Privacy Policy

Version 2.1

Last updated: June 17, 2026

1) Who is responsible?

Leontari
Address: Jan van Eyckgracht 94, 5645 TJ Eindhoven, Netherlands
Chamber of Commerce: 99727579
VAT: NL005406696B53
Email: info@vandori.nl

We are the data controller for the processing of personal data as described in this policy.

2) Which personal data do we process?

Depending on how you use our webshop, we process, among other things:

A. Ordering and delivery

  • Name, billing and delivery address
  • Email address, phone number
  • Order details, returns, communication about your order

B. Payment

  • Payment status, transaction reference, chosen payment method
    (Please note: credit card/bank details are typically processed by the payment provider, not by us.)

C. Account (if applicable)

  • Login details (e.g., email + password)
  • Order history, preferences

D. Customer service

  • Messages you send (email/form/chat), any attachments, and our correspondence

E. Reviews

  • Name/email and review content (if you post a review or are invited to)

F. Website usage (cookies/technology)

  • IP address (can be personal data), device/browser data, page interactions, cookie IDs (depending on settings)

3) What do we use your data for (purposes) and on what legal basis?

We only process personal data when there is a valid legal basis and for clearly defined purposes.

Purpose 1 – Fulfilling orders (purchase agreement)

  • Processing, delivering, returning, service related to your purchase
    Legal basis: performance of a contract

Purpose 2 – Payment and fraud prevention

  • Handling payment, preventing fraud/misuse
    Legal basis: performance of a contract and/or legitimate interest

Purpose 3 – Legal obligations

  • Administration and tax obligations (invoices/accounting)
    Legal basis: legal obligation

Purpose 4 – Customer service

  • Answering questions, handling complaints, warranty/returns
    Legal basis: performance of a contract or legitimate interest

Purpose 5 – Marketing (newsletter)

  • Sending newsletters/promotions (only if you subscribe or where permitted)
    Legal basis: consent (and you can always unsubscribe)

Purpose 6 – Improving and measuring website performance (analytics)

  • Measuring statistics and performance
    Legal basis: depends on your cookie choice (see cookies)

4) With whom do we share personal data?

We do not sell your personal data. We only share personal data if it is necessary to perform our services, to comply with legal obligations, or to prevent misuse/fraud.

We may share personal data with the following categories of recipients:

  • Webshop platform: Shopify (hosting and management of the webshop)
  • Payment service provider: Shopify Payments (and possibly PayPal, if activated) for payment processing and fraud prevention
  • Delivery and fulfillment partners: e.g., PostNL, DHL, GLS, and UPS (shipping and delivery)
  • Email service provider: e.g., Shopify Email (transactional emails and, if applicable, newsletters)
  • Review platform: Loox (review invitations and publication of reviews)
  • Administration/accounting: e-Boekhouden.nl
  • Analytics and advertising partners: Lucky Orange (analytics/heatmaps) and Meta (Facebook/Instagram, advertising) — only with your consent

When parties process personal data on our behalf, we conclude a processor agreement (or similar arrangements) where required to protect your data.

5) Transfers outside the EEA (Shopify)

We use Shopify as our e-commerce platform. Personal data of customers from the EEA, UK, and Switzerland are initially processed by Shopify International Limited (Ireland). Shopify may then transfer data to countries outside the EEA, including Canada and the United States, and to (sub)processors engaged by Shopify to provide services.

Appropriate safeguards are applied for these international transfers. For transfers to Canada, Shopify may rely on an adequacy decision from the European Commission. For transfers to countries without an adequacy decision (such as often the US), Standard Contractual Clauses (SCCs) or similar mechanisms are generally used, as included in Shopify's Data Processing Addendum (DPA).

Shopify also publishes an overview of its (sub)processors.

6) How long do we retain personal data?

We do not retain personal data longer than necessary for the purpose, unless a statutory retention period applies.

Specifically:

  • Order and invoice data: at least 7 years (tax/administration).
  • Customer service correspondence: 2 years after resolution.
  • Account data: as long as your account is active; thereafter 12 months or earlier upon request (except what we are legally required to retain).
  • Newsletter data: until you unsubscribe.
  • Cookie data: according to our cookie settings (see cookies).

7) Cookies and similar techniques

We use cookies and similar techniques to make the website function properly, to measure usage, and (if you choose to) to personalize marketing.

  • Functional cookies: necessary for the operation of the webshop (no consent is required for these).
  • Analytical cookies: to measure statistics and performance (only placed if you give consent, unless these cookies are demonstrably privacy-friendly).
  • Marketing/tracking cookies: for personalized advertisements and retargeting (only placed if you give consent).

You can always change your preferences or withdraw consent via the "Cookie settings" button at the bottom of this page. More information can be found in our Cookie Policy.

8) Security

We take appropriate technical and organizational measures to prevent misuse, loss, unauthorized access, and undesirable disclosure. Please note: no system is 100% secure.

9) Your rights

You have rights (depending on the situation) such as:

  • access, rectification, erasure
  • restriction of processing
  • objection
  • data portability
  • withdrawal of consent (if processing is based on it)

Submitting requests: email info@vandori.nl with your request.
We will generally respond within one month. If necessary, we may ask you for additional information to verify your identity. Some rights do not apply in all situations or may be legally limited (for example, by retention obligations).

Complaint: you can also file a complaint with the Dutch Data Protection Authority.

10) Minors

Our webshop is not intended for children under 16 years of age without parental/guardian consent. Do you think we have unintentionally collected data from a minor? Please contact us at info@vandori.nl and we will remove it where possible.

11) Changes

We may amend this privacy policy. The most current version will always be available on this page.