Privacy policy
Privacy Policy
Supply Drop | supplydrop.be Last Updated: April 2026
This Privacy Policy explains what personal data Supply Drop collects about you, why we collect it, how we use it, who we share it with, and what rights you have over it.
We are required to provide this information under GDPR (EU Regulation 2016/679), Articles 13 and 14, and Belgian data protection law.
1. Who We Are (Data Controller)
Supply Drop is the data controller responsible for your personal data.
| Legal Entity | Supply Drop CommV |
| Address | Nanofstraat 34, 3590 Diepenbeek, Belgium |
| KBO/BCE Number | 0791.384.990 |
| VAT Number | BE0791384990 |
| info@supplydrop.be | |
| Phone | 0498 61 13 51 |
As a small business, we do not have a Data Protection Officer (DPO). For any privacy-related questions or requests, contact us directly at info@supplydrop.be.
2. What Data We Collect
Depending on how you interact with our store, we may collect and process the following personal data:
2.1 Data You Provide Directly
| Data | When Collected |
|---|---|
| First and last name | Account creation, checkout |
| Email address | Account creation, checkout, contact form |
| Delivery and billing address | Checkout |
| Phone number | Checkout (for delivery purposes) |
| Payment information | Checkout (processed by Shopify — we never see or store your full card details) |
| Order history and preferences | When you make a purchase |
| Messages and correspondence | When you contact us by email or through the store |
2.2 Data Collected Automatically
When you visit supplydrop.be, certain technical data is collected automatically by Shopify's platform:
| Data | Purpose |
|---|---|
| IP address | Security, fraud prevention |
| Browser type and version | Technical compatibility |
| Device type | Technical compatibility |
| Pages visited and time spent | Store performance and improvement |
| Referring website | Understanding how customers find us |
| Cookie data | Store functionality (see our Cookie Policy) |
We do not currently use Google Analytics, Meta Pixel, or any third-party advertising or tracking tools.
3. How and Why We Use Your Data
GDPR requires us to have a lawful basis for every use of your personal data. Below is a full breakdown.
3.1 Processing Your Order
Legal basis: Performance of a contract (Art. 6(1)(b) GDPR)
We use your name, address, email, phone number, and payment information to process and fulfil your order, charge the correct amount, and communicate with you about your purchase.
Retention: 7 years from the date of purchase, as required by Belgian accounting and VAT law.
3.2 Shipping & Delivery
Legal basis: Performance of a contract (Art. 6(1)(b) GDPR)
We share your name, delivery address, and phone number with our shipping partners (MyParcel, bPost, PostNL) so they can deliver your order and provide tracking updates.
Retention: As long as necessary to complete delivery and resolve any related disputes, typically up to 1 year.
3.3 Customer Account
Legal basis: Performance of a contract (Art. 6(1)(b) GDPR)
If you create an account, we store your contact details and order history so you can track orders, manage returns, and check out faster in future.
Retention: For as long as your account remains active. You may delete your account at any time by contacting us.
3.4 Legal and Tax Compliance
Legal basis: Legal obligation (Art. 6(1)(c) GDPR)
Belgian law requires us to retain invoices, purchase records, and related financial data for 7 years for tax and accounting purposes. We cannot delete this data on request during this period, as retention is a legal obligation.
3.5 Fraud Prevention & Security
Legal basis: Legitimate interests (Art. 6(1)(f) GDPR)
We may use order information, IP addresses, and payment data to detect and prevent fraudulent transactions and protect the security of our store and customers. Our legitimate interest is in protecting our business and customers from financial fraud and abuse.
Retention: Up to 1 year, unless an active investigation requires longer retention.
3.6 Customer Service
Legal basis: Performance of a contract / Legitimate interests (Art. 6(1)(b) and (f) GDPR)
When you contact us, we retain records of your correspondence — including your name, email, and the content of your messages — so we can provide consistent support and resolve issues effectively.
Retention: 2 years from the date of your last contact with us.
3.7 Marketing Communications
Legal basis: Consent (Art. 6(1)(a) GDPR)
We will only send you marketing emails, newsletters, or promotional offers if you have explicitly opted in. You can withdraw your consent at any time by clicking "unsubscribe" in any marketing email, or by contacting us at info@supplydrop.be.
Withdrawing consent does not affect the lawfulness of any processing carried out before withdrawal, and does not affect transactional emails related to your orders.
Retention: Until you withdraw consent or 2 years of inactivity, whichever comes first.
4. Who We Share Your Data With
We do not sell, rent, or trade your personal data. We only share it where necessary, with the following categories of recipients:
4.1 Shipping Partners
To deliver your order, we share your name, delivery address, and phone number with:
| Partner | Role | Location |
|---|---|---|
| MyParcel | Shipping platform | Netherlands (EU) |
| bPost | Carrier | Belgium (EU) |
| PostNL | Carrier | Netherlands (EU) |
All shipping partners are based within the EU and process data under GDPR.
4.2 E-Commerce Platform
Our store runs on Shopify. Shopify processes your data on our behalf as a data processor, including hosting our store, processing payments, and storing order data.
| Partner | Role | Location |
|---|---|---|
| Shopify Inc. | E-commerce platform & payment processing | Canada / USA |
Shopify is headquartered in Canada, which has an EU adequacy decision under GDPR. For data processed on US-based infrastructure, Shopify relies on Standard Contractual Clauses (SCCs) approved by the European Commission to ensure an equivalent level of data protection.
You can review Shopify's privacy practices at shopify.com/legal/privacy.
4.3 Legal Authorities
We may disclose your data to law enforcement, courts, or regulatory authorities if required by law or a lawful court order. We will notify you where legally permitted to do so.
4.4 Business Transfers
If Supply Drop is involved in a merger, acquisition, or sale of assets, your data may be transferred to the relevant parties. We will notify you in advance and ensure equivalent data protection standards apply.
5. International Data Transfers
Your data is primarily stored and processed within the European Economic Area (EEA). The only exception is Shopify's use of US-based infrastructure, which is covered by Standard Contractual Clauses as described in Section 4.2.
We do not transfer your personal data to any country without ensuring an adequate level of protection is in place.
6. Your Rights Under GDPR
As an EU resident, you have the following rights regarding your personal data. You can exercise any of these rights by contacting us at info@supplydrop.be.
| Right | What It Means |
|---|---|
| Right of access (Art. 15) | You can request a copy of all personal data we hold about you |
| Right to rectification (Art. 16) | You can ask us to correct inaccurate or incomplete data |
| Right to erasure (Art. 17) | You can ask us to delete your data, where no legal obligation requires us to keep it |
| Right to restriction (Art. 18) | You can ask us to pause processing your data in certain circumstances |
| Right to data portability (Art. 20) | You can request your data in a structured, machine-readable format |
| Right to object (Art. 21) | You can object to processing based on legitimate interests or for direct marketing |
| Right to withdraw consent (Art. 7(3)) | Where processing is based on consent, you can withdraw it at any time |
| Right not to be subject to automated decisions (Art. 22) | We do not make automated decisions with legal or similarly significant effects about you |
How to submit a request: Email info@supplydrop.be with "DATA REQUEST" in the subject line, along with your name, email address, and a description of your request. We will respond within 30 days. In complex cases we may extend this by a further 60 days, and will inform you if we do so.
We may need to verify your identity before fulfilling a request to protect your data from unauthorised disclosure.
7. Right to Lodge a Complaint
If you believe we have processed your data unlawfully, or have not responded adequately to a request, you have the right to lodge a complaint with the Belgian supervisory authority:
Belgian Data Protection Authority (Autorité de protection des données / Gegevensbeschermingsautoriteit)
- Website (FR): www.autoriteprotectiondonnees.be
- Website (NL): www.gegevensbeschermingsautoriteit.be
- Email: contact@apd-gba.be
- Phone: +32 (0)2 274 48 00
- Address: Rue de Trèves 61, 1040 Brussels, Belgium
We would always appreciate the opportunity to resolve a concern directly before you contact the DPA — please reach out to us first at info@supplydrop.be.
8. Data Security
We take appropriate technical and organisational measures to protect your personal data against unauthorised access, loss, or misuse. These include:
- Encrypted connections (HTTPS/TLS) across the entire store
- Payment data handled exclusively by Shopify's PCI-DSS compliant infrastructure — we never see or store your full card details
- Access to customer data restricted to authorised personnel only
- Regular review of our data handling practices
No method of transmission over the internet is completely secure. While we do our best to protect your data, we cannot guarantee absolute security.
9. Children's Privacy
Our store is not directed at children under the age of 16. We do not knowingly collect personal data from anyone under 16. If you believe a child has provided us with their data, please contact us at info@supplydrop.be and we will delete it promptly.
10. Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, the services we use, or legal requirements. We will notify you of significant changes by email (if you have an account) or by a prominent notice on our website.
The date of the most recent update is shown at the top of this page.
11. Contact Us
For any questions, concerns, or requests relating to this Privacy Policy or your personal data:
📧 Email: info@supplydrop.be 📞 Phone: 0498 61 13 51 📍 Address: Nanofstraat 34, 3590 Diepenbeek, Belgium
Supply Drop Privacy Policy v1.0 — Effective May 2026 Last reviewed: April 2026 | Next review: Q4 2026
Supply Drop CommV | KBO/BCE: 0791.384.990 | VAT: BE0791384990 | Diepenbeek, Belgium