Last updated: 16 May 2026
Who We Are (Data Controller)
The data controller responsible for your personal data is:
- Name: elvinhome
- Website: elvinhome.io
- Email: [email protected]
- Location: The Netherlands
- KvK number: 99404621
Personal Data We Collect
Data you provide directly
- Full name
- Delivery and billing address
- Email address
- Phone number (optional, for delivery coordination)
- Payment information (processed securely by our payment provider — we do not store card details ourselves)
- Order history and purchase details
- Communications you send us (e.g. via customer support)
Data collected automatically
- IP address and approximate location
- Browser type, operating system, and device information
- Pages visited, time spent on site, and clickstream data
- Referring URL and marketing campaign identifiers (e.g. UTM parameters)
This data is collected via cookies and similar technologies. For full details, see the Cookies section below.
Legal Basis for Processing
- Performance of a contract (Article 6(1)(b)): We need your name, address, and contact details to process and deliver your order, and to handle returns or complaints.
- Legal obligation (Article 6(1)(c)): We are required to retain certain financial and transaction records under Dutch tax law (Belastingdienst).
- Legitimate interests (Article 6(1)(f)): We may process data to prevent fraud, improve our website, and conduct basic analytics — only where this does not override your rights.
- Consent (Article 6(1)(a)): Where we send you marketing emails or use non-essential cookies, we rely on your explicit consent. You can withdraw consent at any time.
How We Use Your Data
We use your personal data for the following purposes:
- Processing and fulfilling your orders, including dispatch and delivery
- Sending order confirmations, shipping updates, and receipts by email
- Communicating with you about your orders, questions, or complaints
- Coordinating delivery by phone (if you have provided your number)
- Complying with our legal and tax obligations
- Detecting and preventing fraud or unauthorised transactions
- Improving our website and product offerings through aggregated analytics
- Sending marketing emails about products and promotions — only with your consent
Marketing Communications
We will only send you promotional emails or newsletters if you have given us your explicit consent to do so. You can withdraw this consent at any time by clicking the unsubscribe link in any marketing email, or by contacting us. Withdrawing consent does not affect the lawfulness of processing carried out before withdrawal, and will not affect transactional emails related to active orders.
Who We Share Your Data With
We do not sell your personal data to third parties. We share your data only where necessary with the following categories of recipients:
- Shipping and logistics partners: Your name and delivery address are shared with our courier(s) to fulfil your order.
- Payment processors: Your payment data is handled by our payment service provider(s). We do not store card details.
- Email service providers: Used to send order confirmations and (with consent) marketing emails.
- Website and hosting providers: Our website is built on Odoo. Our infrastructure and analytics providers (including Google) may process technical data.
- Advertising partners: If you have consented to advertising cookies, Google may process data for ad personalisation and campaign reporting purposes.
- Accounting and tax: Financial records may be shared with our accountant or required by law to be provided to the Dutch Tax Authority (Belastingdienst).
- Legal authorities: We may disclose data if required to do so by law or in response to valid legal requests.
All third-party processors are contractually required to handle your data securely and in accordance with the GDPR.
International Data Transfers
How Long We Keep Your Data
We retain your personal data only for as long as necessary for the purposes described in this policy:
- Order and transaction data: Retained for 7 years to comply with Dutch tax and accounting law.
- Customer account data: Retained while your account is active and for a reasonable period after, or until you request deletion.
- Marketing consent records: Retained until you withdraw consent, plus a reasonable period for recordkeeping.
- Customer support communications: Retained for up to 2 years after resolution.
- Website analytics data: Typically aggregated or deleted within 26 months, in line with Google Analytics data retention settings.
When data is no longer needed, it is securely deleted or anonymised.
Cookies
Cookies are small bits of text sent by our servers to your computer or device when you access our services. They are stored in your browser and later sent back to our servers so that we can provide contextual content. Without cookies, using the web would be a much more frustrating experience. We use them to support your activities on our website. For example, your session (so you don't have to login again) or your shopping cart.
Cookies are also used to help us understand your preferences based on previous or current activity on our website (the pages you have visited), your language and country, which enables us to provide you with improved services. We also use cookies to help us compile aggregate data about site traffic and site interaction so that we can offer better site experiences and tools in the future.
Here is an overview of the cookies that may be stored on your device when you visit our website:
| Category of Cookie | Purpose | Examples |
|---|---|---|
|
Session & Security (essential) |
Authenticate users, protect user data and allow the website to deliver the services users expects, such as maintaining the content of their cart, or allowing file uploads. The website will not work properly if you reject or discard those cookies. |
session_id (Odoo) |
|
Preferences (essential) |
Remember information about the preferred look or behavior of the website, such as your preferred language or region. Your experience may be degraded if you discard those cookies, but the website will still work. |
frontend_lang (Odoo) |
| Interaction History (optional) |
Used to collect information about your interactions with the website, the pages you've seen, and any specific marketing campaign that brought you to the website. We may not be able to provide the best service to you if you reject those cookies, but the website will work. |
im_livechat_previous_operator (Odoo) utm_campaign (Odoo) utm_source (Odoo) utm_medium (Odoo) |
|
Advertising & Marketing (optional) |
Used to make advertising more engaging to users and more valuable to publishers and advertisers, such as providing more relevant ads when you visit other websites that display ads or to improve reporting on ad campaign performance. Note that some third-party services may install additional cookies on your browser in order to identify you. You may opt-out of a third-party's use of cookies by visiting the Network Advertising Initiative opt-out page. The website will still work if you reject or discard those cookies. |
__gads (Google) __gac (Google) |
|
Analytics (optional) |
Understand how visitors engage with our website, via Google Analytics. Learn more about Analytics cookies and privacy information. The website will still work if you reject or discard those cookies. |
_ga (Google) _gat (Google) _gid (Google) _gac_* (Google) |
You can choose to have your computer warn you each time a cookie is being sent, or you can choose to turn off all cookies. Each browser is a little different, so look at your browser's Help menu to learn the correct way to modify your cookies.
We do not currently support Do Not Track signals, as there is no industry standard for compliance.
Data Security
- Encrypted data transmission (SSL/TLS) across our website
- Secure payment processing handled by PCI-DSS compliant providers
- Access controls limiting who within our organisation can access personal data
- Regular review of our data handling practices
Your Rights Under GDPR
- Right of access: You can request a copy of the personal data we hold about you.
- Right to rectification: You can ask us to correct any inaccurate or incomplete data.
- Right to erasure ("right to be forgotten"): You can request deletion of your data, subject to legal retention obligations.
- Right to restriction of processing: You can ask us to limit how we use your data in certain circumstances.
- Right to data portability: You can request your data in a structured, machine-readable format.
- Right to object: You can object to processing based on legitimate interests, including direct marketing.
- Right to withdraw consent: Where processing is based on consent, you can withdraw it at any time.
- Right not to be subject to automated decisions: We do not make solely automated decisions that produce significant legal effects.
Complaints
If you believe we have not handled your personal data in accordance with the law, you have the right to lodge a complaint with the Dutch Data Protection Authority:
Autoriteit Persoonsgegevens
Website: www.autoriteitpersoonsgegevens.nl
Phone: +31 (0)88 805 1000
Children's Privacy
Our website and products are not directed at children under the age of 16. We do not knowingly collect personal data from children. If you believe a child has provided us with their personal data, please contact us and we will take steps to delete it promptly.
Changes to This Policy
We may update this Privacy & Cookie Policy from time to time to reflect changes in our practices or legal requirements. When we do, we will update the "Last updated" date at the top of this page. For significant changes, we may notify you by email or via a notice on our website. We encourage you to review this policy periodically.