Privacy Statement

Privacy Statement

At Rosera, we are committed to protecting your privacy and handling your personal data with the utmost care. This Privacy Statement explains how we collect, use, store, and protect your personal information in accordance with the General Data Protection Regulation (GDPR), known in Dutch as the Algemene Verordening Gegevensbescherming (AVG).

1. Who we are

This privacy policy applies to the webshop Rosera, based in the Netherlands, which specializes in the sale of personal care products, cosmetics, and perfumes.

If you have any questions about this statement or how your data is handled, you can contact us via our contact page or by email at: customerservice@rosera.net

2. Personal data we collect

When you use our webshop, we may collect and process the following personal data:

  • Name and surname
  • Shipping and billing address
  • Email address
  • Phone number
  • Payment information (processed securely via third-party payment providers such as Mollie or equivalent)
  • Order history and preferences
  • IP address and browser information (for technical and analytical purposes)

We do not collect sensitive personal data (such as racial or ethnic origin, political opinions, health data, etc.).

3. Why We Use Your Data

We only collect and use your personal data for the following purposes:

  • To process and fulfill your order
  • To manage your payment transactions
  • To ship your purchased products to the correct address
  • To send you confirmation emails and updates about your order
  • To provide customer service and respond to your inquiries
  • To comply with legal obligations (e.g., tax or accounting records)
  • To improve your shopping experience on our website (only if you consent to cookies or analytics)

Your data will never be sold, rented, or shared with third parties for commercial purposes.

4. Legal Basis for Processing

We process your personal data only when at least one of the following conditions is met:

  • Contractual necessity: To fulfill a purchase you make with us.
  • Legal obligation: For example, to retain invoice data.
  • Consent: When you have explicitly opted in to receive newsletters or marketing communications (which you can unsubscribe from at any time).
5. Third-Party Services

While we do not share your data with third parties for their own purposes, we may use carefully selected external service providers to help us run our business efficiently. These may include:

  • Payment processors (e.g. Mollie, PayPal)
  • Shipping companies (e.g. PostNL, DHL)
  • Web hosting and IT providers

These parties only process data on our behalf and under our strict instruction, and they are required to comply with GDPR/AVG regulations.

6. Data Storage and Retention

Your personal data is securely stored in systems that are protected by encryption and secure access controls.

  • We retain order and customer data for 7 years, as required by Dutch tax law.
  • Data used for customer service inquiries is kept for a maximum of 1 year after resolution.
  • If you have created an account, your data will remain stored until you request deletion or delete your account yourself.
7. Your Rights Under the GDPR

As a data subject, you have the following rights:

  • The right to access your data
  • The right to correct or update your data
  • The right to request deletion of your data (except when legal obligations require us to retain it)
  • The right to restrict or object to processing in certain cases
  • The right to data portability

To exercise any of these rights, please contact us at customerservice@rosera.net

8. Security Measures

We take all reasonable precautions to ensure your data is protected. This includes:

  • SSL-encrypted connections
  • Secure servers
  • Access control for all internal systems
  • Regular software and platform updates
9. Changes to This Statement

We may update this Privacy Statement from time to time. The most current version will always be available on our website. We encourage you to review it periodically.

10. Questions or Complaints

If you have questions or complaints about how we handle your personal data, please contact us first. If you’re not satisfied with our response, you have the right to file a complaint with the Autoriteit Persoonsgegevens (Dutch Data Protection Authority).