Privacy Policy

This Privacy Policy (“Policy”) is used by Vlisco Netherlands B.V., a private limited company incorporated under Dutch law, registered with the Dutch Chamber of Commerce under number 50751492, with its registered office in Helmond and its principal place of business at Binnen Parallelweg 27, 5701 PH Helmond, the Netherlands (referred to as “Vlisco”, “we” or “us”).

Vlisco can be contacted at: PrivacyOfficer@vlisco.com.

This Policy applies to the processing of personal data of:

• webshop users and customers;
• users of Vlisco websites and mobile applications (“App”);
• suppliers and business contacts.

Vlisco acts as data controller within the meaning of the General Data Protection Regulation (GDPR).

Depending on your interaction with Vlisco, we may process the following categories of personal data:

Identity and contact details
Name, address, email address, telephone number.

Order and customer data
Order history, billing and delivery information, payment details, and communication relating to purchases.

Website and App usage data
IP address, device identifiers, browser type, language settings, pages visited, navigation behaviour, and App usage data such as feature interaction and technical performance data.

Technical and security data (system logs)
Logs generated by ICT systems, including login attempts, system access, user actions within systems, IP addresses, timestamps, device identifiers, error logs, and security-related events.
These logs are used for security, auditability, troubleshooting, and ensuring proper functioning of systems.

CCTV footage (where applicable)
Video recordings captured at selected physical Vlisco locations for security and operational protection purposes.

We process personal data for the following purposes:

• processing and fulfilling webshop orders;
• managing payments, invoicing, and delivery;
• customer service and communication;
• operating and improving our website and App;
• analysing usage and improving user experience;
• sending marketing communications, such as newsletters, promotional emails, personalised offers, app notifications, and online advertising, where permitted under applicable law;
• displaying relevant advertisements and measuring the effectiveness of marketing campaigns;
• IT security, fraud prevention, and system integrity;
• compliance with legal and regulatory obligations.

We process personal data based on:

• performance of a contract (e.g. order processing);
• compliance with legal obligations (e.g. tax and accounting requirements);
• consent (e.g. for newsletters, promotional emails to non-customers, certain cookies, personalised advertising, and optional App features);
• legitimate interests (e.g. IT security, fraud prevention, system monitoring, service improvement, and — where permitted under applicable law — sending marketing communications to existing customers about similar products or services).

Vlisco maintains technical logs in its ICT systems to ensure security, reliability, and proper operation.

These logs may include:

• user login and authentication events
• system access and actions performed within systems;
• IP addresses, timestamps, and device identifiers;
• system errors and performance data;
• security events such as failed login attempts or suspicious activity.

Vlisco uses the accessibility solution Eye-Able Access, provided by Web Inclusion GmbH, to improve the accessibility and usability of our website for all users.

The service enables users to adjust website presentation, such as text size, contrast, and navigation support, in order to improve access to information.

To provide this functionality, necessary JavaScript files are loaded from external servers. For secure and efficient delivery, Eye-Able Access uses a Content Delivery Network (CDN) operated by BunnyWay d.o.o. (Cesta komandanta Staneta 4A, 1215 Medvode, Slovenia).

The use of this service is based on:

• performance of a contract (Art. 6(1)(b) GDPR), as it forms part of the functionality of our online services, and
• legitimate interests (Art. 6(1)(f) GDPR) in ensuring the secure, fast, and reliable provision of our website through a professional service provider.

Additional third-party tools may be used to support website functionality, analytics, accessibility, or security. Where applicable, these will be listed or described in this section.

Certain Vlisco sites are equipped with CCTV systems to protect employees, visitors, property, and operations, and to support the prevention and investigation of incidents.

Camera placement includes:

• entrances and exits of buildings;
• reception and visitor areas;
• warehouses, production, and logistics zones external building perimeters and parking areas.
  
  
  Cameras are not installed in private or sensitive areas such as toilets, changing rooms, or private offices.

Technical and operational details:

• CCTV records video only; no audio is recorded;
• footage captures general activity in monitored areas;
• recordings are made in sufficient quality for security and identification purposes;
• cameras may include fixed and, where necessary, remotely adjustable (PTZ) functionality; access to controls is strictly restricted to authorised security personnel and is not used for continuous tracking of individuals ;
• footage is not routinely anonymised or blurred.

Access and use:
Only authorised personnel may access CCTV footage. It is used solely for security, incident investigation, and legal compliance purposes.

Retention:
CCTV footage is retained for up to 28 days, unless longer retention is required due to an incident, investigation, or legal obligation.

Information to individuals:
CCTV use is communicated via signage at monitored locations and through this Privacy Policy.

We do not sell personal data. We may share data with:

• payment service providers;
• logistics and delivery partners;
• IT infrastructure, hosting, and cloud providers;
• analytics, advertising, social media, and marketing service providers (where consent is required or applicable);
• professional advisers (e.g. auditors, legal advisors);
• public authorities where legally required.

Some service providers may be located outside the European Economic Area (EEA), including in:

• United States of America;
• Canada (covered by an adequacy decision by the European Commission).

Where personal data is transferred outside the EEA, Vlisco ensures appropriate safeguards, including:

• Standard Contractual Clauses (SCCs) approved by the European Commission;
• assessment of local legislation and transfer risks where required;
• additional technical and organisational
  safeguards where necessary.

We retain personal data only for as long as necessary:

• webshop orders and financial records: up to 7 years;
• customer account data: until deletion or inactivity;
• marketing data: until consent is withdrawn or unsubscribe request is made;
• App and website usage data: as needed for analytics and service improvement;
• CCTV footage: up to 28 days unless longer retention is required.

Vlisco may send marketing communications such as newsletters, promotional emails, personalised offers, app notifications, and online advertisements relating to Vlisco products, collections, events, and promotions.

Where required under applicable law, we will ask for your consent before sending electronic marketing communications or placing marketing-related cookies and similar technologies.

If you are an existing customer, Vlisco may send you information about similar products or services based on our legitimate interest, where permitted by applicable law.


You can withdraw your consent or opt out of marketing communications at any time by:

• clicking the unsubscribe link included in marketing emails;
• adjusting your cookie preferences via the Cookie Declaration on our website;
• contacting us at PrivacyOfficer@vlisco.com.

You have the following rights under the GDPR:

• access to your personal data;
• rectification of inaccurate data;
• erasure of personal data;
• restriction of processing;
• objection to processing;
• data portability;
• withdrawal of consent at any time;
• lodging a complaint with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens).

We may update this Policy from time to time. The latest version will always be published on our website.