Privacybeleid
This privacy policy describes how personal data is processed by the operator of this online platform, an online clothes store based in the Netherlands. We are committed to protecting your privacy and handling your data in accordance with applicable data protection laws, including the General Data Protection Regulation (GDPR).
Who is responsible for your data?
The operator of this online platform, an online clothes store located in the Netherlands, is the data controller responsible for processing your personal data.
What personal data do we collect?
We collect personal data when you use our site, place an order, create an account, subscribe to marketing communications, or interact with us. This may include:
- Identity and Contact Data: Name, billing address, delivery address, email address, phone number.
- Payment Data: Payment card details or other payment method information. Note that we do not store full payment card numbers on our servers; this information is processed securely by our payment service providers.
- Order Data: Details about products you purchased, including order history, product preferences.
- Account Data: Username and password for your online account.
- Communication Data: Information you provide when contacting us or communicating with us through our site or other channels.
- Technical Data: Internet protocol (IP) address, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, and other technology on the devices you use to access our site.
- Usage Data: Information about how you use our site, products, and services.
- Marketing and Communications Data: Your preferences in receiving marketing from us and your communication preferences.
We may also collect aggregated data such as statistical or demographic data. Aggregated data is not considered personal data in law as it does not directly or indirectly reveal your identity. However, if we combine or connect aggregated data with your personal data so that it can directly or indirectly identify you, we treat the combined data as personal data which will be used in accordance with this privacy policy.
How and why do we use your personal data? (Purposes and Legal Bases)
We use your personal data for the following purposes and relying on the following legal bases:
- To process and deliver your orders: To manage your purchases, process payments, arrange for delivery, and handle returns. This is necessary for the performance of the contract with you.
- To manage your account: To create and manage your online account, provide you with access to your order history, and manage your preferences. This is based on your consent when creating an account and necessary for the performance of the contract if you use the account for orders.
- To communicate with you: To respond to your inquiries, provide customer support, and send you service-related communications (e.g., order confirmations, shipping updates). This is necessary for the performance of the contract or based on our legitimate interests in providing good customer service.
- To send you marketing communications: To inform you about products, services, offers, and promotions that may be of interest to you. We will only send you direct marketing communications if you have given your consent, or where we have a legitimate interest to do so and are permitted by law (e.g., existing customer). You have the right to withdraw your consent or object to marketing at any time.
- To improve our site and services: To understand how users interact with our online platform, identify technical issues, analyse trends, and improve the content and functionality of our site. This is based on our legitimate interests in operating and improving our business and services.
- For security and fraud prevention: To protect our site, prevent fraudulent transactions, and ensure the security of our systems. This is based on our legitimate interests in protecting our business and complying with legal obligations.
- To comply with legal obligations: To comply with applicable laws, regulations, legal processes, or governmental requests, such as tax obligations or requests from law enforcement. This is necessary for compliance with a legal obligation.
Who do we share your personal data with?
We may share your personal data with selected third parties for the purposes set out above:
- Service Providers: Third parties who provide services on our behalf, such as payment processors, shipping companies (to deliver your orders), IT service providers (for hosting, data analytics, website functionality), and marketing service providers (to manage email campaigns). These service providers are contractually bound to process data only according to our instructions and applicable laws.
- Legal and Regulatory Authorities: We may disclose your personal data if required to do so by law or in response to valid requests by public authorities (e.g., a court or a government agency).
- Business Transfers: In the event of a merger, acquisition, or sale of all or a portion of our assets, your personal data may be transferred to the acquiring entity.
We do not sell your personal data to third parties.
International Data Transfers
Some of the third parties we share data with may be located outside the European Economic Area (EEA). When we transfer your personal data outside the EEA, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:
- We will only transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data by the European Commission.
- Where we use certain service providers, we may use specific contracts approved by the European Commission which give personal data the same protection it has in Europe (known as Standard Contractual Clauses).
- Where we use providers based in the US, we may transfer data to them if they are part of the Privacy Shield which requires them to provide similar protection to personal data shared between Europe and the US. (Note: The Privacy Shield has been invalidated by the European Court of Justice. Transfers to the US now rely primarily on Standard Contractual Clauses or other appropriate safeguards as assessed on a case-by-case basis). We will use appropriate safeguards in line with current legal requirements for transfers to the US or other third countries.
How long do we keep your personal data?
We retain your personal data only for as long as necessary to fulfil the purposes for which we collected it, including for the purposes of satisfying any legal, accounting, or reporting requirements.
To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
For example, order information is typically kept for several years to comply with tax and accounting obligations. If you have an account, we retain your account data as long as your account is active. Marketing consent is retained until you withdraw it.
Your Data Protection Rights
Under GDPR, you have certain rights regarding your personal data:
- The right to access: You have the right to request copies of your personal data.
- The right to rectification: You have the right to request that we correct any information you believe is inaccurate or complete information you believe is incomplete.
- The right to erasure: You have the right to request that we erase your personal data, under certain conditions.
- The right to restrict processing: You have the right to request that we restrict the processing of your personal data, under certain conditions.
- The right to object to processing: You have the right to object to our processing of your personal data, under certain conditions (e.g., processing based on legitimate interests or for direct marketing).
- The right to data portability: You have the right to request that we transfer the data that we have collected to another organisation, or directly to you, under certain conditions.
- The right to withdraw consent: If we are relying on your consent to process your personal data, you have the right to withdraw that consent at any time. Withdrawing consent does not affect the lawfulness of processing based on consent before its withdrawal.
How to contact us
If you have any questions about this privacy policy or wish to exercise any of your data protection rights, please contact us via mail. The data controller is the operator of the Online clothes Store service based in the Netherlands, and can be contacted via mail at the company's registered address in the Netherlands.
Right to Complain
You have the right to lodge a complaint with the supervisory authority in the Netherlands, the Autoriteit Persoonsgegevens, if you believe that we have processed your personal data in a way that is not compliant with the GDPR.
Cookies
Our site uses cookies and similar technologies to function properly, improve your user experience, and analyse traffic. Cookies are small text files stored on your device. We use different types of cookies:
- Strictly necessary cookies: Essential for the site to function (e.g., enabling you to add items to your cart and checkout). We do not require your consent for these.
- Analytical/Performance cookies: Help us understand how visitors use our site, so we can measure and improve performance.
- Functionality cookies: Remember choices you make (e.g., language or region) to provide a more personalised experience.
- Targeting/Advertising cookies: Used to deliver advertising more relevant to you and your interests.
You can manage your cookie preferences through your browser settings or, where applicable, through a cookie banner or preference centre on our site.
Data Security
We have implemented appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.
We have procedures in place to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
Changes to this Privacy Policy
We may update this privacy policy from time to time to reflect changes in our practices or legal requirements. We will notify you of any significant changes by posting the new policy on this page. We encourage you to review this policy periodically.