Privacy Policy

Data Controller

WorldNest B.V. is the data controller responsible for your personal information. We are registered in the Netherlands with registration number 91573926 and VAT number NL834760951B01.

Data Collection

The data we collect includes personal information that you provide to us directly and information we collect automatically when you use our services. We collect this information to provide you with our online retail services and to improve your shopping experience.

Information You Provide

• Name, email address, and phone number when you contact us or create an account
• Billing and shipping addresses for order processing
• Payment information (processed securely by our payment providers)
• Communication preferences and marketing consents
• Messages and feedback you send to us

Information We Collect Automatically

• Device information (IP address, browser type, operating system)
• Usage data (pages visited, time spent, click patterns)
• Cookies and similar tracking technologies
• Location data (general geographic location based on IP address)

How We Use Your Information

We explain how we use your information to provide our services, improve our offerings, and communicate with you. The use of your data is always based on a valid legal basis under GDPR.

Service Provision

• Processing and fulfilling your orders
• Providing customer support and responding to inquiries
• Managing your account and preferences
• Processing payments and preventing fraud
• Delivering products and tracking shipments

Business Operations

• Improving our website and services
• Analysing usage patterns and customer preferences
• Conducting market research and product development
• Ensuring website security and preventing abuse
• Complying with legal obligations and regulations

Legal Basis for Processing

Under GDPR, we process your personal data based on the following legal grounds:

• Contract Performance: To fulfil our obligations under our terms of service and process your orders
• Legitimate Interests: To improve our services, ensure security, and conduct business operations
• Legal Obligation: To comply with applicable laws, regulations, and legal processes
• Consent: For marketing communications and non-essential cookies (where required)

Data Sharing and Disclosure

We may share your personal information with trusted third parties who help us provide our services:

• Service Providers: Payment processors, shipping companies, and technology providers
• Legal Requirements: When required by law, regulation, or legal process
• Business Transfers: In connection with mergers, acquisitions, or asset sales
• Protection of Rights: To protect our rights, property, or safety, or that of others

We ensure all third parties maintain appropriate security measures and use your data only for the specified purposes.

Data Retention

We retain your personal information only as long as necessary to fulfil the purposes outlined in this policy or as required by law. Our retention periods vary depending on the type of data:

• Account Information: Retained while your account is active and for 3 years after closure
• Transaction Records: Retained for 7 years for accounting and tax purposes
• Marketing Data: Retained until you withdraw consent or for 2 years of inactivity
• Website Analytics: Anonymised after 14 months
• Support Communications: Retained for 3 years for quality and training purposes

Your Rights Under GDPR

As a data subject under GDPR, you have the following rights regarding your personal information:

Data Security

We implement appropriate technical and organisational measures to protect your personal information against unauthorised access, alteration, disclosure, or destruction. Our security measures include:

• Encryption of data in transit and at rest
• Regular security assessments and updates
• Access controls and staff training
• Secure payment processing through certified providers
• Regular backups and disaster recovery procedures

International Data Transfers

We primarily process your data within the European Economic Area (EEA). If we transfer data outside the EEA, we ensure appropriate safeguards are in place, such as:

• European Commission adequacy decisions
• Standard Contractual Clauses (SCCs)
• Binding Corporate Rules or certification schemes
• Your explicit consent for the specific transfer

Cookies and Tracking

We use cookies and similar technologies to enhance your browsing experience. For detailed information about our cookie practices, please see our Cookie Policy.

Children's Privacy

Our services are not directed to children under 16 years of age. We do not knowingly collect personal information from children under 16. If we become aware that we have collected personal information from a child under 16, we will take steps to delete such information promptly.

Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or applicable laws. We will notify you of any material changes by posting the updated policy on our website and updating the "Last updated" date. We encourage you to review this policy periodically.

Contact Information

If you have any questions about this Privacy Policy or wish to exercise your rights, please contact us using the information below. We will respond to your request within one month of receipt.