Privacy Policy – Zahra Meziane

About our privacy policy

Zahra Meziane attaches great importance to your privacy. We only process data that is necessary for (improving) our services and we handle with care the information we have collected about you and your use of our services. We never make your data available to third parties for commercial purposes.

This privacy policy applies to the use of the website and the services offered by Zahra Meziane through this website. These terms came into effect on 07-08-2023; with the publication of a new version, the validity of all previous versions expires. This privacy policy describes which data we collect about you, what it is used for, and with whom and under what conditions this data may be shared with third parties. We also explain how we store your data, how we protect it against misuse, and what rights you have with regard to the personal data you provide to us.

If you have questions about our privacy policy, please contact our Data Protection Officer. You can find the contact details at the end of this policy.

Data Processing

Below you can read how we process your data, where we (may) store it, which security techniques we use, and who has access to the data.

Webshop Software

Shopify
Our webshop is developed with software from Shopify. Personal data that you provide for our services is shared with this party. Shopify has access to your data in order to provide us with (technical) support; they will never use your data for other purposes. Shopify is required by the agreement we have with them to take appropriate security measures. These include SSL encryption and a strong password policy. Shopify is a certified processor of credit card data. Shopify uses cookies to collect technical information regarding your use of the software; no personal data is collected and/or stored. Shopify reserves the right to share collected data within its group in order to further improve services. Shopify complies with statutory retention periods for (personal) data. The EU/US Privacy Shield applies, which means that your data may be processed in the United States.

Google Workspace
We use Google services for our regular business email traffic. This party has taken appropriate technical and organizational measures to prevent misuse, loss, and corruption of your and our data as much as possible. Google does not have access to our mailbox and we treat all our email traffic as confidential.

Shipping and Logistics

Correos
If you place an order with us, it is our responsibility to deliver your package to you. For delivery, we use the services of Correos. It is therefore necessary that we share your name, address, and residence details with Correos. Correos uses this data solely for the purpose of executing the agreement. In the event that Correos engages subcontractors, your data may also be provided to these parties.

Purpose of Data Processing

General Purpose

We use your data exclusively for the purpose of our services. This means that the purpose of processing is always directly related to the order you provide. We do not use your data for (targeted) marketing. If you share data with us and we use this data – other than at your request – to contact you at a later time, we will ask for your explicit permission. Your data will not be shared with third parties, except to comply with accounting and other administrative obligations. These third parties are all bound to confidentiality under the agreement between them and us or by a statutory obligation or oath.

Automatically Collected Data

Data automatically collected by our website is processed for the purpose of further improving our services. This data (such as your IP address, web browser, and operating system) is not personal data.

Retention Periods

We retain your data as long as you are our client. This means that we keep your customer profile until you indicate that you no longer wish to use our services. If you notify us of this, we will also interpret this as a request to be forgotten. In accordance with applicable administrative obligations, we must retain invoices containing your (personal) data for the statutory period. However, employees no longer have access to your customer profile or documents created in response to your order.

Your Rights

Under applicable Dutch and European legislation, you have certain rights with regard to the personal data processed by or on behalf of us. We explain these rights below and how you can invoke them. To prevent misuse, we only send copies and transcripts of your data to the email address already known to us. If you wish to receive the data at another email address or by post, we will ask you to provide identification. We keep a record of processed requests; in the case of a request to be forgotten, we maintain anonymized data. All copies and transcripts of data will be provided in a machine-readable format used within our systems. You always have the right to file a complaint with the Dutch Data Protection Authority if you suspect that we are misusing your personal data.

Right to Rectification

You always have the right to have the data we (or others on our behalf) process that relates to you, amended. You can submit a request to our Data Protection Officer. You will then receive a response within 30 days. If your request is granted, we will send confirmation to the email address known to us that the data has been amended.

Right to Restriction of Processing

You always have the right to restrict the processing of data relating to you or that can be traced back to you. You can submit such a request to our Data Protection Officer. You will receive a response within 30 days. If your request is granted, we will send confirmation to the email address known to us that the data will no longer be processed until the restriction is lifted.

Right to Data Portability

You always have the right to have the data we (or others on our behalf) process relating to you transferred to another party. You can submit this request to our Data Protection Officer. You will receive a response within 30 days. If your request is granted, we will send you copies of all the data we have processed about you or that has been processed on our behalf by other processors or third parties. In all likelihood, we will no longer be able to continue our services in such a case, as the safe interconnection of data files can no longer be guaranteed.

Right to Object and Other Rights

You have the right to object to the processing of your personal data by or on behalf of Zahra Meziane. If you object, we will immediately stop the data processing pending the handling of your objection. If your objection is well-founded, we will provide you with copies and/or transcripts of the data we (or others on our behalf) process and then permanently stop processing it. You also have the right not to be subject to automated individual decision-making or profiling. We do not process your data in such a way that this right applies. If you believe otherwise, please contact our Data Protection Officer.

Third-Party Cookies

If third-party software solutions use cookies, this will be mentioned in this privacy policy.

Changes to the Privacy Policy

We reserve the right to amend our privacy policy at any time. However, you will always find the most recent version on this page. If the new privacy policy affects the way we process data already collected about you, we will notify you by email.