Privacy Policy

At Puffin Brewery, we consider privacy and protection of your personal data of paramount importance and therefore treat your data with care to keep your private data really private.

Last update on June 12, 2020

Article 1 – Definitions

Personal data is all data relating to a natural person (referred to as the data subject in the privacy law) who is or can be directly or indirectly identified. This can be data such as: the name of a person, a photo, a telephone number (even a telephone number at work), a code, a bank account number, an e-mail address, a fingerprint,….

A processing of data is any operation or set of operations of personal data. These operations are very varied and include the collection, storage, use, modification, communication of the data.

Article 2 – For what purpose do we process your personal data?

We always try to collect as little personal data as possible. But when we do it, we don’t just do this. We have our reasons for this:


We need information to contact you in an emergency or to help you with a problem or complaint.

To track performance and provide the best service

To gain insight into the use of our website or products. This way we know which pages can possibly use improvement or which services and products can offer added value for you.

To comply with legal obligations

In many cases, we are required to keep certain personal data and / or communicate it to government agencies.

Article 3 – Which personal data do we process?

Puffin Brewery processes personal data for the execution of contracts, but also for other purposes. Article 3 – Which personal data do we process?

Personal identification data

Like a name. We need this information, among other things, to be able to address you, to contact you. Puffin Brewery may also be obliged to communicate this information to the authorities in a confidential manner in the event of legal issues.

E-mail address

This is kept to send you important messages or to contact you.

Electronic identification data

IP addresses are stored to provide an overview of the IP address from which you have logged into your account or made changes. The IP address can also be used to better protect your account against unauthorized access from other locations.

We also use cookies on our website to map how you view and experience our website. A cookie is a small text file that is placed on your computer, tablet or smartphone during your visit to a website. Information is stored in this text file. This information can be recognized by this website at a later visit. We never store cookies without your permission. This permission can be stopped at any time. To find out how to disable cookies or for more information, please see our cookie policy.

Server logs

When using our online services, data is automatically stored in our server logs. This concerns data such as IP addresses, browser versions, and the time of the visit. These logs are useful for us to detect and fix errors in the system, as well as for security. This allows us to track down malicious people who are endangering the network.

Article 4 – How long do we keep your data?

We do not use your data longer than necessary. We therefore only keep your data for the duration of our agreement and to the extent necessary for the execution of the agreement. After this we delete or destroy all data.

  • Based on the legal fiscal retention obligation, we must keep invoice data, transaction data and other financial data for 7 years.
  • Other customer data such as name and address details, email address and telephone number will be destroyed a maximum of one month after the agreement.

Article 5 – What about minors’ personal data?

We never knowingly request or collect personal data from persons under the age of 18. If we at Puffin Brewery discover that we have accidentally collected personal information from a person under the age of 18, we will remove that person’s personal information from our records as soon as reasonably practicable.

Article 6 – You have the right to inspect

Transparency is the keyword here. Everyone who uses our services has the right to request (free of charge) access, correction, displacement or deletion of his or her personal data. Puffin Brewery has specially prepared a register for this with which personal data we process, for what purposes we do this, which categories of personal data we process, what data we share with third parties, etc.

You also have the right to object to the processing of your personal data. If you would like more information or a correction, please contact us via our dashboard or via our contact form.

Article 7 – How do we keep your data safe?

Safety is very important to us. We consider not only our own safety important, but also yours and your personal data. A company is never 100% safe from external risks, but we try to limit it as much as possible. Some security measures that we apply.

  • All employees handle confidential data correctly and receive the necessary further training.
  • Only authorized persons have access to your personal data.
  • The network is protected against external risks.
  • We use EV SSL certificates to securely transfer your data and communications to us.
  • All our software is up to date.
  • We have a clean desk policy.
  • Complex passwords and keys that are encrypted will always be used.
  • We use two factor authentication (2FA) for login and password storage. This is an authentication method where one has to successfully complete two steps to access something.

Article 8 – What about a data breach?

A data breach is a security incident in which Personal Data that the Processor manages on behalf of the Controller may have been lost or inadvertently accessed by third parties. This concerns data that can be linked to these persons, such as, but not limited to, names, addresses, telephone numbers, e-mail addresses, log-in data, cookies, IP addresses or identifying data of computers or telephones.

Even the largest companies are never 100% safe from cyber attacks. Puffin Brewery will notify the GBA (= Data Protection Authority) and the Controller of any breach of security or loss of integrity within 24 hours of being notified. This in turn will notify you if you are a victim of a data breach.

Article 9 – Third parties

In order to properly execute our agreements, it is sometimes necessary that we use third parties.

In some cases, we may also be required to retain and / or communicate certain personal information to government agencies. Think of tax reasons or police claims.

In addition, only with your permission, we also use third parties such as Google Analytics to monitor and continue to optimize our products and services.

All the aforementioned organizations are located within the European Economic Area (EEA) and we have concluded a processing agreement with all these organizations in accordance with the GDPR legislation on the protection of personal data.

Article 10 – Websites of third parties?

This privacy and cookie statement does not apply to third party websites that are linked to this website by means of links. We cannot guarantee that these third parties handle your personal data in a reliable or secure manner. We recommend that you read the privacy and cookie statements of these websites before using these websites.

When you click on a Social Media button (such as Facebook), the administrators of this website may collect your personal data.

Article 11 – Our contact details

If you have any questions or comments after our privacy policy, please do not hesitate to contact us.