Skip to content

Privacy policy

Privacy Policy of Pauw B.V.

Last revised: August 15, 2025

This Privacy Policy (“Privacy Policy”) explains how Pauw B.V., located at Europaplein 37, 1078 GV Amsterdam, the Netherlands (“Pauw”, “we”, “us” or “our”), collects, uses, stores, and shares personal data in connection with your use of our websites, digital services, communication channels, or other interactions with us (collectively referred to as the “Services”). This includes, among others, our webshop at pauw-live.myshopify.com, as well as other platforms operated by or on behalf of Pauw.

As a data controller established in Europe, we process your personal data in accordance with the requirements of the General Data Protection Regulation (EU) 2016/679 (GDPR) and other applicable privacy laws. Where we transfer personal data to recipients outside the European Economic Area (“EEA”), this is done solely on the basis of valid transfer mechanisms, such as the European Commission’s Standard Contractual Clauses.

This Privacy Policy applies to all individuals whose data we process, including customers, website visitors, and other data subjects. By using our Services, you acknowledge that you have read and agree to the terms of this Privacy Policy. We encourage you to read this policy carefully.

1. Changes to This Privacy Policy

Pauw B.V. reserves the right to unilaterally amend or update this Privacy Policy at any time to comply with legal requirements, organizational policy changes, technological developments, or changes in how we process personal data.

We will publish a revised version of this Privacy Policy on our website, updating the “last revised” date at the top of the document.

If the changes are material — for example, if they affect the purposes of processing, categories of personal data, or data subject rights — we will notify you in advance via email or a prominent notice on our website, where legally required, giving you the opportunity to review and, if applicable, consent to the amended terms.

We recommend reviewing this Privacy Policy regularly to stay informed about how we process your personal data.

2. Data Controller

Unless expressly stated otherwise, Pauw B.V., located at Europaplein 37, 1078 GV Amsterdam, the Netherlands, is the data controller responsible for the processing of your personal data within the meaning of the General Data Protection Regulation (GDPR).

This Privacy Policy is primarily intended for individuals within the European Economic Area (EEA) and is drafted in accordance with the GDPR.

3. What Personal Data Do We Collect?

Pauw B.V. processes personal data obtained in different ways, depending on your interaction with our website and services. “Personal data” means any information relating to an identified or identifiable natural person, as defined in Article 4(1) of the GDPR.

We collect personal data from the following sources:

a. Data You Actively Provide

These are data you voluntarily provide to us, for example, when placing an order, creating an account, filling in a contact form, or submitting a return request. This may include:

  • Contact details, such as your name, email address, phone number, and billing/shipping address;

  • Account details, such as username, password (securely encrypted), language preference, and profile settings;

  • Payment details, such as payment method type and transaction information (we do not receive full card details; these are processed by certified third-party payment providers);

  • Communication content, such as messages via contact forms, email correspondence, return requests, or customer support inquiries.

Providing this data may be necessary to use certain services (e.g., placing or returning an order). Where this is the case, we will clearly inform you.

b. Data We Collect Automatically

When you use our website or digital services, we automatically collect certain data through cookies, scripts, and similar technologies. This data is used to improve website functionality, security, and performance, and for analytical or marketing purposes. Where such data qualifies as personal data, processing is based on our legitimate interest or your consent.

Examples include:

  • IP address, device ID, browser type, and operating system;

  • Time, duration, and frequency of visits;

  • General location data based on IP address;

  • Navigation, click, scroll, and purchase behavior on our website;

  • Interactions with emails or ads (e.g., open and click rates).

See our Cookie Policy for more information on how we collect and use this data.

c. Data We Receive from Third Parties

In some cases, we receive personal data from third parties, only when necessary to fulfill our contractual obligations, provide services, or for marketing purposes. These may include:

  • Shopify, our e-commerce platform, which processes technical and order-related data;

  • Payment providers such as Mollie, PayPal, or Apple Pay;

  • Marketing and advertising partners, such as Meta (Facebook/Instagram), Google Ads, Klaviyo, etc., where you have given consent for cookies or ad tracking;

  • Analytics tools, such as Hotjar or Shopify Analytics, for user experience optimization.

All such processing is carried out in accordance with this Privacy Policy and on valid legal bases under the GDPR, such as contractual necessity, legitimate interest, or your explicit consent. For more information about Google we would like to direct you to https://business.safety.google/privacy/

4. Purposes and Legal Bases for Processing

We process your personal data solely based on one or more of the legal grounds under Article 6(1) GDPR. Depending on your interaction with Pauw, the following legal bases may apply:

  • Performance of a contract (Art. 6(1)(b) GDPR):
    To process and fulfill orders, payments, deliveries, returns, and provide customer support.

  • Compliance with a legal obligation (Art. 6(1)(c) GDPR):
    For fiscal retention, accounting, and fraud prevention.

  • Legitimate interest (Art. 6(1)(f) GDPR):
    To improve our website and services, perform internal analysis, ensure system security, or — where legally permitted — conduct direct marketing to existing customers.

  • Consent (Art. 6(1)(a) GDPR):
    For sending marketing communications, placing cookies or tracking technologies, or sharing data with advertising partners.

When processing is based on your consent, you may withdraw it at any time without affecting the lawfulness of prior processing.

5. Marketing and Personalized Communication

With your consent — or where permitted based on our legitimate interest — we may send you promotional messages via email, SMS, or post. These may include information about products, services, offers, events, or other relevant updates.

You can unsubscribe at any time using the “unsubscribe” link in our emails or by contacting us at unsubscribe@pauw.com. Withdrawing consent does not affect the lawfulness of prior processing.

6. Cookies and Tracking Technologies

We use cookies and similar technologies (pixels, scripts, SDKs) to optimize our website and enhance your experience. Depending on the cookie type and purpose, we process your data based on consent or legitimate interest.

We use:

  • Functional cookies – essential for website operation and basic functionality (e.g., shopping cart, login);

  • Analytical cookies – for measuring and improving website performance (e.g., via Google Analytics or Shopify);

  • Marketing cookies – for personalized advertising on external platforms (e.g., Meta, Google Ads).

You may adjust cookie preferences at any time through our cookie settings or your browser.

7. Sharing Personal Data with Third Parties

We only share your personal data where necessary for our services, to comply with legal obligations, or on the basis of legitimate interest, and always within applicable law.

Recipients include:

  • Service providers (processors): e-commerce, payment, logistics, IT, and hosting providers;

  • Marketing and analytics partners: such as Klaviyo, Meta, Google Ads, Hotjar, or Shopify Analytics;

  • Public authorities: where legally required;

  • Business transactions: in case of mergers, acquisitions, or restructuring.

Transfers outside the EEA occur only under adequate protection mechanisms such as Standard Contractual Clauses.

8. International Data Transfers

Where personal data is transferred outside the EEA (e.g., to Shopify or cloud providers), we ensure compliance with the GDPR through:

  • An adequacy decision by the European Commission;

  • Standard Contractual Clauses (SCCs); or

  • Another valid derogation under Article 49 GDPR.

9. Data Security

Pauw B.V. takes appropriate technical and organizational measures to protect your data from unauthorized access, loss, or misuse, such as:

  • SSL/TLS encrypted connections;

  • Secure data storage and access controls;

  • Internal security and incident response procedures;

  • Periodic evaluations of security and suppliers.

While we take all reasonable precautions, no system can be completely secure. In case of a data breach affecting your data, we will act in accordance with GDPR notification requirements.

10. Data Retention

We retain personal data no longer than necessary for the purposes collected, unless longer retention is legally required.

Indicative periods:

  • Tax and administrative data: 7 years (legal requirement);

  • Customer and account data: as long as the account is active, up to 2 years after last activity;

  • Marketing preferences: until consent is withdrawn;

  • Customer service correspondence: up to 2 years after resolution.

When data are no longer needed, they are securely deleted or anonymized.

11. Your Rights under the GDPR

You have the following rights:

  • Right of access (Art. 15);

  • Right to rectification (Art. 16);

  • Right to erasure (“right to be forgotten”) (Art. 17);

  • Right to restriction of processing (Art. 18);

  • Right to data portability (Art. 20);

  • Right to object (Art. 21);

  • Right to withdraw consent (Art. 7(3)).

Requests can be sent to info@pauw.com. We will respond within one month, extendable by two months if necessary.

You may also file a complaint with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens) or another competent EU regulator.

12. Data of Minors

Our Services are not intended for children under 16 years of age, and we do not knowingly collect their data. If we learn that we have unintentionally collected such data, we will promptly delete it.
Parents or guardians may contact info@pauw.com to request deletion.

13. Complaints and Supervision

If you have concerns or complaints about how Pauw B.V. processes your data, please contact us first at the address below.
You also have the right to lodge a complaint with a supervisory authority, such as:

Autoriteit Persoonsgegevens
PO Box 93374, 2509 AJ The Hague
Website: www.autoriteitpersoonsgegevens.nl

A list of EU authorities can be found at https://edpb.europa.eu.

14. Contact Details

For questions about this Privacy Policy or to exercise your GDPR rights:

Pauw B.V.
Attn: Privacy Officer / Data Protection Officer
Europaplein 37
1078 GV Amsterdam
The Netherlands
📧 info@pauw.com

We aim to respond within one month in accordance with Article 12 GDPR.