Privacy Policy
Last updated: 12 March 2025
This Privacy Policy describes how we collect, use, store and protect your personal data when you use our website and services. It applies to the operations of Bryxemarvodvak and complies with the General Data Protection Regulation (EU) 2016/679 (GDPR), the Dutch implementation (UAVG), and other applicable data protection laws in the Netherlands and the European Union.
We are committed to transparency and to protecting your privacy. We process personal data only where we have a lawful basis to do so and in accordance with the principles of lawfulness, fairness, transparency, purpose limitation, data minimisation, accuracy, storage limitation, integrity and confidentiality, and accountability (Art. 5 GDPR).
1. Data controller
The data controller responsible for your personal data is:
Bryxemarvodvak
Linnaeusstraat 81
1093 EK Amsterdam
Netherlands
Email: info@bryxemarvodvak.world
Phone: +31206651285
If you have questions about this policy or your data, please contact us using the details above.
2. Personal data we collect
We may collect and process the following categories of personal data:
2.1 Data you provide
- Name and contact details (email address, telephone number if you provide it, postal address) when you place an order, complete a form or contact us.
- Message content and any other information you include in contact forms, order forms or correspondence.
- Consent records (e.g. that you agreed to our Terms and Privacy Policy, and optional marketing or analytics consent).
2.2 Data collected automatically
- Technical data: IP address, browser type and version, device type, operating system, referring URL, pages visited and time spent, and similar technical identifiers.
- Cookie and similar technologies data: as described in our Cookie Policy.
2.3 Data from third parties
We may receive limited data from payment or delivery partners necessary to fulfil your order (e.g. delivery address, payment status). We process such data only as necessary for contract performance and as permitted by law.
3. Purposes and legal bases for processing
We process your personal data only for specified purposes and on a lawful basis under the GDPR.
| Purpose | Legal basis |
|---|---|
| Processing and fulfilling orders, delivery and returns | Contract (Art. 6(1)(b) GDPR) |
| Customer service and responding to enquiries | Contract / Legitimate interest (Art. 6(1)(b), (f) GDPR) |
| Compliance with legal obligations (e.g. tax, consumer law) | Legal obligation (Art. 6(1)(c) GDPR) |
| Website operation, security and fraud prevention | Legitimate interest (Art. 6(1)(f) GDPR) |
| Analytics (if you have consented) | Consent (Art. 6(1)(a) GDPR) |
| Marketing communications (if you have consented) | Consent (Art. 6(1)(a) GDPR) |
Where we rely on legitimate interest, we have balanced our interests against your rights and only process data where necessary and proportionate.
4. Retention periods
We keep your data only for as long as necessary for the purposes above or as required by law.
- Order and customer data: For the duration of the contractual relationship and thereafter for up to 7 years for legal, tax and warranty purposes, unless a longer period is required by Dutch or EU law.
- Contact and enquiry data: Until the matter is closed and for a short period thereafter (e.g. 2 years) for follow-up and dispute resolution, unless you request erasure earlier where we have no legal obligation to retain.
- Marketing and analytics (consent-based): Until you withdraw consent or for the period stated at the time of consent; thereafter we may retain minimal data to record that you opted out.
- Technical and access logs: Typically up to 12 months for security and troubleshooting, unless a shorter or longer period is required for legal or security reasons.
- Cookie-related data: As set out in our Cookie Policy.
After the retention period, we delete or anonymise your data so it can no longer identify you.
5. Security measures
We implement appropriate technical and organisational measures to protect your personal data against accidental or unlawful destruction, loss, alteration, unauthorised disclosure or access. These include:
- Use of HTTPS and encryption for data in transit.
- Restriction of access to personal data to authorised personnel on a need-to-know basis.
- Secure storage and handling of data, including where we use third-party processors.
- Regular review of our security practices and, where applicable, contracts with processors to ensure they meet GDPR requirements.
Despite our efforts, no transmission or storage over the internet can be guaranteed to be completely secure. We encourage you to use strong passwords and to contact us if you suspect any misuse of your data.
In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the competent supervisory authority without undue delay and, where the breach is likely to result in a high risk, we will also communicate the breach to you in a clear and plain manner, in accordance with Articles 33 and 34 GDPR.
6. Sharing and international transfers
We may share your data with:
- Service providers (e.g. hosting, payment, delivery, email) who process data on our instructions and are bound by data processing agreements where required.
- Public authorities when we are legally obliged to do so (e.g. tax, law enforcement).
We do not sell your personal data. If we transfer data outside the European Economic Area (EEA), we ensure appropriate safeguards are in place (e.g. adequacy decision, standard contractual clauses, or other mechanisms approved under GDPR). You may request a copy of the safeguards or the place where they have been made available.
Where we engage processors (subcontractors) to process personal data on our behalf, we enter into data processing agreements that impose on them the same level of protection required by the GDPR. A list of categories of processors (e.g. hosting, email, payment, analytics) can be provided on request.
7. Your rights under GDPR
You have the following rights in relation to your personal data. You may exercise them by contacting us at info@bryxemarvodvak.world or using the address above.
- Right of access (Art. 15 GDPR): You can request a copy of the personal data we hold about you and information about how we process it.
- Right to rectification (Art. 16 GDPR): You can request correction of inaccurate or incomplete data.
- Right to erasure (Art. 17 GDPR): You can request deletion of your data in certain cases (e.g. where it is no longer necessary, where you withdraw consent, or where it was processed unlawfully), subject to legal exceptions.
- Right to restriction of processing (Art. 18 GDPR): You can request that we limit how we use your data in certain situations (e.g. while we verify accuracy or while a dispute is ongoing).
- Right to data portability (Art. 20 GDPR): Where processing is based on contract or consent and is carried out by automated means, you can request to receive your data in a structured, commonly used format or have it transmitted to another controller where technically feasible.
- Right to object (Art. 21 GDPR): You can object to processing based on legitimate interest or to processing for direct marketing. We will cease such processing unless we have compelling legitimate grounds that override your interests.
- Right to withdraw consent: Where processing is based on consent, you may withdraw consent at any time. Withdrawal does not affect the lawfulness of processing before withdrawal.
- Right to lodge a complaint: You have the right to lodge a complaint with a supervisory authority, in particular in the EU member state of your residence, place of work or place of the alleged infringement. In the Netherlands, the supervisory authority is the Autoriteit Persoonsgegevens (Dutch Data Protection Authority), https://autoriteitpersoonsgegevens.nl.
We will respond to your request without undue delay and in any event within one month, subject to possible extensions where permitted by law. We may ask you to verify your identity before fulfilling a request.
8. Automated decision-making and profiling
We do not use your personal data for automated decision-making (including profiling) that produces legal effects concerning you or similarly significantly affects you. If we introduce such processing in the future, we will inform you and, where required, obtain your consent or provide you with the right to obtain human intervention, express your point of view and contest the decision.
9. Children
Our website and services are not directed at children under 16. We do not knowingly collect personal data from children. If you believe we have collected data from a child, please contact us and we will delete it promptly.
10. Sources of personal data
Personal data we process comes from: (a) you, when you provide it via forms, orders or correspondence; (b) your device and browser, when you use our website; (c) third parties such as payment or delivery providers, only where necessary for the performance of the contract or as permitted by law. We do not obtain data from publicly available sources for marketing or profiling purposes unless we have a lawful basis and, where required, have informed you.
11. Changes to this policy
We may update this Privacy Policy from time to time to reflect changes in our practices or in the law. The “Last updated” date at the top will be revised when we make material changes. We encourage you to review this page periodically. Where required by law, we will seek your consent to any new use of your data.
12. Contact
For any questions about this Privacy Policy or our processing of your personal data, please contact:
Bryxemarvodvak
Linnaeusstraat 81, 1093 EK Amsterdam, Netherlands
Email: info@bryxemarvodvak.world
Phone: +31206651285