Shop

Privacy statement

Last updated 28 April 2026.

1. Who we are

The data controller for personal data processed through this webshop is:

De Harde Music
Bristolroodstraat 92
1503 NZ Zaandam
NL
KvK: 58491597
Email: info@thedamnedanddirty.nl

2. What we collect and why

When you place an order: your name, email address, billing and shipping address, and your IP address (from our server logs). We need these to fulfil your order (GDPR art. 6.1.b) and to meet Dutch tax-retention obligations (art. 6.1.c). Server logs are kept to keep the site secure (art. 6.1.f).

We don't collect card or bank details — those are entered directly with Mollie.

3. Who we share data with

Mollie B.V. (Netherlands) — payment processor; receives only what's needed to process the payment.
PostNL — name and address on the shipping label.
Our hosting provider — data stored in Frankfurt (AWS, eu-central-1). AWS acts as a processor under the EU Standard Contractual Clauses (SCCs); data is not structurally transferred outside the EEA.

We don't sell your data and we don't use it for marketing.

4. How long we keep it

Invoice and order records: 7 years (Dutch fiscal retention). Server logs: roughly 30 days.

5. Your rights

Access, rectification, erasure, restriction, portability, and objection. Email info@thedamnedanddirty.nl. You also have the right to lodge a complaint with the Dutch DPA, Autoriteit Persoonsgegevens: autoriteitpersoonsgegevens.nl.

6. Cookies

Only functional cookies (Laravel session and CSRF token). No analytics, no tracking, no banner.

7. Changes

We may update this statement; the current version is always at /privacy.