← Back to Smart-Verkoop
Privacy Policy
Last updated: 23-04-2026 | Smart-Verkoop — KvK 95488294
⚠️ Notice: This is a translation. In case of conflict between translations, the Dutch version is legally binding.
This Privacy Policy describes how Smart-Verkoop handles personal data, in accordance with GDPR, the Dutch GDPR Implementation Act and the ePrivacy Directive.
1. Data Controller
- Company: Smart-Verkoop
- CoC: 95488294
- Email: info@smart-verkoop.com
- Website: https://smart-verkoop.com
2. Personal Data We Process
2.1 Account data
- Name, email, password (bcrypt-hashed)
- Company name, CoC number, VAT number (optional)
- IBAN (optional), billing address, phone (optional)
- Language preference, timezone
2.2 Payment data
- Payment status, invoice history, Mollie transaction IDs
- We NEVER store full credit card or bank account numbers
2.3 Usage data
- IP address, session date/time, browser/device (user agent)
- Country (derived from IP), visited pages, actions
- Error messages, aggregated statistics
2.4 Data fetched via APIs
- Bol.com: orders, inventory, products, reviews, prices
- Amazon SP-API (if connected)
- ShoppingScraper: competition data
- Manually entered data
3. Purposes and Legal Basis
| Purpose | Basis (GDPR art. 6) | Retention |
|---|
| Create/manage account | (b) Contract | Account + 30 days |
| Provide Service | (b) Contract | Subscription duration |
| Invoicing | (b) + (c) Legal | 7 years (tax) |
| Support | (b) Contract | 2 years after last contact |
| Security | (f) Legitimate interest | 90 days logs |
| Marketing emails | (a) Consent | Until unsubscribe |
4. Retention Periods
- Active accounts: while subscription active
- Cancelled accounts: 30 days for export, then deletion
- Invoices: 7 years (Dutch tax law)
- Login logs: 90 days; audit logs: 1 year; API logs: 30 days
- Backups: 90 days after termination
- Support history: 2 years
5. Recipients / Processors
- Strato AG (DE, EU): hosting, email
- Mollie B.V. (NL, EU): payments
- ShoppingScraper (EU): marketplace data
With each a processing agreement is signed (GDPR art. 28).
We do NOT share data with: advertisers, data brokers, social media for ads, other customers.
6. Transfers outside EU/EEA
Our servers are in the EU/EEA. Any transfers only with adequacy decision, SCCs, BCRs or explicit consent.
7. Your Rights (GDPR)
- Access (art. 15): what data we process
- Rectification (art. 16): correct incorrect data
- Erasure (art. 17): "right to be forgotten"
- Restriction (art. 18): temporarily suspend processing
- Portability (art. 20): machine-readable format
- Object (art. 21): against legitimate interest
- Withdraw consent: for consent-based processing
Procedure: email info@smart-verkoop.com subject "GDPR request" with ID copy (hide SSN). Reply within 30 days.
8. Right to Complain
You may file a complaint with the Dutch Data Protection Authority:
- Website: autoriteitpersoonsgegevens.nl
- Phone: +31 88 1805 250
9. Security
Technical: SSL/TLS, bcrypt passwords, encrypted tokens, session timeouts, rate limiting, SQL/XSS/CSRF protection, updates, firewalls, multi-tenant isolation, .htaccess protection.
Organizational: limited production access, password policy, audit logs, confidentiality, separated backups, incident response.
10. Data Breach
- Reported within 72 hours to Data Protection Authority (GDPR art. 33)
- You informed within 48 hours
- Notification includes: breach nature, categories, affected numbers, consequences, measures
11. Automated Decision-Making
We do not use automated decision-making with legal consequences.
12. Minors
Platform is for business use, not aimed at persons under 18.
13. Changes
Material changes notified by email, 30 days in advance.
14. Data Processing Agreement
When processing on behalf of Customer (end-customer data from bol/Amazon), the Data Processing Agreement applies.
15. Cookies
See Cookie Policy.
16. Contact
Email: info@smart-verkoop.com (subject: "Privacy question")