Privacy Policy & Data Protection

Introduction

Easy Day Foods (hereinafter "we", "us", or "Company") is committed to protecting your privacy and ensuring you have a positive experience on our website. This Privacy Policy outlines the types of personal information we collect from you, how we use it, and the steps we take to protect it in accordance with the General Data Protection Regulation (GDPR) and applicable Dutch law.

Information We Collect

We collect and process personal information in the following categories:

• Account Information: Name, email address, phone number, password
• Delivery Information: Shipping address, postal code, city, country
• Payment Information: Processed securely via Stripe; card details are not stored on our servers
• Order History: Products purchased, quantities, prices, order dates
• Communication: Email correspondence, preferences, newsletters (with consent)
• Technical Data: IP address, browser type, device information (for security and analytics)
• Cookies: Session cookies, preference cookies, analytics cookies (see Cookie Policy)

Legal Basis for Processing

We process your personal data on the following legal grounds:

• Contract Performance: Processing necessary to fulfill orders and provide services
• Legal Obligation: Compliance with tax law, accounting regulations
• Legitimate Interest: Fraud prevention, website security, service improvements
• Consent: For marketing communications, non-essential cookies

How We Use Your Information

Your information is used for:

• Processing and fulfilling orders
• Sending order confirmations and shipping updates
• Customer service and support
• Payment processing via Stripe (PCI-DSS compliant)
• Fraud detection and prevention
• Website improvement and analytics (anonymized)
• Marketing communications (only with your consent)
• Compliance with legal and regulatory obligations

Data Retention

We retain your personal data only as long as necessary:

• User Accounts: For the duration of your account and 1 year after deletion (for legal compliance)
• Order Data: For 7 years (Dutch law requirement for VAT compliance)
• Marketing Data: Until you unsubscribe or withdraw consent
• Cookies: According to cookie type (session, 1 month, or 1 year)

Your Rights Under GDPR

As a resident of the EU or EEA, you have the following rights:

• Right to Access: You can request and download a copy of all your personal data
  Download My Data (GDPR)
• Right to Rectification: You can correct inaccurate or incomplete information by logging into your account
• Right to Erasure: You can request deletion of your account and data (subject to legal retention requirements)
• Right to Data Portability: We provide your data in a machine-readable format
• Right to Object: You can opt-out of marketing communications and certain processing activities
• Right to Withdraw Consent: Withdraw consent for non-essential processing at any time

To exercise these rights, please email us at easydayfoods@hotmail.com with your request. We will respond within 30 days.

Third-Party Services

We use the following third-party processors:

• Stripe: Payment processing (PCI-DSS Level 1 certified)
• Supabase/PostgreSQL: Database and data storage (EU-hosted with GDPR compliance)
• NextAuth.js: Authentication and session management
• Email Service: Transactional emails (password resets, order confirmations)

All processors have signed Data Processing Agreements (DPAs) in compliance with GDPR Article 28.

Cookies & Tracking

We use cookies to enhance your experience. You have full control through the cookie consent banner that appears on first visit. See our Cookie Policy for details.

Data Security

We implement industry-standard security measures:

• HTTPS encryption for all data in transit
• Secure password hashing (bcrypt)
• Environment variable protection for API keys and secrets
• Rate limiting to prevent brute-force attacks
• CSRF token protection on forms
• Regular security audits and code reviews

Account Deletion

You can permanently delete your account and all associated personal data by logging into your account and requesting deletion. This action is irreversible and will:

• Delete your user profile and authentication credentials
• Remove your saved addresses
• Anonymize your order history (required for tax compliance)

Contact & Complaints

For privacy concerns or to exercise your rights:

Email: easydayfoods@hotmail.com

Phone: +31 20 123 4567

You also have the right to lodge a complaint with your national data protection authority (in the Netherlands: Autoriteit Persoonsgegevens).