Privacy Policy

This privacy policy explains how Gifterie ("we", "us") collects, uses, stores and protects your personal data when you use gifterie.shop. By using our website or placing an order, you agree to this policy.

1. Who we are

Gifterie is a sole trader registered in the Netherlands. We are the data controller for personal data collected through this website. For any privacy-related queries, please contact us.

2. What data we collect

• Order data: name, email address, delivery address, phone number and order details
• Payment data: payment is processed securely by our payment provider. We do not store card details.
• Personalisation data: any text, photos or other content you submit for personalised products
• Account data: if you create an account, your login credentials and order history
• Usage data: IP address, browser type, pages visited and time spent, collected via cookies and analytics tools
• Communication data: any messages you send us via contact forms or email

3. How we use your data

We use your personal data only for the following purposes:

• To process, fulfil and deliver your orders
• To send order confirmations, shipping updates and customer service communications
• To comply with our legal obligations (e.g. tax records, GDPR)
• To improve our website, products and services
• To send marketing emails — only if you have explicitly opted in. You can unsubscribe at any time.

We do not use your data for automated decision-making or profiling that produces legal or similarly significant effects.

4. Legal basis for processing

• Contract performance: processing your order and delivering your purchase
• Legal obligation: tax, accounting and fraud prevention requirements
• Legitimate interest: improving our services and preventing fraud
• Consent: marketing emails (you can withdraw consent at any time)

5. Who we share your data with

We only share your data with trusted third parties where necessary to fulfil your order or operate our business:

• Shipping carriers — to deliver your order (name and address only)
• Payment processors — to process your payment securely
• Shopify — our e-commerce platform (data processed under their privacy policy)
• Email service providers — to send transactional and marketing emails
• Analytics providers — to understand how our website is used (anonymised where possible)

We do not sell, rent or trade your personal data to any third party for their own marketing purposes.

6. Data retention

• Order data is retained for 7 years to comply with Dutch tax law.
• Marketing consent records are retained until you withdraw consent.
• Account data is retained until you request deletion.
• Usage and analytics data is retained for a maximum of 26 months.

7. Your rights under GDPR

As a data subject under the General Data Protection Regulation (GDPR), you have the following rights:

• Right of access — request a copy of the personal data we hold about you
• Right to rectification — request correction of inaccurate or incomplete data
• Right to erasure — request deletion of your data where there is no legitimate reason to retain it
• Right to restriction — request that we limit how we use your data
• Right to data portability — request your data in a structured, machine-readable format
• Right to object — object to processing based on legitimate interest, including direct marketing
• Right to withdraw consent — withdraw marketing consent at any time without affecting prior processing

To exercise any of these rights, please contact us. We will respond within 30 days. You also have the right to lodge a complaint with the Dutch data protection authority: Autoriteit Persoonsgegevens (autoriteitpersoonsgegevens.nl).

8. Cookies

We use cookies and similar tracking technologies to improve your experience and analyse website traffic. Cookies we use include:

• Essential cookies — required for the website to function (e.g. shopping cart, login)
• Analytics cookies — to understand how visitors use our site (e.g. Google Analytics)
• Marketing cookies — only placed with your consent, used for targeted advertising

You can manage or withdraw your cookie consent at any time via the cookie banner on our website, or through your browser settings.

9. Data security

We take appropriate technical and organisational measures to protect your personal data against unauthorised access, loss or disclosure. All data is transmitted over encrypted HTTPS connections. However, no method of internet transmission is 100% secure, and we cannot guarantee absolute security.

10. International transfers

Some of our service providers (such as Shopify and email platforms) may process data outside the European Economic Area (EEA). Where this occurs, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses approved by the European Commission.

11. Changes to this policy

We may update this privacy policy from time to time. The current version will always be available on this page. We will notify you of significant changes by email where required by law.

12. Contact

For any questions about this privacy policy or to exercise your data rights, please contact us.