Skip to content
Why this page about privacy
The General Data Protection Regulation (GDPR) is the new European privacy legislation. This legislation applies to anyone who collects personal data from European citizens, including all webshops. The current Cookie Act and the Data Leakage Notification Obligation also became part of the GDPR.
According to this new law, every European company that collects your data (for example because you order something online) must clearly explain what data is collected, for what purpose it is intended, with whom the data is shared and how long it is stored. There are also strict requirements for the protection of your personal data. It is therefore very important that this is handled in the same way internationally.
What does Wooolly do?
2. We do not sell your personal information to other parties.
3. We use an SSL certificate. An SSL certificate ensures the security of data exchanged between you and this website. So you can safely enter your data, because it is sent encrypted.
4. If there is a serious data leak (for example loss of a laptop with order and payment details), this will be reported immediately to the Personal Data Authority. If necessary, all data subjects will be informed.
5. We collect your personal information during the ordering process (name, address, telephone number, e-mail address, payment details), and inform you via and with this information about your placed order.
6. We do not send newsletters.
– What information about you is collected by us
– what these data are used for
– with whom and under what conditions this information may be shared with third parties.
– how we store your data
– how we protect your data from misuse
– what rights you have with regard to the personal data you provide to us.
1. About the data processing
Below you can read how we process your data, where we store it (or have it stored), which security techniques we use and for whom the data is transparent.
a. Web shop software WooCommerce
Our shop is developed with software from WooCommerce. Personal data that you make available to us for the purpose of our services, will be shared with this party. WooCommerce has access to your data to provide us (technical) support, they will never use your data for any other purpose. Based on the agreement we have with them WooCommerce is obliged to take appropriate security measures. These security measures consist of the application of SSL encryption and a strong password policy. Regular backups are made to prevent data loss.|
b. Web hosting SiteGround.com
We purchase web hosting and e-mail services from SiteGround.com. SiteGround.com processes personal data on our behalf and does not use your data for its own purposes. However, this party may collect metadata about the use of the services. These are not personal data. SiteGround.com has taken appropriate technical and organizational measures to prevent loss and unauthorized use of your personal data. SiteGround.com is under the agreement to confidentiality obligation. SiteGround.com has no access to our mailbox and we treat all our email traffic confidentially.
c. Payment processor Mollie
We use the Mollie platform to process payments in our webshop. Mollie processes your name, address and place of residence data and your payment details such as your bank account or credit card number. Mollie has taken appropriate technical and organisational measures to protect your personal data. Mollie reserves the right to use your data to further improve the service and to share (anonymised) data with third parties within this framework. All the above mentioned guarantees with regard to the protection of your personal data also apply to the parts of Mollie’s services for which they engage third parties. Mollie will not store your data longer than the legal deadlines allow.
d. Shipment and logistics MyParcel and PostNL
If you place an order with us it is our task to have your package delivered to you. We use the services of MyParcel and PostNL to carry out the deliveries. It is therefore necessary that we share your name, address and city details with MyParcel and PostNL. MyParcel and PostNL only use this information for the execution of the agreement. In the event that MyParcel or PostNL engages subcontractors, MyParcel or PostNL will also make your data available to these parties.
e. Invoicing and accounting
We use the services of E-boekhouden to keep our records and accounts up to date. We share your name, address and place of residence information and details regarding your order. This information is used for the administration of sales invoices. Your personal data is sent and stored in a protected way. E-boekhouden is obliged to secrecy and will treat your data confidentially. E-accounting does not use your personal data for purposes other than those described above.
2. Purpose of data processing
a. General purpose of processing
We use your data exclusively for the purpose of our services. This means that the purpose of the processing is always directly related to the order you provide. We do not use your data for (targeted) marketing. If you share data with us and we use this data to contact you at a later time – other than at your request – we ask your explicit consent. Your data will not be shared with third parties other than to meet accounting and other administrative obligations. These third parties are all bound to secrecy by virtue of the agreement between them and us or an oath or legal obligation.
b. Automatically collected data
Data automatically collected by our website is processed with the aim of further improving our services. This information (e.g. your IP address, web browser and operating system) is not personal data.
3. Cooperation in tax and criminal investigations
In such cases, Wooolly may be obliged to share your data on the basis of a legal obligation in connection with a fiscal or criminal investigation by the government. In such a case we are forced to share your data, but we will oppose this within the possibilities offered by law.
4. Conservation periods
We will keep your order details for a maximum of 2 years after your last order, or until you indicate that you no longer want your order details to be stored with us (a request to forget). Pursuant to applicable administrative obligations (legal obligations and the Tax and Customs Administration) we are required to store invoices containing your (personal) data, so we will store this data for as long as the applicable period of time runs. However, employees no longer have access to your client profile and documents that we have produced as a result of your order.
5. Your rights
Under the applicable Dutch and European legislation, as a data subject you have certain rights with regard to the personal data processed by or on behalf of us. We explain below what rights these are and how you can invoke these rights.
In principle, in order to prevent misuse, we will only send copies of your data to your e-mail address already known to us. In the event that you wish to receive the information at another e-mail address or, for example, by post, we will ask you to identify yourself.
We keep records of completed requests, in the event of a forgotten request we administer anonymised data. You will receive all statements and copies of data in the machine-readable data format that we use within our systems.
You have the right at all times to lodge a complaint with the Personal Data Authority if you suspect that we are using your personal data in a wrong way.
Right of inspection: You always have the right to inspect the data that we process or have processed and that relate to you or that can be traced back to you. You can make a request to this effect to our contact person for privacy matters. You will then receive a response to your request within 30 days. If your request is granted, we will send you a copy of all data to the e-mail address we have on file with an overview of the processors who have this data in their possession, stating the category under which we have stored this data.
Right of rectification: you always have the right to have the data we process or have processed that relate to you or that can be traced back to you amended. You can make a request to this effect to our privacy contact person. You will then receive a response to your request within 30 days. If your request is granted, we will send you a confirmation that the information has been adjusted to the e-mail address we have on file.
Right to restrict processing: You always have the right to restrict the data that we process (or have processed) relating to you or that can be traced back to you. You can make a request to that effect to our contact person for privacy matters. You will then receive a response to your request within 30 days. If your request is granted, we will send you a confirmation to the e-mail address we have on file that the data will no longer be processed until you remove the restriction.
Right to transferability: You always have the right to have the data that we process (or have processed) and that relate to you or that can be traced back to you, carried out by another party. You can make a request to this effect to our privacy contact person. You will then receive a response to your request within 30 days. If your request is granted, we will send you copies or copies of all data about you that we have processed or that have been processed by other processors or third parties on our behalf to the e-mail address we have on file with you. In all likelihood, we will no longer be able to continue providing the service in such a case, as the secure linking of data files can then no longer be guaranteed.
Right of objection and other rights: In appropriate cases, you have the right to object to the processing of your personal data by or on behalf of Wooolly. If you object, we will immediately stop the data processing in anticipation of the processing of your objection. If your objection is well-founded, we will make copies and/or copies of data that we process (or have processed) available to you and then permanently cease processing.
You also have the right not to be subjected to automated individual decision-making or profiling. We do not process your data in such a way that this right applies. If you believe that this is the case, please contact our privacy contact person.