1. First of all
TopVintage is firmly committed to safeguarding your privacy and that is why
we take the protection of your personal data very seriously.
2. What is the GDPR?
The General Data Protection Regulation (GDPR) is a European regulation that prescribes which standards need to be observed by European companies when processing your personal data. Personal data means any data or information that relates to an individual who is or can be identified from that data. Processing is the term used for any operation or set of operations performed on personal data, such as collection and storage.
3. Personal data
that we process
We process personal data by monitoring the forms that you use to actively share information with us (such as the address information on the order form) as well as your browsing habits on our website. For the latter, we use (tracking) cookies among other things.
If you create an account or place an order, we will process the following personal data: first and last name, address, date of birth, title, gender, email address, phone number and login details.
If you subscribe to our newsletter, your name will be stored alongside your email address in our email system so we can personalise our newsletter greeting!
Left a review on our website? We will process your email address and first and last name so we can address you in the proper way and send you an email if necessary.
When you visit our website, third parties can also process your personal data so they can show you relevant advertisements when you’re visiting other websites. Our aim is to make our advertisements as relevant as possible for you. This is achieved by the placing and reading of cookies that are stored on your computer.
4. Basis for us processing personal data
We process the personal data that you provide to us while placing an order so we can deliver the item; we need this data so we can correctly ship your order. This data is processed on the legal basis of fulfilling a (sales) contract. Subsequently, we can use this order information for making newsletter groups and creating marketing campaigns. This is based on a legitimate interest for marketing purposes. Your personal data can be easily accessed and changed in your user account.
5. Your rights
as an affected party
- Right of access: You have the right to access your personal data. A lot of this information can be accessed through your personal page.
- Right to rectification: If you think that your data that we’re processing is inaccurate, you can change this in your personal page or by sending a request to us.
- Right to erasure (‘right to be forgotten’): You have the right to have your personal data erased that is stored by us. However, some data still needs to be stored for our administration, or to make sure that we don’t contact you again. At your request, we will also inform third parties that you’ve made this request. If you unsubscribe from our newsletter, your data relating to the sending of the newsletter will be removed. You can remove your data by using the special option available under ‘my data’ on your personal page.
- Right to restriction of processing: if you think that we are processing your personal data unlawfully or incorrectly, you can put a stop to that part of the processing.
- Right to object: You can put a stop to the processing of your personal data.
- Right to data portability: As a result of new legislation, you have the right to receive the personal data concerning you in a structured, commonly used and machine-readable format from us. We can also forward this information at your request.
- Right not to be subject to profiling: Based on your order information, you’ll be sorted into groups so we can offer you relevant newsletters and advertisements. You have the right to not be sorted into these groups.
You can send your request to exercise one or more of the rights mentioned above to email@example.com. You will receive a confirmation that we have received your request. We may require some additional information to be able to process your request. This way we can ensure that our customer’s personal data is well-protected and will only be provided to the specific person concerned. You can also remove your data by using the option available under ‘my data’ on your personal page. In that case you will also receive confirmation that we have received your request.
All requests will be processed within one month after having been approved.
At all times, you will have the right to file a complaint with our supervisory authority, in this case that is the Dutch Data Protection Authority (Dutch DPA).
6. Retention periods
We will store the personal data that we process as a result of an account being created, a review being written or a subscription to our newsletter until you unsubscribe, have your review removed or have your account removed.
Other personal data will be stored for a period of time that is in accordance with obligations imposed by other laws and regulations. For example, the administration obligation.
7. External processors
We use reliable external processors that in collaboration with us process your personal data on our behalf. For example, an internal administration system, a server, an email program and a logistics company to deliver your parcel. We will make the appropriate arrangements with them regarding the processing of personal data by concluding processing agreements.
We’ll take appropriate internal organisational measures regarding the protection of your personal data and engage in a dynamical policy. The technical security measures will also be checked and evaluated (by external parties) on a regular basis. Our website is secured with SSL, ensuring your information is sent encrypted. Furthermore, our employees are all bound by confidentiality from the moment they are employed.
9. Do you have any questions?
We are happy to answer any questions that you might have after reading this