Privacy Policy

Version: 3 September 2018

Your privacy is important to us. That's why we've set up a policy for handling personal data. On this page, we aim to provide a concise and understandable overview of the data we process and the measures we have taken to protect it. Should you have any questions regarding this policy, please don't hesitate to contact us.

In this privacy policy we differentiate between personal data (data that can be directly linked to an individual), pseudo-anonymous data (data processed in such a way that it can not be traced back to an individual without the use of additional data, but that does separate individuals) and anonymous data.

At the bottom of this page, you can find more information about your rights and opportunities for opting out of certain usage of your personal data.

Visitor Data Collection

When you visit our website, we collect data in order to gain insight into the usage of our website. In addition, we may occasionally show advertisements to people who have visited our website.

Google Analytics

In order to gain an insight into the usage of our website, we use Google Analytics to collect pseudo-anonymous data. This can include an approximation of your location, referral source, browser/computer technology as well as demographic data. In order to protect your data:

  • We have entered into the Google Data Processing Amendment.
  • We do not collect personally identifiable data, such as IP addresses.
  • We have disabled data sharing in Google Analytics.
  • Google Analytics cookie data is not shared with other Google products, with the exception of Google Adwords; you may be shown Duxery advertisements in the Google network after visiting our website.

Hotjar

We use Hotjar to develop a deeper understanding of the usage of our website, so we can further enhance the user experience. Data (samples) may be collected in the form of visitor recordings, heatmaps and feedback forms. We have taken the following measures to protect your data:

  • We have entered into a Data Processing Agreement with Hotjar.
  • We have taken measures to anonymize personally identifiable data. We do not capture keystrokes and have excluded potential sources of personal data from recordings.
  • Should (despite the measures taken) personal data end up in Hotjar, we will delete the entire recording upon discovery.

Hotjar is fully compliant with European data protection laws, and takes strict measures to protect your data. Read more in their privacy policy.

Facebook

Our website includes a Facebook tracking cookie, which may be used to show advertisements on your Facebook account (and other Facebook properties, such as Instagram). This cookie sends a request to Facebook, which attempts to link you to your Facebook account. This data is processed in accordance with Facebook's privacy policy. Duxery does not process any personal data relating to this cookie. We may, however, be able to identify you based on interactions with any advertisements displayed as a result of these cookies.

Data Retention

Our data retention policies are designed to help ensure that we comply with our legal obligations in relation to the retention and deletion of personal data. The most important elements of this policy are:

  • Personal data that we process for any purpose or purposes won't be kept longer than is necessary for that purpose or those purposes.
  • We will retain and delete your personal data as follows:
    • Order data including name, address and contact details will be retained for seven years, in order to comply with legal requirements;
    • Any correspondence¬†will be retained for 7 years, in order to comply with legal requirements;
    • Data used for marketing, collected through cookies,¬†will be retained for a maximum of one year;
    • Order data not vital to the processing of orders and/or for legal compliance will be retained for a maximum of 3 years or, if a user account is present, until the account is closed;
    • Visitor recording data (not including heatmaps based on anonymous samples) will be retained for a maximum of one year;
    • Website usage data will be retained for a maximum of 5 years, after which summarized historical data may be stored for performance evaluation purposes.
    • If you have chosen to create an account, the data you submitted will be retained until you remove it or close your account.
  • In some cases it is not possible for us to specify in advance how long your personal data will be retained. In that case, we will store your data no longer than deemed reasonable to fulfill a certain purpose.
  • We will retain your personal data where necessary for compliance with a legal obligation, or in order to protect your vital interests or the vital interests of someone else.

Cookies

Data Security

As a visitor of our website, you have the right to proper security and protection of your data. We have taken several measures to ensure the safety of your personal data.  This includes:

  • We have strict policy regarding authentication on anything that includes personal data.
  • All traffic on this website is processed over a secured connection. You can verify this by checking if the URL of this website starts with https://.
  • We don't share data with any party that is not involved in fulfilling a purpose outlined in this privacy policy.
  • Personal data can only be accessed by authorized Duxery employees. We strictly monitor access and use of all data.

To contact us about privacy-related topics, send an e-mail to support@duxery.com.

Data in the Order Process

When you place an order, we ask you to  provide personal data. This includes your full name, address, e-mail and phone number. This data may be saved from the moment you enter it, in order to be able to send reminders about abandoned orders. We use your personal data for processing your order and marketing activities related to your order only. We will never sell your data. We will also never share your data with any party that is not involved in processes taking place for these purposes.

Payment Processing

In order to process your payment, personal data may be passed on to the payment processor. Payments are processed by the following organizations:

All data is transferred over a secure and encrypted connection. If you choose to save your credit card details, these will be stored by Stripe, Inc. in a secure manner. Duxery can never access these details.

Payments processed by Stripe, Inc. or PayPal may be subject to automated fraud prevention checks.

We will share transaction data with our payment services providers only to the extent necessary for processing your payments, refunds, or dealing with payment queries.

Shipping

In order to ship your order, your personal details will be passed on to MyParcel B.V. (privacy policy). Your name, address and contact details may then be handed over to the carrier in your country of destination.  Shipments are made by PostNL, which may at their discretion hand over parcels to other carriers (particularly for international shipping).

Marketing

We may show you advertisements on third party platforms based on your order. When we use data for marketing, personal data is (pseudo-)anonymized prior to usage. For instance, Facebook remarketing data is hashed prior to use.

International Processing

Your personal data may be transferred to countries outside the European Economic Area (EEA). 

Third parties involved in our marketing activities, payment processing and data collection are situated in the United States. The European Commission has made an "adequacy decision" with respect to the data protection laws of this country. Transfers will be protected by appropriate safeguards, namely the use of standard data protection clauses adopted or approved by the European Commission and/or specific measures taken by these third parties to be compliant with European data protection legislation.

Types of Data

European legislation requires us to provide information on the types of data we collect, and the legal basis for processing this data:

  • We may collect and process usage data. The usage data may include your IP address, geographical location, browser type and version, operating system, referral source, length of visit, page views and website navigation paths, as well as information about the timing, frequency and pattern of your service use. The sources of the usage data are Google Analytics (pseudo-anonymized) and the website itself. This usage data may be processed for analyzing the use of our website, as well as security. The legal basis for this processing is consent as well as our legitimate interests in monitoring, securing and improving our website.
  • We may process your account data, optionally stored upon registration. This may include your name, address, phone number, and e-mail. This data may be processed for the purpose of enabling and your use of our website.
  • We may process information relating to transactions, including purchases of goods that you enter into ¬†through our website. This transaction data may include your contact details, your payment details and transaction details. The transaction data may be processed for the purpose of supplying the purchased goods and keeping proper records of those transactions. The legal basis for this processing is the performance of a contract between you and us and our legitimate interests, namely our interest in the proper administration of our website and business.
  • We may process information that you provide to us for the purpose of subscribing to our newsletter or stock notifications of a product. This¬†notification data may be processed for sending you the relevant notifications and/or newsletters. The legal basis for this processing is consent.
  • We may process information contained in or relating to any communication that you send to us. Such correspondence data may include the communication content and metadata associated with the communication. Our website will generate the metadata associated with communications made using the website contact forms. The correspondence data may be processed for the purposes of communicating with you and record-keeping. The legal basis for this processing is our legitimate interests, namely the proper administration of our website and business and communications with customers.¬†
  • We may process any of your personal data identified in the other provisions of this policy where necessary for the establishment, exercise or defence of legal claims, whether in court proceedings or in an administrative or out-of-court procedure. The legal basis for this processing is our legitimate interests, namely the protection and assertion of our legal rights, your legal rights and the legal rights of others.

Other Data Processing

Other possible uses of your data include:

  • Processing of your order data into our administration software, provided by Siel Systems. Strict security measures are taken, and no data analysis or sharing takes place. Read more here.
  • If you contact us by e-mail or through the contact form, fill out a return form, or contact us in another manner, this correspondence will be stored. We will use this data to process your request only. In case data is used for training, analysis or other purposes, it will be anonymized.
  • If you subscribe to our newsletter, your data will be processed by Mailchimp (privacy policy). We have opted out of Mailchimp's data science projects and have entered into a data processing agreement with Mailchimp.

Data Profiling

Collecting, analyzing and combining data is called data profiling. This can be applied to find patterns in  data, which can provide valuable insights. We may apply data profiling for marketing activities, particularly to reach new audiences that are similar to existing customers or website visitors. We will, however, take measures to protect your data:

  • Data profiling will often be executed by third parties, such as Facebook. The data we provide to such third parties will be limited only to the required data points.
  • We will not use data of those who have opted out (read more at the bottom of this page).
  • All data we provide to third parties will be hashed.
  • All data is stored securely and will be encrypted.
  • Upon analyzing data, we will (pseudo-)anonymize data to the furthest possible extent.

This Policy

This policy may change at any time without prior notice. We encourage you to review this policy occasionally. Due to the ongoing changes in privacy regulation, frequent updates are expected.

Your Rights

  • You can always ask us to provide you with any personal information we hold about you; the first request is always free, further (unfounded or excessive) requests may be subject to a reasonable fee. ¬†We may withhold information that you request to the extent permitted by law. We will ask you to¬†supply appropriate evidence of your identity to process your request. We will supply the requested data within one month. Data for information or portability requests will be provided in a suitable electronic format. To submit a request, please contact us.
  • In addition, you may instruct us to adjust, remove or transfer your data to another party (data portability).
  • You may instruct us at any time not to process your personal information for other purposes than processing your order and/or complying with legal requirements. To submit a request, please contact us.
  • If you want to opt out of data collection through the use of cookies, please disable cookies in your browser or opt out of cookies using the options provided earlier in this policy.