Privacy Policy

LASONAE — PRIVACY POLICY

Effective Date: April 4, 2026

At Lasonae, we take your privacy seriously. This Privacy Policy explains what personal data we collect, why we collect it, how we use it, and what rights you have over it.

Because Lasonae is based in the Netherlands, this policy complies fully with the EU General Data Protection Regulation (GDPR). Even though we primarily serve customers in the United States, any visitor from the European Economic Area (EEA) is covered by the same GDPR protections.

By using our website at https://lasonae.nl/ or placing an order, you acknowledge that you have read and understood this Privacy Policy.

WHO WE ARE (DATA CONTROLLER)

Lasonae is the data controller responsible for your personal data.

Business name: Lasonae
Address: Sleutelbloem 12, Leeuwarden 8935 RP, Netherlands
Email: support@lasonae.nl
Website: https://lasonae.nl/

If you have any questions about how we handle your data, please contact us at support@lasonae.nl.

WHAT DATA WE COLLECT

We collect the following categories of personal data:

a) Data you provide directly

Full name
Email address
Billing and shipping address
Phone number (if provided)
Order details and purchase history
Communications you send us (e.g. support emails)

b) Payment information
Payment transactions are processed securely by Stripe. We do not store or have access to your full credit card or payment details. Stripe acts as a separate data processor and is subject to its own privacy policy (stripe.com/privacy).

c) Data collected automatically

IP address
Browser type and version
Device type and operating system
Pages visited and time spent on the Site
Referring URLs
Cookie identifiers (see Section 7 — Cookies)

WHY WE COLLECT YOUR DATA (LEGAL BASIS UNDER GDPR)

We only process your personal data when we have a valid legal basis to do so:

Contract performance (Art. 6(1)(b) GDPR): To process and fulfil your order, send order confirmations, handle returns and refunds, and provide customer support.

Legitimate interests (Art. 6(1)(f) GDPR): To prevent fraud, improve our website and services, analyse browsing behaviour via Google Analytics, and run Google Ads and Meta (Facebook) advertising campaigns.

Consent (Art. 6(1)(a) GDPR): To send you marketing emails, place non-essential cookies on your device, and run remarketing campaigns. You may withdraw consent at any time (see Section 9).

Legal obligation (Art. 6(1)(c) GDPR): To comply with applicable tax, accounting, and legal requirements.

HOW WE USE YOUR DATA

We use your personal data for the following purposes:

Processing and fulfilling your orders
Sending order confirmations, shipping updates, and receipts
Handling returns, refunds, and customer support requests
Sending marketing emails (only if you have opted in)
Analysing website traffic and user behaviour via Google Analytics
Running targeted advertising via Google Ads and Meta (Facebook) Pixel
Detecting and preventing fraud or abuse
Complying with legal and regulatory obligations
Improving our website, products, and services

THIRD PARTIES WE SHARE YOUR DATA WITH

We do not sell your personal data. We share it only with trusted third parties who help us operate our business, and only to the extent necessary:

Stripe — payment processing (stripe.com/privacy)
WooCommerce / Automattic — our e-commerce platform (automattic.com/privacy)
Google Analytics — website analytics. Google may process data on servers outside the EEA. We use IP anonymisation where possible. (policies.google.com/privacy)
Google Ads — advertising and remarketing. (policies.google.com/privacy)
Meta (Facebook) Pixel — advertising and remarketing via Facebook and Instagram. We use Meta’s pixel to track conversions and show targeted ads. (facebook.com/privacy/policy)
USPS — order delivery (name and shipping address shared)
Email marketing provider — if you opt in to marketing emails, your name and email are stored with our email platform
Legal authorities — where required by law or to protect our legal rights

All third-party processors are required to handle your data securely and in accordance with applicable data protection laws.

INTERNATIONAL DATA TRANSFERS

Some of our third-party providers (including Google and Meta) may process your data outside the European Economic Area (EEA). Where this occurs, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses (SCCs) approved by the European Commission, to protect your data in accordance with GDPR requirements.

COOKIES

We use cookies and similar tracking technologies on our Site. Cookies are small text files stored on your device that help us provide and improve our services.

Types of cookies we use:

Essential cookies: Required for the Site to function (e.g. shopping cart, checkout session). These cannot be disabled.
Analytics cookies: Used by Google Analytics to understand how visitors use our Site. These are only placed with your consent.
Marketing cookies: Used by Google Ads and Meta Pixel to show you relevant ads and measure campaign performance. These are only placed with your consent.

You can manage your cookie preferences at any time through our cookie consent banner or by adjusting your browser settings. Please note that disabling certain cookies may affect the functionality of the Site.

For more information about how Google uses data from our site, visit: google.com/policies/privacy/partners

DATA RETENTION

We retain your personal data only for as long as necessary for the purposes set out in this policy:

Order and transaction data: 7 years (required by Dutch and EU tax/accounting law)
Customer account and support data: 3 years from last interaction
Marketing email opt-in records: Until you unsubscribe, then deleted within 30 days
Analytics and cookie data: As set by the respective third-party provider (Google Analytics default: 14 months)
Fraud prevention records: Up to 5 years

When data is no longer needed, we securely delete or anonymise it.

YOUR RIGHTS UNDER GDPR

If you are located in the EEA (including the Netherlands), you have the following rights regarding your personal data:

Right of access: Request a copy of the personal data we hold about you.
Right to rectification: Ask us to correct inaccurate or incomplete data.
Right to erasure (“right to be forgotten”): Request deletion of your data, where no legal obligation requires us to keep it.
Right to restriction: Ask us to limit how we process your data in certain circumstances.
Right to data portability: Receive your data in a structured, machine-readable format.
Right to object: Object to processing based on legitimate interests, including direct marketing.
Right to withdraw consent: Where processing is based on consent (e.g. marketing emails, non-essential cookies), you may withdraw consent at any time without affecting the lawfulness of prior processing.
Right to lodge a complaint: You have the right to file a complaint with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens) at autoriteitpersoonsgegevens.nl, or with the supervisory authority in your country of residence.

To exercise any of these rights, please contact us at support@lasonae.nl. We will respond within 30 days.

US customers: While GDPR does not apply to US residents, we extend the same transparency and data access standards to all our customers as a matter of good practice.

MARKETING EMAILS & OPT-OUT

We will only send you marketing emails if you have explicitly opted in (e.g. by subscribing to our newsletter or ticking the marketing opt-in box at checkout).

You may unsubscribe at any time by:

Clicking the “unsubscribe” link in any marketing email, or
Emailing us at support@lasonae.nl with the subject “Unsubscribe”

We will process your request within 5 business days. Unsubscribing from marketing emails does not affect transactional emails related to your orders.

CHILDREN’S PRIVACY

Our Site is not directed at children under the age of 16. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us at support@lasonae.nl and we will delete it promptly.

SECURITY

We take appropriate technical and organisational measures to protect your personal data against unauthorised access, loss, or misuse. These measures include industry-standard TLS encryption for data in transit and secure access controls for data at rest.

However, no method of transmission over the internet is completely secure. While we strive to protect your data, we cannot guarantee absolute security.

LINKS TO THIRD-PARTY SITES

Our Site may contain links to third-party websites. This Privacy Policy applies only to our Site. We are not responsible for the privacy practices of third-party websites and encourage you to review their privacy policies before providing any personal data.

CHANGES TO THIS POLICY

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. When we make material changes, we will update the effective date at the top of this page. We encourage you to review this page periodically.

Your continued use of the Site after any changes constitutes your acceptance of the updated Privacy Policy.