PRIVACY POLICY

 

1) Privacy Policy – VIVI Root

 


Privacy Policy – VIVI Root

Version 1.0 – Last updated: January 2026


VIVI Root values your trust. We protect your privacy and handle your personal data with care, transparency, and security.


This Privacy Policy explains:

 

  • what data we collect,

  • why we collect it,

  • how we use it,

  • how we protect it,

  • and your rights under the GDPR/AVG.

 


This Privacy Policy applies to all services provided under VIVI Root, a brand of:


Mariska van den Berg Empire (eenmanszaak)

Registered address: [ADRES + LAND]

Chamber of Commerce (KVK): [KVK-NUMMER]

VAT (BTW): [BTW-NUMMER]

Email: [SUPPORT@VIVIROOT-DOMAIN]


By using [JOUW DOMEIN], you agree to the practices described in this policy.


 

1) Use of our services

 


When you place an order, create an account, or contact us, we may collect:

 

  • Name and address

  • Email address and phone number

  • Payment/transaction details (handled by payment providers; we do not store full card data)

  • Order history

  • Customer support history

  • Technical data (IP address, browser/device info, cookie IDs)

 


We use this data only to:

 

  • process and deliver your order,

  • handle payments/refunds,

  • provide customer support,

  • prevent fraud/abuse,

  • comply with legal obligations.

 


Legal bases (GDPR/AVG): contract performance, legal obligation, legitimate interests, and consent (where applicable). 


 

2) Communication (48-hour response)

 


If you contact us by email or via a form, we store that communication to help you effectively.


We aim to respond to customer emails within 48 hours (business days).

For GDPR rights requests, the legal response timeframe is up to one month. 


 

3) Cookies

 


VIVI Root uses cookies and similar technologies to:

 

  • enable core website functions (cart, checkout, login),

  • analyze website usage and performance,

  • measure marketing effectiveness.

 


Cookie data may be processed via trusted third parties such as:

 

  • Shopify

  • Analytics tools (e.g., Google Analytics)

  • Advertising tools (e.g., Meta)

  • Payment providers

 


You can disable cookies in your browser settings. Note: some website functions may not work correctly with cookies disabled.


 

4) Purposes of data collection

 


We collect/process personal data only for:

 

  • Order processing and fulfillment

  • Customer service and communication

  • Fraud prevention and security

  • Improving website performance and user experience

  • Legal/tax compliance

  • Newsletters (only with consent, and unsubscribe anytime)

  • Analytics and marketing (based on settings/consent where required)

 


 

5) Sharing with third parties

 


We do not sell your personal data.


We share data only when necessary to operate the store, for example with:

 

  • Shopify (e-commerce platform/hosting)

  • Payment providers

  • Shipping/logistics partners

  • Email marketing tools (if you subscribe)

  • Analytics/advertising tools (only per your cookie/consent settings)

 


Shopify relationship: generally, you (the merchant) act as Data Controller and Shopify as Data Processor for customer personal data under Shopify’s DPA. 


 

6) Data retention

 


We keep personal data no longer than necessary, including:

 

  • Invoices and basic business records: at least 7 years (tax/legal obligation in NL). 

  • Customer support communications: [12–24 months] after last contact (unless legally needed longer)

  • Marketing subscriptions: until you unsubscribe

  • Cookie/analytics data: per tool settings and retention configurations

 


 

7) Your rights (GDPR/AVG)

 


You have the right to:

 

  • access your data,

  • correct it,

  • request deletion (where applicable),

  • restrict processing,

  • object to processing (especially direct marketing),

  • data portability,

  • withdraw consent at any time.

 


To exercise your rights, email: [SUPPORT@VIVIROOT-DOMAIN]

We respond within the legal timeframe (generally within one month). 


You also have the right to file a complaint with the Autoriteit Persoonsgegevens.


 

8) Data security

 


We take reasonable measures to protect your data, including:

 

  • SSL encryption

  • Secure Shopify infrastructure

  • Encrypted payment processing

  • Access restrictions for staff

 


No online system is 100% secure, but we do our best to protect your information.


 

9) Changes

 


We may update this policy if our services or legal requirements change. The latest version will always be available on our website.