Privacy policy

Last updated: January 6, 2026


Racefiets013 B.V. operates this store and website, including all related information, content, features, tools, products and services (the “Services”). Our webshop runs on Shopify. This privacy policy explains how we collect, use, store and share your personal data when you visit or use our Services, create an account, make a purchase, contact us, or otherwise communicate with us.


If there is a conflict between our terms and conditions and this privacy policy, then this privacy policy prevails to the extent it concerns the collection, processing and sharing of personal data.


 

1. Who is responsible for your data

 


Racefiets013 B.V. is the data controller.


Contact:


Company: Racefiets013 B.V.

Address: Ringbaan-Oost 152b, 5013 CE Tilburg, Netherlands

Email: hi@racefiets013.com

Chamber of Commerce (KvK): 98970747

VAT ID: NL868726461B01


We do not have a Data Protection Officer (DPO).


 

2. What personal data we process

 


By “personal data” we mean information that can identify you directly or indirectly.


Depending on how you use the Services, we may process the following categories:


 

A. Contact and account data

 


Name, email address, phone number

Account information (such as account status, settings, password in encrypted form within Shopify)


 

B. Order and transaction data

 


Orders, order history, returns

Billing address and shipping address

Payment status and transaction references (payment details themselves are generally processed by payment providers)


 

C. Customer service and communication

 


Content of messages you send us (for example via email or contact form)


 

D. Technical data and usage data

 


IP address, browser and device information

Log data needed for security, troubleshooting and running the webshop


 

E. Camera footage in the store

 


Camera footage in and/or around our physical location (security and theft prevention)


 

3. Where personal data comes from

 


We obtain personal data:


Directly from you (account, order, contact)

Automatically via the website (necessary cookies and log files)

Via Shopify and parties needed to fulfill the order (payment)


 

4. Why we use your data and the legal basis

 


We only process personal data when there is a valid legal basis under the GDPR.


 

4.1 Performance of a contract

 


Purposes:

Process, deliver and handle orders

Create and manage an account

Handle returns, warranty and service

Legal basis: necessary for the performance of the contract.


 

4.2 Legal obligation

 


Purposes:

Administration, invoicing and tax obligations

Legal basis: legal obligation.


 

4.3 Legitimate interests

 


Purposes:

Website security, fraud prevention, abuse detection

Internal business operations (for example handling disputes)

CCTV in the store for safety and theft prevention

Legal basis: legitimate interest.


 

4.4 Consent

 


Purposes:

Newsletter via Shopify Email

Legal basis: consent. You can unsubscribe at any time via the unsubscribe link in each newsletter.


 

5. Who we share personal data with

 


We only share personal data when necessary for the Services, or when we are legally required to do so.


 

5.1 Shopify (hosting and webshop functionality)

 


Our webshop runs on Shopify. Shopify processes personal data to provide and secure the Services.


 

5.2 Payment providers

 


We use payment solutions via Shopify, including:

Shopify Payments (including for credit card payments)

Klarna (if you choose pay later)

Shop Pay (if you use it at checkout)

These parties process (payment) data under their own terms.


 

5.3 Shipping process

 


We ship ourselves from Tilburg. For shipping we process your name, address and contact details so we can deliver your order.


 

5.4 Legal obligations and protection of rights

 


We may share data if necessary to comply with the law, or to protect our rights (for example in cases of fraud, legal claims), or in connection with a business change (such as an acquisition).


 

6. Cookies and similar technologies

 


Even without ads or analytics, a Shopify webshop uses necessary cookies and similar technologies to make the website function (for example for login, cart, checkout and security).


With our current setup, we do not use ad pixels or tracking for targeted advertising (such as Meta Pixel, Google Analytics or TikTok Pixel).


You can manage cookie preferences via the Shopify customer privacy banner (where available and enabled).


 

7. CCTV in the store

 


There is CCTV in and/or around our store for:

Safety of visitors and staff

Theft and incident prevention


Legal basis: legitimate interest.


Retention period for CCTV footage:

Standard up to 28 days, unless an incident is recorded. In case of an incident, footage may be kept longer as necessary for handling (for example reporting to police or investigation).


 

8. Retention periods

 


We do not keep personal data longer than necessary for the purposes in this privacy policy. The GDPR requires clear information about this.


We use at least the following retention periods:

Invoices and tax administration: 7 years (legal retention obligation).

Customer service emails: up to 24 months after the last contact, unless longer is needed for an ongoing dispute.

Incomplete checkouts/carts: up to 90 days (unless you complete the order).

Account data: as long as your account exists, and afterwards until deletion at your request, unless we must keep certain data due to legal obligations.

Technical logs (security/troubleshooting): up to 12 months.

CCTV footage: up to 28 days, unless incident (see section 7).


 

9. International transfers

 


Shopify and some (sub)processors may process data outside the European Economic Area. When personal data is transferred to countries outside the EEA, appropriate safeguards are used where required, such as Standard Contractual Clauses (SCCs).


 

10. Your rights

 


Under the GDPR you have rights including:

Access

Correction

Deletion

Restriction

Objection (especially for processing based on legitimate interest)

Data portability

Withdraw consent (for example newsletter)


You can submit a request via hi@racefiets013.com. We may ask for additional information to verify your identity.


 

11. Complaints

 


If you have a complaint, please contact us first.


You can also file a complaint with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens).


 

12. Children’s data

 


Our Services are not intended for children. We do not knowingly collect personal data from children.


 

13. Security

 


We take appropriate technical and organizational measures to protect personal data. No system is 100% secure. Do not share sensitive information via insecure channels.


 

14. Changes

 


We may update this privacy policy if our practices or legislation change. The latest version is always available on our website with the date of the last update.


Footer links to include (handy)


Dutch Data Protection Authority (tip/complaint): https://www.autoriteitpersoonsgegevens.nl/een-tip-of-klacht-indienen-bij-de-ap

AP complaints form: https://klachten.autoriteitpersoonsgegevens.nl/

Shopify cookie policy: https://www.shopify.com/legal/cookies

Shopify customer privacy settings: https://help.shopify.com/en/manual/privacy-and-security/privacy/customer-privacy-settings

Dutch Tax Authority retention obligation (7 years): https://www.belastingdienst.nl/wps/wcm/connect/bldcontentnl/belastingdienst/zakelijk/btw/administratie_bijhouden/administratie_bewaren/administratie_bewaren