Privacy Policy

Last updated: October 2025

Your privacy matters to me, and I want you to know how I handle your information when you visit, shop, or contact me through ninovdstoop.com.

This page explains what personal data I collect, how I use it, and what your rights are under the EU General Data Protection Regulation (GDPR).

1. Who I am

This website is run by Nino van der Stoop, an independent artist based in Haarlem, the Netherlands.

If you ever have a question about your data, or want to access, update, or delete it, you can contact me directly at:
📧 [email protected]

I’m the data controller, which means I’m responsible for how your personal data is collected and used.

2. What data I collect

I only collect information that’s necessary to make things work smoothly, such as:

  • Order information: your name, email address, shipping and billing address, and payment details
  • Communication: messages you send via email or through my contact form
  • Account or newsletter data: if you subscribe to updates, I collect your email address with your consent
  • Website usage data: basic analytics and cookies that help me understand how visitors use my site (no invasive tracking)

3. How and why I use your data

I use your personal data for:

  • Processing and delivering your orders
  • Communicating with you about your purchase or support requests
  • Keeping basic records for accounting and legal purposes
  • Sending occasional updates or newsletters (only if you’ve subscribed and can unsubscribe anytime)
  • Improving my website and your overall experience

I’ll never sell or rent your information — ever.

4. Legal basis for processing

Under GDPR, I process personal data based on one or more of these legal grounds:

  • Contractual necessity: to fulfill your order or provide a service you requested
  • Legal obligation: to meet accounting, tax, or consumer law requirements
  • Legitimate interest: to improve my services and website
  • Consent: for optional things like newsletters or marketing emails

5. Sharing your data

I only share data with trusted third parties when it’s necessary to operate the shop, such as:

  • Payment processors (like PayPal, Stripe, or your card provider)
  • Shipping carriers to deliver your order
  • Website hosting and analytics providers (such as WordPress and HostGator)

These services only receive the minimum data needed to do their job, and they’re required to handle it securely and in line with GDPR.

6. How long I keep your data

  • Order records: up to 7 years (as required by Dutch tax law)
  • Emails and messages: as long as needed for communication or support
  • Newsletter subscriptions: until you unsubscribe

When your data is no longer needed, it’s securely deleted.

7. Your rights under GDPR

You have full control over your personal data. You can:

  • Request access to what I hold about you
  • Ask for corrections or updates
  • Request deletion of your data (“right to be forgotten”)
  • Object to certain uses (like marketing)
  • Withdraw consent at any time
  • File a complaint with the Autoriteit Persoonsgegevens (Dutch Data Protection Authority) if you believe your data isn’t handled properly

To exercise any of these rights, just send me an email at [email protected].

8. Security

I take your privacy seriously. Your data is stored securely and protected against unauthorized access, loss, or misuse.
Payment information is handled only by secure, encrypted payment providers — I never store card details myself.

9. Cookies

This website uses cookies to make things run smoothly — for example, keeping your cart active or improving the site.
You can control or disable cookies in your browser settings anytime.

10. Changes to this policy

I may update this Privacy Policy occasionally to reflect changes to the website or the law. The latest version will always be available on this page.

Thanks for reading — and for trusting me with your info. I’ll always treat it with care. 💛