate technical and organizational measures to protect your personal data. Kiyoh reserves the right to engage third parties for the purpose of providing the services; we have given Kiyoh permission to do so. All the above-mentioned guarantees with regard to the protection of your personal data also apply to those parts of Kiyoh's service provision for which it engages third parties. Kiyoh stores your personal data for as long as you keep the review published on the platform. Kiyoh has appointed a Data Protection Officer, you can find the contact details of this officer on the Kiyoh website.
If you place an order with us it is our job to have your package delivered. We use the services of PostNL to carry out the deliveries. It is therefore necessary that we share your name, address and place of residence with PostNL. PostNL will only use this information for the performance of the agreement. If PostNL engages subcontractors, PostNL will also make your data available to these parties.
How long do we retain personal data?
We will retain your data for as long as you are a customer of ours. This means we will keep your account until you indicate that you no longer wish to use our services. On the basis of applicable administrative obligations we have to keep invoices with your (personal) data, so we will keep this data for as long as the applicable term runs. We are legally obliged to keep our records for 7 years (fiscal retention obligation). These are mainly the invoices for the accounting for our tax return. However, employees no longer have access to your account and documents that we have produced as a result of your assignment.
How we secure personal data
Security of personal data is very important to us. We ensure that your data is properly secured. We constantly adjust the security and pay close attention to what can go wrong. For example, our application uses a secure connection via Secure Socket Layer technology (SSL), recognizable by the padlock icon in your browser. If you feel that your data is not properly secured or if there are indications of misuse, please contact us.
Our website and/or service has no intention of collecting information about website visitors who are younger than 16 years old. Unless they have parental or guardian consent. However, we cannot verify whether a visitor is over 16. We therefore recommend that parents be involved in their children's online activities in order to prevent the collection of data about children without parental consent. If you are convinced that we have collected personal data on a minor without such consent, please contact us and we will delete this information.
We do not make decisions based on automated processing about matters that can (significantly) affect individuals. These are decisions made by computer programs or systems, without a human being (for example an employee of us) being involved.
What are your rights?
Based on the applicable Dutch and European legislation, you as a data subject have certain rights with regard to the personal data processed by or on behalf of us. We explain below what these rights are and how you can invoke them. In principle, to prevent misuse, we only send copies and copies of your data to your e-mail address already known to us. In the event that you wish to receive the data at another e-mail address or, for example, by post, we will ask you to identify yourself. We keep a record of completed requests. You will receive all copies and data in the machine-readable data format that we use within our systems. You have the right at all times to submit a complaint to the Dutch Data Protection Authority if you suspect that we are using your personal data in an incorrect manner. This is the Dutch watchdog for privacy legislation. You can do this through the following link.
Right of inspection
You always have the right to see the data that we process, or have processed, and which relate to you or can be traced back to you. You can make a request to that effect to us, please contact us. You will receive a response to your request within 30 days. If your request is granted, we will send you a copy of all data at the e-mail address we have on record together with a list of the processors who hold this data, stating the category under which we have stored it.
Right to rectification
You always have the right to have the data that we process, or have processed, and which relate to your person or can be traced back to that person, corrected. You can make a request to that effect to us, please contact us. You will receive a response to your request within 30 days. If your request is granted, we will send you a confirmation at the e-mail address known to us that the data has been amended.
Right to restriction of processing
You always have the right to restrict the data that we process (or have processed) that relate to your person or can be traced back to that person. You can make a request to that effect to us, please contact us. You will receive a response to your request within 30 days. If your request is granted, we will send you a confirmation at the email address we have on record that the data will no longer be processed until you lift the restriction.
Right of portability
You always have the right to have the data that we process, or have processed, and which relate to your person or can be traced back to you, carried out by another party. You can make a request to that effect to us, please contact us. You will receive a response to your request within 30 days. If your request is granted, we will send you copies or copies of all the data about you that we have processed or that has been processed on our behalf by other processors or third parties at the email address we have on record. In all likelihood, we will not be able to continue providing services in such a case, as the secure interconnection of data files can no longer be guaranteed.
Right to object and other rights
You have the right to object to the processing of your personal data by or on behalf of us. If you object, we will immediately cease processing your data while we await the outcome of your objection. If your objection is well-founded, we will make copies and/or copies of the data we are processing (or have processed) available to you and then permanently stop processing it. You also have the right not to be subjected to automated individual decision-making or profiling. We do not process your data in such a way that this right applies. If you believe that this is the case, please contact us.