Privacy Policy
At KOVA, we believe that privacy is not a legal formality — it is part of the trust we ask you to place in us every time you order. We have written this policy to be read, not just stored in a browser tab.
Who we are
Sales Core B.V. is a private limited company incorporated under Dutch law, registered with the Dutch Chamber of Commerce (KVK) under number 95115714. We trade as KOVA and are the data controller for all personal data processed in connection with your use of takekova.com.
Our primary market is the Netherlands and Germany, and we process all personal data in full compliance with Regulation (EU) 2016/679 (GDPR).
What data we collect — and when
2.1 Data you provide directly
- Account & order data — name, email address, delivery address, billing address, telephone number (optional)
- Subscription data — chosen subscription tier, billing frequency, preferred payment method, subscription history
- Payment data — we do not store card numbers or bank details; these are processed directly by Mollie B.V.
- Communications — any message, question, or complaint you send us via email, live chat, WhatsApp, or Instagram DMs
- Quiz responses — if you complete our “Is KOVA right for you?” quiz, we collect your answers to personalise your experience
- Reviews & testimonials — any review you submit on our website or via Trustpilot or Trusted Shops
2.2 Data collected automatically
- Device & browsing data — IP address, browser type and version, operating system, pages visited, time on page, click paths
- Cookies & tracking — only after you give explicit consent via our cookie banner. See our separate Cookie Policy for full details
- Purchase & subscription behaviour — order frequency, subscription status, renewal history, cancellations, pauses
2.3 Data from third parties
- Analytics partners — aggregated, anonymised traffic data from Google Analytics 4 (only if consented)
- Advertising platforms — Meta and Google Ads may share conversion signals with us if you have consented to advertising cookies
- Review platforms — Trustpilot and Trusted Shops may provide us with review data associated with your order
We do not purchase data from data brokers. We do not collect special categories of data (health data, biometric data, etc.).
Why we use your data — legal basis and purpose
The table below sets out every processing activity, its purpose, the legal basis under GDPR Article 6, and how long we keep the data.
| Purpose | Data categories | Legal basis | Retention |
|---|---|---|---|
| Processing & fulfilling your order | Name, address, email, order details | Art. 6(1)(b) — Performance of contract | 7 years (Dutch fiscal law) |
| Managing your subscription | Email, subscription tier, billing data, payment token | Art. 6(1)(b) — Performance of contract | Duration of subscription + 7 years |
| Sending transactional emails | Name, email, order details | Art. 6(1)(b) — Performance of contract | 7 years |
| Providing customer support | Name, email, order history, support messages | Art. 6(1)(b) or Art. 6(1)(f) — Legitimate interest | 3 years after last contact |
| Sending marketing emails | Name, email address | Art. 6(1)(a) — Consent (opt-in required) | Until consent is withdrawn |
| Analytics & website performance (GA4) | Anonymised IP, browsing behaviour, device data | Art. 6(1)(a) — Consent | 14 months (GA4 default) |
| Advertising & retargeting | Hashed email, IP, pixel data | Art. 6(1)(a) — Consent | 90 days |
| Fraud prevention & security | IP address, order patterns | Art. 6(1)(f) — Legitimate interest | 12 months |
| Legal & tax compliance | Name, address, transaction data | Art. 6(1)(c) — Legal obligation | 7 years |
Marketing communications — your choices
We send marketing emails only with your explicit, freely given consent. You can opt out at any time by clicking the unsubscribe link in any marketing email, contacting us at privacy@takekova.com, or updating your preferences in your account portal. Unsubscribing from marketing does not affect transactional emails (order confirmations, shipping updates, renewal notices).
Who we share your data with
We do not sell your personal data. We share data only with trusted third-party processors who help us operate our business.
| Processor | Purpose | Location | Safeguard |
|---|---|---|---|
| Shopify International Ltd | E-commerce platform, order & customer management | Ireland (EU) | EU Standard Contractual Clauses; GDPR DPA |
| Mollie B.V. | Payment processing (iDEAL, Klarna, SEPA, cards) | Netherlands (EU) | EU-based; PCI-DSS compliant |
| Klaviyo Inc | Email marketing & automated customer flows | USA | EU SCCs + Data Processing Addendum |
| Gorgias Inc | Customer support & helpdesk | USA | EU SCCs + DPA |
| PostNL / DHL | Order fulfilment & delivery | Netherlands / Germany (EU) | EU-based; fulfilment DPA |
| Google LLC (GA4, Google Ads) | Analytics & advertising (consent-gated) | USA | EU SCCs; Google Consent Mode v2 |
| Meta Platforms Ireland | Advertising & retargeting (consent-gated) | Ireland (EU) | EU SCCs; Meta DPA |
| Trustpilot A/S | Review collection & display | Denmark (EU) | EU-based; GDPR DPA |
International transfers
Some of our processors (notably Klaviyo, Gorgias, and Google) are based in the United States. Where personal data is transferred outside the EEA, we rely on the European Commission’s Standard Contractual Clauses (SCCs) as the transfer mechanism. You can request a copy of the applicable transfer mechanism for any specific processor by contacting privacy@takekova.com.
How long we keep your data
- Order and transaction data: 7 years, as required by Dutch tax law (Article 52 AWR)
- Active subscription data: retained for the lifetime of your subscription plus 7 years
- Support communications: 3 years from your last contact with us
- Marketing consent records: retained until you withdraw consent, plus a 90-day administrative period
- Analytics data: 14 months maximum (Google Analytics 4 default)
- Advertising pixels: 90 days maximum
When a retention period expires, we securely delete or anonymise the data.
Your rights under GDPR
- Right of access (Art. 15) — Receive a copy of the personal data we hold about you, free of charge
- Right to rectification (Art. 16) — Ask us to correct inaccurate or incomplete data
- Right to erasure (Art. 17) — Ask us to delete your data where there is no longer a legitimate reason to keep it
- Right to restriction (Art. 18) — Ask us to limit how we process your data in certain circumstances
- Right to data portability (Art. 20) — Receive your data in a structured, machine-readable format
- Right to object (Art. 21) — Object at any time to processing based on legitimate interests, including direct marketing
- Right to withdraw consent (Art. 7(3)) — Where processing is based on consent, withdraw it at any time
Email privacy@takekova.com. We will verify your identity before processing the request. There is no charge unless requests are manifestly unfounded or excessive. We respond within 5 working days, and in all cases within the 30-day statutory deadline.
The right to complain
- Netherlands — Autoriteit Persoonsgegevens: autoriteitpersoonsgegevens.nl · +31 (0)88 1805 250
- Germany — Der Bundesbeauftragte für den Datenschutz und die Informationsfreiheit (BfDI)
We would always prefer to resolve any concern directly first. Please reach out to us at privacy@takekova.com before escalating.
How we protect your data
- All data is transmitted over HTTPS with TLS encryption (SSL certificate via Shopify)
- Access to customer data is restricted on a need-to-know basis with role-based access controls
- Two-factor authentication (2FA) is enforced on all administrative accounts
- We maintain a 72-hour breach notification procedure in accordance with Article 33 GDPR
Contact & changes
We will update this Privacy Policy when our practices change. For active subscribers, we will notify you by email at least 14 days before material changes take effect. The version number and effective date at the top of this document will always reflect the most current version.