Privacy policy

Introduction 

  1. This is the privacy statement of the webshop “AfterSurgery”, a trade name of the private company Nobel zorgadvies. 

Postal and business address: Ambachtsweg 85, 2641 KW, Pijnacker, Netherlands
Chamber of Commerce number: 8605554 
Email address: info@aftersurgery.nl 
The website: https://www.aftersurgery.nl 
Phone number: 015 - 2024501 

  1. This privacy statement is on our website and is available for download.
  2. AfterSurgery attaches great importance to privacy and therefore considers it essential that the personal data collected and processed by AfterSurgery are protected as well as possible.

In this privacy statement, we would like to explain which personal data we collect from you through our contacts with you and through our services and products. We also explain how we collect the data, what we use the personal data for, with whom we share the personal data, how long we retain personal data, how you can view and adjust the personal data we store, how your personal data is secured with us, and which cookies we use. 

How do we receive and collect personal data? 
Certain personal data you actively provide to us, for example by creating a customer account on our website, in correspondence, and by phone. Some personal data are collected automatically and other personal data we receive from external sources.  

The table below shows how we receive and collect personal data. 

Which categories of personal data are processed by us and what is the purpose of that processing? 
In addition to business data (such as company name, address, postal code, city, Chamber of Commerce number, company phone number, bank details), we collect and process various personal data for different purposes.  

The table below indicates which categories of data are processed by us and for what purpose. 

How does AfterSurgery receive the data? 

These data belong to: 

Categories Personal data:

Purpose of the processing: 

By visiting our website 

Website visitors or customer 

IP address 

To inform you about our products, to give you the opportunity to order our products and/or to create a customer account, to download information. 

By placing an order on our website 

Customer 

First name, last name, email address, delivery address 

To deliver the ordered products to you, to execute the purchase agreement, to process the payment, to handle your order, and to inform you about its progress. 

By creating a customer account 

Customer 

Name, email address, delivery address, phone number, overview of ordered products 

To register and store orders, to be able to place subsequent orders faster. 

Download buttons on our website 

website visitors

Name, email address 

To send you a download if you have requested it via our website. 

Via the contact form on our website, or by phone, email, or correspondence 

everyone 

Name, (mobile) phone number, email address (optional: address) 

To respond to you when you submit a request, application, or complaint to us. 

If you are logged in to a third-party service (such as Meta or Google) and visit our website 

Website visitor 

The published information provided by you 

For linking the information you want to share. 

If you leave a review on the website 

Website visitor 

Name and email address (email address will not be published) 

To be able to post the review and to inform you about it. 

If you subscribe to our newsletter 

Website visitor 

Name and email address 

To send you the newsletter, including discount promotions. 

When redeeming a voucher or discount code 

Everyone 

Name and email address 

To allow you to use the discount offered by AfterSurgery on the order. 

If you choose deferred or installment payment via Klarna

Customer

First name, last name, date of birth, salutation, gender, and phone number

This allows Klarna to assess whether you qualify for their payment methods and to apply those payment methods.

 

Special personal data. 

  1. Our website and/or service does not intend to collect data about website visitors under 16 years old without parental or guardian consent.  
  2. However, we cannot verify if a visitor is over 16 years old. We therefore advise parents to be involved in their children's online activities to prevent data about children from being collected without parental consent.  
  3. If you are convinced that we have collected personal data about a minor without that consent, please contact us via the above contact address, and we will delete this information. 
  4. In some cases, we also need to process data about your physical characteristics and clothing sizes so that we can deliver the correct product. You provide this data yourself when placing the order. If you choose to provide this personal data to AfterSurgery and/or its suppliers, this is always based on your explicit consent. You can always withdraw your consent afterwards.  

Cookies

  1. We use cookies and trackers. Cookies are small files that our website places on the equipment (for example, computer, tablet, or phone) of a website visitor. This allows us to recognize you (and/or your computer) on a subsequent visit.  
  2. Cookies can collect or store information about the website visit or about the (device of the) website visitor. We also record information for the purpose of compiling usage statistics and for the security of our website. 
  3. The data collected through cookies and trackers is used to gain a better understanding of our customers and to develop and tailor our services and website to your personal preferences. 
  4. We use the web analytics services Google Analytics and Meta Pixel Analytics. This service uses cookies to help us analyze how visitors use the website. This means that with the help of the software, combined with the cookie, we track how many visitors the website receives and which pages are viewed the most. This allows us to improve the content and quality of our website.  
  5. We have taken measures to protect your privacy in connection with the use of Google Analytics. For example, we have concluded a data processing agreement with Google. In this agreement, we have agreed, among other things, that they only use the collected information and statistics for the website and not for Google's own purposes. In addition, we have configured the software so that the last part of your IP address is removed before the IP address is stored by Google. This further limits the risks to your privacy. 
  6. To make optimal use of the functionalities of our website, we advise you to configure your internet browser to accept cookies.  
  7. We ask you in advance to give us permission to place cookies. 
  8. Any cookies placed can be deleted immediately after your visit to our website. Please consult the privacy or settings menu of your internet browser.  
  9. By disabling or refusing cookies, you may not be able to use all the features of our website. 

Newsletters

  1. By subscribing to our newsletters, you explicitly consent to the collection of your data.  
  2. Each newsletter indicates how you can unsubscribe again. 

Reviews
WebwinkelKeur
We collect reviews via the WebwinkelKeur platform. If you leave a review through WebwinkelKeur, you are required to provide your name, place of residence, and email address. WebwinkelKeur shares this data with us so that we can link the review to your order. WebwinkelKeur also publishes your name and place of residence on its own website. In some cases, WebwinkelKeur may contact you to provide an explanation of your review. If we invite you to leave a review, your name and email address are shared with WebwinkelKeur. They use this data solely for the purpose of inviting you to leave a review. WebwinkelKeur has taken appropriate technical and organizational measures to protect your personal data. WebwinkelKeur reserves the right to engage third parties for the provision of the service, for which we have given WebwinkelKeur permission. All the above-mentioned safeguards regarding the protection of your personal data also apply to the parts of the service for which WebwinkelKeur engages third parties.

Provision to/by third parties.
With whom can personal data be shared? 

  1. We only provide your data to third parties if this is necessary for the execution of our agreement or to comply with a legal obligation.  
  2. With companies that process your data on behalf of AfterSurgery, we have concluded a processor agreement to ensure the same level of security and confidentiality of personal data. We record these processor agreements in our processing register. We remain responsible ourselves for the processing of the provided personal data. 
  3. For marketing purposes, we use external marketing parties. We only accept data that they have demonstrably obtained after explicit consent from the data subject.  
  4. Personal data may be shared with: 
  • the suppliers contracted by us who deliver the products you ordered; 
  • the other companies contracted by us: marketing company, IT company, parcel delivery service, email service provider, and external payment service; 
  • social media companies, such as Meta (if you use it). 
  • email service provider and external payment services.
  1.  Payments on our website are handled via an external payment service and a secure link. The data you enter for the payment will therefore not be visible or accessible on our servers. We only receive a positive or negative message indicating whether the payment was successful. We refer you to the website of that external payment service for their own privacy statement.  

Legal basis of the processing. 

  1. We may only process personal data if there is a legal basis. Which basis applies depends on the data we use and what we use it for.  
  2. In our processing register, we have listed the applicable basis(es) for each processing.  
  3. At least one of these situations always applies:  
  • The use of the data is necessary for the performance of a contract. This can be a contract between you and AfterSurgery and/or our suppliers or to do something at your request in order to enter into a contract.  
  • There is consent for the use of the data. We have explicitly asked you for permission.  
  • There is a legal obligation to use the data.  
  • The use of the data is necessary for the protection of a legitimate interest.  

Transfer of personal data to countries outside the EEA. 

  1. As a rule, we do not transfer personal data outside the Netherlands or the European Economic Area (EEA). All suppliers of AfterSurgery are located within the EEA. 
  2. If we do transfer personal data outside the Netherlands, we will only do so to the extent permitted by law. This means, for example, that we require those processors to maintain an appropriate level of protection and to implement the European model contract clauses. 
  3. For technical and operational reasons, it may be necessary to transfer your personal data (to servers in) other countries where privacy protection regulations may offer less protection than in the European Economic Area (EEA). Even in such cases, we will always take appropriate measures to ensure that your personal data is protected as well as possible. 
  4. To offer you Klarna's payment methods, we must pass on your personal data (contact and order details) to Klarna Bank AB (publ), Stockholm, Sweden, at checkout. Your transferred personal data is then processed in accordance with Klarna’s own privacy statement, which can be found on Klarna's website.

Rights of data subjects. 

  1. European privacy legislation grants its citizens certain rights regarding their personal data. If you are located in Europe, you can ask us to take the following actions concerning the personal data we hold about you: 
  • Access. To provide you with information about our processing of your personal data and to give you access to your personal data. 
  • Accuracy. To update or correct inaccuracies in your personal data. 
  • Deletion. To delete your personal data. Deletion of personal data may only be possible if that data is no longer relevant. We will weigh our legitimate interest against your privacy interest upon a deletion request. In case of a decision to delete, we will inform you to what extent this limits or prevents your use of our services. 
  • Transfer. To transfer a machine-readable copy of your personal data to you or to a third party of your choice. 
  • Restriction. To restrict the processing of your personal data. 
  • Objection or withdrawal. To object to our reliance on our legitimate interests as the basis for our processing of your personal data that affects your rights. In addition, you have the right to withdraw any consent you have given for data processing. 
  1.  You can submit these requests via the contact details above. We will respond to your request as soon as possible, but within four weeks. We may ask you for specific information to help us confirm your identity and process your request. Applicable legislation may require or allow us to refuse your request. If we refuse your request, we will tell you why, subject to legal restrictions.
  2.  You can always view and, if necessary, change your own data and personal settings by logging into your customer account. 

 Retention periods

  1. We will not keep your personal data longer than strictly necessary to achieve the purposes for which your data is collected or as long as required by law.  
  2. The retention periods we apply are recorded in our internal privacy policy. Some parts of it are: 
  • in the case of a completed order: until the warranty period expires, with a maximum of 24 months after the order;  
  • in the case of a customer account: until the customer cancels the account or the account has otherwise expired. Inactive customer accounts are deleted 24 months after the last action. 
  1.  After the retention period expires, we delete your data or anonymize your data. If we anonymize your data, we remove all data that refers to you. The data can no longer be linked to you. The anonymous data helps us get a better understanding of our products and services. 

Storage

  1. Personal data is stored by us, among other places, in the following databases: 
  • cloud storage; 
  • a CMS. 
  1.  This list of the main databases is based on the situation at the time of drafting this privacy statement and may change in the meantime. 

Protection

  1.  We take the protection of personal data seriously and take appropriate measures to prevent misuse, loss, unauthorized access, unwanted disclosure, and unauthorized alteration.
    2. Our website is secured with SSL and we ensure that comprehensive virus protection is always up to date. 
    3. Our employees have a confidentiality clause in their contract. In addition, we invest in raising awareness among our employees regarding information security and data privacy. 
    4. We have made clear agreements with our suppliers about the protection and confidentiality of personal data. 
    5. If you have the impression that your data is not properly secured or there are indications of misuse, please contact us via the contact address above. 

External links and social media. 

  1. Our website contains links to other external websites. We cannot be responsible for the content of those websites and how your personal data is handled there.  
  2. We strive to keep the external links up to date and to refer to the correct websites.  
  3. On our websites, there may be buttons and links from social media providers, such as Facebook, YouTube, or Instagram.  
  4. Our privacy statement does not apply to these social media channels. The use of social media is your own responsibility.  
  5. We recommend that you carefully read the privacy policies of the respective companies so that you know what happens to your data.  
  6. Many social media providers are located outside the EEA and store personal data there. As a result, it is possible that personal data is not protected at the same level as we are used to within the EEA.   
  7. If we have a page on one of the social media channels (such as Facebook), our privacy statement does apply to the content of that page. 

Questions and complaints

  1. If you have questions about this privacy statement or about (the exercise of) your rights, you can contact us via the contact address above.  
  2. If you have complaints about how we handle privacy, you have the right to file a complaint with the Data Protection Authority. For the Netherlands, that is: Autoriteit Persoonsgegevens, Postbus 93374, 2509 AJ The Hague. 
  3. In that case, we ask you to contact us first. Of course, we will do everything reasonably possible to come to an agreement with you. 

Change of our privacy statement 

  1. From time to time it may be necessary to adjust our privacy statement to current events and updated insights on data protection. 
  2. We will inform you in a timely and reasonable manner of such changes. Changes will be announced on our website.  
  3. Using our services means that you accept our privacy statement. 
  4. We recommend that you read the most recently updated version of our privacy statement. 

Email and mailing lists
Shopify: Our website uses Shopify, a third party that handles the email traffic originating from our website and the sending of any newsletters. All confirmation emails you receive from our website and web forms are sent via Shopify's servers. Shopify will never use your name and email address for its own purposes. At the bottom of every email sent automatically via our website, you will see the 'unsubscribe' link. If you click on this, you will no longer receive emails from our website. This may seriously reduce the functionality of our website! Your personal data is securely stored by Shopify. Shopify uses cookies and other internet technologies that provide insight into whether emails are opened and read. Shopify reserves the right to use your data to further improve the service and, in that context, to share information with third parties.

Shopify Mail
We use the services of Shopify Mail for our regular business email traffic. This party has taken appropriate technical and organizational measures to prevent misuse, loss, and corruption of your and our data as much as possible. Shopify Mail does not have access to our mailbox, and we treat all our email traffic confidentially.

Payment processors
Shopify Payments: To handle (part of) the payments in our webshop, we use the platform of Shopify Payments. Shopify Payments processes your name, address, city details, and your payment information such as your bank account or credit card number. Shopify Payments has taken appropriate technical and organizational measures to protect your personal data. Shopify Payments reserves the right to use your data to further improve the service and, in that context, share (anonymized) data with third parties. In the case of a request for deferred payment (credit facility), Shopify Payments shares personal data and information regarding your financial position with credit assessors. All the above-mentioned safeguards regarding the protection of your personal data also apply to the parts of Shopify Payments' service for which they engage third parties. Shopify Payments does not retain your data longer than permitted by statutory periods.

Shipping and logistics
If you place an order with us, it is our responsibility to deliver your package to you. We use the services of DPD, DHL, and GLS to carry out the deliveries. For this, it is necessary that we share your name, address, and city details with these carriers. They use this data only for the purpose of executing the agreement. In the event that they engage subcontractors, they also provide your data to these parties.

 

This privacy statement was last updated on: 17.09.'23.