Privacy Policy (GDPR)

ersie 1.1 opgemaakt in Drachten op 19-05-2018.

Who we are

Our website address is: https://www.dekratomshop.nl.

What personal data we collect and why we collect it

Comments and product reviews

When visitors leave comments or product reviews on the site we collect the data shown in the comments or product review form, and also the visitor’s IP address and browser user agent string to help spam detection.

An anonymized string created from your email address (also called a hash) may be provided to the Gravatar service to see if you are using it. The Gravatar service privacy policy is available here: https://automattic.com/privacy/. After approval of your comment or review, your profile picture is visible to the public in the context of your comment.

Media

If you upload images to the website, you should avoid uploading images with embedded location data (EXIF GPS) included. Visitors to the website can download and extract any location data from images on the website.

Contact forms

Cookies

If you leave a comment on our site you may opt-in to saving your name, email address and website in cookies. These are for your convenience so that you do not have to fill in your details again when you leave another comment. These cookies will last for one year.

If you have an account and you log in to this site, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser.

When you log in, we will also set up several cookies to save your login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If you select “Remember Me”, your login will persist for two weeks. If you log out of your account, the login cookies will be removed.

If you edit or publish an article, an additional cookie will be saved in your browser. This cookie includes no personal data and simply indicates the post ID of the article you just edited. It expires after 1 day.

Store information/customer information/product ordering/ account details

What data does the store collect about you when you order a product?

When you order a product for the first time and you want to check out you are asked to fill in a form. You are asked to fill in the following details :

A) Billing details

1) First Name and last name

2) Email address and telephone number

3) Country of residence

4) Address (Street, city, postal code)

If your Shipping address is the same as your Billing details address you will not be prompted to fill in your shipping address however if your shipping address is different from the address you put into the billing fields you will also have to fill in the details for shipping in your shipping field.

1) First Name and last name

2) Email address and telephone number

3) Country of residence

4) Address (Street, city, postal code)

What do we do with this information and why?

We collect the information above because we need to know your address to be able to ship your products. We also need your email to be able to communicate with you about your order status etcetera and to send you additional information regarding your order such as a track and trace code etcetera. We need your telephone number to be able to reach you in case we need to know something about your order (for instance a mistake in address etc).

 

What data does the store collect if you make a customer account on this site

Customers or customers to be can make a customer account on this website (webshop). When you opt for making a customer account we collect the following data:

1)Your first name and your last name

2) Your email address

3) your password and user id

 

Customers can change these details any time through their own “my account” page but they are not able to delete their account, for this account to be deleted they should contact us, through info@webdesigndiensten.nl or by the contact form.

What do we do with this information and why?

Account details are automatically linked to the shipping information you put in when you made an order. So if you are logged in your billing and shipping information will be automatically put into the checkout fields next time you make an order. We don’t use your account information for ourselves or to share with a third party, they are only used for your own benefit, and for us to be able to communicate with you (through your email address)

conntent from other websites

Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.

These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracing your interaction with the embedded content if you have an account and are logged in to that website.

Analytics

We are currently not using Analytics on our webshop.

How long we keep your data

Account data

Account data will be preserved until you either delete your account or until you ask us to delete your account. If you leave a comment, the comment and its metadata are retained indefinitely. This is so we can recognize and approve any follow-up comments automatically instead of holding them in a moderation queue.

For users and customers that register on our website (if any), we also store the personal information they provide in their user profile. All users can see, edit, or delete their personal information at any time (except they cannot change their username). Website administrators can also see and edit that information.

HOwever starting from 19-05-2018 we will keep a list of last login date. If a user does not login from this date for at least 6 months his or her account will be deleted by us.

Pending, failed or canceled orders

Pending, failed or canceled orders will be kept for 2 months, after 2 months they will be automatically deleted from our system. We do this in order to give a customer enough time to still pay for his or her order.

Completed orders

Completed orders will be preserved in 2 ways:
1) online on the webshop, here they will be kept for 1 year, after one year they will be deleted from our system. We keep completed orders for one year on our system because we want to be able to monitor a full given year on:
1) gross and nett Sales by year/month/week
2) gross and nett sales by product per week/month/year
3) gross and nett sales by product category per week/month/year
4) shipping charged week/month/year
5) discounts given week/month/year
6) orders per customer week/month/year
7) number of orders placed week/month/year
8) Average gross sales week/month/year
9) average net sales week/month/year
10) items purcaced week/month/year

2) offline in paper format as a copy of the generateed invoice:, here the paper copy of the completed order invoice will be kept for 7 years according to accountancy and taxation rules. We need to keep the paper invoice of your order for a maximum of 7 years, and we use it for our administration and bookkeeping and as a backup. We keep the paper copy of the invoice behind lock and key in our office.

Who we share your data with

1) Payment provider Pay.nl

If during the checkout process you opt for automatical payment through one the following payment options:

1) Ideal

2) Giropay

3) Mister Cash

4) Mybank

your payment details will be shared with payment provider pay.nl.Pay.nl is a dutch payment provider for webshop merchants such as dekratomshop.nl, offering various payment options.

 

The privacy policy of pay.nl is outlined on this page (unfortunately only in Dutch) privacy policy pay.nl.
For The end user (the one that makes a payment using one of the payment options of Pay.nl to make a payment), the followin details are being stored by Pay.nl:

1) Your first and last name;
2) Your IP-adres;
depending on the payment method used:
3) Your IBAN number;
4) Your card number (creditcardpayments, Bancontact)
Depending on merchant in some cases:
5) Your address details;
6) Your date of birth;
7) Product info;
8) Address details for delivery of product;
Invoice address;
Email address

2) Shipping company Postnl

For the shipping of the products you ordered from our shop to your doorstep we use PostNL a shipping company based in The Netherlands. Note that at this time our shop is not automatically connected to PostNL however we do have a business account at PostNL. All orders have to be manually reported to PostNL by us for which we use the details provided in the order:
Customers can choose 2 shipping options at our shop:

1) standard shipping without track and trace
2) insured track and trace shipping

standard shipping

If a customer chooses the first option (standard shipping) PostNL will use only the Postal code and home number for the order, the customer will not receive a personal track and trace code

Track and trace shipping insured

For track and trace shipping the following details will be shared with Postnl by de kratomshop:
1)Country of recepient
2) sex of recepient (male or female)
3) First name
4) Last name
5) POstal code
6) home number
7) Street
8) Town
9) email address(*)
10) telephone(*)

If applicable:
11) Name of province or region
12) Name of building
13 Order number (the number of the order made by customer which is visible on the invoice)
(*)Email address and telephone number are visible on the shipping label and can be used by the mail deliverer or PostNL or the foreign partner (in case it is a delivery in another EU country other then The Netherlands) to communicate with the recepient if something does not go right or the address cannot be found.

If track and trace shipping is selected by the customer the datta mentioned above will be kept and stored on a secured server of PostNL which is only linked to our PostNL account, so we can use this data for your next order we can however delete it as per your request.

PostNL needs this data to be able to deliver your parcel to your doorstep.

 

 

What rights you have over your data

If you have an account on this site, or have left comments, you can request to receive an exported file of the personal data we hold about you, including any data you have provided to us. You can also request that we erase any personal data we hold about you. This does not include any data we are obliged to keep for administrative, legal, or security purposes.

REquest copy of personal data

If you want to receive a copy of your personal data please request it through: info@webdesigndiensten.nl or through the contactform
Please state in the subject field or in the email subject that you would like to receive a copy of your personal data (exported file). You will then first receive a confirmation email for us the check if you are legitime entitled to that data. After you confirmed you will receive the data.

Request erasing personal data

If you want to have your personal data erased please request it through: info@webdesigndiensten.nl or through the contactform
Please state in the subject field or in the email subject that you would like to have your personal data on dekratomshop.nl erased. You will then first receive a confirmation email for us the check if you are legitime entitled to have your data erased. After you confirmed we will start the erasing process. If the person has a user account on your site, the request will also include a link to start the “Delete User” process …

Request your past orders to be deleted

If your past orders are linked to your account they will be not automatically deleted from the webshop. But you can request them to be deleted by the same procedure as above;
Send us an email through info@webdesigndiensten.nl or through the contact form stating you want your past orders to be deleted from our webshop. We will then send you a confirmation email for us to check if you are legitime entitled to have your past orders deleted. After confirmation we will start deleting your past orders from our webshop.

Request editing personal data

If you have a customer account on dekratomshop.nl you can edit certain data there yourself:
1) edit Password
2) edit email

4) edit billing and shipping details

It could be that some info needs to be retained for specific reasons.

Where we send your data

Visitor comments may be checked through an automated spam detection service.

Your contact information

Additional information

How we protect your data and avoid security breaches

Your data is protected by us in the following ways. Be sure in the coming months we will try to improve the protection process and find new and better ways to protect your data even better, this is an ongoing process.

1) We keep WordPress and the plugins constantly updated to the latest version.
2) We use an SSL (https) certificate and secure checkout, this way information travels over an encrypted channel, we have started using an SSL certificate long before the new privacy laws had come into effect because we find it of utmost importance for our customers that they use a save environment
3) We use the best security and firewall security plugins WordPress has to offer
We will not disclose which security and firewall plugins we use for security reasons but we are using up to date security plugins that have been reviewed as the top security options.
4) We use secure WordPress plus hosting. We use stand alone hosting (not shared for security) using the latest software and CDN and integrated with Cloudflare.
5) Our (and your) data is backed up every day in mulptipe (3) different locations
6) We use limited login attempts to defend against brute force attacks.

What data breach procedures we have in place

1) Protecting personal data by employing techniques such as access restrictions, encryption, pseudonymization, backups, data minimization, and regular testing of all these techniques.
2) Notifying the appropriate supervisory authority no more than 72 hours after of becoming aware of a breach of users’ personal data, including the number of users whose data was exposed, the nature of the breach, and what actions are being taken to mitigate its effects.
3) Communicating this information to the impacted users, especially if the data breach exposed any of their unencrypted personal data.
4) Considering the needs of any law enforcement investigations before publicly announcing the breach.

What third parties we receive data from

PostNL

We receie shipping updates and tracking codes from PostNL Tracking codes will always be submitted to the customer in question so he or she is able to track his or her parcel.

What automated decision making and/or profiling we do with user data

Industry regulatory disclosure requirements