Data Security and Privacy Policy

Distraal B.V. processes personal data of its partners and end customers strictly in accordance with the General Data Protection Regulation (GDPR) of the European Union.

1. Scope and Legal Basis

  • Distraal B.V. adheres exclusively to the provisions of the GDPR, applicable within the European Economic Area (EEA).
  • Personal data (such as name, address, email, phone number, order history) is collected and processed solely for the purpose of order fulfillment, invoicing, and necessary communication.

2. Data Retention and Access

  • Personal data is stored only as long as necessary for operational or legal purposes.
  • Order data may be retained for a minimum of 7 years due to accounting and legal compliance.
  • Partners have access only to data belonging to their own customers. Access to other partners' or third-party data is strictly prohibited.

3. API Security and Responsibility

  • API keys and access credentials provided to partners must be kept confidential and must not be shared with third parties.
  • In case of suspected misuse, Distraal B.V. reserves the right to suspend or permanently revoke API access.

4. Cookie Usage

  • The Distraal platform uses functional (essential) cookies only.
  • Analytics and marketing cookies are used only with the partner's explicit consent.
  • Partners may update or revoke their cookie preferences at any time via the platform interface.