Privacy Policy

Last updated: May 2025

Thomas Super Store, operated by Westerman ("we", "us", "our"), is committed to protecting your privacy and personal data. This Privacy Policy explains how we collect, use, store, and protect your information in compliance with the General Data Protection Regulation (GDPR / AVG) and other applicable data protection laws.

1. Data Controller

The data controller responsible for your personal data is:

Westerman (WETO Media)
The Netherlands
KvK: 96618043
Email: info@thomassuperstore.com
Website: thomassuperstore.com

If you have any questions about this Privacy Policy or how we handle your data, you can contact us at the email address above.

2. What Personal Data We Collect

We collect the following categories of personal data:

2.1 Information You Provide

• Account information: Name, email address, password (encrypted), phone number
• Order information: Shipping address, billing address, order history
• Payment information: Payment method selected (payment details are processed directly by Mollie and are not stored on our servers)
• Communication: Messages you send via our contact form, email correspondence, customer service interactions
• Newsletter: Email address (when you subscribe to our newsletter)

2.2 Information Collected Automatically

• Browsing data: Pages visited, products viewed, time spent on pages
• Technical data: IP address, browser type, device type, operating system, screen resolution
• Cookies: See Section 8 (Cookie Policy) below
• Referral data: How you arrived at our website (search engine, social media, direct link)

3. Why We Collect Your Data

We process your personal data for the following purposes:

• Order processing: To process, fulfill, and ship your orders
• Customer service: To respond to your enquiries and provide support
• Account management: To create and manage your customer account
• Communication: To send order confirmations, shipping updates, and other transactional messages
• Marketing: To send newsletters and promotional content (only with your explicit consent)
• Website improvement: To analyse how visitors use our website and improve the shopping experience
• Legal obligations: To comply with tax, accounting, and other legal requirements
• Fraud prevention: To detect and prevent fraudulent transactions

4. Legal Basis for Processing

We process your personal data based on the following legal grounds under the GDPR:

• Contract performance (Art. 6(1)(b) GDPR): Processing necessary to fulfil our contract with you, including order processing, shipping, and returns.
• Legitimate interest (Art. 6(1)(f) GDPR): Processing necessary for our legitimate business interests, such as fraud prevention, website analytics, and improving our services, provided these interests do not override your rights.
• Consent (Art. 6(1)(a) GDPR): Processing based on your explicit consent, such as marketing emails and non-essential cookies. You can withdraw consent at any time.
• Legal obligation (Art. 6(1)(c) GDPR): Processing required to comply with legal obligations, such as tax and accounting regulations.

5. Third Parties & Data Sharing

We share your data with the following trusted third parties, only to the extent necessary for providing our services:

• Mollie B.V. (Payment processing) — Processes your payment securely. Mollie is PCI DSS compliant and does not share your payment details with us. Mollie Privacy Policy
• Fulfillment / logistics partner (Shipping) — Our 3PL (third-party logistics) partner receives your name and shipping address to dispatch your order.
• Email service provider (Communication) — For sending transactional emails (order confirmations, shipping updates) and marketing newsletters (with your consent).
• Analytics provider (Website analytics) — We use analytics tools to understand how visitors interact with our website. Data is anonymised where possible.
• Hosting provider (Website hosting) — Our website is hosted securely on servers within the EU/EEA.

We do not sell, rent, or trade your personal data to any third party. We only share data when it is necessary for the services described above or when required by law.

6. Data Retention

We retain your personal data only for as long as necessary for the purposes described in this policy:

• Account data: Retained as long as your account is active. You can request deletion at any time.
• Order data: Retained for 7 years after the order date, as required by Dutch tax law (fiscale bewaarplicht).
• Communication records: Retained for 2 years after the last interaction.
• Newsletter subscription: Retained until you unsubscribe.
• Website analytics data: Anonymised and retained for up to 26 months.
• Cookie data: See Section 8 for retention periods per cookie type.

7. Your Rights

Under the GDPR, you have the following rights regarding your personal data:

• Right of access: You can request a copy of all personal data we hold about you.
• Right to rectification: You can request that we correct any inaccurate or incomplete data.
• Right to erasure ("right to be forgotten"): You can request that we delete your personal data, unless we have a legal obligation to retain it.
• Right to restriction: You can request that we restrict the processing of your data in certain circumstances.
• Right to data portability: You can request your data in a structured, commonly used, machine-readable format and have it transferred to another controller.
• Right to object: You can object to the processing of your data based on legitimate interest, including direct marketing.
• Right to withdraw consent: Where processing is based on consent, you can withdraw it at any time without affecting the lawfulness of prior processing.

To exercise any of these rights, please contact us at info@thomassuperstore.com. We will respond to your request within 30 days, as required by the GDPR.

You also have the right to file a complaint with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens) at autoriteitpersoonsgegevens.nl.

8. Cookie Policy

Our website uses cookies to ensure proper functionality and to improve your experience. Cookies are small text files stored on your device.

8.1 Types of Cookies We Use

• Essential cookies: Required for the website to function correctly (e.g., shopping cart, login session). These cannot be disabled. Duration: session or up to 1 year.
• Functional cookies: Remember your preferences such as language and currency settings. Duration: up to 1 year.
• Analytics cookies: Help us understand how visitors interact with our website (e.g., page views, popular products). Data is anonymised. Duration: up to 26 months.
• Marketing cookies: Used to show relevant advertisements on other platforms, only with your explicit consent. Duration: up to 1 year.

8.2 Managing Cookies

When you first visit our website, you will be shown a cookie banner where you can choose which types of cookies to accept. You can change your cookie preferences at any time through your browser settings or by contacting us.

Please note that disabling essential cookies may affect the functionality of our website (e.g., you may not be able to add items to your cart).

9. Data Security

We take appropriate technical and organisational measures to protect your personal data against unauthorised access, loss, or misuse. These measures include:

• SSL/TLS encryption on all pages of our website
• Secure payment processing through Mollie (PCI DSS compliant)
• Encrypted storage of passwords
• Regular security audits and updates
• Access controls limiting data access to authorised personnel only

10. International Data Transfers

Your personal data is primarily processed within the European Economic Area (EEA). If we transfer data outside the EEA (e.g., through third-party service providers), we ensure adequate protection through:

• EU adequacy decisions
• Standard Contractual Clauses (SCCs) approved by the European Commission
• Other appropriate safeguards under the GDPR

11. Children's Privacy

Our website and services are not directed at children under the age of 16. We do not knowingly collect personal data from children under 16 without parental consent. If you believe we have inadvertently collected data from a child under 16, please contact us and we will promptly delete it.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or applicable laws. The updated version will be posted on this page with a revised "Last updated" date. We encourage you to review this page periodically.

If we make significant changes that affect how we process your data, we will notify you via email or a prominent notice on our website.

13. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Westerman (operating Thomas Super Store)
Email: info@thomassuperstore.com
The Netherlands

We aim to respond to all privacy-related enquiries within 30 days.