Part IV - Privacy Policy

This Part IV is drafted in accordance with Regulation (EU) 2016/679 (GDPR / AVG), the Dutch GDPR Implementation Act (UAVG), and any other applicable mandatory Dutch or European data-protection rules.

IV.1 Controller status and scope of this Privacy Policy

Sanctum Deo acts as controller for the personal data processed in connection with the website, webshop, customer service, order management, payment support, fraud prevention, legal compliance, and marketing activities to the extent it determines the purposes and means of processing.

IV.2 Categories of personal data and processing purposes

Depending on the interaction, personal data may include identity and contact details, billing and shipping details, order and refund history, transaction references, communications content, device and website-use data, and limited fraud-prevention or risk data. These categories are processed to operate the website and webshop, perform and administer contracts, communicate with customers, handle returns and complaints, prevent abuse, comply with legal obligations, and improve legitimate business operations.

IV.3 Legal bases for processing

The principal legal bases are performance of a contract or steps taken at the request of the data subject prior to entering into a contract, compliance with legal obligations, legitimate interests that are not overridden by the data subject’s interests or fundamental rights, and consent where consent is required by law. Where consent is relied on, it may be withdrawn at any time without affecting the lawfulness of processing carried out before withdrawal.

IV.4 Relationship with the Cookie Policy

Information about cookies and similar technologies used on the website is set out in Part V (Cookie Policy). Where applicable law requires prior consent for non-essential cookies or tracking technologies, those technologies will only be placed or activated where and to the extent valid consent has been obtained. Strictly necessary cookies may be used without prior consent where permitted by applicable law.

IV.5 Recipients, processors, and service providers

Sanctum Deo may share personal data with processors and service providers involved in hosting, ecommerce infrastructure, payment processing, logistics, customer support, analytics, security, compliance, and professional advisory services, but only to the extent reasonably necessary and subject to appropriate contractual or legal safeguards.

IV.6 Retention periods

Personal data is retained no longer than necessary for the purposes for which it was collected, except where longer retention is required or permitted by tax law, accounting law, limitation periods, fraud-prevention needs, dispute handling, or other legal obligations. Retention periods should therefore be assessed by reference to the category of data and the legal or operational purpose concerned.

IV.7 International data transfers

If personal data is transferred outside the European Economic Area, Sanctum Deo will use a transfer mechanism recognised by applicable law, such as an adequacy decision, Standard Contractual Clauses, or another permitted safeguard, together with supplementary measures where required.

IV.8 Data subject rights

Subject to the conditions and limitations of applicable law, data subjects may request access, rectification, erasure, restriction of processing, data portability, and objection to certain processing, and may withdraw consent where consent is the legal basis. Data subjects also have the right to lodge a complaint with a competent supervisory authority, including the Dutch Data Protection Authority (Autoriteit Persoonsgegevens) where relevant.

IV.9 Security, personal data breaches, and complaints handling

Sanctum Deo must take appropriate technical and organisational measures to protect personal data against accidental or unlawful destruction, loss, alteration, unauthorised disclosure, or unauthorised access. Where a personal data breach occurs, Sanctum Deo will assess whether notification to the competent supervisory authority or affected data subjects is required under applicable law.

 

Part V - Cookie Policy

This Part V is drafted in accordance with Directive 2002/58/EC as amended (ePrivacy rules), Regulation (EU) 2016/679 (GDPR / AVG), the Dutch Telecommunications Act, the Dutch GDPR Implementation Act (UAVG), and any other applicable mandatory Dutch or European rules governing cookies, trackers, and similar technologies.

V.1 Scope and relationship with the Privacy Policy

This Part V explains how Sanctum Deo uses cookies and similar technologies on its website and webshop. It should be read together with Part IV (Privacy Policy) and any consent preferences made available through the cookie banner or preference centre.

V.2 What cookies and similar technologies are

Cookies are small text files or similar technologies that are stored on or accessed from a user’s device when visiting a website. They may be used to make the website function properly, remember preferences, maintain shopping-cart sessions, measure website performance, improve security, and, where permitted, support analytics, marketing, and personalisation.

V.3 Categories of cookies that may be used

Sanctum Deo may use the following categories of cookies or similar technologies:

(a) Strictly necessary cookies. These cookies are necessary for the operation, security, and core functionality of the website and webshop, including cart continuity, checkout flow, fraud prevention, load balancing, security controls, and similar essential functions. Where permitted by law, these cookies do not require prior consent.

(b) Preference or functional cookies. These cookies remember user choices or convenience settings, such as language, region, or display preferences. Where these cookies are not strictly necessary under applicable law, they will only be used on the basis required by that law.

(c) Analytics cookies. These cookies help Sanctum Deo understand how visitors use the website so that performance, usability, and content can be improved. Where analytics cookies are exempt under applicable law, they may be used without prior consent only within the limits of that exemption. Where prior consent is required, they will only be activated after valid consent has been obtained.

(d) Marketing, advertising, and tracking cookies. These cookies or similar technologies may be used to measure campaign effectiveness, personalise content or advertising, build audiences, or track browsing behaviour across time or across websites. These technologies will only be used where and to the extent valid prior consent has been obtained.

V.4 Legal basis and consent

Where a cookie or similar technology is strictly necessary for the transmission of communications or for providing a service explicitly requested by the user, Sanctum Deo may use it without prior consent where lawful. Where consent is required for non-essential cookies or tracking technologies, Sanctum Deo will request that consent before placing or activating them.

Consent may be refused or withdrawn at any time through the cookie settings, consent banner, browser settings where applicable, or other means made available on the website. Withdrawal of consent does not affect the lawfulness of processing carried out before withdrawal.

V.5 Third-party providers

The website may use third-party tools or integrations for ecommerce infrastructure, analytics, payments, security, embedded content, marketing, or similar operational purposes. Where such third parties place or read non-essential cookies or similar technologies, those technologies will be subject to the applicable consent requirements and transparency obligations.

V.6 Retention and duration

Some cookies are session-based and expire automatically when the browser session ends. Others remain on the device for a longer period, depending on their purpose and settings. Specific retention periods may vary by provider, cookie type, and technical necessity.

V.7 Managing cookies

Users can manage cookie preferences through the website’s cookie settings where available and may also restrict or delete cookies through their browser settings. Blocking strictly necessary cookies may affect the operation of the website or checkout process.

V.8 Updates and contact

Sanctum Deo may update this Cookie Policy from time to time to reflect legal, technical, or operational changes. The latest version will be made available on the website. Questions about cookies or data protection may be sent to admin@sanctumdeo.com.