Our Privacy & Cookie Policy

1. Introduction

Welcome to Alma’s Mex-Tex] (referred to as 'we', 'us', or 'our'). We are a home-based cooking business based in the Netherlands.

We are committed to protecting your personal data and respecting your privacy in accordance with:

•       The General Data Protection Regulation (EU) 2016/679 (GDPR)

•       The Dutch Implementation Act (Uitvoeringswet AVG)

•       The Dutch Telecommunications Act (Telecommunicatiewet) regarding cookies

 

This policy explains what personal data we collect, why we collect it, how we use it, and what rights you have.

 

2. Who We Are (Data Controller)

The data controller responsible for your personal data is:

Alma’s Mex-Tex

Hilversum, Netherlands

Email: :info@almas-tex-mex.nl

Phone: +31 06 1893 1017

KvK (Chamber of Commerce) number: 98812262

 

If you have any questions about this policy or how we handle your data, please contact us at the details above.

 

3. What Personal Data We Collect

3.1 Data you provide to us

When you place an order, make an enquiry, or contact us, we may collect:

•       Name

•       Email address

•       Phone number

•       Delivery or billing address

•       Dietary requirements or allergy information (which may be considered sensitive/special category data)

•       Payment information (processed securely via our payment provider — we do not store card details)

•       Any other information you choose to share with us

 

3.2 Data collected automatically

If you visit our website, we may automatically collect:

•       IP address

•       Browser type and version

•       Pages visited and time spent

•       Referring website

•       Cookie data (see Section 7)

 

4. Why We Use Your Data and Legal Basis

We only process your personal data when we have a lawful reason to do so under the GDPR (Article 6). Below is an overview of our purposes and the applicable legal basis:

 

Fulfilling your order (preparing and delivering food)

Legal basis: Performance of a contract (Art. 6(1)(b))

 

Processing payment

Legal basis: Performance of a contract (Art. 6(1)(b))

 

Responding to enquiries and customer service

Legal basis: Legitimate interests (Art. 6(1)(f))

 

Managing allergen and dietary information for food safety

Legal basis: Legal obligation and vital interests (Art. 6(1)(c); Art. 9(2)(c) for special category data)

 

Sending promotional messages or newsletters (only if you have opted in)

Legal basis: Consent (Art. 6(1)(a)) — you may withdraw consent at any time

 

Complying with legal obligations (e.g. tax records)

Legal basis: Legal obligation (Art. 6(1)(c))

 

5. How Long We Keep Your Data

We keep your personal data only for as long as necessary for the purposes described in this policy, or as required by Dutch law:

•       Order and financial records: 7 years (required by Dutch tax law — Belastingdienst)

•       Customer communications: up to 2 years after last contact

•       Marketing consent records: until you withdraw consent, then deleted within 30 days

•       Cookie data: see Section 7 for specific cookie lifetimes

 

After the relevant retention period, we securely delete or anonymize your data.

 

6. Who We Share Your Data With

We do not sell your personal data. We may share it only with trusted third parties where necessary:

•       Payment processors (e.g. iDEAL, Mollie, PayPal) — for secure payment handling

•       Delivery services — if we use a courier to deliver your order

•       Accountant or accounting software — for financial record-keeping

•       Email service providers — if we send newsletters (only with your consent)

•       Dutch authorities — if required by law (e.g. Belastingdienst, police)

 

All third-party processors are bound by data processing agreements (verwerkersovereenkomsten) and handle your data securely in accordance with the GDPR.

 

We do not transfer your data outside the European Economic Area (EEA). If this ever changes, we will update this policy and ensure appropriate safeguards are in place.

 

7. Cookie Policy

7.1 What are cookies?

Cookies are small text files placed on your device when you visit a website. They help the website function and may collect information about your visit.

 

7.2 Types of cookies we use

Strictly Necessary Cookies

Essential for the website to work. No consent is required. Examples: session cookies, security tokens, shopping cart cookies.

 

Analytical / Performance Cookies (with your consent)

Help us understand how visitors use our site (e.g. Google Analytics). Only activated after you give consent via our cookie banner. Data is anonymized where possible.

 

Marketing / Tracking Cookies (with your consent)

Used for advertising or social media tools (e.g. Facebook Pixel). Only activated after your explicit consent.

 

7.3 Cookie consent

In accordance with the Dutch Telecommunications Act (Telecommunicatiewet), we ask for your consent before placing any non-essential cookies. You can:

•       Accept all cookies via our cookie banner when you first visit our site

•       Accept only strictly necessary cookies

•       Adjust or withdraw your preferences at any time via the cookie settings link in the footer of our website

 

7.4 Managing cookies in your browser

You can also manage cookies through your browser settings. Disabling cookies may affect how our website functions. For guidance, visit www.allaboutcookies.org.

 

8. Your Rights Under the GDPR

As a data subject, you have the following rights under the GDPR:

•       Right of access (Art. 15): Request a copy of the personal data we hold about you

•       Right to rectification (Art. 16): Ask us to correct inaccurate or incomplete data

•       Right to erasure (Art. 17): Ask us to delete your data ('right to be forgotten'), subject to legal retention requirements

•       Right to restriction (Art. 18): Ask us to limit how we process your data

•       Right to data portability (Art. 20): Receive your data in a structured, machine-readable format

•       Right to object (Art. 21): Object to processing based on legitimate interests or for direct marketing

•       Right to withdraw consent: Where processing is based on consent, you may withdraw it at any time — this does not affect the lawfulness of prior processing

 

To exercise any of these rights, please contact us at info@almas-tex-mex.nl. We will respond within one month (30 days). We may need to verify your identity before processing your request. There is no charge for exercising your rights unless requests are manifestly unfounded or excessive.

 

9. Complaints

If you believe we have not handled your personal data correctly, you have the right to lodge a complaint with the Dutch data protection authority:

 

Autoriteit Persoonsgegevens (AP)

Website: www.autoriteitpersoonsgegevens.nl

Phone: +31 (0)70 888 85 00

Post: Postbus 93374, 2509 AJ Den Haag

 

We would appreciate the opportunity to address your concerns before you contact the AP. Please reach out to us first.

 

10. Data Security

We take appropriate technical and organizational measures to protect your personal data from unauthorized access, loss, or misuse:

•       Password-protected devices and accounts

•       Encrypted communications where applicable

•       Access limited to ourselves and authorized processors only

•       Secure disposal of paper records containing personal data

 

In the event of a personal data breach that risks your rights and freedoms, we will notify the Autoriteit Persoonsgegevens within 72 hours and inform affected individuals without undue delay, as required by GDPR Article 33 and 34.

 

11. Changes to This Policy

We may update this Privacy & Cookie Policy from time to time to reflect changes in our practices or legal requirements. The latest version will always be available on our website or upon request, with the date of the most recent update shown at the top.

For significant changes, we will notify you by email or via a notice on our website.