1. Data controller
Teddy Peps is the data controller for the processing of personal data described in this policy.
Contact: teddypepstore@gmail.com
Chamber of Commerce: [to be completed]
2. What data we process
- Order and invoice data: name, address, email, phone number, payment details.
- Communication: messages via email, contact form or WhatsApp.
- Technical data: IP address, browser and device information for security and analytics.
- Newsletter: email address if you subscribe.
3. Purposes and legal bases
- Performance of the contract (Art. 6(1)(b) GDPR): processing and shipping of orders.
- Legal obligation (Art. 6(1)(c) GDPR): statutory tax retention periods.
- Legitimate interest (Art. 6(1)(f) GDPR): fraud prevention, security and service improvement.
- Consent (Art. 6(1)(a) GDPR): newsletter and optional cookies.
4. Retention periods
We do not retain personal data longer than necessary. Order and invoice data are kept for the statutory tax period of 7 years. Communications are kept for a maximum of 2 years after the last contact.
5. Sharing with third parties
We only share data with processors that are necessary for our services, such as payment providers, shipping partners, hosting provider and email platform. Data processing agreements are in place with these parties. We never sell personal data.
6. Transfers outside the EU
If data is transferred outside the EU, we only do so on the basis of appropriate safeguards (such as the European Commission's Standard Contractual Clauses).
7. Cookies
We use functional cookies that are necessary for the website to work. Analytical and marketing cookies are only placed with your consent.
8. Your rights (GDPR)
- Right of access to your data;
- Right to rectification or completion;
- Right to erasure ("right to be forgotten");
- Right to restriction of processing;
- Right to data portability;
- Right to object to processing based on legitimate interest;
- Right to withdraw consent at any time.
You can submit requests via teddypepstore@gmail.com. We respond within 30 days.
9. Complaints
Do you believe we are not handling your data correctly? Then you have the right to file a complaint with the Dutch Data Protection Authority.
10. Security
We take appropriate technical and organisational measures to protect your data against loss or unlawful processing, including encrypted connections (HTTPS) and restricted access to systems.