Privacy Policy BIRD

Last updated: 19/05/2026

Welcome to BIRD. We value your privacy and handle your personal data with care. This privacy policy explains what data we collect, why we collect it, how long we keep it, and what rights you have. This policy has been drafted in accordance with the General Data Protection Regulation (GDPR) and applicable Dutch privacy law.

 

1. Who are we?

BIRD is the data controller responsible for processing your personal data as described in this privacy policy.

Contact details:

•      Company name: BIRD

•      Address: Vinkenstraat, 1013 JM, Amsterdam

•      Chamber of Commerce (KvK) number: [KVK NUMBER]

•      VAT number: [VAT NUMBER]

•      Email: birdcyclingwear@gmail.com

•      Website: bird-cycling.com

For any questions about this privacy policy or your personal data, please contact us using the details above.

 

2. What personal data do we collect?

Depending on how you use our website, we collect the following data:

When you place an order:

•      First and last name

•      Shipping and billing address

•      Email address

•      Phone number

•      Payment details (processed by our payment provider — we do not store credit card or bank details ourselves)

•      Order history

•      Any size preferences you provide

When you create an account:

•      Login credentials (email address and encrypted password)

•      Wishlists and saved preferences

When you contact customer service:

•      The content of your message

•      Any attachments or photos you send

When you subscribe to our newsletter:

•      Email address

•      First name (optional)

When you visit our website (automatically collected):

•      IP address

•      Browser type and version

•      Device type and operating system

•      Pages visited and browsing behaviour

•      Referring website

•      Date and time of your visit

 

3. Why do we process your data?

We process your personal data for the following purposes:

Performance of a contract (Article 6(1)(b) GDPR):

•      Processing and shipping your order

•      Handling payments

•      Customer service and answering questions

•      Processing returns and complaints

Legal obligation (Article 6(1)(c) GDPR):

•      Complying with administrative and tax obligations (such as retaining invoices for the Dutch Tax Authority)

Legitimate interest (Article 6(1)(f) GDPR):

•      Improving our website and products

•      Preventing fraud and abuse

•      Analysing visitor behaviour (via anonymised analytics)

Based on consent (Article 6(1)(a) GDPR):

•      Sending our newsletter (only if you have subscribed)

•      Placing non-essential cookies (see our cookie policy)

•      Marketing purposes such as personalised offers

You may withdraw your consent at any time.

 

4. With whom do we share your data?

We only share your data with third parties when necessary for the performance of our services or when legally required to do so. We never sell your data to third parties.

We work with the following processors:

•      Squarespace — our hosting provider and webshop platform

•      Payment provider: [E.G. Stripe / Mollie / PayPal] — for processing payments

•      Shipping partner: [E.G. PostNL / DHL / DPD] — for delivering your order

•      Email marketing tool: [E.G. Mailchimp / Klaviyo] — for sending our newsletter (if applicable)

•      Analytics tool: [E.G. Google Analytics / Squarespace Analytics] — for analysing website usage

•      Our accountant/bookkeeper — for administrative processing

We have data processing agreements in place with all these parties, setting out arrangements for the protection of your data.

Transfers outside the EU: Some of our processors (such as Squarespace, based in the United States) process data outside the European Economic Area. In such cases, we ensure appropriate safeguards are in place, for example through the European Commission's Standard Contractual Clauses.

 

5. How long do we keep your data?

We do not keep your data longer than necessary:

•      Order data and invoices: 7 years (statutory retention period for the Dutch Tax Authority)

•      Customer service correspondence: maximum 2 years after resolution

•      Newsletter data: until you unsubscribe

•      Analytics data: anonymised after a maximum of 26 months

•      Cookies: see our cookie policy for specific retention periods per cookie

 

6. How do we protect your data?

We take appropriate technical and organisational measures to protect your personal data against loss, misuse or unauthorised access. These include:

•      SSL encryption of our website (HTTPS)

•      Secure payment connections via certified payment providers

•      Restricted access to personal data within our company

•      Regular software and security updates

 

7. Cookies

Our website uses cookies. Cookies are small text files stored on your device when you visit our website. We use:

•      Functional cookies: necessary for the website to function (for example, your shopping basket)

•      Analytical cookies: to understand how visitors use our site

•      Marketing cookies: only placed with your consent, for personalised content

On your first visit we ask for your consent to place non-essential cookies via our cookie banner. You can adjust your preferences at any time via cookie policy.

For a complete overview of all cookies we use, please refer to our cookie policy.

 

8. Your rights

Under the GDPR you have the following rights regarding your personal data:

•      Right of access — you may request which data we process about you

•      Right to rectification — you may have inaccurate data corrected

•      Right to erasure ("right to be forgotten") — you may request the deletion of your data, except where we have a legal retention obligation

•      Right to restriction — you may request that the processing of your data be restricted

•      Right to data portability — you may receive your data in a structured format and transfer it to another party

•      Right to object — you may object to the processing of your data, particularly against direct marketing

•      Right to withdraw consent — where processing is based on your consent, you may withdraw it at any time

Would you like to exercise one of these rights? Please email birdcyclingwear@gmail.com. We will respond to your request within 4 weeks. We may ask you to identify yourself before we process your request.

 

9. Complaints

If you have a complaint about how we handle your personal data, please contact us first at birdcyclingwear@gmail.com. We will do our best to resolve it together.

If we cannot reach a resolution, you have the right to file a complaint with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens). This is the Dutch supervisory authority for privacy:

•      Website: autoriteitpersoonsgegevens.nl

•      Phone: +31 (0)88 - 1805 250

 

10. Changes to this privacy policy

We may update this privacy policy from time to time, for example when we introduce new services or when regulations change. The most current version will always be available on this page. For significant changes we will inform you actively, for example by email or via a notice on our website.

 

11. Questions?

Do you have questions about this privacy policy or about how we handle your data? Please contact us:

•      Email: birdcycling@gmail.com

We will respond to your question as soon as possible, and in any case within 4 weeks