Privacy policy
Privacy Policy – Vlisco Netherlands B.V.
Last updated: [03 June 2026]
1. General information
This Privacy Policy (“Policy”) is used by Vlisco Netherlands B.V., a private limited company incorporated under Dutch law, registered with the Dutch Chamber of Commerce under number 50751492, with its registered office in Helmond and its principal place of business at Binnen Parallelweg 27, 5701 PH Helmond, the Netherlands (referred to as “Vlisco”, “we” or “us”).
Vlisco can be contacted at: privacyofficer@vlisco.nl
This Policy applies to the processing of personal data of:
- webshop users and customers
- users of Vlisco websites
- suppliers and business contacts
Vlisco acts as data controller within the meaning of the General Data Protection Regulation (GDPR).
2. Personal data we process
Depending on your interaction with Vlisco, we may process the following categories of personal data:
Identity and contact details
Name, address, email address, telephone number.
Order and customer data
Order history, billing and delivery information, payment details, and communication relating to purchases.
Website usage data
IP address, device identifiers, browser type, language settings, pages visited, and navigation behaviour such as feature interaction and technical performance data.
Technical and security data (system logs)
Logs generated by ICT systems, including login attempts, system access, user actions within systems, IP addresses, timestamps, device identifiers, error logs, and security-related events.
These logs are used for security, auditability, troubleshooting, and ensuring proper functioning of systems.
CCTV footage (where applicable)
Video recordings captured at selected physical Vlisco locations for security and operational protection purposes.
3. Purposes of processing
We process personal data for the following purposes:
- processing and fulfilling webshop orders
- managing payments, invoicing, and delivery
- customer service and communication
- operating and improving our website
- analysing usage and improving user experience
- sending marketing communications, such as newsletters, promotional emails, personalised offers, and online advertising, where permitted under applicable law
- displaying relevant advertisements and measuring the effectiveness of marketing campaigns
- IT security, fraud prevention, and system integrity
- compliance with legal and regulatory obligations
4. Legal bases for processing
We process personal data based on:
- performance of a contract (e.g. order processing)
- compliance with legal obligations (e.g. tax and accounting requirements)
- consent (e.g. for newsletters, promotional emails to non-customers, certain cookies, and personalised advertising)
- legitimate interests (e.g. IT security, fraud prevention, system monitoring, service improvement, and — where permitted under applicable law — sending marketing communications to existing customers about similar products or services)
5. ICT system activity logs
Vlisco maintains technical logs in its ICT systems to ensure security, reliability, and proper operation.
These logs may include:
- user login and authentication events
- system access and actions performed within systems
- IP addresses, timestamps, and device identifiers
- system errors and performance data
- security events such as failed login attempts or suspicious activity
The logs are technical and event-based. They are not intended for continuous monitoring of individuals but may record actions performed within systems where personal data is processed.
Access is strictly limited to authorised IT and security personnel on a need-to-know basis.
6. CCTV surveillance
Certain Vlisco sites are equipped with CCTV systems to protect employees, visitors, property, and operations, and to support the prevention and investigation of incidents.
Camera placement includes:
- entrances and exits of buildings
- reception and visitor areas
- warehouses, production, and logistics zones
- external building perimeters and parking areas
Cameras are not installed in private or sensitive areas such as toilets, changing rooms, or private offices.
Technical and operational details:
- CCTV records video only; no audio is recorded
- footage captures general activity in monitored areas
- recordings are made in sufficient quality for security and identification purposes
- cameras may include fixed and, where necessary, remotely adjustable (PTZ) functionality; access to controls is strictly restricted to authorised security personnel and is not used for continuous tracking of individuals
- footage is not routinely anonymised or blurred
Access and use:
Only authorised personnel may access CCTV footage. It is used solely for security, incident investigation, and legal compliance purposes.
Retention:
CCTV footage is retained for up to 28 days, unless longer retention is required due to an incident, investigation, or legal obligation.
Information to individuals:
CCTV use is communicated via signage at monitored locations and through this Privacy Policy.
7. Sharing of personal data
We do not sell personal data. We may share data with:
- payment service providers
- logistics and delivery partners
- IT infrastructure, hosting, and cloud providers
- analytics, advertising, social media, and marketing service providers (where consent is required or applicable)
- professional advisers (e.g. auditors, legal advisors)
- public authorities where legally required
All third parties processing data on our behalf are bound by GDPR-compliant contractual obligations.
8. International data transfers
Some service providers may be located outside the European Economic Area (EEA), including in:
- United States of America
- Canada (covered by an adequacy decision by the European Commission)
Where personal data is transferred outside the EEA, Vlisco ensures appropriate safeguards, including:
- Standard Contractual Clauses (SCCs) approved by the European Commission
- assessment of local legislation and transfer risks where required
- additional technical and organisational safeguards where necessary
Copies of applicable safeguards can be requested via PrivacyOfficer@vlisco.com.
9. Retention of personal data
We retain personal data only for as long as necessary:
- webshop orders and financial records: up to 7 years
- customer account data: until deletion or inactivity
- marketing data: until consent is withdrawn or unsubscribe request is made
- Website usage data: as needed for analytics and service improvement
- CCTV footage: up to 28 days unless longer retention is required
10. Marketing communications
Vlisco may send marketing communications such as newsletters, promotional emails, personalised offers, and online advertisements relating to Vlisco products, collections, events, and promotions.
Where required under applicable law, we will ask for your consent before sending electronic marketing communications or placing marketing-related cookies and similar technologies.
If you are an existing customer, Vlisco may send you information about similar products or services based on our legitimate interest, where permitted by applicable law.
You can withdraw your consent or opt out of marketing communications at any time by:
- clicking the unsubscribe link included in marketing emails
- adjusting your cookie preferences via the Cookie Declaration on our website
- contacting us at PrivacyOfficer@vlisco.com
Opting out of marketing communications will not affect service-related communications, such as order confirmations or delivery updates.
11. Your rights
You have the following rights under the GDPR:
- access to your personal data
- rectification of inaccurate data
- erasure of personal data
- restriction of processing
- objection to processing
- data portability
- withdrawal of consent at any time
- lodging a complaint with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens)
Requests can be submitted to: PrivacyOfficer@vlisco.com
We may request identification information to verify your identity before processing requests.
12. Security measures
We apply appropriate technical and organisational measures, including:
- encryption of data in transit
- secure servers and restricted access
- role-based access control
- regular monitoring and system updates
- contractual safeguards with processors
13. Changes to this Policy
We may update this Policy from time to time. The latest version will always be published on our website.
Annex 1: Cookies and surfing behaviour
This website uses cookies. Some cookies are used for marketing and advertising purposes, including personalising advertisements, measuring campaign effectiveness, and displaying relevant content across websites and social media platforms. Such cookies are only placed where required consent has been obtained. We use cookies to personalise content and ads, to provide social media features and to analyse our traffic. We also share information about your use of our site with our social media, advertising and analytics partners who may combine it with other information that you’ve provided to them or that they’ve collected from your use of their services.
Cookies are small text files that can be used by websites to make a user's experience more efficient.
The law states that we can store cookies on your device if they are strictly necessary for the operation of this site. For all other types of cookies we need your permission.
This site uses different types of cookies. Some cookies are placed by third party services that appear on our pages.
You can at any time change or withdraw your consent from the Cookie Declaration on our website.
Learn more about who we are, how you can contact us and how we process personal data in our Privacy Policy.
Please state your consent ID and date when you contact us regarding your consent.
Essential Cookies (Strictly Necessary)
| Cookie Name | Provider | Purpose | Expiration |
|---|---|---|---|
_session_id |
Shopify | Stores information about the user session (referrer, landing page, etc). | Session |
_secure_session_id |
Shopify | Secures the checkout process and payment session. | Session |
cart / cart_sig
|
Shopify | Stores information about the contents of the shopping cart. | 2 weeks |
cart_currency |
Shopify | Stores the preferred currency for the shopping cart. | 2 weeks |
storefront_digest |
Shopify | Determines if the visitor has access if the storefront is password protected. | Persistent |
localization |
Shopify | Stores language and region localization preferences. | 1 year |
_shopify_essential |
Shopify | Used to track essential Shopify platform functionalities. | 1 year |
Analytics & Marketing Cookies
| Cookie Name | Provider | Purpose | Expiration |
|---|---|---|---|
_shopify_y |
Shopify | Used by Shopify's internal analytics to track visitor flow and behavior. | 1 year |
_shopify_s |
Shopify | Used by Shopify's internal analytics to track user sessions. | 30 minutes |
_shopify_uniq |
Shopify | Counts the number of visits to a store by a single customer. | 1 day |
_tracking_consent |
Shopify | Stores the user's tracking preferences and consent choices. | 1 year |
__kla_id |
Klaviyo | Tracks user behavior across the site and attributes sessions to email marketing profiles. | 2 years |
App-Specific Cookies
| Cookie Name | Provider | Purpose | Expiration |
|---|---|---|---|
returngo_customer_id |
ReturnGO | Used to identify the customer and manage their return portal sessions. | 1 year |