Algemene voorwaarden

Privacy Statement Keepr Essentials (RHMT Ventures)


Keepr Essentials (RHMT Ventures, Chamber of Commerce 93994435) is the data controller of your personal data. Our address is Meenkselaan 14, 3972 JR Driebergen-Rijsenburg, the Netherlands. For privacy inquiries, you may contact us at hidde@rhmtventures.com.

 We apply Privacy by Design: only necessary data is collected, securely stored (encryption), and deleted after retention period.

We collect personal data you provide, for instance when registering or placing an order. These may include your name, address, contact details (email, phone), payment and billing data, and technical data such as your IP address, order history, and website usage. We process these data to fulfill your order, communicate with you, detect and prevent fraud, and improve our service. The primary legal basis is performance of the contract. For further processing, we rely on our legitimate interests (e.g. security, service optimization, customer support), and we have conducted a balancing test: for instance, in fraud detection the necessity (fraud risks) outweighs the minimal impact on privacy due to short retention, pseudonymization, etc.

 

Certain data (address, payment data) are mandatory. Without those, we cannot perform the contract. Other data (e.g. email for newsletters) are optional; you sign up via an opt-in checkbox and can unsubscribe at any time via the newsletter link or by contacting us.

 

Cookies & Technical Data


 We use functional cookies necessary for site operation (e.g. remembering your cart or session). We do not use tracking or marketing cookies without your explicit consent. For functional cookies, we base processing on our legitimate interest.

 

We use analytical cookies and pixels from social media platforms (Facebook/Meta, TikTok, Instagram) for marketing and conversion tracking. For this, we request your explicit consent via a cookie banner. These platforms may process personal data outside the EEA; see their privacy policies for details.

Recipients, Processors & Processor Agreements

 
 Your data may be disclosed to third parties such as payment providers, shipping carriers (e.g. PostNL), hosting/IT providers, and accountants. Payments are processed by Shopify Payments. They act as processors under data processing agreements. This is done solely for contract performance or legal compliance.
 

We enter into data processing agreements (DPAs) with these third parties, stipulating that they process your data only on our instruction, apply appropriate safeguards, and assist us in rights exercise (e.g. responding to you). Under the GDPR, entering into such DPAs is mandatory when third parties process data on our behalf.

 

Retention Periods

 

We will not retain personal data longer than necessary:


  • Order & invoice data: 7 years (legal obligation)

  • Customer account data: while account is active + up to 5 years for administration/service

  • Log / IP data: up to 6 months (for security)

  • Support / correspondence: up to approx. 2 years after last contact


 

After expiry, data are securely deleted or anonymized.

 

International Transfers

 

We do not transfer personal data outside the European Economic Area (EEA). All processing and storage take place within the EEA. Should this change in future (e.g. use of non-EEA tools), we will adopt adequate safeguards (such as standard contractual clauses) and inform you beforehand.

 

Automated Decision-Making / Profiling

 

We currently do not engage in automated decision-making or profiling with legal or similarly significant effects. If we begin doing so, we will inform you and comply with relevant laws.

 

Security & Data Breaches

 

We implement technical and organizational safeguards such as encryption (SSL/TLS), access controls, secure backups and regular updates.

 

In case of a data breach, we act per the GDPR: we notify the supervisory authority within 72 hours, unless the breach is unlikely to result in risk for individuals. If required, we inform affected persons. We maintain an internal data breach register (per art. 33(5) GDPR), in which we log all incidents, their facts, impacts and corrective measures, as part of our accountability. (See also documentation obligation) 

 

Your Rights

 

Under the GDPR, you have the following rights:


  • Right of access

  • Right to rectification

  • Right to erasure (“right to be forgotten”)

  • Right to restrict processing

  • Right to data portability

  • Right to object to processing (especially when based on legitimate interest)


 

You may submit your request via hidde@rhmtventures.nl. We respond within one month. If you object to processing based on legitimate interests, we will cease processing unless we can demonstrate compelling legitimate grounds.

 

If you believe we are not complying with the GDPR, you may lodge a complaint with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens).

 



 

If you act on behalf of a business (B2B), this privacy statement applies to personal data of natural persons (e.g. contact persons). Business data such as registration number or company name typically fall outside GDPR scope unless linked to a person.

 

Changes

 

This privacy statement was last updated on 17 October 2025. We reserve the right to make changes. Significant changes will be posted on our website and, if applicable, communicated by e-mail.