Privacy Statement

Meidly is a registered trade name (handelsnaam) of a Dutch sole proprietorship and is the data controller for the personal data you share with us:

• Meidly (handelsnaam)
• Wallerstraat 40, 2613 ZS Delft, Netherlands
• KvK: 82557861
• BTW: NL003697511B70
• Email: hello@meidly.nl

For any privacy question, write to hello@meidly.nl.

We try to collect as little as possible. The categories below are the only personal data we touch.

Mailing list

If you sign up to be notified about new drops, we store your email address, the moment you signed up, and the moment you confirmed (double opt-in). Legal basis: your consent (GDPR art. 6(1)(a)). You can withdraw consent at any time using the unsubscribe link in every email, or by mailing us.

Orders

When you place an order, we receive your name, shipping address, email address, the items you bought, and the order amount. Legal basis: performance of the sales contract (GDPR art. 6(1)(b)) and our legal obligation to keep records for tax purposes (GDPR art. 6(1)(c), Dutch fiscal retention).

Payment

Payments are handled by Stripe. We never see or store your full card number, CVC, or expiry date. We only receive a transaction reference and the amount paid. Stripe's own privacy statement applies to the data Stripe processes on its side.

Server logs

Our hosting provider records technical request logs (IP address, timestamp, requested URL, user agent) for a short period to operate and secure the site. Legal basis: our legitimate interest in keeping the site reliable (GDPR art. 6(1)(f)). We do not use these logs for tracking or marketing.

We do not use analytics, tracking pixels, or advertising cookies. We do not profile you, and we do not sell or share your data with third parties for marketing.

We use a single functional cookie to keep you signed in if you use the staff area. There are no analytics or marketing cookies, so we do not show a cookie banner to public visitors.

We use a small number of carefully chosen processors to run the shop. They process your data on our instructions only.

• Stripe Payments Europe, Ltd. (Ireland): payment processing.
• Resend (USA, EU data-processing addendum): sending transactional and mailing-list emails.
• Hetzner Online GmbH (Germany): server hosting and image storage.
• PostNL (Netherlands): parcel delivery (receives your name and shipping address only).

Resend is established in the United States. Where personal data is transferred to a processor outside the EU/EEA, we rely on the European Commission's Standard Contractual Clauses to ensure a level of protection equivalent to EU law.

• Mailing list: until you unsubscribe.
• Order data (name, address, items, amount): 7 years, the retention period required by Dutch tax law.
• Server logs: typically 14 days, then automatically deleted.

You have the right to:

• access the personal data we hold about you;
• correct it if it's wrong;
• ask us to erase it (where legal retention does not require otherwise);
• restrict or object to processing;
• receive your data in a portable format;
• withdraw consent for the mailing list at any time.

To exercise any of these rights, email us at hello@meidly.nl. We will respond within 30 days.

You also have the right to lodge a complaint with the Dutch data protection authority, Autoriteit Persoonsgegevens.

Meidly sells clothing for children, but the website is intended for adults placing an order on a child's behalf. We do not knowingly collect personal data from children under 16.

We may update this privacy statement. The current version is always the one you see here, dated at the top.