Privacy Policy

1. Introduction

Ligamentboneur ("we," "our," or "us") is committed to protecting your privacy and personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website ligamentboneur.ddd.

This policy is designed to comply with the General Data Protection Regulation (EU) 2016/679 ("GDPR") and the Dutch implementation thereof, the Algemene verordening gegevensbescherming ("AVG"), together with other applicable privacy and electronic communications rules in the Netherlands and the European Union.

Our website provides general educational information about nutrition and vitamins. We do not use your data to offer medical diagnosis or treatment, and we do not sell dietary supplements or medicines through this website.

2. Data Controller Information

The data controller responsible for your personal data under the GDPR/AVG is:

For questions about processing, you should contact us using the details above. We have not appointed a Data Protection Officer (DPO), as we are not required to do so under Articles 37–39 GDPR; you may address requests directly to the controller.

3. Information We Collect

3.1 Information You Provide

We collect information that you voluntarily provide when using our website, including:

• Contact information (name, email address) when you use our contact form
• Message content when you communicate with us
• Any other information you choose to provide

3.2 Automatically Collected Information

When you access our website, we may automatically collect:

• Device information (browser type, operating system)
• IP address and approximate geographic location
• Pages visited and time spent on pages
• Referring website information
• Cookie data (see our Cookie Policy for details)

4. Purposes of Data Processing

We process your personal data for the following purposes:

• Communication: To respond to your inquiries and provide requested information
• Website Operation: To maintain and improve our website functionality
• Analytics: To understand how visitors use our website (with your consent)
• Legal Compliance: To comply with applicable laws and regulations
• Security: To protect our website and users from fraud or misuse

5. Legal Basis for Processing

We process your personal data based on the following legal grounds under Articles 6 and 9 GDPR (as implemented in the AVG), depending on the activity:

• Consent (Article 6(1)(a)): For example, non-essential cookies and similar technologies, and any optional marketing or analytics you explicitly agree to via our cookie controls or checkboxes.
• Legitimate interests (Article 6(1)(f)): For example, securing our website, preventing abuse, and understanding aggregated technical issues, balanced against your rights; where required, we will inform you of our legitimate interests.
• Legal obligation (Article 6(1)(c)): When we must retain or disclose information to comply with applicable law or competent authorities.
• Performance of a contract or pre-contractual steps (Article 6(1)(b)): When processing is necessary to respond to a specific request you have made (for example, handling a message you send via our contact form).

We do not rely on consent where another legal basis is appropriate, and we do not process special categories of personal data within the meaning of Article 9 GDPR through the normal use of this website, unless you voluntarily include such information in a message to us—in which case we will treat it only to handle your inquiry and based on your consent or another applicable ground.

6. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected:

• Contact form submissions: Up to 2 years after your last interaction
• Analytics data: Up to 26 months
• Cookie consent preferences: Until you withdraw consent or clear your browser data

After these periods, your data will be securely deleted or anonymized.

7. Your Rights Under GDPR/AVG

As a data subject, you have the following rights regarding your personal data (Chapters III GDPR):

• Right of access (Article 15): Request confirmation of processing and a copy of your personal data.
• Right to rectification (Article 16): Request correction of inaccurate data or completion of incomplete data.
• Right to erasure (Article 17): Request deletion where applicable ("right to be forgotten").
• Right to restriction of processing (Article 18): Request limitation of processing in defined situations.
• Right to data portability (Article 20): Receive your data in a structured, commonly used, machine-readable format where processing is based on consent or contract and is carried out by automated means.
• Right to object (Article 21): Object to processing based on legitimate interests or to direct marketing (where applicable).
• Right to withdraw consent: Where processing is based on consent, withdraw consent at any time without affecting the lawfulness of processing before withdrawal.
• Rights related to automated decision-making (Article 22): We do not use solely automated decision-making, including profiling, which produces legal or similarly significant effects concerning you.

To exercise any of these rights, please contact us using the contact details in Section 2. We will respond within one month as a rule, which may be extended by two further months where necessary; we will inform you of any extension and the reasons.

You also have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work, or place of the alleged infringement (Article 77 GDPR).

8. Data Security and Breaches

We implement appropriate technical and organizational measures (Article 32 GDPR) to protect your personal data against accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to personal data, including:

• HTTPS encryption for data in transit where applicable
• Secure hosting and infrastructure practices
• Access controls and limited access on a need-to-know basis
• Review and update of security measures in line with industry practice

In the event of a personal data breach likely to result in a risk to your rights and freedoms, we will notify the supervisory authority without undue delay and, where required, inform affected data subjects in accordance with Articles 33 and 34 GDPR.

9. Data Sharing and Third Parties

We do not sell your personal data. We may share your information with:

• Processors and service providers: Third parties who assist in operating our website (for example hosting, email delivery, or IT security), acting only on our instructions and under a data processing agreement (Article 28 GDPR) where required.
• Legal requirements: When disclosure is necessary to comply with a legal obligation, a court order, or a lawful request from public authorities, or to protect our rights, safety, or property.

Where we use subprocessors, we remain responsible for their processing and ensure appropriate contractual safeguards. A current list of categories of recipients can be provided upon request.

10. International Data Transfers

Your data may be transferred to and processed in countries outside the European Economic Area (EEA), for example if a service provider is located outside the EEA or uses infrastructure there. When this occurs, we ensure that one of the safeguards listed in Chapter V GDPR applies, such as an adequacy decision by the European Commission, Standard Contractual Clauses (SCCs) approved by the Commission, Binding Corporate Rules, or other approved mechanisms, and supplementary measures where appropriate.

11. Children's Privacy

Our website is not intended for children under 16 years of age. We do not knowingly collect personal data from children. If you believe we have collected data from a child, please contact us immediately.

12. Changes to This Policy

We may update this Privacy Policy periodically. Any changes will be posted on this page with an updated revision date. We encourage you to review this policy regularly.

13. Complaints and Supervisory Authority

If you have concerns about how we handle your personal data, you may contact us first using the details in Section 2. You also have the right to lodge a complaint with a supervisory authority.

In the Netherlands, the supervisory authority is the Autoriteit Persoonsgegevens (AP):

• Website: autoriteitpersoonsgegevens.nl
• Postal address: Postbus 93374, 2509 AJ Den Haag, Netherlands

14. Contact Us

For any questions about this Privacy Policy or to exercise your data protection rights, please contact us: