Terms & Conditions

Version 2026.03

This Privacy Statement applies to the Processing of Personal data in connection with purchases and activities on this website.

The website is operated by vidaXL International Marketplace B.V., a company registered in the Netherlands, and which facilitates transactions and operates the online sales platform. Products sold through the website are offered by vidaXL International B.V.

Throughout this Statement, “vidaXL” refers to vidaXL International Marketplace B.V., vidaXL International B.V. and, where relevant, to other vidaXL related entities involved in operating, servicing, or supporting the Webshop.

SUMMARY:

Category	Details
Who Collects Data?	vidaXL International Marketplace B.V. (Webshop operator), vidaXL International B.V. (Product seller), Other third parties depending on interaction (see Section 4 of policy).
Legal Basis & Processing Processing Scenarios	Contract performance, legal obligation, legitimate interest, consent, or judicial claims. Examples: • Visitors → IP, device, behaviour data (analytics/personalization) • Customers → Contact data for order & support • Account holders → Login, order tracking, fraud prevention • Orders/Payments → Billing & delivery info processed securely • Auctions → Bidding data collected to ensure fair use • Wish lists → Stored to personalize experience • Reviews → Shared directly or via partners, used for verification • Customer service → Calls, emails, chats logged; calls may be recorded • Newsletter → Sent via consent or legitimate interest
Data Sharing	Shared with joint/independent controllers (e.g. payment, delivery, marketing), Processors (e.g. CRM, hosting, chat tools), subprocessors and other recipients (e.g. fraud monitoring, authorities).
Your Rights	Access, rectify, erase, restrict, object, request portability, Lodge complaint with Data Protection Authority. Contact vidaXL using details in full policy.
International Transfers	Data may be transferred outside the EEA with safeguards such as Standard Contractual Clauses.
Data Retention	Retained only as needed, e.g. 10 years for tax, 2 years for inactive accounts. See Section 7 for details.
Security Measures	Technical (SSL/TLS), organizational (staff training, limited access), Monitoring, data minimization, incident response planning.

CONTENTS

1. DEFINITION.

2. WHO COLLECTS PERSONAL DATA?

3. LEGAL BASIS AND PROCESSING ACTIVITIES

3.1 LEGAL BASIS

3.2 OUR PROCESSING & REASONS

3.2.1 WEBSHOP VISITORS (collection may vary depending on your cookie settings).

3.2.2 Webshop Customers.

3.2.3 Account Holders

3.2.4 Orders and Payments

3.2.5 Auctions

3.2.6 Wish lists

3.2.7 Reviews

3.2.8 Customer Service Interactions

3.2.9 Newsletter

3.2.10 vidaXL+ Rewards Program

4. WHO WE SHARE YOUR DATA WITH

5. YOUR RIGHTS

6. INTERNATIONAL TRANSFERS

7. HOW LONG WILL MY DATA BE KEPT?

8. WHAT SECURITY MEASURES ARE TAKEN TO PROTECT MY DATA?

9. HOW Can I file a Complaint

1. DEFINITION

In this Privacy Statement, the following terms are used with the meanings defined below:

Webshop: The online store accessible via www.vidaXL.ie and any other website, application, or URL designated by vidaXL for the online sale of products.

Interaction: The use of features on the Webshop such as creating a Wish List, completing a Checkout, subscribing to the Newsletter, using "My Account," participating in Auctions, using the Chat function, or engaging with other interactive functionalities.

WebShop Visitor: a customer visiting the Webshop for the first time that does not interact with the Web Shop.

Webshop Customer: a customer who interacts with the Webshop.

Account: the account a customer has to create through the Webshop to be able to place an order.

Privacy Statement: vidaXL’s Privacy Statement.

All terms used in this Privacy Statement that are defined in the General Data Protection Regulation (EU) 2016/679 (hereinafter referred to as “GDPR”) shall have the meaning assigned to them in the GDPR, including but not limited to: “Personal data”, “Processing”, “Pseudonymisation”, “Recipient”, “Third Party”, “Consent”, “Personal data breach”, “Supervisory Authority”, “Cross-border processing”, “Controller”, “Processor”, “Data subject”, and “Data Protection Officer”.

2. WHO COLLECTS PERSONAL DATA?

2.1 Your Personal data may be collected and processed by multiple parties depending on how you interact with the Webshop.

2.2 Responsibility for your data.

2.2.1 Main Controllers (collectively referred herein as vidaXL):

vidaXL International Marketplace B.V.: as the operator of the Webshop, vidaXL International Marketplace B.V. is the primary Controller for Processing that occurs via your use of the Webshop and its features.
vidaXL International B.V.: the company that sells the products listed on the Webshop is also alternatively a joint or independent Controller with vidaXL International Marketplace B.V. for all activities related to the order, delivery, customer service, invoicing and any after-sales services.

2.2.2 Other entities involved. Depending on your Interaction, your data may also be processed by other entities the list of which is provided under article 4.

3. LEGAL BASIS AND PROCESSING ACTIVITIES

3.1 LEGAL BASIS

We process your Personal data only when we have a valid legal basis. Under the GDPR, the following lawful grounds may apply:

Legal Basis	Explanation
Contract Performance*	To fulfil a contract or to take steps at your request before entering a contract
Legal Obligation	To comply with legal and regulatory obligations
Legitimate Interest**	When we (or a Third Party) have a business or commercial reason to use your data, balanced against your rights
Consent	When you have given clear and explicit permission
Legal Claims	When necessary to establish, exercise, or defend legal claims
Public Interest	Not applicable to our current Processing activities

* For example, without certain information such as your name, contact details, delivery address, or payment information, we would not be able to process your order, deliver products, handle payments, or provide customer support. Where the provision of personal data is optional, this will be clearly indicated. If you choose not to provide optional data, you can still use our Webshop, but some features or services, such as personalised recommendations or marketing communications, may not be available.

** Where we rely on legitimate interests as the legal basis for processing your personal data, those interests include ensuring the proper functioning and security of our Webshop, providing customer service, preventing fraud and misuse, improving our services, and maintaining fair and transparent platform operations. We have carefully balanced these interests against your rights and freedoms and determined that the processing is proportionate, limited to what is necessary for the stated purposes, and does not have a significant or unexpected impact on you. We apply appropriate safeguards, such as data minimisation, access controls, and limited retention periods, to protect your personal data. You have the right to object to processing based on legitimate interests at any time, as described in Section 5 of this Privacy Statement.

3.2 OUR PROCESSING & REASONS

In the below tables, we have highlighted the core types of data and how they’re processed by vidaXL.

3.2.1 WEBSHOP VISITORS (COLLECTION MAY VARY DEPENDING ON YOUR COOKIE SETTINGS).

Data	Purpose	Legal Basis
IP Address, Device Type, Referrer, Country, Browsing Behaviour	Website operation and security: to ensure the technical functioning and security of the webshop, including displaying the correct website version	Legitimate interest - ensuring the proper functioning and security of our Webshop
	Webshop analytics: to analyse aggregated webshop usage and improve performance and usability	Legitimate interest - improving the functionality and quality of our services
	Marketing and advertising: to personalise marketing content and display targeted advertisements, where applicable	Consent

3.2.2 WEBSHOP CUSTOMER. Same as above, plus:

Data	Purpose	Legal Basis
Contact info, Preferences, Ordered Products	Order processing and fulfilment: to process orders, arrange delivery, handle payments, and manage returns	Contract
	Account and service management: to manage customer accounts, order history, and customer preferences	Contract
	Personalised product recommendations: to suggest similar or complementary products based on previous purchases	Legitimate Interest - improving the relevance and usability of our services
	Marketing communications: to send newsletters or promotional messages, where applicable	Consent

3.2.3 ACCOUNT HOLDERS

Data	Purpose	Legal Basis
Name, Email, Password	Account creation and management: to create and maintain the user account and enable secure login	Contract
	Order tracking and account history: to allow users to view and manage their orders through their account	Contract
	Account security and abuse prevention: to detect, prevent, and investigate misuse, fraud, or security incidents related to user accounts	Legitimate Interest - ensuring the security and integrity of our platform
Name, email address, social media account identifier	Account authentication and login via social media account: to verify your identity through the selected social media provider and allow you to securely log into your vidaXL account without creating separate login credentials.	Contract

3.2.4 ORDERS AND PAYMENTS

Data	Purpose	Legal Basis
Name, Address, Contact Info, Payment Method, IP Address	Order processing and delivery: to process purchases, arrange shipment, and deliver orders	Contract
	Payment processing and billing: to process payments, issue invoices, and manage refunds	Contract
	Fraud prevention and transaction security: to detect and prevent fraudulent or unauthorised transactions and protect the webshop	Legitimate Interest - preventing fraud and ensuring the security of transactions
	Legal and tax compliance: to comply with accounting, tax, and other statutory obligations	Legal Obligation

3.2.5 Auctions

Data	Purpose	Legal Basis
Bidder nickname	Auction participation and bidding functionality: to enable users to place bids and participate in auctions	Contract
	Auction transparency: to display bidder nicknames during the auction to ensure transparency and fairness	Legitimate Interest - ensuring fair and transparent auction operations
Account and order information linked to the auction	Abuse prevention and platform integrity: to detect and prevent misuse, manipulation, or abusive behaviour in auctions	Legitimate Interest - protecting the integrity and security of the auction platform
	Dispute handling and auction outcome management: to resolve disputes, enforce auction rules, and process auction results	Legitimate Interest - ensuring proper enforcement of auction rules and resolution of disputes

3.2.6 WISH LISTS.

When you create your own Wish List in our Webshop and add products to your Wish List while logged out they will remain on the list for 30 days. If you add products to your Wish List while logged in you can always find them under Wish List in My Account.

Data	Purpose	Legal Basis
Wishlist items	Wishlist functionality: to save selected products and display them in the Wish List during the session or within the user account	Legitimate Interest - providing wishlist functionality and improving user experience
	Account-linked wish lists: to store and retrieve wish list items for logged-in users across sessions	Contract
	Personalised offers and recommendations: to suggest relevant products based on wish list items, where applicable	Consent
IP address, browsing behaviour	Session-based wish list: to associate wish list items with a browser session	Consent
IP address, browsing behaviour	Logged-in personalisation: to enhance the user experience by displaying wish list–related content for logged-in users	Legitimate Interest - improving the usability and relevance of our services

3.2.7 REVIEWS.

vidaXL enables customers to review products and services after placing an order. These reviews help us improve our services and inform other customers. Additionally, we may invite you to participate in customer satisfaction surveys. The data collected varies based on the type of review or survey and who is managing the Interaction (vidaXL or a Third Party).

3.2.7.1 Product and service review managed by vidaXL.

Data	Purpose	Legal Basis
Name, product purchased	Publication of product and service reviews: to display reviews together with the reviewer’s name (or chosen display name) and the relevant product or service	Consent
Email address, order number	Review verification: to verify that the reviewer is an actual customer and link the review to a specific order	Legitimate interest - ensuring authenticity and reliability of customer reviews
Email address	Complaint handling and follow-up: to contact the reviewer in relation to complaints, service issues, or review-related follow-ups to contact the reviewer in relation to complaints, service issues, or review-related follow-ups	Legitimate interest - managing customer feedback and resolving service issues
Residence (for service reviews)	Contextualisation of reviews: to understand customer region for service quality analysis and contextual information	Legitimate interest - improving service quality and customer experience

3.2.7.2 Reviews submitted via third-party platforms. When clicking “Write a review” or similar links on our Webshop, you may be redirected to a third-party review platform (one of vidaXL’s contracted partners). These parties collect and process your data under their own privacy policies. vidaXL does not control how they handle your information.

Data	Purpose	Legal Basis
Name, email address	Review submission and publication on third-party platforms: to display reviews and verify customers on the third-party review platform	Consent, as obtained by the third-party platform under its own privacy statement

Note: We encourage you to consult the applicable third-party privacy policy before submitting a review, as vidaXL has no control over how these platforms process your personal data.

3.2.7.3 COMPARISON SITES WITH REVIEW FUNCTIONALITY. You may also review vidaXL through independent comparison sites showing our product listings.

Data	Purpose	Legal Basis
Name, email address	Review submission and publication on comparison platforms: to display reviews and, where applicable, contact reviewers in relation to complaints or service issues	Consent or legitimate interest, as determined by the comparison platform acting as an independent controller under its own privacy statement

3.2.7.4 CUSTOMER SATISFACTION SURVEYS. After you purchase or interact with our customer service, you may be invited to complete a customer satisfaction survey. These surveys are conducted by Third Party service providers on behalf of vidaXL.

Data	Purpose	Legal Basis
Name, email address and/or phone number	Survey invitation and distribution: to invite customers to participate in a customer satisfaction survey	Legitimate interest - measuring and improving the quality of our services
Name, email address and/or phone number	Follow-up on feedback: to contact the customer if clarification or follow-up is required	Legitimate interest - improving service quality and resolving customer concerns
Experience details, feedback text	Service quality evaluation and improvement: to evaluate customer experience, improve services, internal processes, and staff training	Legitimate interest - improving our services and customer experience
Order information	Contextualisation of feedback: to link feedback to a specific transaction or customer interaction	Legitimate interest - ensuring accurate evaluation of customer interactions
IP address	Survey integrity and abuse prevention: to prevent multiple submissions from the same user and protect the reliability of survey results	Legitimate interest - protecting the integrity and reliability of survey results
Any optional personal data provided in free-text fields	Voluntary disclosure: to process additional personal data provided at the customer’s discretion	Consent

3.2.8 CUSTOMER SERVICE INTERACTIONS.

You may contact vidaXL’s customer service to ask questions, request support, or file complaints. Contact options include phone, email, chat, or the online complaints form available on our Webshop. We collect and process Personal data to respond to and manage your request.

3.2.8.1 Customer Service interactions

Data	Purpose	Legal Basis
First and last name, email address, phone number, order number (where applicable), description of the issue or request	Handling customer enquiries and requests: to identify the customer, respond to questions, and provide requested support	Contract, where the request relates to an order or contract
	Customer communication and follow-up: to send updates, provide status information, and follow up on requests or complaints	Legitimate interest - providing effective customer support and service continuity
	Complaint handling and dispute resolution: to investigate, resolve, and document complaints	Legitimate interest - resolving disputes and improving service quality
	Transaction identification: to identify the relevant purchase in order to handle the request correctly	Contract
Chat-specific: first and last name, email address, chat subject	Live customer support via chat: to provide real-time assistance and respond to enquiries	Contract or Legitimate interest, depending on the nature of the request
Free-text customer service interactions	Analysis of customer service interactions: to detect and remove personal data using generative AI or machine learning models; once anonymised, to identify recurring complaints or product issues and improve product quality and customer experience	Legitimate interest - improving customer service processes and product quality

Where processing is necessary to comply with applicable consumer protection, accounting, or tax laws, the legal basis may also be legal obligation

3.2.8.2 RECORDING OF INTERACTIONS. Phone conversations with customer service may be recorded for the following purposes:

Data	Purpose	Legal Basis
Voice recording of the call	Service quality monitoring and staff training: to improve customer service processes and train customer service staff	Legitimate Interest - improving service quality and customer support
	Complaint handling and dispute verification: to validate complaints, investigate incidents, and ensure accurate handling of customer interactions	Legitimate Interest - resolving disputes and ensuring proper handling of customer requests
	Optional call recording: where recording is not strictly necessary and the customer actively agrees to the recording	Consent

Note: You will always be informed when a call is being recorded. Recordings are stored securely, access is restricted, and recordings are retained only for as long as necessary for the stated purposes and in any event no longer than 21 days.

3.2.9 Newsletter.

Data	Purpose	Legal Basis
Name, Email, Preferences	Newsletter subscription management: to register, manage, and maintain newsletter subscriptions	Consent
	General marketing communications: to send newsletters and promotional messages	Consent
	Personalised marketing communications: to tailor newsletter content based on preferences or past interactions, where applicable	Consent
Name, email address	Marketing to existing customers: to send information about similar products or services to customers who have previously purchased from us	Legitimate Interest- promoting similar products or services to existing customers

3.2.10 VIDAXL+ REWARDS PROGRAM

Participation in the vidaXL+ Rewards Program requires processing of personal data as described below.

Data	Purpose	Legal Basis
Name, email address, account information, purchase history, reward points balance	Membership administration: to manage your Rewards Program account, allocate and track points, and maintain membership records	Contract
	Membership communications: to send welcome emails, points updates, account statements, and other communications necessary to maintain your membership	Contract
	Rewards-related marketing communications: to send offers and promotions as part of the Rewards Program	Consent

More information about the vidaXL+ Rewards Program can be found in the TERMS & CONDITIONS – vidaXL+ Rewards Program.

4.WHO WE SHARE YOUR DATA WITH

4.1 vidaXL shares your Personal data with various third parties for the purposes of fulfilling your orders, providing services, maintaining our operations and complying with legal obligations. These Recipients can be categorized as Independent or Joint Controllers or Processors under the UK GDPR.

4.2 Independent or Joint Controllers. These entities determine, independently or jointly with vidaXL, the purposes and means of Processing Personal data:

Service Provider	Purpose	Legal Basis
Customer Service Providers (vidaXL related entity)	Handling customer inquiries and complaints	Contract Performance, Legitimate Interest
Payment Service Providers (PSPs) (e.g., PayPal, Klarna, Visa, Adyen)	Secure payment processing	Contract Performance, Legal Obligation
Logistics Companies	Delivery and return of orders	Contract Performance
Marketing & Survey Providers	Newsletter delivery, customer feedback	Consent, Legitimate Interest
Product Development & Quality Teams	Analyse anonymized feedback for improvements	Legitimate Interest
Fraud prevention providers (e.g. Forter)	Detection and prevention of fraudulent transactions and misuse of services	Legitimate Interest
Social media authentication providers (e.g. Google, Facebook)	To authenticate users who choose to log into their vidaXL account using a social media account	Contract Performance

Note: We review and update this list regularly to reflect changes in our processing activities.

4.3 Processors. These entities process Personal data strictly on vidaXL’s instructions under article 28 UK GDPR:

Processor Type	Purpose
Cloud Hosting & IT Infrastructure	Website and systems operation
CRM & Customer Service Systems	Customer Interaction and support tracking
Email/Newsletter Platforms	Newsletter delivery and opt-in handling
Chat and Interaction Tools	Real-time customer support
Debt collection services	Managing unpaid debt on behalf of vidaXL
Customer Service Providers (external)	Handling customer complaints on behalf of vidaXL
Address verification and validation services	Verification and validation of customer address details to support accurate order processing
Returns management and label generation tools	Creation of return labels, management of return merchandise authorizations, carrier selection, and tracking registration to support customer returns
Fraud prevention and detection services	Detection and prevention of fraudulent activities, misuse of services, and unlawful transactions

Note: We review and update this list regularly to reflect changes in our processing activities.

4.4 Sub-processors. Where vidaXL’s processors rely on sub-processors, the following measures are in place:

- There is a binding agreement with the sub-processor;

- The obligations mirror or exceed those in our Data Processing Agreements;

- Sub-processors are vetted for adequate safeguards.

4.5 Other specific external recipients. In certain situations, vidaXL may share Personal data with external parties where this is necessary for legal compliance and professional advice:

Category	Examples	Purpose	Legal Basis
Public authorities	Tax authorities, financial regulators, police, customs authorities	Legal compliance, fraud prevention	Legal Obligation
Professional advisers	External legal counsel, auditors, accountants	Litigation, compliance	Legitimate Interest

Note: Some of these parties may act as independent controllers under data protection law. We review and update this list regularly to reflect changes in our processing activities.

4.6 Restructuring or corporate changes. In the event of a sale, merger, or restructuring of vidaXL or its affiliates, your Personal data may be shared with prospective buyers or group entities under strict confidentiality and only as permitted under the UK GDPR.

5. YOUR RIGHTS

5.1 Under data protection legislation, you have rights including:

Your right of access – You have the right to ask us for a copy of your personal information.
Your right to rectification – You have the right to ask us to rectify personal information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete.
Your right to erasure – You have the right to ask us to erase your personal information in certain circumstances.
Your right to restriction of processing – You have the right to ask us to restrict the processing of your personal information in certain circumstances.
Your right to object to processing – You have the right to object to vidaXL processing when such processing is based on legitimate interests, including for direct marketing purposes.
Your right to data portability – You have the right to ask that we transfer the personal information you gave us to another organization, or to you, in certain circumstances.

Please note that these rights are not absolute. For example, if you request erasure of your Personal data, we may still need to retain certain details to comply with legal obligations (e.g. tax regulations).

Where the processing of your personal data is based on consent, you have the right to withdraw your consent at any time. You can do this by contacting us or by adjusting your settings on the “Preferences” page in your account, where available. Withdrawal of consent does not affect the lawfulness of processing carried out before the withdrawal.

5.2 How to exercise your rights. You can exercise your rights in the following ways:

By post:

vidaXL
Mary Kingsleystraat 1
5928 SK Venlo
The Netherlands
(Please include your full name, postal address, email address, and—if available—your customer reference number to help us locate your data.)

By email webservice@vidaxl.co.uk
By phone 0203 808 5745

5.3 Consequences of exercising a right under the GPDR. You are not required to pay any fare for exercising your rights. If you make a request, we have one month to respond to you. If you try to exercise your rights and we do not reply or you do not think our response is satisfactory, you can complain to the relevant Data Protection Authority referred to under Section 10 of this Policy.

6. INTERNATIONAL TRANSFERS

6.1 vidaXL operates within an international corporate network of affiliated and contractually linked companies (referred to as the “vidaXL consortium”). While some companies are part of the same legal group, others operate under the vidaXL brand through close commercial and operation collaboration. These companies are located both within and outside the UK and the European Economic Area (hereinafter referred to as EEA).

6.2 Access within the vidaXL consortium. Personal data may be transferred by vidaXL entities, affiliates, third parties located in the following countries depending on operational requirements:

the EEA (the Netherlands, Romania, Poland, etc.)
The United States
Asia (India, Philippines, etc.)

Each of these entities only accesses Personal data as required to perform their contractual role (logistics, customer service, IT supports, etc.).

6.3 Transfers outside the UK or to non-EEA countries. Where Personal data is processed outside the UK or EEA – whether by vidaXL entities, contractors, or third-party service providers – we ensure that such transfers are protected by adequate safeguards under the UK GDPR. These include:

Standard Contractual Clauses (SCCs) approved by the European Commission;
International Dat Transfer Agreements (IDTAs) of Addendums where required by UK law;
Contractual data protection agreements;
Technical and organizational safeguards;
Supplier audits and assessments.

Some external Processors or service providers located in non-EEA countries (e.g. Google, Meta, Amazon, Web Services, etc.) may process Personal data under these safeguards.

6.3.1 Country-specific safeguards

The table below provides an overview of the safeguards applied to international transfers, depending on the country where the recipient is located.

Country	Adequacy decisions	Adequate safeguards
The United States	Yes EU-U.S. Data Privacy Framework	N.A.
Asia (India, Philippines, etc.)	No	SCCs and supplementary measures

7. HOW LONG WILL MY DATA BE KEPT?

7.1 vidaXL does not retain your Personal data longer than necessary for the purposes for which it was collected, unless a longer retention period is required or permitted by law (e.g. for tax, accounting, regulatory or legal claims). The retention period depends on the nature of the data and Processing purposes and may vary accordingly.

7.2 To ensure compliance with article 5(1)(e) GDPR, which requires Personal data to be kept no longer than is necessary, we apply the following general criteria and statutory obligations when determining data retention durations in Ireland:

Type of data	Purpose	Retention Period	Legal Basis/Justification
Order and transaction data	Fulfilling contracts, customer service, accounting	Up to 10 years	Revenue requirement (e.g. Irish tax law and Regulation (EU) 282/2011), accounting obligations
Customer Service Interactions	Complaint resolution, service quality monitoring	Up to 2-5 years (depending on issue)	Legitimate interest in defending claims, training and service improvement
Review and Survey responses	Displaying reviews, service feedback	Up to 2 years	Consent, legitimate interest for internal quality improvement
Email Communications (e.g. newsletters)	Marketing, service updates	Until withdrawal of Consent	Consent under ePrivacy Directive and GDPR
Inactive Account Data	Fraud prevention, legal protection	Typically deleted after 2 years inactivity	Legitimate interest in preventing abuse; limitation period for civil claims
Chat Transcripts	Customer service reference	Up to 2-5 years (depending on issue)	Legitimate interest in improving customer experience
Customer contact info, purchase history, product serials, delivery records	Consumer warranties	As long as required by regulators	Sale of Goods and Supply of Services Act 1980 (Ireland) — liability may extend during and after warranty
Same as above, plus complaint handling records, support communications	Product Liability Claims	As long as required by regulators	Directive 85/374/EEC on product liability (transposed into national law); Statute of Limitations
Customer and product information necessary to identify affected users and perform notification	Product Recalls / Safety Notices	As long as required by regulators	General Product Safety Directive (2001/95/EC)
Customer Interaction data relevant to claims	Legal Claims	Up to the applicable status of limitation as provided in law	Statute of Limitations Act 1957 — civil claims generally expire after 6 years

7.3 Archiving and deletion. Once the applicable retention period expires, your Personal data will either be securely deleted, anonymised or archived in a way that it is no longer accessible or identifiable unless further retention is legally required.

8. WHAT SECURITY MEASURES ARE TAKEN TO PROTECT MY DATA?

8.1 General principles. vidaXL takes appropriate technical and organizational measures to protect your Personal data against unauthorized or unlawful Processing and against accidental loss, destruction or damage. These measures are proportionate to the sensitivity of the data, the scope of our activities, the volume of data processed, and the potential risks involved. We apply the principles of data protection by design and by default as required by article 25 of the GDPR.

8.2 Examples of security measures implemented. To safeguard your data, vidaXL employs the following categories of measures:

Category	Examples of Measures
Technical Security	SSL/TLS encryption for data in transit
Organizational security	Employee confidentiality agreements; Mandatory data protection training; Limited access to data based on job roles; Vendor risk assessments for third parties
Monitoring and Response	Continuous system monitoring for unusual access attempts Regular audits and penetration testing; Incident response plan in case of data breach
Data minimization and retention	Personal data is only retained as long as necessary Pseudonymisation/anonymization used where full identification is not required

8.3 Your responsibility. We also expect you to take steps to protect your Personal data by, for instance, always keeping your login credentials confidential, using a strong password and avoid using the same password for multiple accounts, log out when using public or shared devices, immediately notify vidaXL or any suspected misuse of your Account.

9. HOW CAN I FILE A COMPLAINT

9.1 Data Protection Officer (DPO). vidaXL has appointed a DPO in accordance with Article 37 of the GDPR. The DPO is responsible for:

Monitoring compliance with the GDPR and other applicable data protection laws;
Advising the company and its employees on data protection obligations;
Serving as a contact point for Data Subjects and the Supervisory Authority;
Conducting risk assessments and advising on data protection impact assessments;
Ensuring Data Subject rights are upheld properly and timely.

9.2 How can I contact the Data Protection Officer?

9.2.1 If you have any questions or concerns about how your Personal data is handled, or if you wish to exercise your data protection rights, you may contact the DPO directly.

You can contact our DPO at:

Email: webservice@vidaxl.ie
Mail:

Attn: Data Protection Officer

vidaXL

Mary Kingsleystraat 1

5829 SK Venlo

The Netherlands

9.2.2 If you're not satisfied with how we’ve handled your concern, or if you believe we are not Processing your Personal data lawfully, you have the right to lodge a complaint with the relevant data protection authority:

Lead Supevisory Auhtority	Supervisory Authority in Ireland:
Autoriteit Persoonsgegevens Bezuidenhoutseweg 30, 2594 AV The Hague, Netherlands https://autoriteitpersoonsgegevens.nl	Data Protection Commission 21 Fitzwilliam Square South, Dublin 2, D02 RD28 Ireland www.dataprotection.ie

10. CHANGES TO THIS NOTICE

The contents of this Privacy Statement can be amended. The most current version can always be found on the vidaXL Webshop. vidaXL advises that you regularly check this Privacy Statement, at least before you provide vidaXL with Personal data.

Terms & Conditions

Contact us!

Personal cookie settings