Privacy policy

Privacy Policy

Last updated: 28 October 2025

Flamesa (“we”, “us”, “our”) operates the online store and website flamesa.com, including all related information, content, features, tools, products, and services (the “Services”), to provide you with a personalised shopping experience. Our Services are powered by Shopify. This Privacy Policy explains how we collect, use, and disclose your personal data when you visit, use, make a purchase, or otherwise interact with our Services. In case of conflict between our Terms of Service and this Policy, this Policy shall prevail with respect to the processing of personal data.

By accessing or using the Services, you confirm that you have read and understood this Policy and the processing of your data as described herein.

Contents

  1. Data Controller
  2. Definitions
  3. Personal Data We Collect
  4. Purposes and Legal Bases
  5. Disclosure of Personal Data
  6. Relationship with Shopify
  7. Third-Party Websites and Services
  8. Children
  9. Security and Retention
  10. Your Rights under the GDPR
  11. Direct Marketing
  12. Cookies and Similar Technologies
  13. International Data Transfers
  14. Profiling and Automated Decisions
  15. Changes to This Policy
  16. Contact
  17. Additional Information about Shopify

1. Data Controller

Flamesa
Harderwijkerstraat 11, 7418 BA, Deventer, The Netherlands
E-mail: support@flamesa.com

We act as the data controller for personal data processed through our Services. If required by law, we will appoint an EU representative and update this Policy accordingly.

2. Definitions

“Personal data” means any information relating to an identified or identifiable natural person (“data subject”).
“Processing” means any operation performed on personal data, such as collection, storage, use, disclosure, or erasure.
“Controller” means the entity determining the purposes and means of processing personal data.
“Processor” means an entity processing personal data on behalf of a controller.

3. Personal Data We Collect

  • Contact data: name, address, billing and shipping address, phone number, e-mail address.
  • Financial data: payment card details, payment method, transaction data, and payment confirmations.
  • Account data: username, password, preferences, settings.
  • Transaction data: products viewed, added to cart, purchased, returned, exchanged, or cancelled; order history.
  • Communication data: content of your communications with us (e.g. customer support, enquiries).
  • Device data: browser type, device identifiers, IP address, operating system, network information.
  • Usage data: interactions with our Services, browsing paths, timestamps, referral URLs, and similar activity data.

Sources

  • Directly from you (account creation, orders, contact forms, support interactions).
  • Automatically through cookies and similar technologies (see “Cookies” below).
  • From service providers acting on our behalf (payment, analytics, logistics, hosting).
  • From business and marketing partners, where permitted by law.

4. Purposes and Legal Bases

We process personal data lawfully, fairly, and transparently, only for specific and legitimate purposes under Article 6 of the GDPR:

  1. Provision and improvement of Services (performance of a contract – Art. 6(1)(b)): to manage orders, payments, shipping, returns, accounts, and to personalise your experience.
  2. Customer communication and support (legitimate interests – Art. 6(1)(f) / contract – Art. 6(1)(b)).
  3. Security and fraud prevention (legitimate interests – Art. 6(1)(f)): to verify identities, prevent misuse, and protect our platform.
  4. Marketing and advertising (consent – Art. 6(1)(a) or legitimate interests – Art. 6(1)(f)): to send offers, personalised recommendations, and advertisements.
  5. Legal compliance and enforcement (legal obligation – Art. 6(1)(c)): to comply with applicable laws, regulations, and requests by public authorities.

5. Disclosure of Personal Data

  • Shopify – for hosting, e-commerce platform, and related integrations.
  • Service providers – IT hosting, payment processors, logistics, marketing, analytics, customer service.
  • Business and marketing partners – where lawful and subject to safeguards.
  • Affiliates and group companies – for administrative and operational purposes.
  • Authorities or legal obligations – when required by law, regulation, or to protect our rights.
  • Corporate transactions – in case of merger, acquisition, or sale of assets, in compliance with GDPR.

6. Relationship with Shopify

Our store and checkout are hosted by Shopify. Shopify collects and processes certain data related to your use of our Services. Shopify may act both as a processor (hosting, order fulfilment, payments) and as an independent controller (security, fraud prevention, analytics, global infrastructure).

For details on Shopify’s data processing and international transfers, please review:

7. Third-Party Websites and Services

Our Services may include links to third-party websites or platforms. We are not responsible for their content or privacy practices. We recommend reviewing their privacy notices before providing any data.

8. Children

Our Services are not intended for children. We do not knowingly collect personal data from individuals under the age of majority applicable in their country. Parents or guardians may contact us at support@flamesa.com to request deletion.

9. Security and Retention

We implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk (Article 32 GDPR). However, no system is completely secure. We retain personal data only for as long as necessary to fulfil the purposes for which it was collected, to comply with legal obligations, or to defend legal claims. After that, we delete or anonymise the data.

10. Your Rights under the GDPR

You have the following rights under Articles 12–23 of the GDPR:

  • Right of access – obtain confirmation and a copy of your personal data processed by us.
  • Right to rectification – correct inaccurate or incomplete data.
  • Right to erasure (“right to be forgotten”) – request deletion where data is no longer necessary or processed unlawfully.
  • Right to restriction of processing – limit how we process your data in certain situations.
  • Right to data portability – receive your data in a structured, commonly used, machine-readable format.
  • Right to object – object to processing based on legitimate interests or for direct marketing.
  • Right to withdraw consent – where processing is based on consent, you may withdraw it at any time.
  • Right to lodge a complaint – with a supervisory authority in your Member State.

To exercise these rights, contact us at: support@flamesa.com. We may need to verify your identity before responding.

11. Direct Marketing

We may send you marketing communications if you have provided consent or where permitted by law (e.g. existing customer relationships for similar products). You may unsubscribe at any time via the link in our emails or by contacting support@flamesa.com.

12. Cookies and Similar Technologies

We use cookies and similar technologies (e.g. pixels, local storage) to operate, secure, analyse, and personalise our Services and deliver advertising. Where required by law, we obtain your consent before setting non-essential cookies. You may manage your preferences through our cookie banner or your browser settings.

13. International Data Transfers

We may transfer personal data outside the European Economic Area (“EEA”). In such cases, we ensure an adequate level of protection in accordance with Chapter V of the GDPR by using:

  • European Commission adequacy decisions, or
  • Standard Contractual Clauses (SCCs) approved by the European Commission, supplemented by additional safeguards where necessary.

 

14. Profiling and Automated Decisions

We do not carry out fully automated decision-making that produces legal or similarly significant effects. We may use limited profiling (e.g. for marketing segmentation or recommendations) based on your interactions, always in compliance with the GDPR and with the right to object or opt-out at any time.

15. Changes to This Policy

We may update this Policy periodically to reflect changes in our practices or in applicable law. The most recent version will always be published on this page with the updated “Last updated” date.

16. Contact

Email: support@flamesa.com
Postal address: Harderwijkerstraat 11, 7418 BA Deventer, The Netherlands

Flamesa is the controller responsible for processing your personal data in connection with this website and its Services.

17. Additional Information about Shopify

  • Roles: Shopify acts as both a data processor (hosting, checkout, logistics) and a controller (fraud prevention, analytics, security).
  • Your rights regarding Shopify: see Shopify’s Privacy Policy and Privacy Rights Portal.
  • International transfers: Shopify may process data outside the EEA using appropriate safeguards, including SCCs.