Privacy Policy
Privacy Policy
Last updated: October 6, 2024
This Privacy Policy describes how Studio Ekhaya (the "Site", "we", "us", or "our") collects, uses, and discloses your personal information when you visit, use our services, or make a purchase from ekhaya.nl (the "Site") or otherwise communicate with us (collectively, the "Services"). For purposes of this Privacy Policy, "you" and "your" means you as the user of the Services, whether you are a customer, website visitor, or another individual whose information we have collected pursuant to this Privacy Policy.
Please read this Privacy Policy carefully. By using and accessing any of the Services, you agree to the collection, use, and disclosure of your information as described in this Privacy Policy. If you do not agree to this Privacy Policy, please do not use or access any of the Services.
Changes to This Privacy Policy
We may update this Privacy Policy from time to time, including to reflect changes to our practices or for other operational, legal, or regulatory reasons. We will post the revised Privacy Policy on the Site, update the "Last updated" date, and take any other steps required by applicable law. You should review this Privacy Policy periodically to stay informed of updates.
How We Collect and Use Your Personal Information
To provide the Services, we collect and have collected over the past 12 months personal information about you from a variety of sources. The types of personal information we collect depend on how you interact with us. We collect this data under the following legal bases:
- Consent: When you voluntarily provide personal data, for example, when signing up for marketing communications or cookies.
- Performance of a Contract: For fulfilling product orders and delivering services.
- Legitimate Interests: For improving our services and protecting our website.
- Legal Obligation: Where necessary for compliance with legal requirements.
What Personal Information We Collect
Information We Collect Directly from You:
- Basic contact details: Name, address, phone number, email.
- Order information: Billing address, shipping address, payment confirmation, email, phone number.
- Account information: Username, password, security questions.
- Shopping information: Items viewed, added to cart, or added to wishlist.
- Customer support information: Information shared when communicating with us.
Information We Collect through Cookies:
We automatically collect certain information about your interaction with the Services using cookies, pixels, and similar technologies. This includes:
- Usage Data: Device information, browser details, IP address, and interaction with the Services.
Legal Basis: We collect and process this data based on your consent, as well as our legitimate interest to ensure the security and functionality of our website.
Information We Obtain from Third Parties:
We may obtain information about you from third parties such as:
- Service providers: e.g., Shopify and payment processors, to process payments and ship orders.
- Advertising partners: To provide you with personalized content and ads.
How We Use Your Personal Information
We use the personal information we collect to:
- Provide Services and Fulfill Contracts: Process payments, deliver orders, provide customer support, and manage your account.
- Marketing and Advertising (with Consent): Send you marketing emails and personalized advertisements.
- Security and Fraud Prevention: Detect, investigate, and mitigate fraud, abuse, and security risks.
- Legal Compliance: Fulfill our legal obligations, including tax, reporting, and accounting requirements.
- Improve our Services: Use usage data to optimize our website performance and user experience.
Legal Basis for Processing
Under GDPR, we rely on the following legal bases to process your personal data:
- Consent: When you voluntarily provide information, such as subscribing to our marketing.
- Contract Performance: To fulfill product orders or provide services you requested.
- Legitimate Interests: For security, fraud prevention, analytics, and service improvements.
- Legal Obligations: To comply with legal requirements, such as tax laws or data protection obligations.
Cookies
We use cookies and similar tracking technologies on our Site to enhance user experience and for marketing purposes. You can manage your cookie preferences through our cookie banner or browser settings. To comply with GDPR and the ePrivacy Directive, we obtain your explicit consent before placing non-essential cookies on your device. For more information about how we use cookies, please see Shopify’s Cookie Policy.
How We Disclose Personal Information
We disclose personal information to third parties only when necessary and under the following conditions:
- Service Providers: Third-party vendors like payment processors, shipping companies, and analytics providers to assist with our services.
- Business and Marketing Partners: To improve and personalize your experience across platforms. These partners will use your data under their own privacy policies.
- Legal Compliance: To comply with legal obligations (e.g., responding to subpoenas or regulatory requests).
- Mergers and Acquisitions: In the event of a business transaction, such as a merger, your data may be transferred.
- Consent: When you have given explicit consent for us to share your data, such as social media logins or reviews.
We do not use sensitive personal data for inferring characteristics about you.
Data Retention and Security
We retain personal data for as long as necessary to fulfill the purposes outlined in this policy or as required by law. For example:
- Order Data: Retained for at least 7 years to comply with tax laws.
- Account Information: Retained until you close your account.
- Marketing Data: Retained until you opt out or withdraw consent.
We implement industry-standard security measures such as encryption and regular security reviews. However, no data transmission or storage system can be guaranteed 100% secure.
Data Breach Notification
In the event of a data breach, we will notify the affected individuals and supervisory authorities within 72 hours, as required under GDPR.
International Data Transfers
Your personal data may be transferred to countries outside the European Economic Area (EEA), including the United States. We ensure that appropriate safeguards, such as Standard Contractual Clauses (SCCs), are in place to protect your data in accordance with GDPR standards.
User Rights and Choices
Under applicable laws such as GDPR, you have the following rights:
- Access: Request access to your personal data.
- Correction: Request corrections to inaccurate or incomplete data.
- Deletion: Request deletion of your data (subject to certain conditions).
- Restrict Processing: Request that we restrict processing of your data.
- Data Portability: Receive your personal data in a structured, machine-readable format.
- Withdraw Consent: You can withdraw consent to marketing communications at any time by clicking the "unsubscribe" link in our emails or contacting us.
To exercise any of these rights, please contact us at hi@ekhaya.nl. We may need to verify your identity before processing your request.
User-Generated Content
Any information you post publicly on our website (e.g., product reviews) may be accessed by others. We cannot control the privacy practices of third parties who may view or use this information.
Children’s Privacy
Our services are not intended for children under the age of 16. We do not knowingly collect personal data from children. If we discover that a child has provided us with personal data without parental consent, we will delete such information.
Contact Us
If you have any questions or concerns about this Privacy Policy or our data practices, you can contact us at:
