Privacy policy

Last Updated: May 2026

Amsterdam Heritage B.V. (“Amsterdam Heritage”, “we”, “our”, or “us”) respects your privacy and is committed to protecting your personal data in accordance with the General Data Protection Regulation (GDPR), the Dutch GDPR Implementation Act (UAVG), the ePrivacy Directive, and other applicable privacy laws.

This Privacy Policy explains how we collect, use, disclose, and safeguard your personal data when you visit or make a purchase from our websites, including:

  • amsterdamheritage.eu
  • amsterdamheritage.nl
  • amsterdamheritage.de
  • amsterdamheritage.fr
  • amsterdamheritage.uk
  • amsterdamheritage.ca

It also explains your privacy rights and how the law protects you.

1. Company Information

Amsterdam Heritage B.V.
Molenmakershoek 64 E
7328 JK Apeldoorn
The Netherlands
Email: info@amsterdamheritage.nl

Amsterdam Heritage B.V. is the data controller responsible for your personal data.

2. Personal Data We Collect

We may collect, use, store, and transfer the following categories of personal data:

Identity Data

  • First and last name
  • Username or account details

Contact Data

  • Billing address
  • Shipping address
  • Email address
  • Telephone number

Transaction Data

  • Order history
  • Payment confirmations
  • Refunds and exchanges
  • Shipping and fulfillment information

Technical Data

  • IP address
  • Browser type and version
  • Device identifiers
  • Operating system
  • Time zone settings
  • Website interaction data

Usage Data

  • Products viewed
  • Shopping behavior
  • Site navigation behavior
  • Marketing interactions
  • Cookie preferences

Marketing & Communications Data

  • Newsletter preferences
  • Marketing consent records
  • Advertising interaction data

Customer Support Data

  • Customer service communications
  • Ticket history
  • Return/exchange requests
  • Feedback submissions

3. How We Collect Your Data

We collect personal data:

  • When you place an order
  • When you create an account
  • When you subscribe to marketing communications
  • When you contact customer support
  • When you browse or interact with our websites
  • Through cookies and similar technologies
  • Through analytics, advertising, and marketing technologies

We may also receive personal data from third-party service providers and partners.

4. How We Use Your Personal Data

We use your personal data for the following purposes:

Order Processing & Fulfillment

To:

  • process orders
  • process payments
  • arrange shipping
  • provide order confirmations
  • manage returns and exchanges

Customer Support

To:

  • respond to inquiries
  • provide assistance
  • manage warranty and support requests

Website Functionality & Security

To:

  • maintain website functionality
  • secure our platforms
  • prevent fraud and abuse
  • authenticate users

Analytics & Performance

To:

  • analyze website traffic
  • improve user experience
  • measure website performance
  • understand customer interactions

Marketing & Advertising

To:

  • send newsletters and promotional emails
  • measure advertising effectiveness
  • personalize advertising
  • conduct remarketing campaigns

Where legally required, marketing and advertising technologies are activated only after consent has been granted through our consent management platform.

5. Legal Bases for Processing

Under GDPR, we process personal data under one or more of the following lawful bases:

  • Your consent
  • Performance of a contract
  • Compliance with legal obligations
  • Legitimate interests
  • Protection of vital interests

Where consent is required, you may withdraw your consent at any time.

6. Consent Management & Cookies

We use Pandectes GDPR Compliance as our consent management platform (“CMP”) to manage cookie preferences and consent records.

Our websites use category-based consent management, allowing users to:

  • Accept all cookies
  • Reject non-essential cookies
  • Customize cookie preferences

We implement Google Consent Mode v2 and Shopify Customer Privacy API integrations to manage analytics and advertising consent settings.

For visitors in the European Economic Area (EEA), United Kingdom, and Switzerland:

  • analytics and advertising technologies are denied by default
  • non-essential tracking technologies are blocked until consent is granted
  • consent preferences are stored securely

Users may update or withdraw consent preferences at any time through the cookie preferences interface available on our websites.

For more detailed information regarding cookies, please refer to our Cookie Policy.

7. Cookies & Tracking Technologies

We use cookies, pixels, tags, and similar technologies.

These technologies may include:

Necessary Cookies

Required for:

  • shopping cart functionality
  • checkout security
  • fraud prevention
  • account authentication
  • website performance

Examples may include:

  • _secure_session_id
  • cart
  • cart_sig
  • checkout_token
  • secure_customer_sig
  • storefront_digest
  • _shopify_u
  • _tracking_consent

Analytics Cookies

Used for:

  • traffic analysis
  • site optimization
  • user behavior insights

Examples may include:

  • _ga
  • ga*
  • _gid
  • _shopify_y
  • _shopify_s
  • _shopify_sa_p
  • _shopify_sa_t
  • _landing_page
  • _orig_referrer

Advertising & Marketing Cookies

Used for:

  • remarketing
  • advertising attribution
  • audience personalization
  • campaign performance tracking

Examples may include:

  • _fbp
  • fr
  • datr
  • _gcl_au
  • IDE
  • NID
  • _pinterest_ct_rt
  • _pinterest_ct_ua
  • _pin_unauth

Preference Cookies

Used for:

  • remembering language preferences
  • storing user settings
  • improving user experience

The exact cookies used may change over time depending on the technologies and services implemented on our websites.

Cookie durations vary depending on whether cookies are session cookies or persistent cookies. Most persistent cookies expire between 30 minutes and 24 months unless deleted earlier.

8. Third-Party Service Providers

We share personal data with trusted service providers where necessary to operate our business.

These may include:

Ecommerce & Hosting

  • Shopify Inc.

Shipping & Logistics

  • Sendcloud
  • shipping carriers and logistics providers

Analytics & Advertising

  • Google Analytics
  • Google Ads
  • Meta/Facebook
  • Pinterest
  • Klaviyo
  • Google Tag Manager

Customer Support & Communication

  • Gorgias
  • email communication providers

These providers may process personal data on our behalf and are contractually obligated to protect it.

9. International Data Transfers

Your personal data may be transferred outside the European Economic Area, including to:

  • Canada
  • United States
  • other countries where our service providers operate

Where required, we implement appropriate safeguards, including:

  • Standard Contractual Clauses (SCCs)
  • adequacy decisions
  • contractual protections

10. Data Retention

We retain personal data only as long as necessary for:

  • contractual purposes
  • legal obligations
  • tax/accounting requirements
  • fraud prevention
  • legitimate business interests

Consent records and cookie preferences may be retained for compliance and audit purposes.

When personal data is no longer necessary, it is securely deleted or anonymized.

11. Automated Decision-Making & Fraud Prevention

We may use limited automated processing and fraud prevention systems to:

  • detect fraudulent transactions
  • prevent abuse
  • protect website security

These systems may temporarily restrict suspicious activity such as repeated failed payment attempts.

We do not conduct fully automated decision-making that produces legal or similarly significant effects without appropriate safeguards.

12. Your Rights Under GDPR

If you are located in the EEA, UK, or Switzerland, you may have the right to:

  • Access your personal data
  • Correct inaccurate data
  • Request deletion of your data
  • Restrict processing
  • Object to processing
  • Withdraw consent
  • Request data portability
  • Lodge a complaint with a supervisory authority

To exercise your rights, contact:
info@amsterdamheritage.nl

13. California Privacy Rights

If you are a California resident, you may have rights under the California Consumer Privacy Act (CCPA/CPRA), including the right to:

  • know what personal information we collect
  • request deletion of personal information
  • correct inaccurate information
  • opt out of certain data sharing activities

Requests may be submitted via:
info@amsterdamheritage.nl

14. Marketing Communications

Where legally required, we send marketing communications only after obtaining consent.

For certain European jurisdictions, including Germany and France, we may use double opt-in subscription procedures for newsletter signups.

You may unsubscribe from marketing communications at any time using the unsubscribe link included in marketing emails.

15. Data Security

We implement appropriate technical and organizational security measures designed to protect personal data against:

  • unauthorized access
  • disclosure
  • alteration
  • loss
  • misuse

However, no method of internet transmission or electronic storage is completely secure.

16. Third-Party Websites

Our websites may contain links to third-party websites. We are not responsible for the privacy practices or content of third-party websites.

17. Changes to This Privacy Policy

We may update this Privacy Policy periodically to reflect:

  • changes in legal requirements
  • operational changes
  • technology changes
  • tracking or analytics changes

The latest version will always be posted on this page.

18. Contact Information

If you have questions regarding this Privacy Policy or your personal data, please contact:

Amsterdam Heritage B.V.
Molenmakershoek 64 E
7328 JK Apeldoorn
The Netherlands
Email: info@amsterdamheritage.nl