Privacy policy
Privacy Policy
Last updated: March 31, 2026
Bebefit operates this store and website, including all related information, content, features, tools, products, and services, to provide you, the customer, with a curated shopping experience (the "Services"). Bebefit is powered by Shopify, which enables us to provide the Services to you.
This Privacy Policy describes how we collect, use, and disclose your personal data when you visit, use, or make a purchase or other transaction using the Services or otherwise communicate with us. It is designed to comply with the General Data Protection Regulation (GDPR) and other applicable data protection laws.
If there is a conflict between our Terms of Service and this Privacy Policy, this Privacy Policy controls with respect to the collection, processing, and disclosure of your personal data.
Please read this Privacy Policy carefully. By using and accessing any of the Services, you acknowledge that you have read this Privacy Policy and understand the collection, use, and disclosure of your information as described herein.
1. Data Controller Identity and Contact Details
For the purposes of the GDPR, the data controller responsible for your personal data is:
If you have any questions about our privacy practices, this Privacy Policy, or if you would like to exercise any of your rights, please contact us at the details above.
2. Personal Data We Collect and Process
When we use the term "personal data," we refer to any information relating to an identified or identifiable natural person. We may collect or process the following categories of personal data:
•Contact Details: Including your name, billing address, shipping address, phone number, and email address.
•Financial Information: Including credit card, debit card, and financial account numbers, payment card information, transaction details, form of payment, payment confirmation, and other payment details.
•Account Information: Including your username, password, security questions, preferences, and settings.
•Transaction Information: Including the items you view, put in your cart, add to your wishlist, or purchase, return, exchange, or cancel, and your past transactions.
•Communications: Information you include in communications with us, for example, when sending a customer support inquiry.
•Device Information: Information about your device, browser, or network connection, your IP address, and other unique identifiers.
•Usage Information: Information regarding your interaction with the Services, including how and when you interact with or navigate the Services.
3. Sources of Personal Data
We collect personal data from the following sources:
•Directly from you: When you create an account, make a purchase, communicate with us, or otherwise provide us with your personal data.
•Automatically through the Services: From your device when you use our products or services or visit our websites, through the use of cookies and similar technologies.
•From our service providers: When we engage them to enable certain technology and when they collect or process your personal data on our behalf (e.g., Shopify).
•From our partners or other third parties: Such as payment processors or marketing partners.
4. Purposes and Lawful Bases for Processing
Under the GDPR, we must have a lawful basis to process your personal data. We process your data for the following purposes and on the following legal bases:
|
Purpose of Processing
|
Categories of Personal Data
|
Lawful Basis for Processing (GDPR Article 6)
|
|
Providing the Services & Order Fulfillment: To perform our contract with you, process payments, fulfill orders, arrange shipping, and facilitate returns/exchanges.
|
Contact Details, Financial Information, Transaction Information
|
Contractual Necessity (Art. 6(1)(b))
|
|
Account Management: To create, maintain, and manage your user account and remember your preferences.
|
Contact Details, Account Information
|
Contractual Necessity (Art. 6(1)(b))
|
|
Customer Support & Communication: To provide customer support, respond to inquiries, and send account-related notifications.
|
Contact Details, Communications
|
Legitimate Interests (Art. 6(1)(f)) to maintain customer relations, or Contractual Necessity (Art. 6(1)(b)).
|
|
Marketing and Advertising: To send promotional communications and show targeted advertisements.
|
Contact Details, Transaction Information, Usage Information
|
Consent (Art. 6(1)(a)) for direct marketing (e.g., newsletters) and non-essential cookies.
|
|
Improving the Services: To analyze usage trends, tailor the shopping experience, and improve our website.
|
Device Information, Usage Information
|
Legitimate Interests (Art. 6(1)(f)) to improve our business offerings and user experience.
|
|
Security and Fraud Prevention: To authenticate accounts, ensure secure payments, and detect/prevent fraudulent or malicious activity.
|
Account Information, Financial Information, Device Information
|
Legitimate Interests (Art. 6(1)(f)) to protect our business and customers, and Legal Obligation (Art. 6(1)(c)).
|
|
Legal Compliance: To comply with applicable laws, respond to legal processes, and enforce our terms.
|
All relevant categories
|
Legal Obligation (Art. 6(1)(c)) or Legitimate Interests (Art. 6(1)(f)) to establish, exercise, or defend legal claims.
|
Where we rely on legitimate interests, we have concluded that our interests do not override your fundamental rights and freedoms.
5. Statutory or Contractual Requirements to Provide Data
Providing your Contact Details and Financial Information is a contractual requirement necessary to enter into a purchase contract with us. If you fail to provide this data, we will be unable to process your orders, accept payments, or deliver the products to you.
6. How We Disclose Personal Data
We may disclose your personal data to the following categories of recipients:
•Service Providers and Processors: We share data with Shopify (our e-commerce platform host), payment processors, IT management, cloud storage providers, and fulfillment/shipping partners who process data on our behalf.
•Business and Marketing Partners: With your consent, we may share data to provide marketing services and personalized advertising.
•Corporate Affiliates: Within our corporate group for operational purposes.
•Legal and Regulatory Authorities: When required to comply with legal obligations, respond to subpoenas, or protect the rights and safety of Bebefit, our users, or others.
•Business Transfers: In connection with a merger, acquisition, bankruptcy, or sale of assets.
Relationship with Shopify
Our store is hosted by Shopify Inc. They provide us with the online e-commerce platform that allows us to sell our products and services to you. Your data is stored through Shopify’s data storage, databases, and the general Shopify application. For more insight, you may also want to read Shopify’s Terms of Service or Privacy Statement.
7. International Data Transfers
We may transfer, store, and process your personal data outside the European Economic Area (EEA), including to the United States and Canada (where Shopify is headquartered).
When we transfer your personal data outside the EEA, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:
•We transfer data to countries that have been deemed to provide an adequate level of protection for personal data by the European Commission (e.g., Canada).
•Where we use certain service providers (like Shopify in the US), we rely on recognized transfer mechanisms such as the European Commission's Standard Contractual Clauses (SCCs) or the EU-US Data Privacy Framework, ensuring your data is protected according to EU standards.
You can request more information about the specific mechanism used by contacting us.
8. Data Retention
We will only retain your personal data for as long as reasonably necessary to fulfill the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting, or reporting requirements.
•Order and Transaction Data: Retained for 7 years to comply with Dutch tax and accounting laws.
•Account Data: Retained for as long as your account is active. If you request account deletion, we will erase your data unless a longer retention period is required by law.
•Marketing Data: Retained until you withdraw your consent or opt-out of our marketing communications.
9. Automated Decision-Making and Profiling
We do not use your personal data for automated decision-making that produces legal effects concerning you or similarly significantly affects you. We may use basic profiling to tailor our marketing communications and product recommendations to your preferences, provided we have your consent to do so.
10. Your Data Protection Rights
Under the GDPR, you have the following rights regarding your personal data:
•Right of Access: You have the right to request a copy of the personal data we hold about you.
•Right to Rectification: You have the right to request that we correct any inaccurate or incomplete personal data.
•Right to Erasure ("Right to be Forgotten"): You have the right to request that we delete your personal data, subject to certain legal exceptions (e.g., when we must retain data for tax purposes).
•Right to Restriction of Processing: You have the right to request that we restrict the processing of your personal data in certain scenarios.
•Right to Data Portability: You have the right to receive your personal data in a structured, commonly used, and machine-readable format, and to transmit it to another controller.
•Right to Object: You have the right to object to the processing of your personal data where we are relying on a legitimate interest. You also have the absolute right to object to processing for direct marketing purposes.
•Right to Withdraw Consent: Where we rely on your consent to process your data, you have the right to withdraw that consent at any time. Withdrawal does not affect the lawfulness of processing based on consent before its withdrawal.
How to Exercise Your Rights:
You can exercise any of these rights by contacting us at info@bebefit.eu. We will respond to your request within one month. We will not discriminate against you for exercising any of these rights. We may need to request specific information from you to help us confirm your identity.
11. Right to Lodge a Complaint
If you have any concerns or complaints about how we process your personal data, we encourage you to contact us first so we can resolve the issue.
However, you also have the right to lodge a complaint with a supervisory authority in the EU Member State of your habitual residence, place of work, or place of the alleged infringement. In the Netherlands, the supervisory authority is the Autoriteit Persoonsgegevens (Dutch Data Protection Authority).
12. Children's Data
The Services are not intended for children under the age of 16. We do not knowingly collect personal data from children under 16. If you are a parent or guardian and believe your child has provided us with personal data, please contact us to request deletion.
13. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes to our practices or for other operational, legal, or regulatory reasons. We will post the revised Privacy Policy on this website and update the "Last updated" date. If we make material changes, we will notify you as required by applicable law.