Privacy Statement

Last updated: 26 June 2026.

Nipponprints respects the privacy of everyone who visits nipponprints.com and handles your personal data with care and in confidence. This statement explains what personal data we collect, why we collect it, on what legal basis, who we share it with, and the rights you have. We process personal data in accordance with the General Data Protection Regulation (GDPR / AVG).

Who is responsible for your data

The controller responsible for the processing of your personal data is:

  • Nipponprints


  • The Netherlands
  • Email:
  • KVK (Chamber of Commerce):
  • BTW (VAT):

What data we collect

We only collect data we actually need:

  • Order data — when you place an order, we process your name, billing and shipping addresses, email address, telephone number, order contents, and payment status. Your payment details are entered with, and handled by, our payment provider — we do not store full card details ourselves.
  • Communication data — if you email us (for example via our contact page), we process your email address and whatever you choose to put in your message.
  • Analytics and technical data — when you browse the site we automatically process technical data such as the pages you view, your approximate region, device and browser type, and referring page. See Analytics below for how this works and which of it is anonymous.
  • Error and security data — to keep the site working we record technical details of errors that occur in your browser (the page URL and your browser/user-agent string), and our hosting provider processes connection data (such as IP address) to deliver and protect the site.

We do not knowingly collect data from children, and we do not process special categories of personal data.

PurposeLegal basis (GDPR Art. 6)
Processing and delivering your order, and contacting you about itPerformance of the contract
Handling returns, warranty, and complaintsPerformance of the contract / legal obligation
Keeping invoices and order records for tax purposesLegal obligation
Answering questions you send usLegitimate interest (responding to your request)
Cookieless website analytics and error monitoringLegitimate interest (running and improving the site securely)
Marketing analytics and advertising via Google (see below)Your consent

Where we rely on legitimate interest, we have weighed our interest against your privacy and limited the data to what is necessary. Where we rely on consent, you can withdraw it at any time.

Cookies

Functional cookies strictly necessary to operate the shop (for example to keep the contents of your shopping cart during checkout) are always placed, because the site cannot work without them.

Analytics

We use the following measurement tools:

  • Matomo — used to help us understand which prints and pages are of interest.
  • Cloudflare Web Analytics — a cookieless measurement of page-load performance. It does not track you across sites and does not require consent.
  • Google Analytics 4 / Google Ads — used to measure advertising performance and reach relevant visitors.

Who we share your data with

We never sell your data. We share it only with parties that help us run the shop, and only as far as they need it. Each acts as our processor under a data processing agreement. These include:

  • Our hosting and content-delivery provider — to serve and protect the website.
  • Our order/checkout platform — the system that runs the shop and stores your order.
  • Our payment provider — to process your payment securely.
  • Our shipping carrier — to deliver your order.
  • Matomo (InnoCraft) and Google — for the analytics described above.

We may also disclose data where we are legally obliged to (for example to tax or law-enforcement authorities).

International transfers

Most of your data stays within the EU/EEA. The exception is Google (Analytics and Ads), which may transfer data to the United States. Such transfers are made under the EU–US Data Privacy Framework and/or the European Commission’s standard contractual clauses.

How long we keep your data

  • Order and invoice data: 7 years, because Dutch tax law requires it.
  • Communication (emails): Up to 7 years after contact.
  • Analytics data: retained for as long as needed for the analysis, in line with the tool’s retention settings.

After these periods we delete or anonymise your data.

How we protect your data

We take appropriate technical and organisational measures to protect your data, including encrypted (HTTPS) connections, access controls, and processing data only through reputable providers bound by data processing agreements.

Your rights

Under the GDPR you have the right to:

  • access the personal data we hold about you;
  • rectify data that is incorrect or incomplete;
  • erase your data (“right to be forgotten”), where applicable;
  • restrict or object to our processing;
  • data portability — receive your data in a structured, common format;
  • withdraw consent at any time, where processing is based on consent.

To exercise any of these rights, contact us via our contact page. We will respond within one month. To prevent misuse we may ask you to verify your identity.

If you believe we are not handling your data properly, you have the right to lodge a complaint with the Dutch supervisory authority, the Autoriteit Persoonsgegevens (autoriteitpersoonsgegevens.nl).

Changes to this statement

We may update this privacy statement to reflect changes to the site or the law. The current version always applies; the date at the top shows when it was last revised.

Contact

For any question about this statement or your personal data, please reach us via our contact page.