Our policy in one simple sentence: we NEVER use any information you provide to us in any other way than the purpose you have provided it for! (with the exception of the automatic cookies)

 

Privacy policies are (thanks to the GPDR law, the EU privacy law) now enormous pages of text. And as required by that law, we will provide all the information in the utmost detail. To help you to get to the information you are looking for, we have summarized our policy in a few concise points. These are explained in more detail further down this page.

 

The extended version of our privacy policy:

We care about keeping your information secure and will explain how we do that, so you also feel secure about interaction with our site. We practice ‘privacy by design’ which means we will not ask you for any information we don’t need. For example, for our newsletter, we only need your email address and region. We won’t ask you for your name or birthday or anything else, because we don’t need it.

 

Why do we gather information from you?

We need it for something you are asking of us or to provide a well functioning website catered to your location (the cookies). Without an address we can’t ship products to you, without your email address we can’t send you our newsletter or respond to your questions etc. Information we gather automatically (the cookies) are so we can provide you with a website that shows you all the information in your language and currency and to analyse how to improve the website. A bit further below, we’ll explain cookies in more detail.

 

Which types of information are gathered? And what do you do with it?

We have divided this part of our privacy policy into two parts: information that is gathered automatically (cookies) and information that is gathered by you supplying it to us.

 

Information we gather automatically, the cookies!

Everyone has heard the term, but what are cookies? And what do they do? Well, they are packages of information stored on your computer. Upon entering our website, a cookie is made and placed on your computer. It tells your computer in which language and which currency to view the website. Without the cookie, browsing to the next page would show the website in the main language (English in our case) and main currency (Euro in our case). You’d have to reset those two things for each page you visit without the cookie. The cookie also allows your browser to remember products you have placed in your basket. Without the cookie, your computer would forget and you could never go through the order process!

Activity on the website is also tracked with Google Analytics. This allows us to analyze which pages where visited, for how long and the bounce rate among other things. (A bounce is when a person leaves the website). This allows us to analyse and improve the performance of the website. For example, if we see a high bounce rate on a certain page, something might be wrong with that page that causes people to leave without placing an order. This also allows us to see which categories and products are popular which we can use when deciding on new products. As far as Google Analytics is concerned:

 

Information you actively supply to us

There are several ways to send us personal information. Not just by creating an account or by placing an order, but also by using one of several forms on the website. The contact form, online guarantee form and newsletter subscribing form are examples of such forms. Which information is gathered depends on the function. For the newsletter we only need your email address and region (which newsletter you want to receive). But for the contact form we need your name (so we know what to call you), your email address (in order to respond to you), what type of issue you have (so we can direct it to the right person quickly) and of course a description of why you are contacting us.

As part of our ‘privacy by design’ policy we don’t ask you for any personal information we don’t need. Furthermore, we won’t use any information provided to us for any other purpose than what you have provided it for. Contacting us, or even placing an order doesn’t mean you’ll receive the newsletter. We’ll answer your question, or resolve your problem and send the order, and that’s it! If you subscribe to the newsletter you’ll receive it once a month by email, we will not send you separate emails on sales or personalized discounts (if we want you to know about these things, that info will be IN the newsletter) and we won’t use your email for any other communication other than the newsletter.

We’ll never share your information with any third party not needed to provide the purpose you have supplied it for. If you place an order for example, we can’t ship your order without providing your address to the shipping company. They wouldn’t know where to deliver it otherwise!  Another example is the newsletter. The newsletter is send through a company called Laposta (newsletter host, like MailChimp for example). Without supplying your email address to them, we couldn’t provide you with the newsletter at all.

So some third parties are involved in processing your personal information, but only for the purpose of supplying you with what you have requested. With all those third parties we have processor agreements stipulating the protection of your privacy (either before or on the 28th of May). For more information about which parties are involved for certain pieces of personal information, please see the tables below. The first table is for account creation/orders and the second is for the forms we have on the website. The tables shows the purpose of gathering them, if and which third parties are involved and how long the information is saved. For all these types of information you are required to check a box agreeing to this privacy policy and agree to the use of your information. The check box is on the bottom of every form on the website, including the checkout process.

 

For any information supplied digitally (including email) our website host is always involved as a third party. This applies to all the information in the tables below, but also emails send directly (not through the website). We have a data processing agreement with them.

 

Table 1: Personal information involved with purchase and account creation

Information type

Purpose

Third Parties involved

Period saved

Name

Email notifications and shipping

Shipping agents, PostNL, Fed Ex and intermediaries

10 years on invoice, 7 years (required by law) if remove request is made. As part of account info: until deleted or request for deletion.

Address

Shipping

Shipping agents, PostNL, Fed Ex and intermediaries

10 years on invoice, 7 years (required by law) if remove request is made. As part of account info: until deleted or request for deletion.

Email address

Email notifications and track and trace (if applicable)

Shipping agents, PostNL, Fed Ex and intermediaries

Part of account info, until deleted or request for deletion. Emails send are saved for 5 years or until deletion request

Phone number

Back up communication for email, Shipping (if with Fed Ex)

Intermediaries and Fed Ex as subcontractor

Part of account info, until deleted or request for deletion.

Order information (products ordered, purchase history)

Delivery of products, creation of discounts, saving reward points

Outside of the EU: Shipping agents, PostNL, Fed Ex and intermediaries and customs. Required to import products. Purchase history is not shared with any third party

10 years on invoice, 7 years (required by law) if remove request is made. As part of account info: until deleted or request for deletion.

Payment details and bank information*

Receiving payment for your order

One of our payment providers

We do not receive any of our payment details and bank information, thus cannot save them

*Please take into account that with the use of our payment providers, you are also sharing information with them. Usually these are parties you are already familiar with through previous only purchases (for example paypal or the commonly used and reputable credit card payment provider Stripe). The privacy policy of these third parties may also be applicable on your information (for example paypal, with whom you have shared your information and agreed to their privacy policy when you made the account with them).

 

Table 2: Personal information involved with the use of website forms

Information type

Forms

Purpose

Third Parties involved

Period saved

Name

Contact, Suggestions box, Return form

Email notifications

None

5 years, or until deletion request

Name

Return form

Email notifications

None

10 years on credit invoice, 7 years (required by law) if remove request is made. As part of account info: until deleted or request for deletion.

Name

Online guarantee form

Email notifications and shipping

Shipping agents, PostNL, Fed Ex and intermediaries

If outside EU: 10 years on customs invoice, 7 years (required by law) if remove request is made. Inside EU: 5 years or until deletion request

Email address

Contact, Return form, Online Guarantee form, Suggestions box

Email notifications

None

5 years, or until deletion request

Email address

Newsletter

Sending the newsletter

Our newsletter host Laposta (another famous newsletter host is Mailchimp for example)

Until the unsubscribe link at the bottom of each newsletter is pressed. The original subscribe notfication is saved until deletion request (required by law, registering opt-ins)

Order information (order number, amounts ordered, guarantee number, etc)

Return form, Online guarantee form

To find original order which you are returning one or more products from, or require extra supplies for.

None

5 years, or until deletion request

Region

Newsletter

To provide you with the right newsletter (The Netherlands, Belgium, EU or rest of the world)

Our newsletter host Laposta (another famous newsletter host is Mailchimp for example)

Until the unsubscribe link at the bottom of each newsletter is pressed. The original subscribe notfication is saved until deletion request (required by law, registering opt-ins)

Subject and reason for contact

Contact form

In order to get your message to the right person quickly

None

5 years, or until deletion request

Your message, your idea, clarification return, details guarantee appliction

Contact, Return form, Online Guarantee form, Suggestions box

Details to help you with your question, complaint, return or guarantee appliction or to receive your suggestion

None

5 years, or until deletion request

 

 

How do you make sure my information is safe with you?

First of all, we need to get it safely to us. Which is why we use a SSL connection (the green lock in front of the URL). This ensures the information you enter on our website is transmitted encrypted and safely. Even if the information was intercepted, it would be useless since it was encrypted. So now it has arrived safely on our servers. Of course we need to make sure our access to our servers is also secure, which we also do by SSL connections.  So on both sides, the sending and retrieving of your information is through a secured connection.

Of course we must also store your information safely. Information stored on the website sever (hosted server) is protected by the website host. They have taken both technical and organisational measures to ensure a safe and secure hosting service. Including, but not limited to: a firewall, constant monitoring of suspicious activity, automatic patches, cryptography, segmentation and several other methods of encryption and access limitations. If any suspicious activity is found, it is instantly blocked. Our host is very reputable, and considerd one of the safest hosts in the Netherlands.

Invoices of orders are also stored on the cloud, with a reputable cloud service provider (so not dropbox). We also have a processing agreement with them, and they have also taken many technical and organisational measures to ensure a safe storage of our files and your information.

 

The right to be forgotten

Anyone who has ever supplied personal information to us has the right to view, edit or remove that information. It is commonly referred to as the right to be forgotten. Account information can be viewed and altered by logging into your account. If you want to delete your account, you’ll need to contact us (we are working to allow customers to do so themselves, but this is currently not possible). Of course that is not the only personal information we may have of yours. Perhaps you don’t even have an account, but rather filled out one of the forms? If you want that information removed you will need to contact us as well. If you simply want to know what information we have of yours, view or alter your information, you may always contact us for this as well.

Even if you request the removal of your information, we might not be allowed to remove an invoice for an order. Which not only contains your name and address, but also your order information and payment method (not payment info though, just the method. For example: paypal). Depending on how much time has passed we may not be allowed to delete the invoice. Dutch law requires that invoices are saved for 7 years. If you placed an order in the past and request removal of your information before the end of this 7 year period, all of your information is removed with the exception of the invoice. The invoice will be removed after this 7 year period, you don’t need to request removal again.

For more information about how long your information is saved, please see the tables a bit further up this page.

 

Obligation to report leaks

All leaks of any personal information, are to be reported to the Dutch Data Protection Authority (DPA). If there is considerable risk to the persons of whom information was leaked, those persons are also to be informed of the leak. Each and every leak has to be documented by Orcraphics.

Leaks are rarely caused by hacking or digital attacks of some kind, unless you’re a big bank or large institution with valuable information. Credit card information and BSN or social security numbers are very high risk information. We don’t gather or store such information. For webshops who have outsourced payment methods like us, the highest risk of leaks comes from the people working there. Leaving laptops or flash drives with personal information behind, providing login information to others, or even sending personal information to the wrong person. Human mistakes can never be completely prevented, but we try to minimize these risk by:

 

Need help?

If you are having trouble understanding this privacy policy or have questions about it, please contact us before placing an order. Simply fill out the contact form or send an email directly to info@orcraphics.com.