Connect with us


VisaMastercardAmexIdeal
Bags
  • Goyard
  • Hermès
  • Louis Vuitton
Watches
  • Jacob & Co
  • Audemars Piguet
  • Cartier
  • Richard Mille
  • Rolex
  • Patek Philippe
  • Omega
Info
  • Sell
  • Tailored Sourcing
  • About
  • Contact Us
VisaMastercardAmexIdeal

© 2026 Dfi Corporate. All rights reserved.

Made by Blue Axolotl Labs

Privacy Policy

Last updated: 17 June 2025

1. Introduction

Dfi Corporate (“we,” “us,” or “our”) operates an e-commerce website accessible globally. This Privacy Policy explains how we collect, use, disclose, and safeguard personal data when you visit our website or use our services. We are committed to protecting your privacy and complying with applicable data protection laws, including the EU General Data Protection Regulation (GDPR) for EU residents, as well as providing transparency for users worldwide.

2. Data Controller

  • Name: Dfi Corporate (Sole Proprietorship)
  • Registered Address:
    Maastrichter Smedenstraat 1
    6211 GK Maastricht
    Nederland
  • Contact for Privacy Matters:
    Please direct privacy-related inquiries to:
    • Email: info@dafi.nl

3. Definitions

  • “Personal Data” means any information relating to an identified or identifiable natural person.
  • “Processing” means any operation performed on personal data (collection, storage, use, disclosure, etc.).
  • “User” or “you” refers to any visitor to or user of our website or services.
  • “Services” refers to our e-commerce platform (including purchase of courses or other goods/services), newsletter signup, contact forms, analytics, etc.

4. Categories of Personal Data We Collect

We collect different categories of personal data, depending on your interactions:

  1. Account and Order Information

    • Name, email address, billing and shipping address, phone number.
    • Order history, purchase details.

  2. Payment Data

    • We use Stripe for payment processing. We collect only the personal data necessary to initiate and process payments (e.g., name, billing address, payment token). Full payment card details are collected by Stripe and not stored on our servers. Payment-related personal data is shared securely with Stripe to fulfill transactions.

  3. Form Submissions

    • Contact forms or inquiry forms: name, email, message content, any other fields you include (e.g., phone, preferences). These details are stored and processed by us (e.g., in Sanity or other storage) for the purposes described in the form (e.g., responding to inquiries).

  4. Identity Verification Data

    • If you choose to use our identity verification feature (via Authenticate ID verification service), we collect personal identification data (e.g., government ID number, document scans/photos, date of birth) as required by the verification provider’s process. Such data is shared securely with the third-party verification provider.

  5. Usage and Analytics Data

    • Server logs & performance metrics: Collected by Vercel’s Web Speed Analytics (e.g., page load times, resource timings). Typically aggregated/anonymized, but may involve IP address logging by Vercel infrastructure.
    • Web Analytics: We plan to integrate Google Analytics. When enabled, Google Analytics may collect device and browsing information (e.g., IP address, device type, pages visited, duration). We will implement IP anonymization if required and obtain user consent where necessary under applicable law.

  6. Cookies and Similar Technologies

    • Functional (Strictly Necessary) Cookies: Used to maintain session state, caching preferences, shopping cart, and other essential functionality.
    • Analytics Cookies: If and when Google Analytics or similar is used, these cookies track usage statistics. They require user consent under EU cookie law.
    • Third-Party Cookies: May arise from embedded content or third-party services (e.g., payment providers’ scripts). We inform users and manage consent accordingly.

  7. Technical Data

    • IP address, browser type/version, device identifiers, operating system, referral source, pages visited, and timestamps—collected automatically for security, performance, and analytics.

5. Legal Basis for Processing (for EU Data Subjects)

For users in the European Economic Area (EEA), we rely on the following legal bases:

  • Contractual necessity: To process orders, deliver purchased goods/services, handle payments via Stripe, provide identity verification if required for certain courses/services.
  • Legitimate interests: For security measures, fraud prevention, ensuring website performance (e.g., Vercel analytics), improving user experience, marketing (only when balanced against user rights), and protecting the legal rights of Dfi Corporate.
  • Consent: Where required (e.g., non-essential cookies for analytics/marketing). Users can withdraw consent at any time (see “Cookies and Tracking” below).
  • Legal obligation: To retain certain records for accounting/tax compliance (e.g., retention of order records for up to 10 years as required by Dutch law).
  • Vital interests or public interest: If applicable (unlikely in typical e-commerce context).

For users outside the EU, we apply similar principles: we process personal data where required to fulfill contracts, comply with laws, and based on legitimate interests, obtaining consent where required by local law.

6. How We Use Personal Data

We use personal data for the following purposes:

  • Order Fulfillment: Process purchases, manage orders, arrange shipping with third-party shipping providers (sharing name, shipping address, contact details as needed).
  • Payment Processing: Share necessary payment details with Stripe to process payment and manage refunds or disputes.
  • Account Management & Support: Manage user accounts, handle inquiries, send transactional messages (order confirmations, shipping notifications).
  • Identity Verification: Use Authenticate ID verification service when required (e.g., to comply with age restrictions or course prerequisites).
  • Website Operation & Performance: Use Vercel Web Speed Analytics and server logs to monitor, maintain, and improve site performance and security.
  • Analytics & Improvements: (Upon integration) Use Google Analytics (with anonymized IP where possible) to understand user behavior, optimize content, and improve offerings.
  • Marketing & Communications: Send promotional emails or newsletters only if you have opted in, or when permitted by law (e.g., for similar products/services and existing customers under legitimate interest, subject to opt-out).
  • Legal & Tax Compliance: Retain records as required by law; cooperate with authorities if legally required (e.g., fraud prevention).
  • Security & Fraud Prevention: Detect and prevent fraudulent transactions, unauthorized access, and other security issues.

7. Cookies and Tracking Technologies

  • Cookie Consent: For visitors in jurisdictions requiring opt-in (e.g., EU), we display a cookie consent banner explaining cookie categories. Functional cookies (strictly necessary) are set by default; non-essential cookies (analytics, marketing) are only set upon consent.
  • Managing Cookies: Users can withdraw or change consent at any time via the cookie settings link on our website or by adjusting browser settings (though blocking certain cookies may affect functionality).
  • Cookie Types:
    • Strictly Necessary/Functional Cookies: essential for site operation (session management, caching, login).
    • Analytics Cookies: to gather usage statistics (e.g., Google Analytics).
    • Third-Party Cookies: from services such as payment processors or embedded features.
  • Cookie Details: A separate Cookie Policy or section can list specific cookie names and purposes; update this as services evolve.

8. Third-Party Services & Data Sharing

We share personal data only as needed to provide services:

  • Stripe (Payment Processor): We share payment-related data (customer name, billing address, email) to process payments. Stripe’s processing is governed by Stripe’s Privacy Policy and Data Processing Addendum, including appropriate safeguards.
  • Sanity (Content Management / Data Storage): If we store user-submitted content (e.g., form submissions) in Sanity, those data are stored per Sanity’s infrastructure. We limit access to authorized personnel only.
  • Authenticate ID Verification Provider: For identity verification, we transmit personal ID data to the provider; they may process and retain data per their policy.
  • Vercel (Hosting & Web Speed Analytics): Technical data and performance metrics are collected by Vercel. They may process IP addresses or related data under their privacy terms.
  • Google Analytics (Future Integration): We will configure anonymization settings and only deploy after obtaining user consent where required.
  • Shipping Providers: We share name, shipping address, contact info with carriers to fulfill delivery.
  • Other Service Providers: We may use email service providers (e.g., for newsletters), CRM tools, or other tools; we share only necessary data.
  • Legal Requirements: We may disclose personal data if required by law (court orders, regulatory requests) or to protect rights, property, or safety.

Before sharing data with any new third-party service, we ensure appropriate data processing agreements (DPAs) or Standard Contractual Clauses (SCCs) are in place for transfers outside the EEA.

9. International Data Transfers

Because we operate globally and use service providers (Stripe, Vercel, Sanity, Authenticate ID verification, Google, etc.) whose servers may be located outside the EU/EEA (e.g., in the US), personal data may be transferred internationally. We implement appropriate safeguards:

  • Standard Contractual Clauses or other approved transfer mechanisms.
  • Only transfer the minimum data needed.
  • Where possible, ensure providers are certified under relevant frameworks (e.g., GDPR adequacy, Privacy Shield successors, etc.).
  • Users in the EU have rights regarding such transfers; contact us for details.

10. Data Retention

  • Order and Payment Records: Retained for as long as necessary to fulfill orders, manage returns/refunds, and comply with tax/accounting laws (e.g., up to 10 years per Dutch law).
  • Form Submissions & Communications: Kept for as long as needed to address inquiries or provide services, then archived or deleted according to retention schedules (e.g., 1–3 years unless legal obligations require longer).
  • Identity Verification Data: Retention depends on legal/regulatory requirements; typically, retention only as long as necessary for the verification purpose and subsequent compliance (e.g., KYC) and then securely deleted or archived under legal retention schedules.
  • Analytics Data: Aggregated/anonymous analytics may be stored indefinitely for trend analysis; raw logs with personal identifiers are kept only as long as needed for security, then deleted or anonymized.
  • Cookies: See cookie lifetimes in the Cookie Policy; users may remove cookies manually sooner.

11. Data Subject Rights (for EU/EEA Residents)

Under GDPR, you have the following rights, subject to applicable limitations:

  • Right of Access: Request confirmation of processing and access to your personal data.
  • Right to Rectification: Correct inaccurate or incomplete data.
  • Right to Erasure (“Right to be Forgotten”): Request deletion of your personal data when there is no overriding legitimate reason to retain it.
  • Right to Restrict Processing: Temporarily limit how we use your data.
  • Right to Data Portability: Receive your personal data in a structured, commonly used, machine-readable format and transmit to another controller when processing is based on consent or contract and carried out by automated means.
  • Right to Object: Object to processing based on legitimate interests or direct marketing.
  • Right to Withdraw Consent: If processing is based on consent (e.g., analytics cookies), you can withdraw at any time without affecting the lawfulness of prior processing.
  • Right to Lodge Complaint: With a supervisory authority in your EU Member State (e.g., Dutch Data Protection Authority).
  • Automated Decision-Making/Profiling: If we use automated decisions significantly affecting you, you have rights to meaningful information and to contest decisions; currently we do not employ such profiling beyond standard analytics.

To exercise these rights, contact us at the email/address above. We may ask for information to verify your identity before fulfilling requests.

12. Security Measures

We implement appropriate technical and organizational measures to protect personal data against unauthorized access, disclosure, alteration, or destruction, including:

  • Encryption in transit (HTTPS/TLS) and encryption at rest where applicable.
  • Access controls and authentication for our systems.
  • Regular security assessments and updates.
  • Limiting access to personal data to authorized personnel only.
  • Incident response plan to notify users and authorities if a data breach occurs, in accordance with legal requirements.

13. Children’s Privacy

Our website and services are not directed to children under 16 (or higher age per local law). We do not knowingly collect personal data from minors. If we learn that we have inadvertently collected personal data from a minor without parental consent, we will take steps to delete such data promptly. If you believe we might hold data about a child under the applicable age, please contact us.

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time (e.g., when adding new services such as Google Analytics integration or new features). When we post changes, we will update the “Last updated” date above. For material changes affecting your rights or how we process data, we will provide prominent notice (e.g., via email or website banner) before the changes become effective. Please review this policy periodically.

15. Links to Other Websites

Our website may contain links to third-party sites (e.g., social media, payment pages). This Privacy Policy does not apply to those third-party sites. We encourage you to review their privacy policies before providing personal data.

16. Your Choices and Opt-Outs

  • Marketing Communications: You can opt out of receiving marketing emails by following unsubscribe instructions in those emails or contacting us. Transactional messages (e.g., order confirmations) cannot be opted out of as they are necessary to provide services.
  • Cookie Preferences: Use the cookie consent banner to enable/disable non-essential cookies; you can also adjust browser settings.
  • Analytics Opt-Out: For Google Analytics, you may install browser add-ons or use built-in opt-out features if desired.
  • Profile or Account: Log in to your account to update profile data or delete your account (subject to retention requirements for legal compliance).
  • Do Not Track Signals: Our site does not currently respond to browser “Do Not Track” signals, but we provide alternative opt-outs for analytics and marketing cookies.

17. International Users

If you are accessing our site from outside the EU, please note that your data may be transferred to, stored, and processed in countries where our service providers operate. By using our services, you consent to such transfers under the safeguards described in Section 9.

18. Contact Us

For any questions or requests regarding this Privacy Policy or our data practices, please contact:

  • Dfi Corporate
  • Maastrichter Smedenstraat 1, 6211 GK Maastricht, Nederland
  • Email: info@dafi.nl We aim to respond to your inquiries promptly and in accordance with applicable law.

Disclaimer: This Privacy Policy template is provided for informational purposes and does not constitute legal advice. You should consult a qualified privacy or data protection attorney to ensure compliance with all applicable laws (e.g., GDPR, UK GDPR if relevant, CCPA/CPRA for California residents, other local regulations) and to tailor the policy to your exact data practices and business model.