Privacy policy

 

Last updated: 25 April 2026

 

Enostos ("we", "us", "our") operates this website and store (the "Services"). We are the data controller responsible for the processing of your personal data under applicable data protection laws, including the General Data Protection Regulation (EU) 2016/679 ("GDPR").

This Privacy Policy explains how we collect, use, and share your personal data when you use our Services.

By using our Services, you acknowledge that you have read and understood this Privacy Policy.

 

1. Personal data we collect

We may collect and process the following categories of personal data:

Contact details
Name, billing and shipping address, email address, phone number.

Order and transaction data
Details of products purchased, payments, delivery, returns, and order history.

Payment information
Payment details are processed securely by our payment providers. We do not store full payment card details.

Account data
Login details, preferences, and account settings (if applicable).

Communications
Information you provide when contacting us.

Technical and usage data
IP address, browser type, device information, and how you interact with our website.

 

2. How we collect your data

We collect personal data:

  • directly from you (e.g. when placing an order or contacting us)

  • automatically via cookies and similar technologies

  • from service providers (e.g. Shopify, payment providers)

 

3. Analytics and tracking

We use tools such as Google Analytics 4 and Hotjar to understand how users interact with our website and improve our Services.

These tools may collect data such as:

  • pages visited

  • time spent on pages

  • clicks and interactions

  • device and browser information

These tools use cookies and similar technologies. We only use non-essential analytics and tracking technologies with your prior consent, as required under EU law.

You can withdraw or manage your consent at any time via our cookie settings.

 

4. Legal bases for processing

We process your personal data based on the following legal grounds:

Performance of a contract
To process and deliver your orders and provide our Services.

Legal obligations
To comply with tax, accounting, and legal requirements.

Legitimate interests
To improve our Services, prevent fraud, and operate our business, provided your rights do not override these interests.

Consent
For marketing communications and non-essential cookies (such as analytics and tracking).

 

5. How we use your personal data

We use your personal data to:

  • process and deliver your orders

  • manage payments and returns

  • communicate with you regarding your order or inquiries

  • improve our website and customer experience

  • send marketing communications (where you have consented)

  • prevent fraud and ensure security

  • comply with legal obligations

 

6. Sharing of personal data

We may share your personal data with:

Service providers
Including Shopify, payment providers, logistics partners, analytics providers, and IT services.

Business partners
For marketing and advertising purposes, only where you have given consent.

Authorities
Where required by law or to protect our legal rights.

Shopify acts as our processor for hosting and operating the store. In some cases, Shopify may act as an independent controller for certain processing activities. More information is available in Shopify’s privacy policy.

 

7. International transfers

Some of our service providers may process data outside the European Economic Area (EEA).

Where this occurs, we ensure appropriate safeguards are in place, such as:

  • Standard Contractual Clauses approved by the European Commission

  • transfers to countries with an adequacy decision

 

8. Data retention

We retain personal data only as long as necessary for:

  • fulfilling orders and providing Services

  • complying with legal obligations (e.g. tax laws)

  • resolving disputes and enforcing agreements

 

9. Your rights

Under GDPR, you have the following rights:

  • access your personal data

  • correct inaccurate data

  • request deletion of your data

  • restrict processing

  • object to processing

  • data portability

  • withdraw consent at any time (where processing is based on consent)

To exercise your rights, contact us through the contact form.

You also have the right to lodge a complaint with your local data protection authority.

 

10. Security

We implement appropriate technical and organizational measures to protect your personal data. However, no system is completely secure.

 

11. Children

Our Services are not intended for individuals under 18. We do not knowingly collect personal data from children.

 

12. Changes to this policy

We may update this Privacy Policy from time to time. The latest version will always be available on our website.

 

13. Contact

Enostos
Bestevaerstraat 137-3
1056HL Amsterdam
The Netherlands

Contact us through the contact form.