Privacy & Cookie Policy

Last updated: 26 November 2025

This is the Privacy & Cookie Policy of Soma 23 VOF (“we”, “us”, “our”), registered in the Netherlands and operating the website https://www.soma-23.com (the “Website”).

We take your privacy seriously and handle your personal data in accordance with the General Data Protection Regulation (GDPR / AVG) and applicable Dutch laws, including the Telecommunicatiewet on cookies.

By using our Website, you agree to this Privacy & Cookie Policy.

1. Who we are

Controller
Soma 23 VOF
Rijswijkseweg 528 16, studio 16
2516 HT ’s-Gravenhage
Netherlands

KVK number: 98775855
VAT / BTW number: NL868638080B01

Email (general & privacy): Admin@soma-23.com
Phone: +31 629824236

If you have questions about this policy or your data, you can contact us at Admin@soma-23.com.

2. Personal data we process

We process personal data that you provide to us directly, as well as some data collected automatically when you use the Website.

2.1 Data you provide

Depending on how you use our Website, we may process:

  • Order information

    • First and last name

    • Billing and shipping address

    • Email address

    • Phone number (if provided)

    • Ordered products and order history

  • Account information

    • Login details (email and password – stored in encrypted form by our platform)

    • Account preferences

  • Contact and support information

    • Name

    • Email address

    • Any information you include in your message

  • Newsletter / marketing sign-up (if you subscribe)

    • Name (if provided)

    • Email address

    • Your marketing preferences

2.2 Data collected automatically

When you visit our Website, we may automatically collect:

  • IP address

  • Browser type and version

  • Device type and operating system

  • Referrer URL (the website you came from)

  • Pages visited and actions taken on the Website

  • Time and duration of your visit

  • Approximate location (city/country, based on IP address)

This data is collected using cookies and similar technologies. See section 7 (Cookies and similar technologies) for more details.

3. Purposes and legal bases

We process your personal data for the following purposes and based on the legal grounds listed below.

  1. Processing and delivering your orders

    • Creating and confirming your order

    • Handling payment

    • Shipping and returns
      Legal bases:

    • Performance of a contract (Article 6(1)(b) GDPR)

    • Compliance with legal obligations, e.g. tax and accounting (Article 6(1)(c) GDPR)

  2. Customer service

    • Answering your questions (email or contact form)

    • Handling complaints and support requests
      Legal bases:

    • Performance of a contract or pre-contractual measures

    • Legitimate interest in providing good customer service (Article 6(1)(f) GDPR)

  3. Account management

    • Creating and maintaining your customer account

    • Allowing you to view order history and save addresses
      Legal bases:

    • Performance of a contract

    • Legitimate interest in offering a convenient service

  4. Email marketing / newsletter

    • Sending newsletters and promotional messages if you have subscribed
      Legal basis:

    • Your consent (Article 6(1)(a) GDPR)
      You can unsubscribe at any time via the link in each marketing email or by contacting us.

  5. Analytics and website improvement

    • Understanding how visitors use our Website

    • Improving performance, usability, and content

    • Detecting technical issues
      Legal bases:

    • Legitimate interest for basic, privacy-friendly analytics

    • Your consent for non-essential analytics cookies (for example, Google Analytics 4 with full tracking features)

  6. Advertising and remarketing

    • Measuring the effectiveness of our marketing campaigns

    • Showing personalised ads to visitors of our Website (remarketing) via tools such as Google Ads and the Meta Pixel (Facebook/Instagram)
      Legal basis:

    • Your consent for marketing cookies and similar technologies (Article 6(1)(a) GDPR)

  7. Legal compliance and fraud prevention

    • Complying with tax, accounting, and other legal obligations

    • Preventing misuse of our Website, fraud, and security incidents
      Legal bases:

    • Legal obligation (Article 6(1)(c) GDPR)

    • Legitimate interest in protecting our business and systems (Article 6(1)(f) GDPR)

4. Who we share your data with

We only share your personal data with third parties when necessary for the purposes above, or when we are legally obliged to do so. These parties act as “processors” or independent controllers under the GDPR.

Examples include:

  • Payment processing
    We use Squarespace Payments (and its underlying payment partners such as Stripe and connected banks) to process your payments securely. These providers receive order information and payment details to complete the transaction.

  • Shipping and fulfilment
    We work with RTM Fulfilment and the carriers it uses (for example DHL, Bpost, DPD and other logistics partners) to store stock, prepare orders, and deliver parcels to your address.

  • Website hosting and platform
    Our Website and webshop are built and hosted on Squarespace, which processes data required to operate the site and store content and account information.

  • Email and marketing services
    We may use external email service providers to send order confirmations, service messages, and newsletters.

  • Analytics and advertising partners

    • Google Analytics 4 (GA4) for website statistics

    • Google Ads for advertising, conversions and remarketing

    • Meta (Facebook/Instagram) Pixel for advertising and remarketing
      These parties may receive information about your use of our Website when you consent to the relevant cookies.

Where third parties process data on our behalf, we conclude data processing agreements with them to protect your data.

We do not sell your personal data to third parties.

5. International data transfers

Some of our service providers are located outside the European Economic Area (EEA), for example Google and Meta. If personal data is transferred to such countries, we ensure that appropriate safeguards are in place, such as:

  • An adequacy decision by the European Commission; and/or

  • Standard Contractual Clauses (SCCs) approved by the European Commission; and, where needed,

  • Additional technical and organisational measures.

You may contact us for more information about these safeguards.

6. Retention periods

We do not retain your personal data longer than necessary for the purposes for which it was collected, unless a longer retention period is required or permitted by law (for example, tax rules).

Indicative retention periods:

  • Order and invoicing data: up to 7 years after the end of the financial year in which the transaction took place (tax obligation).

  • Customer service messages: up to 2 years after your request has been handled, unless needed longer for legal reasons.

  • Account data: as long as your account is active. If you request deletion or your account is inactive for an extended period, we may delete or anonymise it.

  • Newsletter / marketing data: until you unsubscribe or withdraw your consent.

  • Analytics and cookies: according to the storage periods used by each tool and as detailed in your cookie settings.

After the retention period, your personal data will be deleted or irreversibly anonymised.

7. Cookies and similar technologies

7.1 What are cookies?

Cookies are small text files that are stored on your device (computer, smartphone, tablet) when you visit our Website. They allow the Website to recognise your device and remember certain information about your visit. We also use similar technologies such as pixels and scripts; in this policy, we refer to all of these as “cookies”.

7.2 Categories of cookies we use

We use the following types of cookies:

  1. Strictly necessary cookies

    • Required for the basic functioning of the Website and webshop.

    • For example: remembering items in your cart, enabling checkout, and ensuring security.

    • These cookies are always active and do not require your consent.

  2. Functional / preference cookies

    • Remember choices you make (such as language or region) to provide a more personalised experience.

    • We may rely on legitimate interest or your consent, depending on the specific cookie.

  3. Analytical cookies

    • Help us understand how visitors use our Website (which pages are visited, how long visitors stay, which links are clicked).

    • We use Google Analytics 4 (GA4) for this purpose.

    • Where possible, we configure analytics in a privacy-friendly way, but for full tracking features we ask for your consent before placing these cookies.

  4. Marketing / tracking cookies

    • Used to show you personalised ads and to measure the effectiveness of our advertising campaigns.

    • We use, among others:

      • Google Ads (conversion tracking and remarketing)

      • Meta Pixel (Facebook/Instagram)

    • These cookies follow you across different websites and build a profile of your interests.

    • We only place these cookies after you have given your consent in our cookie banner.

A more detailed and up-to-date overview of the cookies and tools we use can be found in our cookie banner or cookie settings on the Website.

7.3 Cookie consent and settings

On your first visit to our Website, we show a cookie banner:

  • You can choose to accept all cookies, reject non-essential cookies, or select your preferences by category.

  • Non-essential cookies (analytics and marketing) are not placed until you give consent.

You can change or withdraw your consent at any time via the cookie settings on our Website (for example through a “Cookie settings” link in the footer) or by adjusting your browser settings to block or delete cookies.

Please note that disabling certain cookies may affect the functionality of the Website.

7.4 Google Analytics, Google Ads and Meta Pixel

If you consent to analytical and/or marketing cookies, the following applies:

  • Google Analytics 4
    We use GA4 to analyse how visitors use our Website. Google processes this information on our behalf and may store it on servers outside the EEA. Where possible, we take measures to reduce the privacy impact (such as IP-address truncation).

  • Google Ads
    We use Google Ads conversion tracking to measure the effectiveness of our ads and, with your consent, remarketing features to show ads to visitors who have previously visited our Website.

  • Meta Pixel (Facebook/Instagram)
    The Meta Pixel allows us to measure conversions and show targeted ads to visitors on Facebook and Instagram based on their interactions with our Website.

These providers may combine your data with data they already hold if you have an account with them and are logged in. Their use of the data is governed by their own privacy policies.

If you do not consent to marketing cookies, these tools will not be used for personalised advertising.

8. Your rights

Under the GDPR / AVG, you have the following rights with regard to your personal data:

  • Right of access – to obtain confirmation whether we process your data and to receive a copy of that data.

  • Right to rectification – to have inaccurate or incomplete data corrected.

  • Right to erasure (“right to be forgotten”) – to have your data deleted in certain circumstances.

  • Right to restriction of processing – to restrict how we process your data in certain cases.

  • Right to data portability – to receive your data in a structured, commonly used, machine-readable format and to transmit it to another controller, where technically feasible.

  • Right to object

    • to processing based on our legitimate interests;

    • and at any time to processing for direct marketing.

  • Right to withdraw consent – where processing is based on your consent, you can withdraw this at any time. This does not affect the lawfulness of processing before withdrawal.

You can exercise these rights by contacting us at Admin@soma-23.com. We may ask you for additional information to verify your identity.

If you are not satisfied with how we handle your personal data, you can file a complaint with the Dutch supervisory authority: Autoriteit Persoonsgegevens (https://autoriteitpersoonsgegevens.nl).

9. Security

We take appropriate technical and organisational measures to protect your personal data against loss, misuse, unauthorised access, disclosure, alteration, or destruction. Examples include:

  • Encrypted connections (HTTPS/TLS)

  • Access controls and limited access to personal data

  • Secure storage within the Squarespace platform and our service providers

  • Regular software updates and security measures

While we do our best to protect your data, no system is completely secure. If you suspect misuse or a data breach, please contact us immediately at Admin@soma-23.com.

10. Changes to this policy

We may update this Privacy & Cookie Policy from time to time, for example if our services or the applicable laws change.

The most recent version is always available on this page. If the changes are significant, we may also notify you by email or via a notice on the Website.

11. Contact

For questions, requests concerning your privacy rights, or complaints about this policy, you can contact us at:

Soma 23 VOF
Attn: Privacy
Rijswijkseweg 528 16, studio 16
2516 HT ’s-Gravenhage
Netherlands

Email: Admin@soma-23.com
Phone: +31 629824236