Privacy Policy

Introduction

nonnatzkrr B.V. ("we", "our", or "us") is committed to protecting your privacy and personal data. This Privacy Policy explains how we collect, use, and safeguard your information when you visit our website at nonnatzkrr.live, use our services, or interact with our bakery and café located at Hoofdstraat 202, 4880 KY Breda, Netherlands.

Data Controller

nonnatzkrr B.V. acts as the Data Controller for the personal data we process. Our company is registered in the Netherlands with registration number 74819305 and VAT number NL892405731B01. For any privacy-related questions, please contact us at privacy@nonnatzkrr.live.

Data Collection

The data we collect includes personal information such as your name, email address, phone number, and any messages you send through our contact forms. We also collect technical information about your visit to our website, including your IP address, browser type, device information, and pages visited. When you visit our physical bakery location, we may collect information related to your purchases and preferences to improve our services. Additionally, we use cookies and similar tracking technologies to enhance your browsing experience and analyse website usage patterns.

How We Use Your Information

We explain how we use your information to provide and improve our bakery and café services, respond to your enquiries and customer service requests, process orders and transactions, send you important updates about our services, and comply with legal obligations. The use of your data enables us to maintain our customer relationships, fulfil special orders and catering requests, improve our website functionality, and ensure the security of our systems. We may also use your information to analyse customer preferences and trends to enhance our product offerings and service quality.

Legal Basis for Processing

Under GDPR, we process your personal data based on several legal grounds: legitimate interests for improving our services and website functionality, contractual necessity when processing orders or responding to enquiries, consent for marketing communications (where applicable), and legal obligations for tax and business record-keeping requirements. We ensure that our processing activities are proportionate and respect your fundamental rights and freedoms.

Information Sharing

We do not sell, trade, or rent your personal information to third parties. We may share your data with trusted service providers who assist us in operating our website and business, such as payment processors, email service providers, and website hosting services. These third parties are bound by confidentiality agreements and are only permitted to use your information for the specific services they provide to us. We may also disclose information when required by law or to protect our rights and safety.

Data Retention

We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected. Customer enquiry data is typically retained for two years, order and transaction records are kept for seven years to comply with tax and accounting requirements, and website analytics data is retained for 26 months. Marketing consent records are maintained until you withdraw consent. We regularly review our data retention practices and securely delete information that is no longer needed.

Your Rights Under GDPR

As a data subject under GDPR, you have several important rights regarding your personal data. You have the right to access your personal information and receive a copy of the data we hold about you. You can request correction of any inaccurate or incomplete personal data. You have the right to erasure (right to be forgotten) in certain circumstances, such as when the data is no longer necessary for the original purpose. You can object to or restrict the processing of your personal data in specific situations. You also have the right to data portability, allowing you to receive your data in a structured, machine-readable format. If you have given consent for processing, you can withdraw it at any time.

Data Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction. Our security measures include encryption of sensitive data, secure server infrastructure, regular security assessments, access controls and authentication procedures, and staff training on data protection principles. While we strive to protect your information, no method of transmission over the internet or electronic storage is completely secure.

Cookies and Tracking Technologies

Our website uses cookies and similar tracking technologies to enhance your browsing experience and analyse website performance. We use essential cookies that are necessary for the website to function properly, analytics cookies to understand how visitors interact with our site, and preference cookies to remember your settings and choices. You can manage your cookie preferences through your browser settings or our cookie consent banner. For detailed information about our use of cookies, please refer to our Cookie Policy.

International Data Transfers

Your personal data is primarily processed within the European Economic Area (EEA). If we need to transfer data outside the EEA, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses approved by the European Commission or transfers to countries with adequacy decisions. We will inform you of any such transfers and the safeguards in place to protect your data.

Children's Privacy

Our services are not directed to children under 16 years of age. We do not knowingly collect personal information from children under 16. If we become aware that we have collected personal data from a child under 16 without parental consent, we will take steps to delete such information promptly.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or business operations. We will notify you of any material changes by posting the updated policy on our website and updating the "Last updated" date. We encourage you to review this Privacy Policy periodically to stay informed about how we protect your information.

Contact Information

If you have any questions about this Privacy Policy, wish to exercise your data protection rights, or need to contact us regarding your personal data, please reach out to us using the following contact information:

We will respond to your enquiry within one month of receipt. If you are not satisfied with our response, you have the right to lodge a complaint with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens) or your local supervisory authority.

Supervisory Authority

If you believe that our processing of your personal data violates GDPR or other data protection laws, you have the right to lodge a complaint with a supervisory authority. In the Netherlands, the relevant authority is: