Privacy Policy
Last updated: October 28, 2025
Privacy Policy
This Privacy Policy explains how Van Zon Mode Nederland BV (“Van Zon Mode”, “we”, “us”) collects, uses, and protects your personal data when you use https://www.vanzonmode.nl.
1. Who we are
Van Zon Mode Nederland BV, located at Kalundborg 3, 5026 SE Tilburg, The Netherlands. You can contact us at info@vanzonmode.nl.
2. Data we collect
- Contact & Business Details: name, email, phone, company, role, and message content (e.g., contact forms, B2B portal).
- Account & Authentication: where applicable, login identifiers and hashed passwords for the B2B portal.
- Technical Data: IP address, device/browser information, pages visited, timestamps, referrer; security signals (e.g., Turnstile).
- Marketing Preferences: newsletter opt-ins and engagement.
3. How we use data (purposes & lawful bases)
- Provide and improve our services (contract; legitimate interests).
- Operate the B2B portal (contract).
- Security & fraud prevention, including spam/bot protection (legitimate interests).
- Legal compliance (legal obligation).
- Analytics with consent (consent via cookie banner/Consent Mode).
4. Analytics & Tag Management
We use Google Tag Manager (GTM) to load tags based on your consent choices, and Google Analytics 4 (GA4) for aggregated usage insights. GA4 is configured with IP anonymization, no Ads Personalization, reduced data retention, and regional controls. GA/other tags load only after consent via GTM/Consent Mode.
- IP anonymization enabled
- Signals/Ads features disabled
- Consent Mode (tags respect your choices)
- EU-centric regional settings where available
5. Cookies & Consent
We use essential cookies (for core functionality and security) and, subject to your consent, analytics cookies to improve our site. You can change your preferences at any time via our cookie banner (when implemented) or your browser settings.
6. Data sharing & processors
We share personal data with trusted processors who operate under our instructions and are bound by data processing agreements. The key processors we use are:
| Processor | Purpose | Data | Region |
|---|---|---|---|
| Cloudflare (CDN, Security, DNS, WAF, DDoS, Caching) Turnstile used to prevent spam; no cookies for bot detection by default. | Edge delivery, uptime, performance optimization, and security (including WAF/DDoS). | IP address, request metadata, user agent, URLs, headers; bot detection signals (incl. Turnstile). | Primarily EU data centers when available; global edge network with safeguards. |
| Vercel (Hosting & Logs) We prefer EU regions for deployments and logging where available. | Application hosting, build/deploy pipeline, and runtime/serverless logs. | IP address, request logs/metadata, error traces; minimal runtime analytics if enabled. | EU regions where configured; global infrastructure with safeguards for edge features. |
| Google Tag Manager (GTM) Configured with Consent Mode so analytics/ads tags only load after consent. | Tag orchestration and consent-aware loading of analytics/marketing tags. | Minimal event info required to fire tags; GTM itself does not profile users. | EU processing emphasized via Consent Mode and tag settings. |
| Google Analytics 4 (GA4, anonymized) IP anonymization ON, data retention minimized, signals/ads personalization OFF, consent required before load. | Aggregated analytics and product usage insights. | Pseudonymous identifiers, page views, events; IP anonymization enabled; ads features off. | EU data collection with IP anonymization; restricted data processing and regional controls. |
| SendGrid (Twilio) We avoid storing message content beyond operational needs; emails are transmitted securely. | Transactional email delivery (contact form, notifications). | Contact details, message content, technical metadata. | EU/US with contractual safeguards and sub-processor DPA. |
| Cloudflare Turnstile Turnstile is privacy-preserving and does not use third-party cookies. | Bot protection for forms without intrusive tracking. | IP address, device & browser signals for risk scoring. | Global edge; EU traffic served from EU when available. |
7. International transfers & data location
We configure our services to process and store data within the European Union where available. When a sub-processor also operates globally, we implement appropriate safeguards and EU-centric configurations (e.g., EU regions, IP anonymization, and restricted data processing).
8. Data retention
We retain personal data only as long as necessary for the purposes described above and as required by law (e.g., tax/audit). When no longer needed, we securely delete or anonymize it.
9. Your rights (GDPR)
You can exercise these rights, subject to conditions under applicable law:
- Access, rectification, erasure
- Restriction and objection to processing
- Data portability
- Withdraw consent (where processing is based on consent)
Contact us at info@vanzonmode.nl. You may also lodge a complaint with your local supervisory authority. In the Netherlands, this is the Autoriteit Persoonsgegevens.
10. Security
We implement technical and organizational measures appropriate to the risk, including access controls, encryption in transit, and continuous monitoring. No method is 100% secure.
11. Children
Our services are not directed to children under 16. If you believe we have collected data about a child, contact us to request deletion.
12. Contact
Van Zon Mode Nederland BV
Kalundborg 3, 5026 SE Tilburg, The Netherlands
info@vanzonmode.nl
This template is for general information and does not constitute legal advice. Please consult legal counsel to tailor it to your specific processing activities and regional requirements.