Last updated: 12 Feb 2026
1. Data Controller
Hereinafter referred to as “we”, “us” or “our”.
We are the data controller responsible for the processing of personal data as described in this Privacy Policy.
2. Personal Data We Process
We process personal data when you:
Visit our website
Place an order
Create an account
Contact us
We may process the following data:
First and last name
Billing and shipping address
Email address
Telephone number
IP address
Payment details (processed via payment provider)
Order history
Account login details (if applicable)
3. Purposes and Legal Bases for Processing
We process personal data for the following purposes:
a) Performance of a contract
Processing and delivering orders
Handling payments
Customer service and communication
Managing customer accounts
b) Legal obligation
Retaining invoices and transaction records for tax purposes (7-year statutory retention under Dutch law)
c) Legitimate interest
Fraud prevention
Website security
Protection against misuse
We do not use your data for marketing newsletters and we do not use Google Analytics.
4. Payment Processing
Payments are processed securely by CardGate.
Card details are not stored on our servers. CardGate processes payment data as an independent payment service provider in accordance with applicable data protection regulations.
5. Shipping
To deliver your order, we share necessary shipping details with PostNL.
This includes:
Name
Delivery address
Email address (if required for tracking)
PostNL processes this data solely for delivery purposes.
6. Hosting and Data Storage
Our website and data are hosted in the Netherlands. Personal data is stored within the European Union.
We do not transfer personal data outside the European Economic Area (EEA).
7. Data Retention
We do not retain personal data longer than necessary.
Order and invoice data: 7 years (Dutch tax law requirement)
Account data: until account deletion
Customer service correspondence: maximum 2 years unless legally required otherwise
8. Sharing of Personal Data
We share personal data only when necessary with:
Payment provider (CardGate)
Shipping partner (PostNL)
Hosting provider
Accounting service providers (if applicable)
Where required, we have concluded data processing agreements with service providers.
We do not sell personal data to third parties.
9. Your Rights Under the GDPR
Under the General Data Protection Regulation (GDPR), you have the right to:
Access your personal data
Request correction of inaccurate data
Request deletion (“right to be forgotten”)
Request restriction of processing
Object to processing
Request data portability
You may exercise your rights by contacting us at: webmaster@steelbound.co.uk
We may request identification to verify your request.
10. Complaints
If you believe we are not handling your personal data properly, you have the right to lodge a complaint with the Dutch supervisory authority:
11. Security Measures
We implement appropriate technical and organisational measures to protect personal data against:
Loss
Unauthorized access
Unlawful processing
This includes secure connections (SSL/TLS) and restricted access to administrative systems.
12. Changes to This Privacy Policy
We may update this Privacy Policy from time to time. The most recent version will always be available on our website with the updated revision date.