Version: 3 September 2018
Your privacy is important to us. That's why we've set up a policy for handling personal data. On this page, we aim to provide a concise and understandable overview of the data we process and the measures we have taken to protect it. Should you have any questions regarding this policy, please don't hesitate to contact us.
At the bottom of this page, you can find more information about your rights and opportunities for opting out of certain usage of your personal data.
Visitor Data Collection
When you visit our website, we collect data in order to gain insight into the usage of our website. In addition, we may occasionally show advertisements to people who have visited our website.
In order to gain an insight into the usage of our website, we use Google Analytics to collect pseudo-anonymous data. This can include an approximation of your location, referral source, browser/computer technology as well as demographic data. In order to protect your data:
- We have entered into the Google Data Processing Amendment.
- We do not collect personally identifiable data, such as IP addresses.
- We have disabled data sharing in Google Analytics.
- Google Analytics cookie data is not shared with other Google products, with the exception of Google Adwords; you may be shown Duxery advertisements in the Google network after visiting our website.
We use Hotjar to develop a deeper understanding of the usage of our website, so we can further enhance the user experience. Data (samples) may be collected in the form of visitor recordings, heatmaps and feedback forms. We have taken the following measures to protect your data:
- We have entered into a Data Processing Agreement with Hotjar.
- We have taken measures to anonymize personally identifiable data. We do not capture keystrokes and have excluded potential sources of personal data from recordings.
- Should (despite the measures taken) personal data end up in Hotjar, we will delete the entire recording upon discovery.
Our data retention policies are designed to help ensure that we comply with our legal obligations in relation to the retention and deletion of personal data. The most important elements of this policy are:
- Personal data that we process for any purpose or purposes won't be kept longer than is necessary for that purpose or those purposes.
- We will retain and delete your personal data as follows:
- Order data including name, address and contact details will be retained for seven years, in order to comply with legal requirements;
- Any correspondence will be retained for 7 years, in order to comply with legal requirements;
- Data used for marketing, collected through cookies, will be retained for a maximum of one year;
- Order data not vital to the processing of orders and/or for legal compliance will be retained for a maximum of 3 years or, if a user account is present, until the account is closed;
- Visitor recording data (not including heatmaps based on anonymous samples) will be retained for a maximum of one year;
- Website usage data will be retained for a maximum of 5 years, after which summarized historical data may be stored for performance evaluation purposes.
- If you have chosen to create an account, the data you submitted will be retained until you remove it or close your account.
- In some cases it is not possible for us to specify in advance how long your personal data will be retained. In that case, we will store your data no longer than deemed reasonable to fulfill a certain purpose.
- We will retain your personal data where necessary for compliance with a legal obligation, or in order to protect your vital interests or the vital interests of someone else.
As a visitor of our website, you have the right to proper security and protection of your data. We have taken several measures to ensure the safety of your personal data. This includes:
- We have strict policy regarding authentication on anything that includes personal data.
- All traffic on this website is processed over a secured connection. You can verify this by checking if the URL of this website starts with https://.
- Personal data can only be accessed by authorized Duxery employees. We strictly monitor access and use of all data.
To contact us about privacy-related topics, send an e-mail to firstname.lastname@example.org.
Data in the Order Process
When you place an order, we ask you to provide personal data. This includes your full name, address, e-mail and phone number. This data may be saved from the moment you enter it, in order to be able to send reminders about abandoned orders. We use your personal data for processing your order and marketing activities related to your order only. We will never sell your data. We will also never share your data with any party that is not involved in processes taking place for these purposes.
In order to process your payment, personal data may be passed on to the payment processor. Payments are processed by the following organizations:
All data is transferred over a secure and encrypted connection. If you choose to save your credit card details, these will be stored by Stripe, Inc. in a secure manner. Duxery can never access these details.
Payments processed by Stripe, Inc. or PayPal may be subject to automated fraud prevention checks.
We will share transaction data with our payment services providers only to the extent necessary for processing your payments, refunds, or dealing with payment queries.
We may show you advertisements on third party platforms based on your order. When we use data for marketing, personal data is (pseudo-)anonymized prior to usage. For instance, Facebook remarketing data is hashed prior to use.
Your personal data may be transferred to countries outside the European Economic Area (EEA).
Third parties involved in our marketing activities, payment processing and data collection are situated in the United States. The European Commission has made an "adequacy decision" with respect to the data protection laws of this country. Transfers will be protected by appropriate safeguards, namely the use of standard data protection clauses adopted or approved by the European Commission and/or specific measures taken by these third parties to be compliant with European data protection legislation.
Types of Data
European legislation requires us to provide information on the types of data we collect, and the legal basis for processing this data:
- We may collect and process usage data. The usage data may include your IP address, geographical location, browser type and version, operating system, referral source, length of visit, page views and website navigation paths, as well as information about the timing, frequency and pattern of your service use. The sources of the usage data are Google Analytics (pseudo-anonymized) and the website itself. This usage data may be processed for analyzing the use of our website, as well as security. The legal basis for this processing is consent as well as our legitimate interests in monitoring, securing and improving our website.
- We may process your account data, optionally stored upon registration. This may include your name, address, phone number, and e-mail. This data may be processed for the purpose of enabling and your use of our website.
- We may process information relating to transactions, including purchases of goods that you enter into through our website. This transaction data may include your contact details, your payment details and transaction details. The transaction data may be processed for the purpose of supplying the purchased goods and keeping proper records of those transactions. The legal basis for this processing is the performance of a contract between you and us and our legitimate interests, namely our interest in the proper administration of our website and business.
- We may process information that you provide to us for the purpose of subscribing to our newsletter or stock notifications of a product. This notification data may be processed for sending you the relevant notifications and/or newsletters. The legal basis for this processing is consent.
- We may process information contained in or relating to any communication that you send to us. Such correspondence data may include the communication content and metadata associated with the communication. Our website will generate the metadata associated with communications made using the website contact forms. The correspondence data may be processed for the purposes of communicating with you and record-keeping. The legal basis for this processing is our legitimate interests, namely the proper administration of our website and business and communications with customers.
- We may process any of your personal data identified in the other provisions of this policy where necessary for the establishment, exercise or defence of legal claims, whether in court proceedings or in an administrative or out-of-court procedure. The legal basis for this processing is our legitimate interests, namely the protection and assertion of our legal rights, your legal rights and the legal rights of others.
Other Data Processing
Other possible uses of your data include:
- Processing of your order data into our administration software, provided by Siel Systems. Strict security measures are taken, and no data analysis or sharing takes place. Read more here.
- If you contact us by e-mail or through the contact form, fill out a return form, or contact us in another manner, this correspondence will be stored. We will use this data to process your request only. In case data is used for training, analysis or other purposes, it will be anonymized.
Collecting, analyzing and combining data is called data profiling. This can be applied to find patterns in data, which can provide valuable insights. We may apply data profiling for marketing activities, particularly to reach new audiences that are similar to existing customers or website visitors. We will, however, take measures to protect your data:
- Data profiling will often be executed by third parties, such as Facebook. The data we provide to such third parties will be limited only to the required data points.
- We will not use data of those who have opted out (read more at the bottom of this page).
- All data we provide to third parties will be hashed.
- All data is stored securely and will be encrypted.
- Upon analyzing data, we will (pseudo-)anonymize data to the furthest possible extent.
This policy may change at any time without prior notice. We encourage you to review this policy occasionally. Due to the ongoing changes in privacy regulation, frequent updates are expected.
- You can always ask us to provide you with any personal information we hold about you; the first request is always free, further (unfounded or excessive) requests may be subject to a reasonable fee. We may withhold information that you request to the extent permitted by law. We will ask you to supply appropriate evidence of your identity to process your request. We will supply the requested data within one month. Data for information or portability requests will be provided in a suitable electronic format. To submit a request, please contact us.
- In addition, you may instruct us to adjust, remove or transfer your data to another party (data portability).
- You may instruct us at any time not to process your personal information for other purposes than processing your order and/or complying with legal requirements. To submit a request, please contact us.