Privacy Policy
Last updated: 6 March 2025
1. Controller and contact details
The data controller responsible for the processing of your personal data in connection with this website is:
Volkrannphodlarn
Leidsestraat 74-76, 1017 GM Amsterdam, Netherlands
Email: contact@volkrannphodlarn.world
Phone: +31 20 422 0210
If you have any questions about this Privacy Policy, about how we process your personal data, or if you wish to exercise your data protection rights, you may contact us using the contact details above. We will respond to your request without undue delay and in any event within one month of receipt, subject to any extension permitted under applicable law where the request is complex or numerous.
2. Scope and applicable law
This Privacy Policy applies to the website volkrannphodlarn.world (including all subpages and related online services) and to all personal data that we collect and process when you visit our website, place orders for our products (including Wellivara), contact us by email or phone, or otherwise interact with us in the context of our business.
We process personal data in accordance with Regulation (EU) 2016/679 (GDPR), the Dutch Uitvoeringswet Algemene verordening gegevensbescherming (UAVG), and other applicable data protection laws in the Netherlands and the European Economic Area. We process personal data only where we have a valid legal basis under Article 6(1) GDPR: performance of a contract, compliance with a legal obligation, your consent, or our legitimate interests (provided your interests do not override ours).
3. Principles of processing
We process your personal data in accordance with the principles of lawfulness, fairness, and transparency; purpose limitation; data minimisation; accuracy; storage limitation; and integrity and confidentiality. We collect only data that is adequate, relevant, and limited to what is necessary for the purposes described, and we retain it only for as long as necessary or as required by law.
4. Categories of personal data and purposes of processing
4.1 Contact and identification data
This includes your full name, email address, telephone number (if provided), and postal address. We use it to process and fulfil your orders, communicate about orders and delivery, respond to enquiries, and, where you have consented or we have a legitimate interest, to send information about our products and services. Legal basis: contract performance; legitimate interest in customer communication; consent or legitimate interest for marketing.
4.2 Order and transaction data
This includes order details (products, quantity, price), order date and reference, payment method and transaction-related data (we do not store full card numbers), delivery status and tracking, and any messages you provide. We use it to fulfil orders, process payments, prevent fraud, manage returns, maintain accounting and tax records, and resolve disputes. Legal basis: contract performance; legal obligations; legitimate interest in fraud prevention and legal defence.
4.3 Technical and usage data
This may include IP address, browser type, device type, referring URL, pages visited, and date and time of access. We use it to operate, maintain, and secure our website, to detect and prevent abuse, and, where you have consented or we have a legitimate interest, to analyse and improve our services. Legal basis: legitimate interest in security and operation; consent for analytics where required.
4.4 Cookie and similar technologies data
As described in our Cookie Policy, we may place cookies or use similar technologies. Data collected may include session or persistent identifiers and, where you have consented, analytics or marketing-related data. We use it for essential website functionality, to improve and analyse use of our website, and, with your consent, for advertising. Legal basis: legitimate interest or legal obligation for strictly necessary cookies; consent for analytics and marketing cookies.
5. Retention periods
We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected or as required by applicable law. After the retention period has ended, we will securely delete or anonymise your data.
- Order and customer data: For the duration of the contractual relationship and thereafter for the period required by Dutch law for accounting and tax records (typically seven (7) years from the end of the financial year in which the transaction occurred, in accordance with the Dutch General Tax Act and Civil Code). Longer retention may apply where required by law for legal claims.
- Contact and enquiry data: For the time needed to handle your enquiry and, where relevant, for a reasonable period for follow-up or legal defence (typically up to two (2) years from the last meaningful contact, unless a longer period is required).
- Technical and access logs: For a limited period necessary for security and troubleshooting (typically up to twelve (12) months), unless a longer period is required for legal or regulatory purposes.
- Cookie and analytics data: As specified in our Cookie Policy and in the documentation of any third-party tools we use.
- Marketing preferences: Until you withdraw consent or object, or we cease using the data for marketing; we may retain a minimal record that you have unsubscribed to honour your choice.
6. Your rights under the GDPR
Under the GDPR you have the right of access (Article 15) to obtain confirmation and a copy of your data and information about how we process it; the right to rectification (Article 16) to have inaccurate or incomplete data corrected; the right to erasure (Article 17) to have your data deleted in certain circumstances (e.g. data no longer necessary, consent withdrawn, or objection where no overriding grounds exist); the right to restriction of processing (Article 18) in certain situations (e.g. while accuracy is verified or lawfulness contested); the right to data portability (Article 20) to receive your data in a structured, machine-readable format and to transmit it to another controller where processing is based on consent or contract and is carried out by automated means; and the right to object (Article 21) to processing based on legitimate interests, including profiling, and at any time to processing for direct marketing. Where processing is based on consent, you may withdraw that consent at any time without affecting the lawfulness of processing before withdrawal.
To exercise any of these rights, contact us using the details in section 1. We will respond without undue delay and in any event within one (1) month; that period may be extended by two further months where necessary. We may ask you to verify your identity before processing your request. You have the right to lodge a complaint with a supervisory authority. In the Netherlands the competent authority is the Autoriteit Persoonsgegevens, PO Box 93374, 2509 AJ The Hague, Netherlands; website: autoriteitpersoonsgegevens.nl. We encourage you to contact us first with any concerns.
7. Security measures
We implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk, including: encryption in transit (HTTPS/TLS for all pages); access control so that only authorised personnel with a need to know can access personal data, under confidentiality obligations; secure storage on servers or systems with appropriate physical and logical security (firewalls, access logging); and data processing agreements with any processors that impose confidentiality, security, and GDPR-compliant processing. We periodically review and update our security practices. In the event of a personal data breach likely to result in a risk to your rights and freedoms, we will notify the supervisory authority and, where the risk is high, you as well, in accordance with Articles 33 and 34 GDPR. No transmission or storage over the internet can be guaranteed completely secure; you are responsible for the security of your device and any credentials.
8. Sharing and international transfers
We may share your personal data with service providers (e.g. hosting, payment processing, shipping, email delivery) who act as processors on our instructions and are bound by data processing agreements; with professional advisers (lawyers, accountants, auditors, insurers) where necessary; and with public authorities where we are legally obliged to do so. We do not sell, rent, or trade your personal data to third parties for their marketing. Where we transfer data to countries outside the European Economic Area, we ensure appropriate safeguards (e.g. Commission adequacy decision, standard contractual clauses, or other GDPR-approved mechanisms). You may request a copy of the safeguards by contacting us.
9. Automated decision-making and profiling
We do not use your personal data for automated decision-making (including profiling) that produces legal effects concerning you or similarly significantly affects you. If we introduce such processing in the future, we will inform you and, where required, obtain your consent or provide you with the right to human intervention and to contest the decision.
10. Children
Our website and products are not directed at individuals under 16. We do not knowingly collect personal data from children under 16. If you become aware that a child has provided us with personal data without parental consent, please contact us and we will take steps to delete such data as soon as reasonably practicable.
11. Changes to this Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or the website. The updated version will be posted on this page with a revised “Last updated” date. We encourage you to review this page periodically. Where changes are material, we may notify you by email or by a notice on the website where appropriate.
12. Additional information and related documents
For details on cookies and similar technologies, see our Cookie Policy. For terms governing use of our website and purchase of products, see our Terms of Service and Return Policy. For any questions about this Privacy Policy or our processing of your personal data, please contact us using the details in section 1.