Privacy policy

Privacy Policy – Vlisco Netherlands B.V.

 

Last updated: [03 June 2026]

 

1. General information

This Privacy Policy (“Policy”) is used by Vlisco Netherlands B.V., a private limited company incorporated under Dutch law, registered with the Dutch Chamber of Commerce under number 50751492, with its registered office in Helmond and its principal place of business at Binnen Parallelweg 27, 5701 PH Helmond, the Netherlands (referred to as “Vlisco”, “we” or “us”).

Vlisco can be contacted at: privacyofficer@vlisco.nl

 

This Policy applies to the processing of personal data of:

- webshop users and customers 

- users of Vlisco websites

- suppliers and business contacts 

Vlisco acts as data controller within the meaning of the General Data Protection Regulation (GDPR).

 


 

2. Personal data we process

Depending on your interaction with Vlisco, we may process the following categories of personal data:

Identity and contact details
Name, address, email address, telephone number.

Order and customer data
Order history, billing and delivery information, payment details, and communication relating to purchases.

Website usage data
IP address, device identifiers, browser type, language settings, pages visited, and navigation behaviour such as feature interaction and technical performance data.

Technical and security data (system logs)
Logs generated by ICT systems, including login attempts, system access, user actions within systems, IP addresses, timestamps, device identifiers, error logs, and security-related events.

These logs are used for security, auditability, troubleshooting, and ensuring proper functioning of systems.

CCTV footage (where applicable)
Video recordings captured at selected physical Vlisco locations for security and operational protection purposes.

 


 

3. Purposes of processing

We process personal data for the following purposes:

  • processing and fulfilling webshop orders
  • managing payments, invoicing, and delivery
  • customer service and communication
  • operating and improving our website
  • analysing usage and improving user experience
  • sending marketing communications, such as newsletters, promotional emails, personalised offers, and online advertising, where permitted under applicable law
  • displaying relevant advertisements and measuring the effectiveness of marketing campaigns
  • IT security, fraud prevention, and system integrity
  • compliance with legal and regulatory obligations

 

4. Legal bases for processing

We process personal data based on:

  • performance of a contract (e.g. order processing)
  • compliance with legal obligations (e.g. tax and accounting requirements)
  • consent (e.g. for newsletters, promotional emails to non-customers, certain cookies, and personalised advertising)
  • legitimate interests (e.g. IT security, fraud prevention, system monitoring, service improvement, and — where permitted under applicable law — sending marketing communications to existing customers about similar products or services)

 

5. ICT system activity logs

Vlisco maintains technical logs in its ICT systems to ensure security, reliability, and proper operation.

These logs may include:

  • user login and authentication events
  • system access and actions performed within systems
  • IP addresses, timestamps, and device identifiers
  • system errors and performance data
  • security events such as failed login attempts or suspicious activity

The logs are technical and event-based. They are not intended for continuous monitoring of individuals but may record actions performed within systems where personal data is processed.

Access is strictly limited to authorised IT and security personnel on a need-to-know basis.

 


 

6. CCTV surveillance

Certain Vlisco sites are equipped with CCTV systems to protect employees, visitors, property, and operations, and to support the prevention and investigation of incidents.

Camera placement includes:

  • entrances and exits of buildings
  • reception and visitor areas
  • warehouses, production, and logistics zones
  • external building perimeters and parking areas

Cameras are not installed in private or sensitive areas such as toilets, changing rooms, or private offices.

Technical and operational details:

  • CCTV records video only; no audio is recorded
  • footage captures general activity in monitored areas
  • recordings are made in sufficient quality for security and identification purposes
  • cameras may include fixed and, where necessary, remotely adjustable (PTZ) functionality; access to controls is strictly restricted to authorised security personnel and is not used for continuous tracking of individuals
  • footage is not routinely anonymised or blurred

Access and use:
Only authorised personnel may access CCTV footage. It is used solely for security, incident investigation, and legal compliance purposes.

Retention:
CCTV footage is retained for up to 28 days, unless longer retention is required due to an incident, investigation, or legal obligation.

Information to individuals:
CCTV use is communicated via signage at monitored locations and through this Privacy Policy.

 


 

7. Sharing of personal data

We do not sell personal data. We may share data with:

  • payment service providers
  • logistics and delivery partners
  • IT infrastructure, hosting, and cloud providers
  • analytics, advertising, social media, and marketing service providers (where consent is required or applicable)
  • professional advisers (e.g. auditors, legal advisors)
  • public authorities where legally required

All third parties processing data on our behalf are bound by GDPR-compliant contractual obligations.

 


 

8. International data transfers

Some service providers may be located outside the European Economic Area (EEA), including in:

  • United States of America
  • Canada (covered by an adequacy decision by the European Commission)

Where personal data is transferred outside the EEA, Vlisco ensures appropriate safeguards, including:

  • Standard Contractual Clauses (SCCs) approved by the European Commission
  • assessment of local legislation and transfer risks where required
  • additional technical and organisational safeguards where necessary

Copies of applicable safeguards can be requested via PrivacyOfficer@vlisco.com.

 


 

9. Retention of personal data

We retain personal data only for as long as necessary:

  • webshop orders and financial records: up to 7 years
  • customer account data: until deletion or inactivity
  • marketing data: until consent is withdrawn or unsubscribe request is made
  • Website usage data: as needed for analytics and service improvement
  • CCTV footage: up to 28 days unless longer retention is required

 

10. Marketing communications

Vlisco may send marketing communications such as newsletters, promotional emails, personalised offers, and online advertisements relating to Vlisco products, collections, events, and promotions.

Where required under applicable law, we will ask for your consent before sending electronic marketing communications or placing marketing-related cookies and similar technologies.

If you are an existing customer, Vlisco may send you information about similar products or services based on our legitimate interest, where permitted by applicable law.

You can withdraw your consent or opt out of marketing communications at any time by:

  • clicking the unsubscribe link included in marketing emails
  • adjusting your cookie preferences via the Cookie Declaration on our website
  • contacting us at PrivacyOfficer@vlisco.com

Opting out of marketing communications will not affect service-related communications, such as order confirmations or delivery updates.           

 


 

11. Your rights

You have the following rights under the GDPR:

  • access to your personal data
  • rectification of inaccurate data
  • erasure of personal data
  • restriction of processing
  • objection to processing
  • data portability
  • withdrawal of consent at any time
  • lodging a complaint with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens)

Requests can be submitted to: PrivacyOfficer@vlisco.com

We may request identification information to verify your identity before processing requests.

 


 

12. Security measures

We apply appropriate technical and organisational measures, including:

  • encryption of data in transit
  • secure servers and restricted access
  • role-based access control
  • regular monitoring and system updates
  • contractual safeguards with processors

 

13. Changes to this Policy

We may update this Policy from time to time. The latest version will always be published on our website.

 


 

Annex 1: Cookies and surfing behaviour

This website uses cookies. Some cookies are used for marketing and advertising purposes, including personalising advertisements, measuring campaign effectiveness, and displaying relevant content across websites and social media platforms. Such cookies are only placed where required consent has been obtained. We use cookies to personalise content and ads, to provide social media features and to analyse our traffic. We also share information about your use of our site with our social media, advertising and analytics partners who may combine it with other information that you’ve provided to them or that they’ve collected from your use of their services.

Cookies are small text files that can be used by websites to make a user's experience more efficient.

The law states that we can store cookies on your device if they are strictly necessary for the operation of this site. For all other types of cookies we need your permission.

This site uses different types of cookies. Some cookies are placed by third party services that appear on our pages.

You can at any time change or withdraw your consent from the Cookie Declaration on our website.

Learn more about who we are, how you can contact us and how we process personal data in our Privacy Policy.

Please state your consent ID and date when you contact us regarding your consent.

 

Essential Cookies (Strictly Necessary)

Cookie Name Provider Purpose Expiration
_session_id Shopify Stores information about the user session (referrer, landing page, etc). Session
_secure_session_id Shopify Secures the checkout process and payment session. Session
cart / cart_sig Shopify Stores information about the contents of the shopping cart. 2 weeks
cart_currency Shopify Stores the preferred currency for the shopping cart. 2 weeks
storefront_digest Shopify Determines if the visitor has access if the storefront is password protected. Persistent
localization Shopify Stores language and region localization preferences. 1 year
_shopify_essential Shopify Used to track essential Shopify platform functionalities. 1 year


Analytics & Marketing Cookies

Cookie Name Provider Purpose Expiration
_shopify_y Shopify Used by Shopify's internal analytics to track visitor flow and behavior. 1 year
_shopify_s Shopify Used by Shopify's internal analytics to track user sessions. 30 minutes
_shopify_uniq Shopify Counts the number of visits to a store by a single customer. 1 day
_tracking_consent Shopify Stores the user's tracking preferences and consent choices. 1 year
__kla_id Klaviyo Tracks user behavior across the site and attributes sessions to email marketing profiles. 2 years


App-Specific Cookies

Cookie Name Provider Purpose Expiration
returngo_customer_id ReturnGO Used to identify the customer and manage their return portal sessions. 1 year