Privacy Policy

Last updated: June 26, 2025

At DVRX, a bespoke furniture company in the Netherlands, we design engaging furniture built to last. and are equally committed to protecting your personal data with care and transparency. This Privacy Policy explains how we collect, use, share, and safeguard your information in compliance with the EU General Data Protection Regulation (GDPR), Dutch GDPR Implementation Act (Uitvoeringswet AVG), California Consumer Privacy Act (CCPA), Canadian Personal Information Protection and Electronic Documents Act (PIPEDA), and other applicable data protection laws.

1. Controller and Contact Details

DVRX Netherlands is the data controller for personal data processed via our website and services. Contact us at:

  • Email: info@dvrx.com

  • Address: Keelstraat 1 6301XT Valkenburg NL

2. Data We Collect

We collect the following personal data to provide our custom furniture services:

  • Identity and Contact: Name, email, phone number, billing/shipping address (e.g., when you order furniture).

  • Payment Information: Credit card details, PayPal data, or financing details via partners like Pledg (processed securely by third-party providers).

  • Order Details: Preferences for bespoke furniture, including design specifications.

  • Technical Data: IP address, browser type, device information, and cookies (see Section 7).

  • Creditworthiness Data: Name and contact details shared with Creditreform Boniversum GmbH for credit checks (GDPR Art. 6(1)(f)).

  • Communication Data: Emails or messages sent to us.

Data is collected when you place an order, contact us, browse our website, or engage with our services.

3. Purpose and Legal Basis

We process your data for:

  • Contract Fulfillment (GDPR Art. 6(1)(b), PIPEDA Principle 4.3): Processing orders, delivering furniture, and providing customer support.

  • Legitimate Interests (GDPR Art. 6(1)(f)): Credit checks, website analytics, and fraud prevention.

  • Consent (GDPR Art. 6(1)(a), CCPA, PIPEDA Principle 4.3.7): Marketing emails or cookies (where applicable).

  • Legal Obligations (GDPR Art. 6(1)(c)): Tax compliance and record-keeping.

4. Data Sharing

We share data only as necessary:

  • Service Providers: Payment processors (e.g., PayPal, Google Pay, ShopPay), shipping companies, and financing partners

  • Legal Requirements: Authorities, if required by law (e.g., tax audits).
    Data shared outside the EU (e.g., for North American customers under CCPA/PIPEDA) complies with GDPR’s safeguards (e.g., Standard Contractual Clauses).

5. Data Retention

We retain data only as long as necessary:

  • Order data: 7 years (Dutch tax law).

  • Account data: Until account deletion or inactivity for 3 years.

  • Marketing data: Until consent withdrawal.

  • Technical data: As per cookie settings (see Section 7).

6. Your Rights

Under GDPR, CCPA, and PIPEDA, you have the right to:

  • Access: Request your data (GDPR Art. 15, CCPA §1798.100).

  • Rectification: Correct inaccurate data (GDPR Art. 16).

  • Erasure: Request data deletion (GDPR Art. 17, CCPA §1798.105).

  • Restriction: Limit data processing (GDPR Art. 18).

  • Portability: Receive data in a portable format (GDPR Art. 20).

  • Object: Oppose processing for legitimate interests (GDPR Art. 21).

  • Opt-Out of Sale: CCPA residents may opt out of data “sales” (we don’t sell data but share with service providers).

  • Withdraw Consent: Stop marketing or cookie use.
    Contact privacy@dvrx.com to exercise these rights. We respond within 30 days (GDPR) or 45 days (CCPA).

7. Cookies and Tracking

Our website uses cookies to enhance functionality and user experience (e.g., cart management, analytics). You can manage preferences via our cookie banner (GDPR Art. 6(1)(a), PIPEDA Principle 4.3). Essential cookies don’t require consent; others do. See our Cookie Policy for details.

8. Data Security

We use encryption (e.g., SSL), access controls, and secure payment processors to protect your data. However, no internet transmission is 100% secure, and we cannot guarantee absolute security (GDPR Art. 32).

9. International Transfers

For North American customers (e.g., under CCPA/PIPEDA), data may be transferred to the Netherlands. We use GDPR-compliant mechanisms (e.g., Standard Contractual Clauses) to ensure protection.

10. Third-Party Links

Our website may link to third-party sites (e.g., PayPal, Google Pay). We’re not responsible for their privacy practices. Review their policies before engaging.

11. Children’s Data

Our services are not directed to individuals under 16 (GDPR) or 13 (CCPA). We do not knowingly collect data from children.

12. Complaints

If you’re concerned about data handling, contact us at info@dvrx.com. You may also lodge a complaint with:

  • Netherlands: Autoriteit Persoonsgegevens (www.autoriteitpersoonsgegevens.nl) (www.autoriteitpersoonsgegevens.nl).

  • EU: Your local data protection authority (GDPR Art. 77).

  • California: California Attorney General (www.oag.ca.gov/privacy) (www.oag.ca.gov/privacy).

  • Canada: Office of the Privacy Commissioner (www.priv.gc.ca) (www.priv.gc.ca).

13. Updates

We may update this policy to reflect legal or operational changes. Updates will be posted on our website with the new effective date.