Privacy declaration

Nappy's.eu cares a lot about your privacy. We therefore only process data that we need for (improving) our services and carefully handle the information we have collected about you and your use of our services. We never make your data available to third parties for commercial purposes. This privacy policy applies to the use of the website and the services provided by Nappy's.eu. The effective date for the validity of these conditions is March 6, 2024, with the publication of a new version the validity of all previous versions expires. This privacy policy describes what information about you is collected by us, what this information is used for and with whom and under what conditions this information may be shared with third parties. We also explain to you how we store your data and how we protect your data against misuse and what rights you have with regard to the personal data you provide to us.

 

If you have any questions about our privacy policy, please contact Ilka van der Poel, the contact person for privacy matters, you will find the contact details at the end of our privacy policy.

 

About data processing

Below you can read how we process your data, where we store it (or have it stored), which security techniques we use and for whom the data is transparent.

 

Webshop software: Magento

Our webshop has been developed with software from Magento. Personal data that you make available to us for the benefit of our services will be shared with this party. Magento has access to your data to provide us with (technical) support, they will never use your data for any other purpose. Magento is obliged to take appropriate security measures on the basis of the agreement we have concluded with them. These security measures consist of the application of SSL encryption and a strong password policy. Magento uses cookies to collect technical information regarding your use of the software, no personal data is collected and/or stored. Magento reserves the right to share collected data within its own group in order to further improve the service.

 

Web Hosting: Hypernode

We purchase web hosting and e-mail services from Hypernode. This party process personal data on our behalf and do not use your data for their own purposes. However, this party can collect metadata about the use of the services. This is not personal data. Hypernode has taken appropriate technical and organizational measures to prevent loss and unauthorized use of your personal data. Hypernode is bound by the confidentiality agreement.

 

Email and mailing lists: MailChimp and Office365

MailChimp

We send our e-mail newsletters with MailChimp. MailChimp will never use your name and e-mail address for its own purposes. At the bottom of every e-mail sent automatically via our website you will see the 'unsubscribe' link. You will then no longer receive our newsletter. Your personal data is stored securely by MailChimp. MailChimp uses cookies and other internet technologies that provide insight into whether e-mails are opened and read. MailChimp reserves the right to use your data to further improve the service and to share information with third parties in this context.

 

Office365

We use the services of Office365 for our regular business e-mail traffic. This party has taken appropriate technical and organizational measures to prevent misuse, loss and corruption of your and our data as much as possible. Office365 has no access to our mailbox and we treat all our email traffic confidentially.

 

Payment processors: Mollie

We use the Mollie platform to handle (part of) the payments in our webshop. Mollie processes your name, address and residence details and your payment details such as your bank account or

credit card number. Mollie has taken appropriate technical and organizational measures to protect your personal data. Mollie reserves the right to use your data to further improve the service and to share (anonymised) data with third parties in this context. All the above-mentioned safeguards with regard to the protection of your personal data also apply to the parts of Mollie's services for which they engage third parties. Mollie does not store your data longer than permitted by law.

Reviews: KiyOh

We collect reviews via the KiyOh platform. If you leave a review via KiyOh, you are obliged to provide your e-mail address. KiyOh shares this information with us so that we can link the review to your order. KiyOh will only publish your name and place of residence on its own website if you have entered it voluntarily. Your email address will not be published. In some cases, KiyOh may contact you to provide an explanation of your review. In the event that we invite you to leave a review, we will share your name and e-mail address with KiyOh. They only use this information for the purpose of inviting you to leave a review. KiyOh has taken appropriate technical and organizational measures to protect your personal data. KiyOh reserves the right to engage third parties for the provision of services, for which we have given permission to KiyOh. All the above-mentioned guarantees with regard to the protection of your personal data also apply to the parts of KiyOh's services for which they engage third parties. KiyOh retains your personal data as long as you keep the review published on the platform. KiyOh has appointed a Data Protection Officer, you will find the contact details of this officer on the KiyOh website.

 

Shipping and logistics: DPD and Sendcloud

If you place an order with us, it is our job to have your package delivered to you. We use the services of DPD and Sendcloud to carry out deliveries. It is therefore necessary that we share your name, address and residence details with DPD and Sendcloud. DPD and Sendcloud only use this data for the purpose of executing the agreement. In the event that Sendcloud or DPD engages subcontractors, they will also make your data available to these parties.

 

Billing and accounting: Yuki

We use the services of Yuki to keep track of our administration and accounting. We share your name, address and residence details and details regarding your order. This data is used for the administration of sales invoices. This data is used for the administration of sales invoices. Your personal data is sent and stored protected. Yuki is bound to secrecy and will treat your data confidentially. Yuki does not use your personal data for purposes other than those described above.

 

Youtube

We use YouTube API Services to display videos on our website. Also read the terms and conditions of Youtube and the Google privacy policy.

 

Purpose of data processing

We only use your data for the benefit of our services. This means that the purpose of the processing is always directly related to the assignment you provide. We do not use your data for (targeted) marketing. If you share information with us and we use this information - other than at your request - to contact you at a later time, we will ask you for explicit permission. Your data will not be shared with third parties, other than to comply with accounting and other administrative obligations. These third parties are all bound to secrecy by virtue of the agreement between them and us or an oath or legal obligation.

 

Automatically collected data

Data that is automatically collected by our website is processed with the aim of further improving our services. This data (for example your IP address, web browser and operating system) is not

personal data.

 

Cooperation in tax and criminal investigations

In some cases, Nappy's.eu may be required by law to share your data in connection with government tax or criminal investigations. In such a case we are forced to share your data, but we will oppose this within the possibilities that the law offers us.

 

Retention periods

We keep your data as long as you are a customer of ours. This means that we keep your customer profile until you indicate that you no longer wish to use our services. If you indicate this to us, we will also regard this as a request to forget. Based on applicable administrative obligations, we must keep invoices with your (personal) data, so we will keep this data for as long as the applicable term runs. However, employees no longer have access to your customer profile and documents that we have produced in response to your order.

Your rights

Under the applicable Dutch and European legislation, you as a data subject have certain rights with regard to the personal data processed by or on behalf of us. We explain below which rights these are and how you can invoke these rights. In principle, to prevent misuse, we only send copies and copies of your data to your already known e-mail address. In the event that you wish to receive the data at a different e-mail address or, for example, by post, we will ask you to identify yourself. We keep records of completed requests, in the event of a forget request we administer anonymised data. You will receive all statements and copies of data in the machine-readable data format that we use within our systems. You have the right at all times to submit a complaint to the Dutch Data Protection Authority if you suspect that we are using your personal data in the wrong way.

 

Right of inspection

You always have the right to view the data that we process or have processed that relate to your person or can be traced back to it. You can make a request to this effect to our contact person for privacy matters. You will then receive a response to your request within 30 days. If your request is granted, we will send you a copy of all data with an overview of the processors who hold this data, stating the category under which we have stored this data, at the e-mail address known to us.

 

Right of rectification

You always have the right to have the data that we process or have processed that relate to your person or that can be traced back to it, adjusted. You can make a request to this effect to our contact person for privacy matters. You will then receive a response to your request within 30 days. If your request is granted, we will send you a confirmation that the data has been changed at the e-mail address known to us.

 

Right to restriction of processing

You always have the right to limit the data that we process or have processed that relate to your person or that can be traced back to it. You can make a request to this effect to our contact person for privacy matters. You will then receive a response to your request within 30 days. If your request is granted, we will send you a confirmation to the e-mail address known to us that the data will no longer be processed until you lift the restriction.

 

Right to portability

You always have the right to have the data that we process or have processed that relate to your person or that can be traced back to it, be carried out by another party. You can make a request to this effect to our contact person for privacy matters. You will then receive a response to your request within 30 days. If your request is granted, we will send you copies or copies of all data about you that we have processed or that have been processed by other processors or third parties on the e-mail address known to us. In all likelihood, we will no longer be able to continue the service in such a case, because the secure linking of data files can then no longer be guaranteed.

 

Right of objection and other rights

In some cases you have the right to object to the processing of your personal data by or on behalf of Nappy's.eu. If you object, we will immediately cease data processing pending the handling of your objection. If your objection is well-founded, we will make copies and/or copies of data that we process or have processed available to you and then permanently suspend the processing. You also have the right not to be subject to automated individual decision-making or profiling. We do not process your data in such a way that this right applies. If you believe that this is the case, please contact our contact person for privacy matters.

 

Cookies: Magento

 

Requested Functionality Cookies

guest-view

Stores the Order ID that guest shoppers use to retrieve their order status. Guest orders view. Used in “Orders and Returns” widgets.

  • Is Secure? No
  • HTTP Only: Yes
  • Expiration Policy: Session
  • Module: Magento_Sales

mage-messages

Tracks error messages and other notifications that are shown to the user, such as the cookie consent message, and various error messages. The message is deleted from the cookie after it is shown to the shopper.

There is not an option to disable this cookie.

  • Is Secure? No
  • HTTP Only: No
  • Expiration Policy: Duration 1 year. Cleared on frontend when the message is displayed to the user.
  • Module: Magento_Theme

product_data_storage (local storage)

Stores configuration for product data related to Recently Viewed / Compared Products.

  • Is Secure? No
  • HTTP Only: No
  • Expiration Policy: Per local storage rules
  • Module: Magento_Catalog

recently_compared_product (local storage)

Stores product IDs of recently compared products.

  • Is Secure? No
  • HTTP Only: No
  • Expiration Policy: Per local storage rules
  • Module: Magento_Catalog

recently_compared_product_previous (local storage)

Stores product IDs of previously compared products for easy navigation.

  • Is Secure? No
  • HTTP Only: No
  • Expiration Policy: Per local storage rules
  • Module: Magento_Catalog

recently_viewed_product (local storage)

Stores product IDs of recently viewed products for easy navigation.

  • Is Secure? No
  • HTTP Only: No
  • Expiration Policy: Per local storage rules
  • Module: Magento_Catalog

recently_viewed_product_previous (local storage)

Stores product IDs of recently previously viewed products for easy navigation.

  • Is Secure? No
  • HTTP Only: No
  • Expiration Policy: Per local storage rules
  • Module: Magento_Catalog

X-Magento-Vary

Configuration setting that improves performance when using Varnish static content caching.

  • Is Secure? Yes
  • HTTP Only: Yes
  • Expiration Policy: Based on PHP setting session.cookie_lifetime
  • Module: Magento_PageCache

Persistent Customization Session Cookies

form_key

A security measure that appends a random string to all form submissions to protect the data from Cross-Site Request Forgery (CSRF).

  • Is Secure? No
  • HTTP Only: No
  • Expiration Policy:
    • PHP: Based on PHP setting session.cookie_lifetime
    • JS: Session
  • Module: Page Cache

mage-cache-sessid

The value of this cookie triggers the cleanup of local cache storage. When the cookie is removed by the backend application, the Admin cleans up local storage, and sets the cookie value to true.

  • Is Secure? No
  • HTTP Only: No
  • Expiration Policy: Session
  • Module: Magento_Customer

mage-cache-storage

Local storage of visitor-specific content that enables ecommerce functions.

  • Is Secure? No
  • HTTP Only: No
  • Expiration Policy: Session
  • Module: Magento_Customer, Magento_Persistent

mage-cache-storage (local storage)

Local storage of visitor-specific content that enables ecommerce functions.

  • Is Secure? No
  • HTTP Only: No
  • Expiration Policy: Session
  • Module: Magento_Customer, Magento_Persistent, Magento_NegotiableQuote

mage-cache-storage-section-invalidation (local storage)

Forces local storage of specific content sections that should be invalidated.

  • Is Secure? No
  • HTTP Only: No
  • Expiration Policy: Per local storage
  • Module: Magento_Customer

persistent_shopping_cart

Stores the key (ID) of persistent cart to make it possible to restore the cart for an anonymous shopper.

  • Is Secure? Yes
  • HTTP Only: Yes
  • Expiration Policy: Based on Persistent Shopping Cart - Persistence Lifetime (seconds) configuration
  • Module: Magento_Persistent

private_content_version

Appends a random, unique number and time to pages with customer content to prevent them from being cached on the server.

It is set in multiple places: in PHP, in JavaScript as a cookie, and in JavaScript to local storage.

For the HTTP Only Yes (based on request) means that the cookie Secure if set during HTTPS request and unsecure if set during HTTP request.

  • Is Secure? Yes (based on request), No
  • HTTP Only:
    • PHP: 1 year / 315360000s (10yr)
    • JS: 1 day
    • JS local storage: Per local storage rules (forever)
  • Expiration Policy: Based on Persistent Shopping Cart - Persistence Lifetime (seconds) configuration
  • Module: Magento_PageCache, Magento_Customer

section_data_ids

Stores customer-specific information related to shopper-initiated actions such as display wish list, checkout information, etc.

  • Is Secure? No
  • HTTP Only: No
  • Expiration Policy: Session
  • Module: Magento_Customer

store

Tracks the specific store view / locale selected by the shopper.

  • Is Secure? No
  • HTTP Only: Yes
  • Expiration Policy: 1 year
  • Module: Magento_Store

Cookies: Google Analytics

Cookies from the American company Google are placed via our website as part of the “Analytics” service. We use this service to keep track of and receive reports on how visitors use the website. This processor may be obliged to provide access to this data on the basis of applicable laws and regulations. We collect information about your surfing behavior and share this data with Google. Google can interpret this information in conjunction with other data sets and thus track your movements on the internet. Google uses this information to offer, among other things, targeted advertisements (Adwords) and other Google services and products.

 

Cookie overview https://www.nappys.eu

 

Cookie name Purposes of cookie Explanation Cookie retention period

_utma Statistics / Analysis Web Statistics 2 years

_utmb Statistics / Analysis Web Statistics 30 minutes

_utmc Statistics / Analysis Web statistics session

_utmt Statistics / Analysis Web Statistics 10 minutes

_utmz Statistics / Analysis Web Statistics 6 months

PHPSESSID Functional Operation of the website duration of the session

 

Cookies: Hotjar - analytics & customer feedback

With the help of Hotjar, we collect additional insights into the behavior of visitors to our website.

 

_hjUserId (hotjar.com)

This cookie is placed when you visit a page containing the Hotjar code. The cookie contains a unique identifier (UUID), which makes it possible to track the same visitor across multiple pages and sessions. Your visits may be recorded anonymously for analysis purposes.

 

_hjClosedSurveyInvites (hotjar.com)

This cookie is placed once to save your response to a survey invitation. This allows us to ensure that you do not see the same invitation repeatedly.

 

_hjDonePolls (hotjar.com)

This cookie is set to store your response to a poll. This way we prevent you from being asked for your opinion again after completing the survey.

 

_hjMinimizedPolls (hotjar.com)

This cookie is set when you shrink a polling window so that it remains minimized throughout your website visit. We use polls to gain more insight into the wishes of our website visitors.

 

_hjIncludedInSample (hotjar.com)

This session cookie is set to let Hotjar know if a visitor is included in the sample used to generate funnels. With the help of funnels we gain more insight into the flow and possible bottlenecks within our website.

 

Changes to the Privacy Policy

We reserve the right to change our privacy policy at any time. However, you will always find the most recent version on this page. If the new privacy policy has consequences for the way in which we process already collected data with regard to you, we will inform you by e-mail.

 

Contact details

Nappy's.eu

Zegelhorstweg 4

7942 RX Meppel

The Netherlands

T +31 (0) 522 475 883

E [email protected]

 

Contact person for privacy matters

Ilka van der Poel

T +31 (0) 522 475 883

E [email protected]