Data Required for Order Fulfillment & Marketing
| Data Category | Reason for Collection (GDPR Legal Basis) |
| Full Name | Performance of the sales contract. |
| Shipping & Billing Address | Performance of the sales contract. (Necessary for shipping your Loot). |
| Contact Phone Number | Performance of the sales contract. (Necessary for the Courier/PostNL to make delivery). |
| Email (for order) | Performance of the sales contract. (To send order confirmation and tracking information). |
| Email (for newsletter) | Consent. (Must require a separate, explicit opt-in checkbox for marketing). |
| Payment Data | Performance of the contract. (Managed by the payment processor, e.g., PayPal/Stripe, not directly by your store). |
| Browsing Data/Cookies | Legitimate Interest & Consent. (For TikTok Ad Retargeting and general site analytics). |
1. Performance of a Contract (Contractual Obligation)
This is the primary reason for collecting most customer data. The customer has entered into a contract with you (by placing an order), and you need their data to fulfill your end of that contract.
| Data Collected | Legal Basis | Justification |
| Name, Address, Phone Number | Performance of a Contract | Without this data, you cannot ship the “Loot” (goods) to the customer. |
| Order Confirmation Email | Performance of a Contract | You need to confirm the ord |
2. Consent (Explicit Permission)
This applies to data processing that is optional and not strictly necessary for the order itself. Consent must be freely given, specific, informed, and unambiguous (e.g., a separate checkbox).1
| Data Collected | Legal Basis | Justification |
| Marketing Email | Consent | The customer must explicitly agree to receive your newsletters or promotional offers. |
| Non-Essential Cookies | Consent | The user must agree to cookies used for advertising or non-critical analytics (often via a cookie banner). |
3. Legitimate Interest (Business Necessity)
This applies when processing the data is necessary for your legitimate business operations, provided it doesn’t override the fundamental rights and freedoms of the customer.
| Data Collected | Legal Basis | Justification |
| IP Address/Device Info | Legitimate Interest | To ensure website security, prevent fraud, and perform basic, non-intrusive website analytics. |
| Basic Analytics | Legitimate Interest | To understand basic traffic patterns and improve the site’s functionality. |
๐ Who Do We Share Your Data With?
We only share your personal data with external service providers (third parties) when it is strictly necessary to fulfill your order or to operate our business efficiently. These third parties are legally bound to protect your data under strict contracts.
| Third-Party Recipient | Data Shared | Purpose |
| E-commerce Platform (e.g., Shopify, WooCommerce, etc.) | All Customer Data, Order Data | To host and operate the online store, manage inventory, and process transactions. |
| Payment Processors (e.g., Stripe, PayPal, Local Banks) | Name, Billing Address, Payment Details (encrypted/tokenized) | To securely process financial transactions and prevent fraud. |
| Shipping & Logistics (e.g., PostNL and their local delivery partners) | Full Name, Shipping Address, Contact Phone Number | To print shipping labels, track your “Loot” parcel, and ensure successful delivery. |
| Analytics Providers (e.g., Google Analytics, Microsoft Clarity) | IP Address, Browsing Behavior, Device Information (usually anonymized or pseudonymized) | To analyze website performance, understand traffic sources, and improve the user experience. |
| Advertising Platforms (e.g., Meta [Facebook/Instagram], TikTok, Google Ads) | Pseudonymized Data, IP Address, Browsing Activity (via tracking pixel) | To measure the effectiveness of our marketing campaigns (retargeting) and show you relevant products. |
| Email Marketing Service (e.g., Mailchimp, Klaviyo) | Email Address, Name (if provided) | To send out newsletters and promotional content, only if you have given us explicit consent. |
