Privacy Policy

How we collect, use, and protect your information

Last updated: January 2025

This privacy policy is provided by Friendly Crafted, operating from the Netherlands. We are the data controller responsible for your personal data.

Data Controller: Friendly Crafted

Address: Valklaan 4, 9648 AK Wildervank, The Netherlands

Email: [email protected]

Under the General Data Protection Regulation (GDPR) and Dutch data protection laws, we process your personal data based on the following legal grounds:

Data for Contract Performance

We process the following data to fulfill our contract with you:

  • Name and contact information (email, phone, delivery address)
  • Order details and purchase history
  • Payment information (processed via Stripe - we do not store payment details)
  • Communication regarding your orders

Data for Legitimate Interest

We process the following data based on our legitimate business interests:

  • Website analytics and usage patterns
  • Customer service improvements
  • Fraud prevention and security
  • IP address and technical information

Data with Your Consent

With your explicit consent, we may process:

  • Marketing communications and newsletters
  • Non-essential cookies for analytics
  • Preferences and recommendations

We use the information we collect to:

  • Process and fulfill your orders
  • Provide customer support
  • Send order confirmations and updates
  • Improve our products and services
  • Send marketing communications (with your consent)
  • Comply with legal obligations

We do not sell, trade, or rent your personal information to third parties. We may share your information with:

  • Service providers who help us operate our business (payment processors, shipping companies)
  • Legal authorities when required by law
  • Professional advisors (lawyers, accountants)

We implement appropriate security measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction. Payment information is processed securely through Stripe and we do not store credit card details.

As a data subject under GDPR and Dutch law, you have the following rights:

  • Right of Access (Article 15): Request a copy of your personal data
  • Right to Rectification (Article 16): Correct inaccurate personal data
  • Right to Erasure (Article 17): Request deletion of your personal data
  • Right to Restrict Processing (Article 18): Limit how we use your data
  • Right to Data Portability (Article 20): Receive your data in a structured format
  • Right to Object (Article 21): Object to processing based on legitimate interests
  • Right to Withdraw Consent: Withdraw consent for marketing or analytics

How to Exercise Your Rights

To exercise any of these rights, contact us at [email protected]. We will respond within one month. If you are not satisfied with our response, you have the right to lodge a complaint with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens).

We retain your personal data only as long as necessary:

  • Customer data: 7 years after last order (Dutch tax law requirement)
  • Marketing consent: Until you withdraw consent or 3 years of inactivity
  • Website analytics: 26 months maximum
  • Support communications: 2 years after resolution

In compliance with the Dutch Telecommunications Act (Telecommunicatiewet), we inform you about our use of cookies and similar technologies:

Essential Cookies

These cookies are necessary for the website to function and do not require consent:

  • Shopping cart functionality
  • User session management
  • Security and fraud prevention

Analytics Cookies

With your consent, we use analytics cookies to improve our website:

  • Google Analytics (with IP anonymization)
  • Website performance monitoring
  • User behavior analysis

You can withdraw your consent or manage cookie preferences at any time through your browser settings or our cookie preference center.

Some of our service providers are located outside the European Economic Area (EEA). When we transfer your data internationally, we ensure adequate protection through:

  • EU Commission adequacy decisions
  • Standard Contractual Clauses (SCCs)
  • Certification schemes and codes of conduct

Our main service providers include Stripe (payment processing) and may involve transfers to the United States under appropriate safeguards.

We may update this privacy policy from time to time. We will notify you of any material changes by posting the new policy on our website.

If you have any questions about the privacy policy, please contact us on [email protected].