Privacy Statement
PRIVACY POLICY
Last updated: [DATE]
Black Reaper Records ("we", "us", "our") respects your privacy and is committed to protecting your personal data. This policy explains how we collect, use, and safeguard your information when you visit blackreaper.nl or make a purchase, in accordance with the EU General Data Protection Regulation (GDPR).
Who We Are
The data controller responsible for your personal data is:
Black Reaper Records
Email: order@blackreaper.nl
What We Collect
Depending on how you interact with us, we may collect:
- Order & contact details: name, email address, shipping and billing address, phone number.
- Payment information: processed securely by our payment providers. We do not store your full card details.
- Account details: if you create an account, your login credentials and order history.
- Marketing preferences: your email address and consent status if you subscribe to our newsletter.
- Technical & usage data: IP address, browser type, device information, and how you use our site, collected via cookies and similar technologies.
How We Use Your Data
We process your personal data for the following purposes and legal bases:
- To fulfil your orders — processing payments, shipping, and customer service (legal basis: performance of a contract).
- To manage your account (legal basis: performance of a contract).
- To send marketing emails about drops, releases, and events, where you have opted in (legal basis: consent). You can withdraw consent at any time.
- To improve our site and prevent fraud (legal basis: legitimate interests).
- To comply with legal obligations, such as tax and accounting requirements (legal basis: legal obligation).
Cookies
We use cookies to run the store, remember your cart, analyse traffic, and support marketing. You can manage your preferences through our cookie banner or your browser settings. Non-essential cookies are only set with your consent. See our Cookie Policy for more detail.
Who We Share Your Data With
We share data only as needed to run our business, including with:
- Our e-commerce platform (Shopify), which hosts our store.
- Payment processors that handle transactions.
- Shipping and fulfilment partners that deliver your order.
- Email marketing providers (such as Omnisend or Klaviyo) where you have subscribed.
- Analytics providers that help us understand site usage.
We do not sell your personal data. Where any provider processes data outside the European Economic Area (EEA), we ensure appropriate safeguards are in place, such as EU Standard Contractual Clauses.
How Long We Keep Your Data
We keep your personal data only as long as necessary for the purposes described above, or as required by law (for example, invoices are retained for the legally required period for tax purposes). Marketing data is kept until you unsubscribe.
Your Rights
Under the GDPR, you have the right to:
- Access the personal data we hold about you.
- Request correction of inaccurate data.
- Request erasure of your data ("right to be forgotten").
- Restrict or object to our processing of your data.
- Request data portability.
- Withdraw consent at any time, where processing is based on consent.
- Lodge a complaint with your local supervisory authority. In the Netherlands, this is the Autoriteit Persoonsgegevens (autoriteitpersoonsgegevens.nl).
To exercise any of these rights, email us at order@blackreaper.nl.
Data Security
We take appropriate technical and organisational measures to protect your data against loss, misuse, and unauthorised access. No method of transmission over the internet is completely secure, but we work to protect your information at all times.
Changes to This Policy
We may update this policy from time to time. Any changes will be posted on this page with an updated revision date.
Contact Us
If you have any questions about this privacy policy or how we handle your data, email us at order@blackreaper.nl or chat with us.