Privacy Policy

Last updated: November 16, 2025

Through our webshop, privacy-sensitive data – also known as personal data – is processed.
Hugsback considers careful handling of personal data very important. Therefore, we process and secure your data with care.

In our processing, we adhere to the requirements of the General Data Protection Regulation (GDPR). This means, among other things, that we:

  • clearly state for what purposes we process personal data;
  • do not collect more data than necessary;
  • first ask for your consent when required;
  • take appropriate security measures;
  • respect your rights to access, correct, or delete your data.

Hugsback is responsible for data processing. In this privacy statement, we explain what personal data we collect, what we use it for, and with which parties we collaborate. We advise you to read this statement carefully.

If you have any questions, you can always contact Hugsback (contact details at the bottom).

Processing your order

When you order something in our webshop, we need personal data to process your order properly. For this, we use:

  • your name and address details
  • phone number
  • email address
  • payment details
  • shipping details

This data is used to:

  • process the order
  • handle payments via Mollie
  • keep you informed of the status of your order
  • deliver the order via our shipping partner Sendcloud (who collaborate with delivery services such as PostNL, DHL, etc.)

The legal basis for this is the performance of the contract.

We retain this information for up to two years after the order is completed.
A portion of the data (such as invoices) is retained for seven years due to the legal fiscal retention obligation.

Disclosure to third parties

We work with various parties who may receive your personal data when necessary for our services.

These parties include:

• Shopify (hosting of our webshop)

Shopify processes personal data to enable our webshop.

• Mollie (payment processing)

For iDEAL, Bancontact, credit card, Klarna, and other payment methods.

• Sendcloud (shipping processing)

For printing shipping labels and transmitting shipping data to carriers.

• Klaviyo (email marketing & newsletter)

Only when you subscribe.

• Meta (Facebook/Instagram) & TikTok

Only when you give consent for marketing cookies.

These parties process personal data according to their own privacy policies and comply with the GDPR.

We never provide your data to other companies or institutions, unless legally obliged to do so (for example, in the case of a police investigation).

Statistics and analysis

We keep statistics on the use of our webshop. This helps us improve the website and display more relevant information.

For this, we use:

  • Shopify Analytics
  • Google Analytics (IP not anonymized by choice of tracking)

We have a processing agreement with Google and have made strict agreements about what they may do with the data.

We do not unnecessarily combine statistical data with other personal data.

Cookies and tracking

Our webshop uses cookies. We use these for:

Functional cookies

Necessary for the webshop to function properly (login, shopping cart, preferences).

Analytical cookies

To measure how visitors use our webshop.

Marketing cookies (only with consent)

For personalized advertisements via:

  • Meta Pixel
  • TikTok Pixel
  • Klaviyo (email behavior)

On your first visit, we display a cookie banner where you can give or refuse consent.

You can always disable cookies via your browser settings.

Advertising and newsletters

We only send advertisements or newsletters if you have signed up for them.

We then send messages via:

  • email (Klaviyo)
  • possibly WhatsApp (only if you sign up for it)

Every marketing email contains an unsubscribe link.

You can unsubscribe at any time.

Security

We take security measures to prevent misuse, loss, or unauthorized access to personal data.

These include:

  • secured connections (SSL)
  • secured storage via Shopify
  • access security
  • regular updates

We pay close attention to potential vulnerabilities and continuously adapt security.

Retention periods

We never retain personal data longer than necessary.

  • Order data: 2 years
  • Invoice data: 7 years (legal obligation)
  • Newsletter data: until unsubscribed
  • Support messages: maximum 2 years
  • Account data: as long as the account is active

Your rights

According to the GDPR, you have the following rights:

  • to receive an explanation of what personal data we hold
  • access to the data we hold about you
  • to have errors corrected
  • to have outdated data deleted
  • to have data transferred
  • to withdraw consent
  • to object to a specific use

When making a request, always send clear identification so that we can be sure the correct data is being modified.

Filing a complaint

Do you feel that we are not helping you properly with your privacy rights?
Then you have the right to file a complaint with:

Dutch Data Protection Authority (Autoriteit Persoonsgegevens)
https://autoriteitpersoonsgegevens.nl

Changes to this privacy statement

We may amend this privacy statement from time to time.
We recommend that you review the statement regularly to stay informed of any changes.

Contact details

Hugsback
Broekkantsedijk 32
5482ET Schijndel
The Netherlands

Email: info@hugsback.com
WhatsApp: +31 6 45972787
Chamber of Commerce: 97949620
VAT number: NL868300500B01