Webshop
Privacy statement
Last updated 28 April 2026.
1. Who we are
The data controller for personal data processed through this webshop is:
- De Harde Music
- Bristolroodstraat 92
- 1503 NZ Zaandam
- NL
- KvK: 58491597
- Email: info@thedamnedanddirty.nl
2. What we collect
When you place an order, we collect:
- Your name
- Your email address
- Your billing and shipping address
- Your IP address (collected automatically by our server logs)
We do not collect payment card details — those are entered directly with Mollie and never reach our systems.
3. Why we use it and our legal basis
- Order fulfillment — to process your order, ship it and contact you about it. Legal basis: performance of a contract (AVG art. 6.1.b).
- Invoicing and accounting — to issue invoices and meet our bookkeeping obligations. Legal basis: legal obligation (AVG art. 6.1.c, Dutch BTW law).
- Server logs — to keep the site secure and diagnose problems. Legal basis: legitimate interest in security (AVG art. 6.1.f).
4. How long we keep it
- Invoice and order records: 7 years, as required by Dutch fiscal law.
- Server logs: approximately 30 days, after which they are rotated and deleted.
5. Who we share it with
- Mollie B.V. — payment processor, established in the Netherlands. Mollie receives only the data needed to process your payment.
- PostNL — shipping carrier. PostNL receives only the name and address printed on the shipping label.
- Our hosting provider — purely for technical processing (storing the database, serving the site). Data is not used for any other purpose.
We do not sell your data and we do not share it for marketing purposes.
6. Your rights
Under the AVG (GDPR) you have the right to:
- access the personal data we hold about you;
- rectify inaccurate data;
- request restriction of processing;
- request data portability;
- request deletion (subject to our legal retention obligations, e.g. invoices);
- object to processing based on legitimate interest.
Email info@thedamnedanddirty.nl to exercise any of these rights. You also have the right to lodge a complaint with the Dutch data protection authority, Autoriteit Persoonsgegevens, at https://autoriteitpersoonsgegevens.nl.
7. Cookies
We only use functional cookies required for the site to work — the Laravel session cookie and a CSRF token. We don't use analytics, tracking or third-party cookies. Because none of our cookies require consent, no cookie banner is shown.
8. Changes
We may update this statement from time to time. The latest version is always available at /privacy.
9. Contact
Reach us at info@thedamnedanddirty.nl for any privacy questions.