Privacy Policy NLNaturals

NLNaturals respects your privacy and handles your personal data with care. This privacy statement explains what data we collect, why we collect it, how we use it, and what rights you have. This statement complies with the requirements of the General Data Protection Regulation (GDPR).

Last updated: April 2026
Data controller: NLNaturals B.V., Telfordstraat 35A, 8013 RL Zwolle, The Netherlands

1. What data do we collect?

We only collect personal data that is necessary for our services:

When placing an order:

  • First and last name
  • Address details (street, house number, postal code, city, country)
  • Email address
  • Telephone number
  • Company name, VAT number (for B2B customers)
  • Payment details (via our secure payment providers)
  • Order history and order information

When using our website:

  • IP address and browser information
  • Browsing behaviour via cookies (see cookie policy)
  • Device and system information

When contacting customer service:

  • Correspondence (emails, phone calls)
  • Complaints and feedback

2. Why do we process your data?

We process your personal data for the following purposes, with the following legal bases:

Performance of the agreement (order processing):

  • Processing and shipping your order
  • Communication about your order
  • Payment processing
  • Handling returns
  • Customer service and support

Legal obligation:

  • Retention of invoices and accounting data (fiscal retention obligation)
  • Age verification for age-restricted products

Legitimate interest:

  • Fraud prevention and security
  • Improving our website and services
  • Analysing website usage

Consent:

  • Sending newsletters and marketing communications
  • Placing non-essential cookies

You can withdraw your consent at any time via the unsubscribe link in every newsletter or by contacting us.

3. With whom do we share your data?

We only share your data with parties that help us deliver our services. These parties are contractually obliged to maintain confidentiality and may not use your data for their own purposes.

Webshop and hosting

PrestaShop —Our webshop software for processing orders and managing customer data. PrestaShop has implemented appropriate security measures including SSL encryption.

Combell —Our hosting provider that manages our website and email services. Combell has taken technical and organisational measures to protect your data.

Payment services

For processing payments, we use recognised payment service providers. Your payment details are processed directly and securely by these parties according to the highest security standards (PCI-DSS). We do not have access to your complete payment details such as credit card numbers or full bank account details.

Available payment methods: iDEAL, bank transfer, and other trusted payment options. All payment methods comply with European security standards.

Shipping and logistics

UPS and DPD —For delivering your order, we share your name, address and contact details with our shipping partners. They use this data exclusively for carrying out the delivery.

Sendcloud —Our shipping platform that helps us manage and process shipments. Sendcloud processes your shipping data exclusively on our behalf.

Email marketing

Omnisend —For sending newsletters (only with your consent). Omnisend processes your name and email address and uses cookies to measure whether emails are opened. You can always unsubscribe via the link at the bottom of every newsletter.

Website security and performance

Cloudflare —For securing and accelerating our website. Cloudflare processes your IP address and technical data. Cloudflare has European data centres and complies with the GDPR.

Website analytics

Google Analytics —For analysing website traffic and user behaviour. We have concluded a processing agreement with Google and have enabled IP anonymisation. You can block Google Analytics via your cookie settings.

4. How long do we retain your data?

  • Customer data: As long as you are a customer with us and use our services. After your last order, we retain your basic data for a reasonable period in case you return as a customer.
  • Order history: As long as necessary for customer service and warranty obligations.
  • Invoices and accounting data: 7 years (fiscal retention obligation).
  • Newsletter subscriptions: Until you unsubscribe.
  • Correspondence: As long as relevant for handling your enquiry or complaint.
  • Cookies and analytical data: In accordance with our cookie policy (maximum 24 months).

If you submit a deletion request, we will delete your data within 30 days, with the exception of data we are legally obliged to retain (such as invoices).

5. How do we secure your data?

  • SSL encryption for all data transfer on our website
  • Secured servers with regular updates and patches
  • Access restriction to personal data (authorised personnel only)
  • Strong password security and two-factor authentication where possible
  • Regular data backups
  • Processing agreements with all external parties
  • Monitoring and logging of access to systems

6. Your rights under the GDPR

You have the following rights at all times with regard to your personal data:

Right of access

You can request which personal data we process about you.

Right to rectification

You can request correction of inaccurate or incomplete data.

Right to erasure ('right to be forgotten')

You can request deletion of your data, unless we have a legal retention obligation.

Right to restriction of processing

You can request temporary restriction of the processing of your data.

Right to data portability

You can request to receive your data in a structured, machine-readable format.

Right to object

You can object to processing based on legitimate interest.

Right to withdraw consent

If processing is based on consent, you can always withdraw it.

How to exercise your rights

Contact our privacy officer (see below). We will respond to your request within 30 days. To prevent misuse, we may ask you to identify yourself.

Filing a complaint

Not satisfied with how we handle your data? You have the right to file a complaint with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens): www.autoriteitpersoonsgegevens.nl

7. Cookies

Our website uses cookies. A cookie is a small text file that is stored in your browser when you first visit this website.

What cookies do we use?

Functional cookies —These cookies are necessary for the website to function and cannot be disabled. They remember your shopping cart and language preferences.

Analytical cookies —We use Google Analytics to understand how visitors use our website. This information is anonymised and helps us improve the website. You can refuse these cookies via our cookie banner.

Marketing cookies —Only with your consent. These cookies are used for sending relevant communications. You can refuse these cookies via our cookie banner.

Managing cookies

You can manage cookies via your browser settings. Please note that disabling cookies may limit the functionality of the website.

8. Changes to this privacy statement

We reserve the right to make changes to this privacy statement. The most recent version can always be found on this page. For significant changes, we will actively inform you by email.

9. Questions and contact

Data Controller

NLNaturals B.V.
Telfordstraat 35A
8013 RL Zwolle
The Netherlands

Phone: +31 (0)38 20 01 004
Email: info@nlnaturals.com

For questions about privacy or exercising your GDPR rights, you can contact us using the details above.

Loading...