Privacy
Privacy and cookie policy
Last updated: 12 July 2026
Who we are (data controller)
Chipster is responsible for the personal data described on this page (the data controller under the GDPR). You can reach us at any time with privacy questions at hello@chipster.example.
- Trade name: Chipster
- Sole proprietorship (eenmanszaak), The Netherlands
- Owner: TODO(owner)
- Address: TODO(owner), TODO(owner), The Netherlands
- Email: hello@chipster.example
- KvK (Chamber of Commerce): TODO(owner)
- BTW-id (VAT): TODO(owner)
What personal data we process, and why
We only collect what we need to sell our pieces. In practice that means:
- Account & login. Your email address. We use passwordless login: you receive a one-time code (OTP) by email instead of a password.
- Shop orders. Your name, delivery address, email, phone number (optional), any order notes, and your order history — so we can take payment, make and ship your order, and handle returns or questions.
- Analytics. Anonymous, first-party usage statistics: the page visited, an approximate country (derived by Cloudflare from your connection), device type and the site you came from. These are collected only with your consent and never identify you.
Legal bases for processing
Under Article 6 of the GDPR, we rely on the following legal bases:
- Performance of a contract (Art. 6(1)(b)). To process your shop orders.
- Consent (Art. 6(1)(a)). For analytics cookies and for our marketing newsletter. You can withdraw consent at any time.
- Legal obligation (Art. 6(1)(c)). To keep order and invoice data for the 7-year retention period required by Dutch tax law.
- Legitimate interest (Art. 6(1)(f)). Only where genuinely applicable — for example basic security and fraud prevention to keep the service safe.
Who we share data with
We use a small number of trusted service providers (processors) to run the service. They only process your data on our instructions and for these purposes:
- Mollie — payment processing.
- Cloudflare — hosting, our D1 database and R2 file storage.
- Resend — sending transactional email (login codes and order confirmations).
- PostNL — shipping and delivery tracking.
We do not sell your data. Processing takes place in the EU/EEA wherever possible. Should any transfer outside the EEA ever be necessary, it will be covered by appropriate safeguards (such as the European Commission’s Standard Contractual Clauses).
How long we keep your data
- Order & invoice data: about 7 years, because Dutch tax law requires it.
- Account data: until you ask us to delete it.
- Analytics records: purged after 14 months.
- One-time login codes (OTP): a few minutes, then deleted.
Newsletter & marketing email
We send marketing email (news and new pieces) only to people who have opted in. You can opt in when you create your account, at checkout, or from your account page. Every marketing email contains a one-click unsubscribe link, and you can change your preference from your account at any time. We never sell your address or use it for anyone else’s advertising.
Your rights
Under the GDPR (Articles 15–22) you have the right to access your data, to rectification, to erasure, to restriction of processing, to data portability, and to object — and you may withdraw consent at any time. To exercise any of these, email hello@chipster.example.
You can also delete your account yourself at any time from your account page. This erases your profile, baskets and newsletter subscription. We must keep order and invoice records for the 7-year tax-retention period, but they are unlinked from your deleted account and removed once that period ends.
You also have the right to lodge a complaint with the Dutch supervisory authority, the Autoriteit Persoonsgegevens (autoriteitpersoonsgegevens.nl).
Children
This service is not aimed at children. In the Netherlands the age for valid digital consent is 16; if you are younger, please use the service only with the consent of a parent or guardian.
Cookies and local storage
We keep cookies to a minimum. The table below lists everything we set, what it is for, whether it is essential or needs your consent, and how long it lasts.
| Name | Purpose | Type | Duration |
|---|---|---|---|
ch_consent | Remembers your cookie choice | Essential | 1 year |
ch_vid | Anonymous visitor id for first-party analytics (no personal data) | Analytics — consent required | 1 year |
session | Keeps you logged in | Essential | 60 days |
cart | Links your basket to you | Essential | 60 days |
pending_login_email | Remembers your email between login steps | Essential | 10 minutes |
Analytics cookies are set only after you click Accept. You can change or clear your choice at any time through your browser, and we honour Do-Not-Track and Global Privacy Control (GPC) signals.
What we do not do
We do not use advertising trackers, Google Analytics, or third-party analytics scripts. We do not sell data, and we do not store your IP address in analytics records.
Contact
For privacy questions or to exercise your rights, email hello@chipster.example.