Privacy Policy

Privacy Policy Team Turritap B.V.

Last updated: 20 April 2026

General

We respect your privacy and handle personal data with care. In this privacy policy, we explain what data we collect, why we do so, and what rights you have.

This privacy policy applies to all interactions with Team Turritap B.V., including use of our website, webshop, customer service, and marketing activities.

We recommend that you also read our cookie policy for more information about the use of cookies and similar technologies.

We may update this privacy policy from time to time. The most current version is always available on our website.

1) Who is responsible for your data?

Team Turritap B.V. is the data controller for the processing of personal data as described in this privacy policy.

  • Company name: Team Turritap B.V.
  • Chamber of Commerce number: 98299956
  • E-mail (privacy): water@turritap.com

2) What personal data do we process?

Depending on what you do on our website/webshop, we may process the following data:

When placing an order

  • Name, delivery address, billing address
  • E-mail address and (optional) telephone number
  • Order details (product, quantities, price, date)
  • Payment status and payment reference (we do not generally receive full payment card/bank details)

For shipping/returns

  • Shipping details (name/address)
  • Track & trace / shipping status
  • Return details (if you initiate a return)

When contacting customer service

  • Contact details
  • Content of your message and our correspondence

For the newsletter

  • E-mail address (and optionally your name if you provide it)
  • Subscription/unsubscription timestamp, and statistics (open/click) where enabled

For website use (cookies/analytics)

  • IP address (usually shortened/masked depending on settings)
  • Device/browser data
  • Cookie ID/online identifiers (depending on cookie choices)

In addition, we may in limited cases receive data from third parties, such as:

  • social media platforms (when interacting with our content)
  • analytics and advertising partners
  • technical service providers

This only occurs to the extent permitted under the UK GDPR and, where necessary, on the basis of consent.

3) Why do we process data and on what legal basis?

We only process personal data on a valid UK GDPR legal basis and inform you of this in plain language.

A. Fulfilling an order (contract)

  • Processing, delivering, and invoicing your order, and sending service messages about it.

B. Processing payment (contract)

  • Processing payments via our payment provider (Mollie).

C. Shipping and returns handling (contract / legitimate interest)

  • Creating shipments, delivering orders, and processing returns.

D. Customer service (contract / legitimate interest)

  • Answering queries, handling complaints, and improving quality.

E. Newsletter (consent)

  • Sending news, tips, and offers when you actively subscribe. You can unsubscribe at any time via the unsubscribe link.

F. Improving and securing the website (legitimate interest / consent)

  • Security, error detection, and basic statistics. For cookies that are not strictly necessary, we request consent via a cookie banner.

4) With which parties do we share data?

We never sell your data. We only share data where necessary to fulfil your order/experience or where we are legally required to do so.

Our key service providers (processors)

  • WooCommerce / WordPress (webshop platform)
    Hosting and management via: [insert your hosting party here] (processor).
  • Mollie (payments)
    For processing payments and payment statuses.
  • Sendcloud (shipping/returns)
    For creating labels, shipping, and return flows; data is shared with carriers (e.g. PostNL/DHL/DPD, depending on your choice).
  • Fluent Forms (newsletter)
    For subscription management, sending, and newsletter statistics.
  • Google Analytics (website analysis)
    For insight into website usage, depending on cookie settings.

Where necessary, we enter into data processing agreements and make arrangements regarding security and confidentiality.

5) Newsletter (Mailchimp)

  • You will only receive the newsletter after actively subscribing (consent).
  • You can unsubscribe at any time via the link at the bottom of every newsletter.
  • After unsubscribing, we will no longer use your e-mail address for mailings; we may retain it on a “suppression list” to prevent you from being inadvertently re-subscribed.

Transfer outside the UK/EEA: Mailchimp may process data outside the UK/EEA. In such cases, they apply appropriate safeguards (such as Standard Contractual Clauses). (Verify/activate this in your Mailchimp account settings and documentation.)

6) Google Analytics and cookies

We use Google Analytics to understand how visitors use the site.

  • For functional cookies, no consent is required, but we are still required to inform you about them.
  • For tracking/marketing cookies, consent is required.
  • For analytical cookies, in practice consent via a cookie banner is often required, especially where settings are not strictly privacy-friendly. We therefore apply: Analytics will only be placed/loaded after your choice in the cookie banner, unless you demonstrably use a privacy-friendly, consent-free configuration.

Tip (GDPR-proofing): enable privacy-friendly settings where possible (e.g. IP masking/anonymisation, no Google Signals/Ads features, data sharing off), and document this.

6A) Profiling and personalisation

We may combine and analyse personal data to make our communications and offers more relevant.

This may for example relate to:

  • purchase behaviour
  • website usage
  • interaction with e-mails

We do this only:

  • with your consent (for marketing)
  • or on the basis of legitimate interest (for basic optimisation)

You can object to this at any time.

7) Retention periods

We do not retain personal data for longer than necessary for the purpose for which it was collected.

Guidelines (practical and customary):

  • Invoices and basic administration: 7 years (statutory retention obligation).
  • Order and customer contact data: for as long as necessary for handling and service, then [e.g. 2 years] (adjust to your preference/policy).
  • Newsletter data: until you unsubscribe; suppression list [e.g. 1 year] or for as long as necessary to prevent re-subscription.
  • Analytics/cookie data: in accordance with the retention periods set in Google Analytics and the choices made in the cookie banner.

8) Security

We take appropriate technical and organisational measures to prevent misuse, loss, and unauthorised access, such as:

  • HTTPS/SSL, strong passwords, and 2FA where possible
  • Restricted access (no employees; only the business owner and necessary service providers)
  • Updates to WordPress/WooCommerce and plugins
  • Security measures at processors (Mollie/Sendcloud/Mailchimp/Google)

9) Your rights

Under the UK GDPR, you have the right to, amongst other things:

  • Access, rectification, erasure
  • Restriction of processing
  • Data portability
  • Object (in particular against direct marketing)

Send your request to water@turritap.com with “Privacy Request” in the subject line. We will respond in principle within 1 month.

10) Filing a complaint

You can lodge a complaint with the Information Commissioner’s Office (ICO) if you believe we are not handling your data correctly.

11) Changes

We may update this privacy policy (e.g. due to new tools or legislation). The most recent version is always available on our website with the date at the top.

12) Are you required to provide data?

In some cases, it is necessary for you to provide personal data, for example:

  • when placing an order
  • when creating an account
  • when making a customer service request

If you do not provide this data, we will be unable to fulfil the contract or provide the service.

Data that is not mandatory will be indicated as optional.

13) UK GDPR compliance and accountability

13.1 Records of Processing Activities (RoPA)

We maintain a record of processing activities in which the following is recorded for each processing activity:

  • purposes, categories of personal data, data subjects, retention periods
  • recipients/processors (WooCommerce hosting, Mollie, Sendcloud, Mailchimp, Google Analytics)
  • any transfers outside the UK/EEA and the safeguards used
  • a general description of security measures

13.2 Processors, data processing agreements, and sub-processors

Where parties process personal data on our behalf, we make appropriate arrangements (such as a data processing agreement) covering:

  • purpose and duration of processing
  • confidentiality and security
  • use of sub-processors
  • assistance with UK GDPR requests and data breaches

13.3 International transfers (e.g. Mailchimp/Google)

Personal data may be processed outside the United Kingdom or European Economic Area (EEA), for example by service providers such as Mailchimp or Google.

In such cases, we ensure appropriate safeguards are in place, such as:

Standard Contractual Clauses (SCCs) or UK International Data Transfer Agreements (IDTAs)

additional security measures where necessary

13.4 Security (technical and organisational)

We take measures appropriate to the risk of the processing, such as:

  • secure connection (HTTPS/SSL)
  • strong passwords and 2FA where possible
  • restricted access (no employees; only the business owner and necessary administrators)
  • updates/patching of WordPress/WooCommerce and plugins
  • backups and recovery procedures via hosting
  • security arrangements with processors
    This approach aligns with the requirements for “appropriate measures” under the UK GDPR.

13.5 Data breach procedure and notification

In the event of a security incident, we follow a set procedure to assess whether a personal data breach has occurred and whether notification is required.
Where notification to the supervisory authority is required, we will do so without undue delay and where possible within 72 hours nadat wij bekend zijn geworden met het personal data breach.
Als het personal data breach een hoog risico oplevert voor betrokkenen, informeren wij ook de betrokkenen conform de AVG-richtlijnen.

13.6 Privacy by design & data minimisation

We only process data that we need for:

  • ordering, payment, delivery/returns, and customer service
  • newsletter (only after subscription)
  • website analytics (in accordance with cookie choices)
    We restrict access, do not retain data longer than necessary, and assess the privacy impact of new tools/features before going live.

13.7 Consent, preferences, and logging

  • Newsletter (Mailchimp): subscription based on consent; you can unsubscribe at any time via the unsubscribe link.
  • Cookies/Google Analytics: we use a cookie banner and request consent where required. We ensure that the banner is clear and that “reject” is just as easy as “accept”.
    Where possible, we record choices (consent logging) to demonstrate that consent was obtained correctly (accountability).

13.8 Data subject rights and handling

You can rechten ook uitoefenen door:

  • sending an e-mail
  • or via your account (if available)

We may ask you to verify your identity before processing your request.

We recommend that you review this privacy policy regularly to stay informed of any changes.

Top of form

Bottom of form