Privacy Policy

Introduction

imbricuspb B.V. ("we", "our", or "us") is committed to protecting and respecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website imbricuspb.life, use our services, or interact with us in any capacity. This policy complies with the General Data Protection Regulation (GDPR) and other applicable privacy laws.

Data Controller

imbricuspb B.V. is the data controller responsible for your personal data. Our contact details are:

Data Collection

The data we collect includes personal information that you provide directly to us, information collected automatically through your use of our services, and information from third-party sources. We collect the following types of personal data:

• Contact Information: Name, email address, phone number, postal address
• Order Information: Purchase history, payment information, delivery preferences
• Communication Data: Records of correspondence, enquiries, and customer service interactions
• Website Usage Data: IP address, browser type, device information, pages visited, time spent on site
• Marketing Preferences: Communication preferences and consent records
• Technical Data: Cookies, log files, and other tracking technologies

How We Use Your Information

We explain how we use your information for various purposes based on legitimate interests and legal obligations. The use of your data includes:

• Order Processing: To fulfil your orders, process payments, and provide customer support
• Communication: To respond to enquiries, provide updates, and send important notices
• Service Improvement: To analyse usage patterns and improve our website and services
• Marketing: To send promotional materials and updates (with your consent)
• Legal Compliance: To comply with applicable laws and regulations
• Security: To protect our systems and prevent fraud or misuse

Legal Basis for Processing

Under GDPR, we process your personal data based on the following legal grounds:

• Consent: For marketing communications and optional services
• Contract Performance: To fulfil orders and provide requested services
• Legitimate Interest: For business operations, security, and service improvement
• Legal Obligation: To comply with applicable laws and regulations

Data Sharing and Disclosure

We do not sell your personal data to third parties. We may share your information with:

• Service Providers: Payment processors, delivery services, and IT support providers
• Legal Authorities: When required by law or to protect our rights and interests
• Business Partners: With your explicit consent for specific purposes
• Professional Advisors: Lawyers, accountants, and consultants bound by confidentiality

Data Retention

We retain your personal data only as long as necessary for the purposes outlined in this policy or as required by law. Our retention periods are:

• Customer Data: 7 years after last interaction (for tax and legal purposes)
• Marketing Data: Until consent is withdrawn or 3 years of inactivity
• Website Analytics: 26 months maximum
• Communication Records: 3 years from last contact

Your Rights

Under GDPR and applicable privacy laws, you have the following rights regarding your personal data:

• Right of Access: Request copies of your personal data
• Right to Rectification: Request correction of inaccurate or incomplete data
• Right to Erasure: Request deletion of your personal data
• Right to Restrict Processing: Request limitation of data processing
• Right to Data Portability: Receive your data in a structured format
• Right to Object: Object to processing based on legitimate interests
• Right to Withdraw Consent: Withdraw consent for consent-based processing

International Data Transfers

We primarily process data within the European Economic Area (EEA). When data is transferred outside the EEA, we ensure appropriate safeguards are in place, including:

• Standard Contractual Clauses approved by the European Commission
• Adequacy decisions for countries with equivalent data protection
• Binding Corporate Rules for multinational service providers

Data Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction. Our security measures include:

• Encryption of data in transit and at rest
• Regular security assessments and updates
• Access controls and authentication measures
• Staff training on data protection principles
• Incident response procedures

Cookies and Tracking Technologies

We use cookies and similar tracking technologies to enhance your experience on our website. For detailed information about our cookie practices, please refer to our Cookie Policy.

Children's Privacy

Our services are not directed to children under the age of 16. We do not knowingly collect personal data from children under 16. If we become aware that we have collected personal data from a child under 16, we will take steps to delete such information promptly.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or applicable laws. We will notify you of any material changes by posting the updated policy on our website and updating the "Last updated" date. We encourage you to review this policy periodically.

Contact Information

If you have questions about this Privacy Policy, wish to exercise your rights, or need to contact us regarding data protection matters, please reach out using the contact information below:

Supervisory Authority

You have the right to lodge a complaint with a supervisory authority if you believe your data protection rights have been violated. In the Netherlands, the relevant authority is: