Skip to content
Free shipping over €25
Azarius

Privacy Policy

Privacy Policy

At Azarius, we take your privacy seriously. As a smartshop since 1999, we process personal data of customers across Europe every day — and we handle it with care. In this privacy policy, you'll find exactly what data we collect, why, how long we keep it, and what rights you have. No legal jargon: clear and in plain language.

In short

We only process the data we genuinely need to deliver your order, manage your account, and (with your consent) keep you informed. We never sell your data to third parties.

28 April 2026 · v4.0 · View change log

Who is responsible for your data?

The data controller within the meaning of the General Data Protection Regulation (GDPR) is Azarius:

For privacy-related questions, you can contact us directly at [email protected].

What data do we collect?

Account and orders

First and last name · Delivery and billing address · Phone number · Email address · Date of birth (age verification 18+) · Gender (optional) · IP address · Order history

Website visits

Anonymised IP address · Browser type and version · Device type and operating system · Pages visited and visit time · Referrer

Newsletter

First and last name · Email address · Gender (optional) · Sign-up date and interaction data

Customer service

Our customer service team has access to your account data and order history to answer your query effectively. Correspondence is kept for quality assurance and training purposes.

Why do we process this data?

Data processing purposes
Purpose Data used
Order fulfilment and deliveryName, address, email, phone, date of birth
Account managementName, email, encrypted password, order history
Age verification (legal requirement)Date of birth
Customer service and warrantyAccount and order data, correspondence
Fraud prevention and securityIP address, order behaviour, payment data
Newsletter (with consent)Name, email, gender, preferences
Analytics for improvementAnonymised IP address, click behaviour
Legal (fiscal) obligationsInvoice data

How long do we keep your data?

Data retention periods
Data Retention period
Account dataAs long as account is active + 12 months after inactivity
Order data and invoices7 years (Dutch fiscal law, Art. 52 AWR)
Customer service correspondence2 years after last contact
NewsletterUntil withdrawal + monthly relevance check
CookiesMaximum 24 months — see cookie policy
Log files (IP, security)6 months
Job application data4 weeks after completion (without consent)

After the retention period, data is permanently deleted or anonymised.

Who do we share data with?

We only share data with parties that help us deliver our services, under a data processing agreement (Art. 28 GDPR):

  • Delivery services
  • Payment service providers
  • Email marketing platform
  • Hosting provider within the EU
  • Analytics providers (Google Analytics with anonymised IP)
  • Competent authorities (only when legally required)

We never sell your data.

Transfers outside the EEA

Some service providers process data outside the European Economic Area. Safeguards in place:

  • Standard Contractual Clauses (SCCs) from the European Commission
  • EU-US Data Privacy Framework for certified American parties
  • Additional encryption and pseudonymisation

A full overview of sub-processors is available on request via [email protected].

Cookies and tracking

For non-functional cookies, we ask for your consent upfront via our cookie banner (ePrivacy Directive + GDPR).

  • Functional cookies (shopping cart, login): necessary — no consent required
  • Analytical cookies (Google Analytics, anonymised): with consent
  • Marketing cookies: opt-in only

You can adjust your preferences at any time via our cookie settings.

How do we protect your data?

Measures in accordance with Art. 32 GDPR:

  • TLS 1.3 encryption for data in transit
  • AES-256 encryption for storage of sensitive data
  • Bcrypt hashing for passwords
  • PCI-DSS compliance for payments (we do not store credit card data)
  • IP-level access control
  • Role-based access for staff
  • Periodic security audits by internal security manager
  • Data breach protocol (notification to Dutch DPA within 72 hours if required)

Your rights under the GDPR

As a data subject, you have the following rights:

  • Right of access
  • Right to rectification
  • Right to erasure ("right to be forgotten")
  • Right to restriction of processing
  • Right to data portability
  • Right to object
  • Right to withdraw consent
  • Right not to be subject to automated decision-making

Exercise your rights via [email protected] or our contact form. We respond within 30 days (extendable by 60 days for complex requests).

Filing a complaint

Not satisfied? Please contact us first at [email protected]. If we cannot resolve your concern:

  • Dutch Data Protection Authority (Autoriteit Persoonsgegevens)
  • Postbus 93374, 2509 AJ The Hague
  • Phone: 088 - 1805 250
  • autoriteitpersoonsgegevens.nl

Changes to this policy

For significant changes, we will notify you via email or a website notice.

Version history

  • v4.0 (28 April 2026) — Full revision, GDPR rights clarified, retention table added
  • v3.2 (15 January 2025) — Cookie policy updated
  • v3.0 (10 March 2024) — Addition of EU-US Data Privacy Framework

Contact

Frequently asked questions

Does Azarius sell my data to third parties?

No. We only share data with partners necessary for delivery and service, under a data processing agreement.

How do I delete my account?

Send a request to [email protected] from the email address linked to your account. Deletion is completed within 30 days, except for data with a legal retention obligation (e.g. invoices, 7 years).

Is data stored outside Europe?

Our main servers are in the EU. Some analytics services partially process data in the US, under Standard Contractual Clauses or the Data Privacy Framework.

Why do you ask for my date of birth?

We sell exclusively to customers aged 18 and over. This is a legal obligation.

Sign up for our newsletter-10%