Privacy policy

Privacy Policy 

Last updated: 25 June 2025

Company name: NIMFA
Data Controller: NIMFA
Email: support@nimfa.nl
Address: Kwadijk 168, 1471 CK, Kwadijk, Netherlands


1. Introduction

This Privacy Policy describes how NIMFA (“we”, “us”, “our”) collects, uses, stores, and discloses personal data when you access or use our website (www.nimfa.nl), make a purchase, subscribe to marketing, or interact with our Services.

Our store operates on the Shopify platform, which processes data on our behalf as a GDPR-compliant processor.

By using our Services, you acknowledge that you have read and understood this Privacy Policy.


2. Data Controller

NIMFA acts as the data controller for all personal data collected through:
 • our website,
 • order and checkout forms,
 • customer service communication,
 • marketing subscriptions.

For privacy-related inquiries: support@nimfa.nl


3. Personal Data We Collect

We may collect the following categories of personal data:

Contact Information
 • name
 • email address
 • phone number
 • billing and shipping address

Account & Order Information
 • account credentials
 • past orders, cart items
 • payment status (payment details are processed by Shopify/Stripe and not stored by us)

Marketing & Preferences
 • email marketing subscriptions
 • consent preferences

Device & Usage Data

Collected via cookies and analytics tools:
 • IP address
 • browser type
 • device information
 • pages visited
 • session activity

Communication Data
 • messages sent via email or contact forms
 • customer service history


4. Legal Basis for Processing (GDPR Article 6)

We process personal data based on:
 • Contract (Art. 6(1)(b)) – to fulfil and deliver your order
 • Legal obligation (Art. 6(1)(c)) – e.g., tax and accounting requirements
 • Consent (Art. 6(1)(a)) – newsletter and marketing
 • Legitimate interest (Art. 6(1)(f)) – fraud prevention, website analytics, service improvement


5. How We Use Your Data

We use personal data for the following purposes:
 • processing and delivering orders;
 • maintaining your account;
 • providing customer support;
 • sending transactional emails (order updates, receipts);
 • sending marketing emails where consent is provided;
 • preventing fraud and abuse;
 • complying with tax and legal requirements;
 • improving website performance and user experience.


6. Sharing Your Data

We only share your data with GDPR-compliant third parties when necessary:
 • Shopify – hosting and store infrastructure
 • Payment processors (Shopify Payments, iDEAL, credit card providers)
 • Sendcloud – order fulfilment and shipping
 • Klaviyo – marketing automation (if enabled)
 • Customer support tools – Gmail, Google Workspace
 • Analytics & cookies – as described in our Cookie Policy
 • Authorities – only where legally required

We do not sell or rent your personal data to third parties.


7. Cookies & Tracking Technologies

We use cookies to:
 • enable secure login,
 • maintain cart functionality,
 • analyse website performance,
 • personalise browsing experience.

By using the website, you consent to the use of cookies as described in our Cookie Policy.

You may restrict or disable cookies through your browser settings.


8. Security Measures

We apply the following security safeguards:
 • SSL encryption (HTTPS),
 • secure payment processing via Shopify,
 • restricted internal access to customer data,
 • monitoring for fraudulent activity.

Although we take all reasonable precautions, no system is completely secure.
In the event of a data breach, we will notify affected users in accordance with GDPR requirements.


9. Data Retention

We retain personal data:
 • for as long as your account remains active;
 • as required for tax and accounting obligations (minimum 7 years under Dutch law);
 • until you request deletion, where applicable.


10. Your GDPR Rights

As a data subject, you have the right to:
 • Access your personal data
 • Rectify incorrect or incomplete data
 • Request deletion (“right to be forgotten”)
 • Restrict processing 

• Object to processing based on legitimate interest
 • Withdraw consent at any time (marketing)
 • Data portability (copy of your data)
 • File a complaint with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens)

To exercise your rights, contact: support@nimfa.nl


11. Age Restriction

Our Services are intended for individuals aged 18 and older.
By using our site, you confirm that you meet this requirement.


12. International Data Transfers

Some partners (e.g., Shopify, Klaviyo) may process data outside the EEA.
All such transfers are protected by:
 • Standard Contractual Clauses (SCCs),
 • GDPR-compliant processor agreements.


13. Changes to This Privacy Policy

We may update this Privacy Policy when necessary.
The most recent version will always be posted on our website with the updated date above.


14. Contact

For privacy questions or GDPR requests:

Email: support@nimfa.nl
Address: Kwadijk 168, 1471 CK, Kwadijk, Netherlands
Data Controller: NIMFA