Privacy policy
Privacy Policy
Last updated: 25 June 2025
Company name: NIMFA
Data Controller: NIMFA
Email: support@nimfa.nl
Address: Kwadijk 168, 1471 CK, Kwadijk, Netherlands
1. Introduction
This Privacy Policy describes how NIMFA (“we”, “us”, “our”) collects, uses, stores, and discloses personal data when you access or use our website (www.nimfa.nl), make a purchase, subscribe to marketing, or interact with our Services.
Our store operates on the Shopify platform, which processes data on our behalf as a GDPR-compliant processor.
By using our Services, you acknowledge that you have read and understood this Privacy Policy.
2. Data Controller
NIMFA acts as the data controller for all personal data collected through:
• our website,
• order and checkout forms,
• customer service communication,
• marketing subscriptions.
For privacy-related inquiries: support@nimfa.nl
3. Personal Data We Collect
We may collect the following categories of personal data:
Contact Information
• name
• email address
• phone number
• billing and shipping address
Account & Order Information
• account credentials
• past orders, cart items
• payment status (payment details are processed by Shopify/Stripe and not stored by us)
Marketing & Preferences
• email marketing subscriptions
• consent preferences
Device & Usage Data
Collected via cookies and analytics tools:
• IP address
• browser type
• device information
• pages visited
• session activity
Communication Data
• messages sent via email or contact forms
• customer service history
4. Legal Basis for Processing (GDPR Article 6)
We process personal data based on:
• Contract (Art. 6(1)(b)) – to fulfil and deliver your order
• Legal obligation (Art. 6(1)(c)) – e.g., tax and accounting requirements
• Consent (Art. 6(1)(a)) – newsletter and marketing
• Legitimate interest (Art. 6(1)(f)) – fraud prevention, website analytics, service improvement
5. How We Use Your Data
We use personal data for the following purposes:
• processing and delivering orders;
• maintaining your account;
• providing customer support;
• sending transactional emails (order updates, receipts);
• sending marketing emails where consent is provided;
• preventing fraud and abuse;
• complying with tax and legal requirements;
• improving website performance and user experience.
6. Sharing Your Data
We only share your data with GDPR-compliant third parties when necessary:
• Shopify – hosting and store infrastructure
• Payment processors (Shopify Payments, iDEAL, credit card providers)
• Sendcloud – order fulfilment and shipping
• Klaviyo – marketing automation (if enabled)
• Customer support tools – Gmail, Google Workspace
• Analytics & cookies – as described in our Cookie Policy
• Authorities – only where legally required
We do not sell or rent your personal data to third parties.
7. Cookies & Tracking Technologies
We use cookies to:
• enable secure login,
• maintain cart functionality,
• analyse website performance,
• personalise browsing experience.
By using the website, you consent to the use of cookies as described in our Cookie Policy.
You may restrict or disable cookies through your browser settings.
8. Security Measures
We apply the following security safeguards:
• SSL encryption (HTTPS),
• secure payment processing via Shopify,
• restricted internal access to customer data,
• monitoring for fraudulent activity.
Although we take all reasonable precautions, no system is completely secure.
In the event of a data breach, we will notify affected users in accordance with GDPR requirements.
9. Data Retention
We retain personal data:
• for as long as your account remains active;
• as required for tax and accounting obligations (minimum 7 years under Dutch law);
• until you request deletion, where applicable.
10. Your GDPR Rights
As a data subject, you have the right to:
• Access your personal data
• Rectify incorrect or incomplete data
• Request deletion (“right to be forgotten”)
• Restrict processing
• Object to processing based on legitimate interest
• Withdraw consent at any time (marketing)
• Data portability (copy of your data)
• File a complaint with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens)
To exercise your rights, contact: support@nimfa.nl
11. Age Restriction
Our Services are intended for individuals aged 18 and older.
By using our site, you confirm that you meet this requirement.
12. International Data Transfers
Some partners (e.g., Shopify, Klaviyo) may process data outside the EEA.
All such transfers are protected by:
• Standard Contractual Clauses (SCCs),
• GDPR-compliant processor agreements.
13. Changes to This Privacy Policy
We may update this Privacy Policy when necessary.
The most recent version will always be posted on our website with the updated date above.
14. Contact
For privacy questions or GDPR requests:
Email: support@nimfa.nl
Address: Kwadijk 168, 1471 CK, Kwadijk, Netherlands
Data Controller: NIMFA
