Privacy Policy

Effective Date: November 1, 2025

This Privacy Policy describes how Tomann & Alberts Enterprises (trading as ReviveYourHair) collects, uses and protects your personal data when you visit reviveyourhair.eu or purchase our products.

Key Points in One Minute:

  • We only collect the data we need to run our webshop, ship your order, and—if you agree—send you hair care tips and offers.
  • We never sell your data.
  • You can ask us to view, correct or delete your data at any time.

1. Who Is Responsible for Your Data?

Data controller (GDPR Art. 13 §1 a):

Tomann & Alberts Enterprises

Hemelsley 123, 6136 HK Sittard, Netherlands

KvK 96084294 — VAT NL867462668B01

Tel. +31 6 46390476

Email: info@reviveyourhair.eu

Privacy contact: Saf Alberts

2. What Personal Data We Collect

We collect and process the following categories of data:

Identity & Contact

Full name, postal address, email, telephone

Transaction

Order ID, products, payment status, delivery tracking number

Payment

Last four digits of card / PayPal transaction ID, iDEAL issuer ID

Technical

IP address, device type, browser, OS, referrer URL, cookie ID

Usage

Pages visited, time on page, clicks, search terms (via analytics cookies)

Marketing Preferences

Newsletter opt-in, open & click rates

Support & Reviews

Messages, product reviews, star ratings

Important:

We do not request or intentionally process sensitive data such as health or ethnicity. If you disclose such data in a support message, we delete it after your request is closed.

3. Why We Process Your Data & Legal Bases

Order processing & delivery Contract (Art. 6(1)(b)) — Kept 7 years (Dutch tax law)
Customer support Legitimate interest (Art. 6(1)(f)) — Kept 3 years after last contact
Website security & fraud prevention Legitimate interest (Art. 6(1)(f)) — Logs 30 days, security logs 13 months
Analytics & UX optimization Consent via cookie banner (Art. 6(1)(a)) — Kept 14 months
Marketing emails & offers Consent or soft opt-in (Telecom Act §11(7)) — Kept until opt-out or 24 months of inactivity
Legal bookkeeping Legal obligation (Art. 6(1)(c)) — Kept 7 years

You can withdraw your consent at any time without affecting past processing.

4. Cookies & Similar Technologies

We use cookies to run our store and improve your experience.

  • Strictly necessary — Remember basket contents, process payments (Contract)
  • Analytics — Understand site use (_ga) (Consent)
  • Preference — Remember language, cookie settings (Legitimate interest)
  • Marketing — Send relevant offers (Consent)

You can change or withdraw consent anytime via the "Cookie Settings" link in the footer. A full cookie table is available at Cookie Policy.

5. Who We Share Your Data With

We share data only with trusted partners who help us operate our business. Each partner acts as either a processor (acting under our instructions) or independent controller.

SiteGround Spain S.L. Hosting — EU data centre (EEA)
WooCommerce E-commerce platform — EU
Mollie B.V. iDEAL & card payments — EU
PayPal (Europe) S.à r.l. Payment processing — EU/US (Data Privacy Framework)
PostNL B.V. Delivery — EU
Google Ireland Ltd. (GA4) Analytics (IP truncation, SCCs)
MailerLite UAB Newsletters & emails — EU
We Never Sell Your Data

We never sell or rent your data to third-party advertisers.

6. International Data Transfers

If data is transferred outside the European Economic Area, we rely on safeguards such as an adequacy decision (e.g. EU-US Data Privacy Framework), Standard Contractual Clauses, or your explicit consent.

7. How Long We Keep Your Data

We follow the retention periods in Section 3. After expiry we erase or anonymize data unless legal obligations require longer storage.

8. How We Keep Your Data Secure

We apply appropriate technical and organizational measures including:

  • TLS 1.3 encryption
  • Two-factor authentication for admin accounts
  • Daily encrypted off-site backups (14-day retention)
  • Principle of least privilege for access
  • Security patches within 72 hours
  • Continuous monitoring & Web Application Firewall (WAF)

In case of a personal data breach, we will notify affected individuals and the Dutch Data Protection Authority within 72 hours.

9. Your Rights

You have the right to:

Access

View your personal data we hold

Correction

Fix inaccurate data

Deletion

Request we delete your data ('right to be forgotten')

Restriction

Limit how we process your data

Portability

Receive your data in a portable format

Object

Stop processing based on legitimate interest or direct marketing

Withdraw Consent

Remove consent at any time

To exercise your rights, email privacy@reviveyourhair.eu or write to our address above. We may ask for proof of identity.

You can also lodge a complaint with the Autoriteit Persoonsgegevens or your local authority.

10. Children

Our Site is not directed to children under 16. We do not knowingly collect personal data from minors. If you believe we have data from a child, contact us and we will delete it promptly.

11. Automated Decision-Making & Profiling

We do not use personal data for automated decisions that have legal or significant effects.

12. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be announced 30 days in advance by email (if we have your address) and a notice on the Site. Previous versions remain available at reviveyourhair.eu/legal/privacy-archive.

13. Contact Us

Questions, requests or complaints?

Email:

info@reviveyourhair.eu

Phone:

+31 6 46390476

Post:

Tomann & Alberts Enterprises — Privacy

Hemelsley 123, 6136 HK Sittard, Netherlands

Thank you for trusting ReviveYourHair with your data.