Privacy Policy

Last updated: 12 March 2025

1. Controller and contact details

The controller responsible for the processing of your personal data in relation to this website is:

Wrozelonfrozenon
Jan Tooropstraat 164
1061 AE Amsterdam
Netherlands

Email: contact@wrozelonfrozenon.world
Phone: +31 20 510 8826

If you have questions about this Privacy Policy or the processing of your personal data, you may contact us using the details above.

2. Scope and applicability

This Privacy Policy applies to the website wrozelonfrozenon.world (the "Website") and to all personal data that we collect, use, store or otherwise process when you visit the Website, use our services, or contact us. It explains what data we collect, for what purposes, on what legal basis, for how long we keep it, and what rights you have under the General Data Protection Regulation (GDPR) and applicable Dutch and European law.

3. Personal data we collect

We may collect and process the following categories of personal data:

3.1 Data you provide to us

• Contact and order data: When you submit an order or contact form, we collect your name, email address, telephone number (if provided), and message content. This data is necessary to process your request, confirm your order, and communicate with you.
• Consent records: When you give consent (e.g. for marketing or cookies), we record the time and scope of your consent to demonstrate compliance with the law.

3.2 Data collected automatically

• Technical and usage data: When you visit the Website, we may collect your IP address, browser type and version, operating system, device type, referring URL, pages visited, date and time of access, and similar technical data. This may be processed via cookies and similar technologies as described in our Cookie Policy.

4. Purposes and legal basis for processing

We process your personal data only for specified, explicit and legitimate purposes. The main purposes and corresponding legal bases under the GDPR are:

• Performance of a contract (Art. 6(1)(b) GDPR): To process and fulfil your orders, deliver products, and provide customer support related to your purchase.
• Legitimate interests (Art. 6(1)(f) GDPR): To operate and secure the Website, prevent fraud, improve our services, and defend our legal rights, where our interests are not overridden by your rights.
• Consent (Art. 6(1)(a) GDPR): Where we have asked for your consent (e.g. for non-essential cookies, marketing communications), we process your data on the basis of that consent. You may withdraw consent at any time without affecting the lawfulness of processing based on consent before its withdrawal.
• Legal obligation (Art. 6(1)(c) GDPR): Where we are required to retain or disclose data to comply with Dutch or EU law (e.g. tax, consumer rights).

5. Retention periods

We retain your personal data only for as long as necessary to fulfil the purposes set out in this policy, or as required by law.

• Order and contact data: Retained for the duration of the business relationship and thereafter for a period necessary to handle complaints, returns, and legal claims (typically up to 7 years for accounting and tax purposes under Dutch law).
• Consent records: Retained for as long as the consent is valid and for a reasonable period thereafter to demonstrate compliance (typically up to 3 years).
• Technical and log data: Retained for a limited period necessary for security and troubleshooting (e.g. up to 12 months), unless a longer period is required by law.
• Marketing data: Retained until you withdraw consent or object, or for a period defined at the time of consent.

After the retention period, your data is securely deleted or anonymised so that you can no longer be identified.

6. Recipients and international transfers

We may share your personal data with:

• Service providers: Processors who assist us with hosting, payment processing, email delivery, or analytics, under strict data processing agreements that comply with Art. 28 GDPR.
• Authorities: When we are legally obliged to do so (e.g. tax authorities, law enforcement).

Your data is processed within the European Economic Area (EEA). If we ever transfer data to a country outside the EEA, we will ensure appropriate safeguards are in place (e.g. standard contractual clauses or an adequacy decision) as required by Chapter V GDPR.

7. Security measures

We implement appropriate technical and organisational measures to protect your personal data against accidental or unlawful destruction, loss, alteration, unauthorised disclosure or access. These measures include:

• Use of HTTPS and encryption for data in transit.
• Access controls and authentication where applicable.
• Regular review of our processing activities and security practices.
• Contractual obligations with processors to ensure confidentiality and security.

While we strive to protect your data, no method of transmission or storage over the internet is completely secure. We encourage you to use strong passwords and keep your contact details up to date.

8. Your rights under the GDPR

Under the GDPR, you have the following rights in relation to your personal data:

• Right of access (Art. 15): You may request a copy of the personal data we hold about you and information about how we process it.
• Right to rectification (Art. 16): You may request correction of inaccurate or incomplete personal data.
• Right to erasure (Art. 17): You may request deletion of your personal data in certain circumstances (e.g. where it is no longer necessary, or you withdraw consent where consent was the basis).
• Right to restriction of processing (Art. 18): You may request that we limit how we use your data in certain situations.
• Right to data portability (Art. 20): Where processing is based on contract or consent and carried out by automated means, you may request to receive your data in a structured, commonly used and machine-readable format, or to have it transmitted to another controller.
• Right to object (Art. 21): You may object to processing based on legitimate interests or to processing for direct marketing. We will cease processing unless we demonstrate compelling legitimate grounds that override your interests.
• Right to withdraw consent: Where processing is based on consent, you may withdraw consent at any time.

To exercise any of these rights, please contact us using the details in section 1. We will respond without undue delay and in any event within one month of receipt of your request, subject to any extension where the request is complex or numerous.

You also have the right to lodge a complaint with a supervisory authority. In the Netherlands, the competent authority is the Autoriteit Persoonsgegevens (Dutch Data Protection Authority), autoriteitpersoonsgegevens.nl. We would appreciate the opportunity to address your concerns before you approach the authority.

9. Children

Our Website and services are not directed at individuals under 16 years of age. We do not knowingly collect personal data from children. If you believe we have collected data from a child, please contact us and we will take steps to delete it.

10. Changes to this Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal requirements. The "Last updated" date at the top will be revised when changes are made. We encourage you to review this page periodically. Where changes are material, we may notify you by email or by a prominent notice on the Website.

11. Additional information

For information about how we use cookies and similar technologies, please see our Cookie Policy. For the terms governing the use of our Website and services, please see our Terms of Service.