Privacy Policy

Note: this is a complete draft covering the standard sections required by GDPR. Fill in the fields marked [FILL IN], adjust the list of third parties to what your webshop actually uses (e.g. email marketing, advertising pixels, review apps), and have the text reviewed by a legal professional before publishing. This is not legal advice. A privacy policy is required as soon as you process personal data.

1. Who is responsible for your data

Yumo is responsible for the processing of personal data as described in this privacy policy.
Business address: [FILL IN]
Chamber of Commerce (KvK) number: [FILL IN]
Email address: info.yrventures@gmail.com
Phone number: [FILL IN]

2. What personal data we process

We process the following personal data, depending on how you use our webshop:

  • First and last name
  • Billing and shipping address
  • Email address
  • Phone number (if provided)
  • Payment details (processed by our payment provider; we do not store full card/account details ourselves)
  • Order and purchase history
  • IP address and data about your browsing behaviour on our website (via cookies, see section 6)
  • Data you actively provide yourself, for example via the contact form or customer service

3. What we use this data for

  • Processing and delivering your order
  • Processing your payment
  • Keeping you informed about the status of your order (confirmations, shipping updates)
  • Providing customer service and handling questions or complaints
  • Informing you, if you have given consent, about new products, offers, and discounts (email marketing)
  • Improving our webshop and measuring the effectiveness of our marketing (website analytics and advertising pixels)
  • Complying with legal obligations, such as the administrative and retention requirements of the Dutch Tax Authority

4. Legal basis

We process your personal data based on one or more of the following legal grounds: performance of the contract (your order), compliance with a legal obligation, your consent (for example for the newsletter or marketing cookies), and/or our legitimate interest (such as fraud prevention and improving our services).

5. How long we keep your data

We do not keep your personal data longer than necessary for the purposes for which it was collected. Data that forms part of our financial administration is kept for a minimum of 7 years due to the statutory tax retention obligation. Other data is deleted or anonymised as soon as it is no longer needed, unless a longer retention period is legally required.

6. Cookies and similar technologies

Our webshop uses cookies. We distinguish between:

  • Necessary cookies: required to make the webshop, shopping cart, and checkout work properly.
  • Analytics cookies: to measure how visitors use our website, so we can improve it.
  • Marketing/tracking cookies: including any advertising pixels (for example from Meta/Facebook, TikTok, Google, or similar parties), to show ads and measure their effectiveness. These are only placed with your consent.

You can refuse or delete cookies at any time via your browser settings. Note: if you disable cookies, some parts of our webshop may no longer work properly.

7. Sharing with third parties

We never sell your data to third parties. We only share personal data with parties we engage to make our services possible, such as (depending on which services we actually use):

  • Our webshop platform provider (Shopify), to host and operate the webshop
  • Payment providers, to safely process payments
  • Carriers/parcel services, to deliver your order
  • Email marketing services, if you've signed up for our newsletter
  • Advertising platforms (such as Meta/Facebook, TikTok, Google), only if you've given consent for marketing cookies
  • Any customer service or review tools we use

We enter into a data processing agreement with all parties who process personal data on our behalf, to guarantee the same level of security and confidentiality.

8. Sharing data outside the EU

Some of the parties mentioned above may process data outside the European Economic Area (EEA). In that case, we ensure this happens with appropriate safeguards, such as the EU standard contractual clauses, in accordance with GDPR.

9. Security

We take appropriate technical and organisational measures to protect your personal data against loss or unlawful processing, including a secure (SSL/TLS-encrypted) connection on our website.

10. Your rights

You have the right to:

  • Access your personal data;
  • Have your personal data corrected or supplemented;
  • Have your personal data deleted;
  • Withdraw consent for data processing;
  • Object to the processing of your personal data by us;
  • Have your data transferred (data portability).

Want to exercise one of these rights? Contact us via the contact page or via info.yrventures@gmail.com. We will respond as soon as possible, and in any case within 4 weeks.

You also have the right to file a complaint with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens) via autoriteitpersoonsgegevens.nl.

11. Changes to this privacy policy

We reserve the right to amend this privacy policy. Changes will be published on this page. We recommend consulting this policy regularly.

Last updated: [FILL IN - publication date].