Privacy Policy

Introduction

markofhwrm B.V. ("we," "our," or "us") is committed to protecting your privacy and personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website, use our services, or interact with our street food business located in Almere, Netherlands.

As the Data Controller, markofhwrm processes your personal data in accordance with the General Data Protection Regulation (GDPR) and other applicable privacy laws. Please read this policy carefully to understand our practices regarding your personal data.

Data Collection

The data we collect includes personal information you provide directly to us and information automatically collected through your use of our website and services. We collect the following types of information:

• Contact Information: Name, email address, phone number, and postal address when you contact us or place orders
• Communication Data: Messages, inquiries, and feedback you send to us through our contact forms or email
• Technical Data: IP address, browser type, device information, and website usage data collected through cookies and analytics
• Transaction Data: Order details, payment information (processed securely by third-party payment providers), and delivery information
• Marketing Data: Your preferences for receiving marketing communications and promotional materials

How We Use Your Data

We explain how we use your information for various purposes based on legal grounds under GDPR. The use of your data includes:

• Service Provision: To process your orders, deliver our street food services, and manage customer relationships (Legal Basis: Contract performance)
• Communication: To respond to your inquiries, provide customer support, and send service-related notifications (Legal Basis: Contract performance and legitimate interests)
• Business Operations: To improve our services, conduct business analysis, and maintain our website functionality (Legal Basis: Legitimate interests)
• Marketing: To send promotional materials and marketing communications where you have consented (Legal Basis: Consent)
• Legal Compliance: To comply with legal obligations, resolve disputes, and enforce our terms (Legal Basis: Legal obligation and legitimate interests)

Legal Basis for Processing

Under GDPR, we process your personal data based on the following legal grounds:

• Consent: Where you have given clear consent for specific processing activities
• Contract: Where processing is necessary for performing a contract with you
• Legal Obligation: Where we must process data to comply with legal requirements
• Legitimate Interests: Where processing is necessary for our legitimate business interests, balanced against your rights

Data Sharing and Disclosure

We do not sell, trade, or rent your personal data to third parties. We may share your information in the following circumstances:

• Service Providers: With trusted third-party service providers who assist in our business operations (payment processing, delivery services, website hosting)
• Legal Requirements: When required by law, court order, or government authority
• Business Protection: To protect our rights, property, or safety, or that of our customers or others
• Business Transfers: In connection with any merger, sale, or transfer of company assets

Data Retention

We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected and to comply with legal obligations:

• Customer Data: Retained for the duration of our business relationship and up to 7 years after for legal compliance
• Communication Records: Kept for 3 years from the date of last contact for customer service purposes
• Marketing Data: Retained until you withdraw consent or for 2 years from last engagement
• Website Analytics: Anonymised data may be retained for statistical purposes indefinitely

Your Rights Under GDPR

As a data subject under GDPR, you have the following rights regarding your personal data:

• Right of Access: Request a copy of the personal data we hold about you
• Right to Rectification: Request correction of inaccurate or incomplete data
• Right to Erasure: Request deletion of your personal data in certain circumstances
• Right to Restrict Processing: Request limitation of how we process your data
• Right to Data Portability: Request transfer of your data in a structured, machine-readable format
• Right to Object: Object to processing based on legitimate interests or for marketing purposes
• Right to Withdraw Consent: Withdraw consent for processing where consent is the legal basis

Data Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction. Our security measures include:

• Encryption of data in transit and at rest
• Regular security assessments and updates
• Access controls and staff training
• Secure payment processing through certified providers
• Regular backup and disaster recovery procedures

International Data Transfers

We primarily process data within the European Union. If we transfer your data outside the EU, we ensure appropriate safeguards are in place, including adequacy decisions, standard contractual clauses, or other approved transfer mechanisms under GDPR.

Cookies and Tracking

Our website uses cookies and similar tracking technologies. Please refer to our Cookie Policy for detailed information about how we use cookies, what types of cookies we use, and how you can manage your cookie preferences.

Children's Privacy

Our services are not intended for children under 16 years of age. We do not knowingly collect personal data from children under 16. If you are a parent or guardian and believe your child has provided us with personal data, please contact us immediately.

Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or business operations. We will notify you of any material changes by posting the updated policy on our website and updating the "Last updated" date. Your continued use of our services after such changes constitutes acceptance of the updated policy.

Contact Information

If you have questions about this Privacy Policy, wish to exercise your rights, or need to contact us regarding data protection matters, please contact us using the following information:

You also have the right to lodge a complaint with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens) if you believe we have not handled your personal data in accordance with applicable law.

Supervisory Authority

If you are not satisfied with our response to your privacy concerns, you have the right to contact our supervisory authority: