Free EU shipping over €49 Cruelty-free & vegan Crafted in small batches
EN NL ES FR
Alma Sereen
Legal

Privacy Policy.

Last updated: 21 June 2026
On this page
  1. Who we are
  2. What data we collect
  3. Why we collect it
  4. Legal basis (GDPR)
  5. How long we keep it
  6. Who we share it with
  7. International transfers
  8. Your rights
  9. Security
  10. Cookies
  11. Changes to this policy
  12. Contact

This Privacy Policy explains how Alma Sereen ("we", "us", "our") collects, uses, and protects the personal data of visitors and customers of almasereen.com. We comply with the EU General Data Protection Regulation (GDPR / AVG) and Dutch privacy law.

1. Who we are

Alma Sereen is a small natural haircare brand hand-blending scalp and hair oils in The Netherlands.

  • Trade name: Alma Sereen
  • Legal name: Alma Sereen
  • Registered address: Papisland 7, 4337 CX Middelburg, The Netherlands
  • KVK number: 42088278
  • BTW (VAT) number: To follow (VAT registration in progress)
  • Email: info@almasereen.com

We are the data controller for the personal data described in this policy.

2. What data we collect

We only collect what we need to run the shop and serve you well.

When you place an order

  • Name
  • Delivery address and (if different) billing address
  • Email address
  • Phone number (optional, only if you provide it for delivery)
  • Order details (products, quantities, prices)
  • Payment confirmation (we do not store full payment-card details — payments are processed by Stripe, see below)

When you subscribe to our newsletter

  • Email address
  • Date of subscription and consent confirmation

When you contact us

  • Name, email, and the content of your message

When you visit our website

We use only essential cookies and do not run third-party analytics, tracking pixels, or advertising tools. Our hosting provider may log standard technical data (anonymised IP address, browser type, page visited) for security and reliability. See our Cookie Policy for details.

3. Why we collect it

We use your data for the following purposes only:

  • Fulfilling your order — preparing, shipping, and tracking your purchase.
  • Customer service — answering your questions, handling returns or complaints.
  • Newsletter — sending you our monthly letter, only if you have explicitly opted in.
  • Legal obligations — keeping invoicing and tax records as required by Dutch law.
  • Security & fraud prevention — protecting our website and your data.

We do not use your data for profiling, advertising, or share it with marketing partners.

ActivityLegal basis
Order processingPerformance of a contract (Art. 6(1)(b) GDPR)
Invoicing & tax recordsLegal obligation (Art. 6(1)(c) GDPR)
NewsletterYour explicit consent (Art. 6(1)(a) GDPR)
Customer service repliesPerformance of a contract / legitimate interest (Art. 6(1)(b) / (f))
Security & fraud preventionLegitimate interest (Art. 6(1)(f) GDPR)

5. How long we keep your data

  • Order and invoice data — 7 years, as required by Dutch tax law (art. 52 AWR).
  • Customer service correspondence — up to 2 years after our last contact.
  • Newsletter data — until you unsubscribe (1-click in every email).
  • Website logs — up to 30 days for security.

6. Who we share your data with

We only share your data with the partners we need to deliver our service. We have a written processing agreement (verwerkersovereenkomst) with each one.

PartnerPurposeLocation
StripeProcessing iDEAL and credit-card paymentsDublin, Ireland
PostNLShipping your order to your addressThe Netherlands
NetlifyWebsite hosting (only anonymised technical logs)United States, under the EU-US Data Privacy Framework
FormspreeSending the monthly newsletterUnited States

We do not sell or rent your personal data to anyone, ever.

7. International transfers

All our partners process your data within the EU/EEA wherever possible. Where data is processed outside the EU (e.g. by certain hosting infrastructure), we ensure protection through the EU-US Data Privacy Framework, Standard Contractual Clauses, or another GDPR-approved mechanism.

8. Your rights

Under GDPR, you have the right to:

  • Access — request a copy of the personal data we hold about you.
  • Rectification — ask us to correct inaccurate or incomplete data.
  • Erasure ("right to be forgotten") — ask us to delete your data, unless we are legally required to keep it (e.g. tax records).
  • Restriction — ask us to stop using your data while a question is resolved.
  • Portability — receive your data in a machine-readable format.
  • Object — to processing based on legitimate interest.
  • Withdraw consent — at any time, for anything based on consent (such as the newsletter).
  • Complain — to the Dutch data protection authority, Autoriteit Persoonsgegevens.

To exercise any of these rights, email us at info@almasereen.com. We respond within 30 days.

9. Security

We use HTTPS encryption on every page of our website. Payments are processed through Stripe's PCI-DSS certified infrastructure. We store the minimum personal data needed and review our security setup regularly.

10. Cookies

We only use essential cookies (such as a session cookie during checkout). We do not use tracking, analytics, or marketing cookies. For full details, see our Cookie Policy.

11. Changes to this policy

We may update this policy from time to time, for example when we add new tools or when the law changes. The "Last updated" date at the top reflects the most recent version. Material changes will be communicated through our website.

12. Contact

Questions about your data, this policy, or our practices?

Email: info@almasereen.com
Post: Alma Sereen, Papisland 7, 4337 CX Middelburg, The Netherlands
Or contact the Dutch DPA directly: autoriteitpersoonsgegevens.nl