Privacy Policy – Elixirtallow

Effective Date: 11 April 2025
Last Updated: 11 April 2025

1. Introduction

At Elixirtallow ("we", "our", or "us"), we are committed to safeguarding your personal data. This Privacy Policy explains how we collect, use, disclose, and protect your information when you visit our website [https://www.elixirtallow.com] and make purchases through our store. This policy complies with the General Data Protection Regulation (EU) 2016/679 ("GDPR") and the Dutch Algemene verordening gegevensbescherming ("AVG").

2. Data Controller

Elixirtallow is the data controller for the processing of your personal data. You can contact us regarding this policy at:

  • Email: [Insert Email Address]

  • Mailing Address: [Insert Business Address]

  • KvK (Chamber of Commerce) Number: [Insert KvK Number, if applicable]

3. What Data We Collect

We may collect the following categories of personal data:

  • Information You Provide: Name, email address, billing and shipping addresses, phone number, and payment details (processed securely via third-party providers).

  • Account Information (if applicable): Login credentials and order history.

  • Automatically Collected Data: IP address, device type, browser information, pages visited, and other usage data via cookies and similar technologies.

4. Legal Basis for Processing

We process your personal data under the following legal bases as defined in Article 6(1) of the GDPR:

  • Performance of a Contract: To fulfill your orders and provide customer support.

  • Consent: For marketing communications (which you can withdraw at any time).

  • Legal Obligation: To meet tax, accounting, or legal requirements.

  • Legitimate Interest: To improve our website, detect fraud, and ensure security.

5. How We Use Your Data

Your personal data is used to:

  • Process and deliver your orders.

  • Communicate with you about your orders or inquiries.

  • Send promotional emails (with your explicit consent).

  • Improve the functionality and performance of our website.

  • Comply with legal obligations.

6. Data Retention

We only retain your personal data for as long as necessary to fulfill the purposes outlined in this policy:

  • Order and transaction data: Retained for up to 7 years, in compliance with Dutch tax regulations.

  • Marketing data: Retained until you unsubscribe or withdraw consent.

  • Account data (if applicable): Retained while your account remains active.

7. Sharing Your Information

We do not sell your personal data. However, we may share it with:

  • Service Providers: Including payment processors, shipping partners, and technical infrastructure providers.

  • Legal Authorities: If required by law or in response to legal requests.

  • Professional Advisors: Such as legal or financial consultants, under confidentiality agreements.

All third parties are required to adhere to GDPR or equivalent standards through data processing agreements.

8. International Data Transfers

If your data is transferred outside the EU/EEA, we ensure that appropriate safeguards are in place, including:

  • Transfers to countries with an adequacy decision by the European Commission.

  • Use of Standard Contractual Clauses (SCCs) to ensure lawful transfers.

9. Your Rights

Under the GDPR and Dutch privacy law, you have the following rights:

  • Access: View the personal data we hold about you.

  • Rectification: Correct inaccurate or incomplete data.

  • Erasure: Request deletion of your data ("right to be forgotten").

  • Restriction: Limit processing in certain circumstances.

  • Objection: Object to certain uses, such as direct marketing.

  • Data Portability: Receive your data in a machine-readable format.

  • Withdraw Consent: Withdraw at any time, without affecting prior processing.

To exercise any of these rights, please contact us at [Insert Email Address].

10. Cookies

We use cookies and similar technologies to enhance user experience, track performance, and deliver relevant content. You may control cookie settings via your browser or our cookie consent banner.

For more information, please refer to our Cookie Policy [insert link if applicable].

11. Security Measures

We implement appropriate technical and organizational measures to protect your personal data, including SSL encryption, restricted access, and data minimization practices. However, no method of transmission over the internet is 100% secure, and we cannot guarantee absolute security.

12. Supervisory Authority

If you believe your data has been mishandled, you have the right to file a complaint with the Autoriteit Persoonsgegevens (Dutch Data Protection Authority):

13. Changes to This Policy

We may update this Privacy Policy to reflect changes in legal requirements or our practices. The most recent version will always be posted on this page with the updated effective date. We encourage you to review this policy regularly.

14. Contact

If you have questions or would like to exercise your data rights, please contact us through the contact form.