Privacy Policy

1. Introduction

This Privacy Policy explains how we collect, use, store, and protect your personal information when you use our platform and services (the “Service”). We are committed to safeguarding your privacy and complying with the General Data Protection Regulation (GDPR) and other applicable data protection laws.

2. Data We Collect

We may collect the following categories of personal data:

• Contact information: name, email address, and phone number, as provided by you or through your interactions with businesses on our platform.
• Messaging data: messages exchanged between you and businesses through WhatsApp, Instagram, or other supported platforms, for the purpose of facilitating the services you requested.
• Payment information: tokenized payment references created through Stripe. We never store, access, or process your full card numbers or bank details.
• Transaction records: details of purchases, bookings, and payments made through the Service.
• Technical data: IP address, browser type, and device information collected automatically when you access our web pages.

3. How We Use Your Data

We use your personal data for the following purposes:

• Service delivery: to facilitate communications, process transactions, and deliver the services you have requested.
• Payment processing: to securely process payments through Stripe on behalf of the businesses you transact with.
• Customer support: to respond to inquiries and resolve issues related to your use of the Service.
• Service improvement: to analyze usage patterns and improve the reliability and functionality of the Service.
• Legal compliance: to comply with applicable laws, regulations, and legal obligations.

4. What We Do NOT Do with Your Data

We commit to the following:

• We do not sell your personal data to any third party, under any circumstances.
• We do not rent or trade your data for marketing or advertising purposes.
• We do not use your data for profiling or automated decision-making that produces legal or similarly significant effects.
• We do not share your data with third parties except as strictly necessary to provide the Service (e.g., Stripe for payment processing, Meta for messaging delivery).

5. Legal Basis for Processing (GDPR)

We process your personal data under the following legal bases:

• Contract performance: processing necessary to fulfill a transaction or service you have requested.
• Consent: where you have given explicit consent, such as when authorizing a future payment charge.
• Legitimate interest: for improving the Service and ensuring security, where such interest does not override your fundamental rights.
• Legal obligation: where processing is required by law.

6. Third-Party Services

We rely on the following third-party services to operate the platform:

• Stripe — for secure payment processing and tokenization of payment methods. Stripe is a PCI Level 1 certified service provider.
• Meta (WhatsApp, Instagram) — for messaging delivery on behalf of businesses.
• Cloudflare — for hosting, content delivery, and infrastructure.

These providers process data in accordance with their own privacy policies and applicable data protection regulations.

7. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected, or as required by applicable law. Payment tokens are retained until you revoke your consent or request deletion. Transaction records may be retained for up to 10 years to comply with financial record-keeping obligations.

8. Data Security

We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. These measures include encryption in transit (TLS), access controls, and secure infrastructure hosting. However, no method of transmission or storage is completely secure, and we cannot guarantee absolute security.

9. Your Rights

Under the GDPR and applicable data protection laws, you have the following rights:

• Right of access: request a copy of the personal data we hold about you.
• Right to rectification: request correction of inaccurate or incomplete data.
• Right to erasure: request deletion of your personal data, subject to legal retention obligations.
• Right to restriction: request that we limit the processing of your data in certain circumstances.
• Right to data portability: receive your data in a structured, commonly used, machine-readable format.
• Right to object: object to the processing of your data based on legitimate interest.
• Right to withdraw consent: withdraw previously given consent at any time, without affecting the lawfulness of processing carried out prior to withdrawal.

To exercise any of these rights, please contact us at the address below.

10. International Data Transfers

Your data may be processed in countries outside the European Economic Area (EEA) where our service providers operate. In such cases, we ensure that appropriate safeguards are in place, such as Standard Contractual Clauses approved by the European Commission, to protect your data in accordance with GDPR requirements.

11. Changes to This Policy

We may update this Privacy Policy from time to time. Any changes will be effective immediately upon posting. We encourage you to review this policy periodically. Your continued use of the Service after modifications constitutes acceptance of the updated policy.

12. Contact

If you have any questions about this Privacy Policy or wish to exercise your data protection rights, please contact us at team@chosenfamily.nl.