Privacy policy

Last Updated: May 2026

1. Data Controller

The data controller responsible for the processing of personal data under the General Data Protection Regulation (GDPR) is:

Good Morning Universe B.V.
Molenmakershoek 64 E
7328 JK Apeldoorn
The Netherlands

Email: info@goodmorninguniverse.nl
Phone: +31 (20) 532-1585

2. Scope of This Privacy Policy

This Privacy Policy explains how Good Morning Universe B.V. (“GMU,” “we,” “us,” or “our”) collects, uses, stores, and discloses personal information when you visit, use, or make a purchase from our website or otherwise interact with our services (the “Services”).

If there is a conflict between our Terms of Service and this Privacy Policy, this Privacy Policy governs the collection, processing, and disclosure of personal information.

3. Legal Basis for Processing (GDPR Article 6)

We process personal data only where a lawful basis applies, including:

  • Performance of a contract, such as processing orders, payments, shipping, returns, and customer service
  • Consent, such as for marketing communications and non-essential cookies
  • Legal obligation, including accounting and tax requirements
  • Legitimate interests, such as website security, fraud prevention, and service improvement, provided these interests do not override your fundamental rights and freedoms

You may withdraw consent at any time without affecting the lawfulness of processing carried out before withdrawal.

4. Personal Information We Collect

“Personal information” means information that identifies or can reasonably be linked to an individual.

Depending on how you interact with the Services, we may collect:

  • Contact details, including name, billing and shipping address, email address, and phone number
  • Account information, including login credentials, preferences, and settings
  • Transaction information, including products viewed, added to cart or wishlist, purchased, returned, or exchanged, and order history
  • Payment information, such as payment method, transaction status, and confirmation details
  • Communications, including messages sent to us via email, contact forms, or customer support
  • Device and technical information, including IP address, browser type, device identifiers, and network information
  • Usage data, including how and when you interact with the Services

Payment card details are processed directly by our payment providers and are not stored on our servers.

5. Sources of Personal Information

We collect personal information:

  • Directly from you when you create an account, place an order, contact us, or otherwise provide information
  • Automatically through your use of the Services, including via cookies and similar technologies
  • From service providers who process data on our behalf
  • From partners or other third parties, where permitted by law

6. How We Use Personal Information

We use personal information to:

  • Provide, operate, and improve the Services, including order processing, payments, shipping, returns, account management, reviews, and personalization
  • Communicate with you regarding orders, accounts, customer support, and service updates
  • Send marketing communications and display advertising, where permitted by law and subject to your consent
  • Prevent fraud, enhance security, and protect our Services and users
  • Comply with legal obligations and enforce our terms and policies

7. Shopify and Order Processing

Our online store is hosted by Shopify Inc., which provides the e-commerce platform that allows us to sell products and process transactions.

Shopify processes personal data on our behalf to provide checkout, payment processing, hosting, analytics, fraud prevention, and related ecommerce services.

8. Marketing and Advertising

We send marketing communications only where permitted by law or with your consent.

You may opt out of marketing emails at any time using the unsubscribe link or by contacting us. Non-promotional communications related to your account or orders may still be sent.

Marketing and advertising technologies may include:

  • Google Ads
  • Meta/Facebook
  • Pinterest
  • Klaviyo
  • Remarketing and analytics integrations

Where legally required, these technologies are activated only after consent has been granted.

9. Cookies, Consent Management, and Analytics

We use cookies and similar technologies to operate, improve, and personalize our website and services.

Essential cookies are required for core functionality and security and cannot be disabled.

We use Pandectes GDPR Compliance as our Consent Management Platform (“CMP”) to manage cookie preferences and consent records.

Our websites implement:

  • Category-based consent
  • Automatic script blocking
  • Google Consent Mode v2
  • Shopify Customer Privacy API integration

Visitors located in the European Economic Area (EEA), United Kingdom, and Switzerland are presented with a consent banner allowing users to:

  • Accept all cookies
  • Reject non-essential cookies
  • Customize cookie preferences

Analytics and marketing technologies are disabled by default until consent is granted where legally required.

Users may withdraw or update consent preferences at any time.

10. Google Analytics and International Transfers

We use Google Analytics 4 to analyze website usage.

Google may process data on servers outside the European Economic Area, including in the United States.

Where personal data is transferred outside the EEA or the United Kingdom, we rely on recognized safeguards such as:

  • Standard Contractual Clauses
  • Adequacy decisions
  • Contractual safeguards

IP anonymization and consent-based tracking are enabled where required.

Users may opt out of Google Analytics by installing Google’s browser add-on.

11. Data Retention

We retain personal data only for as long as necessary for the purposes for which it was collected, including:

  • Order and accounting data retained in accordance with tax and commercial laws
  • Customer service communications retained as necessary to resolve inquiries
  • Marketing data retained until consent is withdrawn
  • Analytics data retained according to configured retention settings

Consent records and cookie preference records may also be retained for compliance, audit, and legal documentation purposes.

12. Your Rights

Depending on your location, you may have the right to:

  • Access personal data we hold about you
  • Request correction of inaccurate data
  • Request deletion of personal data
  • Restrict or object to processing
  • Receive a copy of your data and request portability
  • Withdraw consent at any time

You may exercise these rights by contacting us using the details below.

We may need to verify your identity before fulfilling your request.

13. Complaints

If you have concerns about how we process your personal data, you may contact us directly.

You also have the right to lodge a complaint with your local data protection authority. In the Netherlands, this is the Autoriteit Persoonsgegevens.

14. International Transfers

Personal data may be processed outside your country of residence.

Where required, appropriate safeguards are used to protect personal data in accordance with GDPR.

15. Children’s Data

Our Services are not intended for children under the age of 16, and we do not knowingly collect personal data from children.

If such data is identified, it will be deleted without undue delay.

16. Changes to This Privacy Policy

We may update this Privacy Policy from time to time.

The most current version will always be available on our website with the updated date.

17. Contact

Good Morning Universe B.V.
Molenmakershoek 64 E
7328 JK Apeldoorn
The Netherlands

Email: info@goodmorninguniverse.nl
Phone: +31 (20) 532-1585