Privacy Policy — Suppstore
Suppstore is fully GDPR-compliant (EU Regulation 2016/679). We process your personal data with transparency, minimal collection, and clear user control.
Data we collect
Essential for orders
- Name, delivery address, billing address
- Email address and phone number
- Order history and payment information (processed by secure third-party processors)
Optional with explicit consent
- Marketing preferences (newsletter)
- Browsing behavior (analytics with consent)
Data we never collect
- Health data beyond what you voluntarily share
- Biometric or sensitive personal data
- Data from minors under 16
Your rights under GDPR
- Right to access your data: request anytime via support@suppstore.com
- Right to correction: update via your account or by email
- Right to deletion ("right to be forgotten"): processed within 30 days
- Right to data portability: receive your data in standard format
- Right to object to processing
- Right to lodge complaints with Autoriteit Persoonsgegevens (Dutch DPA)
Data storage
- Servers located in EU (Netherlands and Ireland)
- GDPR-compliant infrastructure
- Encrypted at rest and in transit (TLS 1.3)
- Order data retained for 7 years (Dutch tax law requirement)
- Marketing data deleted upon unsubscribe
Data sharing
We never sell your data to third parties. We share data only with:
- Payment processors (Stripe, PayPal, Mollie) for transactions
- Shipping carriers (PostNL, DHL, DPD) for delivery
- Email service (Shopify & Klaviyo) for order confirmations
All processors are GDPR-compliant with Data Processing Agreements in place.
Cookies
We use essential cookies (required for site function) and optional cookies (analytics, marketing) only with your explicit consent via cookie banner.
Response time for privacy requests
We respond to data requests within 1 working day. Full data deletion completed within 30 days.
For complete privacy information, visit: /pages/privacy-policy
Data Protection Officer: privacy@suppstore.com
General privacy inquiries: support@suppstore.com