This is the privacy statement of Zeepatelier and Giftshop Uzepia (located in Kudelstaart and registered with the Chamber of Commerce under trade register number 50413082). In this privacy statement we explain how we handle your personal data. We want to show you which data we record about you, why we need it, who may have access to it and how long we keep this data. We also inform you about your rights with regard to the processing of your personal data. All this in line with the General Data Protection Regulation (“GDPR”), which came into effect on 25 May 2018.
2. What personal data do we collect and why?
Personal data is all data that can be traced directly or indirectly to you. The GDPR lists various legal grounds on the basis of which personal data may be collected. The legal grounds on which we collect your personal data are: (1) to be able to perform the agreement with you, (2) on the basis of legal obligations, (3) on the basis of legitimate interest and (4) in some cases on the basis of of your consent. We will explain this below.
1. Performance of the agreement
If you place an order on our website, we collect the following personal data from you:
Address (invoice and delivery address);
Telephone number (and possibly fax number); and
Other personal data that you may voluntarily provide when you add a comment to your order.
We need this information for the execution of the agreement with you, for example to be able to send you your order. Or to be able to contact you if there are any questions or unexpected problems arise on your or our side.
2. Legal obligations
We also use the aforementioned personal data on the basis of legal obligations, such as those that apply for invoicing and keeping records.
3. Legitimate interest
On the basis of legitimate interest, we could send existing customers, i.e. persons who have placed an order with us, direct marketing. This means that we can send you offers or promotions for our products by e-mail. We always offer you the option to unsubscribe from this in the future.
General visitor data is also kept on our website, including the IP address of your computer and the time of retrieval and data that your browser sends. This data is used for analyzes of visit and click behavior on the website. We use this information for the security of the website and to improve the functioning of the website.
Processing or using your personal data other than those mentioned above will only take place if you have given us unambiguous permission to do so. If the processing is based on consent, you have the right to withdraw your consent at any time. In that case, we will terminate the relevant processing of your data. Withdrawing consent does not alter the lawfulness of processing based on consent before its withdrawal.
3. Who has access to my personal data?
We only share personal data with third parties to perform our agreement with you and enable our operational activities, or when we are legally obliged to do so. In all other cases we always ask for your permission. For example, we use external parties for the management and maintenance of our website and for taking care of our (financial) administration. We will never sell your personal data to third parties.
In the situation that we give access to personal data to an external party, we will make agreements with this third party about the use, security and confidentiality of this data. They may never use this information for their own purposes and adhere to the same rules as we adhere to, as described in this privacy statement.
We have taken appropriate technical, physical and organizational measures to protect your personal data against unauthorized or unlawful use, alteration, unauthorized access or disclosure, accidental or unlawful destruction and loss. For example, we have taken the following measures:
We have a username and password policy on all our systems;
We make backups to be able to restore the personal data in the event of physical or technical incidents;
Our employees are bound by the confidentiality of your personal data and informed about the importance of the protection of personal data; and
We have made agreements with the external parties we work with about the use, security and confidentiality of this data.
5. How long will the personal data be kept?