Privacy Policy – Pop Papel

Privacy Policy

Effective Date: 01-05-2025
Last Updated: 01-01-2026

Pop Papel (“we”, “us”, or “our”) respects your privacy and is committed to protecting your personal data. This Privacy Policy explains how we collect, use, store, and protect personal data in accordance with the General Data Protection Regulation (GDPR) and applicable Dutch privacy laws.

This Privacy Policy applies to all visitors, customers, and business contacts who interact with Pop Papel via our website, services, or communications.

1. Data Controller

Pop Papel

Visserseinde 4
2063 JD Spaarndam

The Netherlands

contact@poppapel.com

+34 6 0377 2841

Kvk: 96626003

BTW nummer: NL005221415B55

Pop Papel is established in the Netherlands and operates in accordance with Dutch law and applicable European Union regulations.

Pop Papel acts as the data controller for the processing of personal data as described in this Privacy Policy.

2. Personal Data We Collect

We collect only personal data that is necessary for providing our services.

This may include:

  • Name

  • Company name (if applicable)

  • Email address

  • Telephone number

  • Billing address

  • Delivery address (collected only after final image quality approval and order confirmation)

  • Order details and correspondence

  • Uploaded images or design files (for custom wallpaper orders)

We do not knowingly collect personal data from children under the age of 16.

3. Customer-Uploaded Images & Files

When you upload images or files for a custom wallpaper order:

  • These files are used exclusively for producing your order

  • They are not shared with third parties for marketing or resale

  • They are stored securely for the duration of your project

Uploaded files are deleted within 90 days after project completion, unless a longer retention period has been agreed in writing.

4. Purpose & Legal Basis for Processing

We process personal data only where there is a valid legal basis under the GDPR. This includes:

a. Performance of a Contract or Pre-Contractual Measures

  • Reviewing image quality and preparing design previews

  • Processing orders, production, delivery, and installation

  • Collecting delivery details only after final design approval

b. Legal Obligations

  • Compliance with accounting, tax, and administrative requirements

c. Legitimate Interests

  • Responding to inquiries

  • Customer communication related to orders

  • Improving our services and website

d. Consent (where applicable)

  • Publishing identifiable images of completed projects

  • Any optional communications requiring explicit consent

Delivery address details are collected only after final design approval and are used solely for order fulfilment, shipping, and installation coordination where applicable.

5. Use of Project Photography

We may document completed wallpaper installations for use in our portfolio, website, or promotional materials.

Identifiable images of private spaces or locations are published only with explicit customer approval. Consent may be withdrawn at any time by contacting us.

6. Data Sharing with Third Parties

We share personal data only where necessary to fulfil our services, and only with trusted third parties, such as:

  • Payment service providers

  • Shipping and logistics partners

  • Installation professionals working on our behalf

All third parties process personal data solely for the purposes agreed and are contractually required to comply with GDPR.

We do not sell personal data to third parties.

7. Data Retention

We retain personal data only for as long as necessary and in accordance with legal obligations:

  • Order, invoice, and payment data are retained as required by Dutch tax law

  • Uploaded images and design files are deleted within 90 days after project completion, unless otherwise agreed

  • Delivery address data is retained only for as long as necessary to complete delivery, installation (if applicable), and legally required administrative obligations

  • Contact inquiries are retained only for as long as needed to respond and follow up

Once data is no longer required, it is securely deleted or anonymised.

8. Data Security

We take appropriate technical and organisational measures to protect personal data against loss, misuse, unauthorised access, disclosure, or alteration.

Access to personal data is restricted to authorised personnel only and limited to what is necessary for their role.

9. Cookies & Website Analytics

Our website may use functional and analytical cookies to ensure proper operation and to understand how visitors use our site.

Where required by law, consent for cookies is requested via a cookie banner.

10. Your Rights Under GDPR

You have the right to:

  • Access your personal data

  • Correct inaccurate or incomplete data

  • Request deletion of your data (where legally permitted)

  • Restrict or object to processing

  • Data portability

  • Withdraw consent at any time

Requests can be submitted via our contact form. We respond within the timeframes required by GDPR.

11. Complaints

If you believe that your personal data is being processed unlawfully, you have the right to lodge a complaint with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens).

12. Changes to This Privacy Policy

We reserve the right to update this Privacy Policy at any time. The version in force at the time personal data is collected shall apply.

13. Contact

If you have any questions about this Privacy Policy or how we process personal data, please contact us via our contact form.