Privacy Statement

Privacy Statement Groots.store

Introduction
Groots.store (hereinafter: "we" or "us") attaches great importance to the protection of your personal data. This privacy statement explains what data we collect, for what purpose, on what legal basis, how we secure your data, with whom we share it, and what rights you have as a data subject. We process your personal data in accordance with the General Data Protection Regulation (GDPR) and other applicable laws and regulations.

1. Identity of the controller

  • Company name: Groots.store
  • Business address: Nijverheidsweg 10, 3881 LA, Putten
  • Email: info@groots.store
  • Chamber of Commerce number: 65663160
  • VAT number: NL856205709B01

We are the controller responsible for the processing of your personal data.

2. Personal data that we process
We process personal data when you visit our website, place an order, use our contact form, or otherwise communicate with us. We may process the following categories of personal data:

  • Identity data: first and last name
  • Contact details: email address, address details, telephone number
  • Order details: order information, billing and shipping information, payment information (without full payment card details)
  • Account information (if applicable): username, password (hashed), order history, preferences
  • Communication data: content of your messages, feedback, reviews
  • Technical data: IP address, browser type, device identifiers, browsing behavior (only via cookies or similar technologies, if consent has been obtained where required)

3. Purposes and legal bases of the processing
We process your personal data for the following purposes and on the following legal bases:

  • Execution of the agreement:
    To process your order, deliver products, process payments, send invoices, and keep you informed about your order. Legal basis: necessary for the performance of a contract.

  • Customer service and communication:
    To answer your questions, handle complaints, and provide support for returns and other requests. Legal basis: necessary for the performance of the agreement or legitimate interest (customer service).

  • Marketing and newsletters (if you have subscribed):
    To keep you informed about offers, promotions, or new products. Where legally required, we will ask for your prior consent. You can unsubscribe at any time via the unsubscribe link in the newsletter or by contacting us. Legal basis: consent or legitimate interest (direct marketing to existing customers).

  • Improving our services and website:
    To improve our website and services, fix bugs, and enhance user-friendliness. We may use anonymized or pseudonymized data for analysis. Legal basis: legitimate interest (optimization and user-friendliness).

  • Compliance with legal obligations:
    To comply with legal requirements, such as tax and administrative obligations. Legal basis: legal obligation.

4. Retention periods
We do not retain your personal data for longer than is necessary for the purposes for which it is collected and processed, unless we are legally required to retain certain data for a longer period. In general, we apply the following retention periods:

  • Order information: Retention period in accordance with statutory tax retention obligation (currently 7 years).
  • Customer service and communication: Maximum 2 years after the last contact, unless longer is necessary, for example, for handling a dispute.
  • Marketing and newsletter data: Until you unsubscribe or indicate that you no longer wish to receive them.

5. Sharing personal data with third parties
We do not sell your data to third parties. However, we may share your data with:

  • Payment providers: for processing your payments
  • Logistics service providers: for the delivery of your package
  • Hosting and IT service providers: for maintaining and managing our website and systems
  • External advisors: such as accountants or legal advisors, if necessary for the performance of our business activities or to comply with legal obligations
  • Government agencies: if we are legally obliged to do so (for example in the event of a fraud investigation)

We conclude processing agreements with these parties, insofar as they act as processors within the meaning of the GDPR, to ensure the security and confidentiality of your data.

6. Cookies and similar technologies
We use cookies and similar technologies to make our website function, measure performance, improve your user experience, and (if you consent) provide you with relevant advertisements. More information about this can be found in our [Cookie Statement].

7. Security of your data
We take appropriate technical and organizational measures to protect your personal data against loss or unlawful processing. This includes encrypted connections (SSL), access controls, limited access to personal data, and the use of secure storage media and software.

8. Data transfer outside the EEA
We generally store your data within the European Economic Area (EEA). If data is transferred to countries outside the EEA, we ensure an adequate level of protection, for example, by using standard contractual clauses or an adequacy decision from the European Commission.

9. Your rights as a data subject
You have the following rights with respect to your personal data:

  • Right of access: You can request which personal data we have about you.
  • Right to rectification: You can ask us to correct incorrect data.
  • Right to erasure (“the right to be forgotten”): You can request that we erase your data, unless we are legally obliged to retain it.
  • Right to restriction of processing: You can request that the processing of your personal data be restricted.
  • Right to object: You can object to the processing of your personal data based on our legitimate interests, or against direct marketing.
  • Right to data portability: You have the right, in certain cases, to receive your data in a structured, commonly used and machine-readable format and to transmit it to another controller.

You can exercise your rights by contacting us at [ info@groots.store ]. We will respond to your request within one month, unless the complexity or number of requests requires us to extend this period. In that case, we will inform you in a timely manner.

10. Complaints to the supervisory authority
If you believe that we are not handling your personal data correctly, you have the right to lodge a complaint with the national supervisory authority, the Dutch Data Protection Authority (AP).

11. Changes to this privacy statement
We reserve the right to amend this privacy statement. Please check this statement regularly for any changes. If we make any material changes, we will notify you via our website or by email.

Contact details:
Groots.store
Nijverheidsweg 10, 3881 LA, Putten
Email: info@groots.store

By using our services and/or visiting our website, you accept this privacy statement.