Privacy policy
1. OVERVIEW
This Privacy Policy explains how Anaconda Armwrestling Equipment collects, uses, and discloses personal information when you visit or use Armwrestling.shop, make a purchase, or otherwise interact with us. Our company registration details and contact information are available Here.
This policy works alongside our Terms of Service, Refund Policy and Shipping Policy. Where those documents and this policy cover the same ground, the Terms of Service governs the contractual relationship. Your mandatory statutory rights are not limited by any of these documents and always take precedence.
By using the website, you acknowledge that your personal information will be processed as described here. This policy is intended to comply with applicable data protection laws, including the General Data Protection Regulation (GDPR) and the Uitvoeringswet AVG (UAVG), the Dutch implementing legislation for the GDPR.
For data protection purposes, the data controller is Anaconda Armwrestling Equipment.
We have assessed whether a Data Protection Officer is required under Article 37 GDPR. Given the nature and scale of our processing activities, we have determined that appointment of a DPO is not mandatory at this time. This assessment is reviewed at least annually and whenever our processing activities change materially. Privacy requests and data protection enquiries can be directed to Anaconda@Armwrestling.shop.
2. PERSONAL INFORMATION WE COLLECT
We collect personal information that can identify or reasonably be linked to you.
2.1 Identity and Contact Data Name, billing address, shipping address, email address, and phone number.
2.2 Payment and Transaction Data Payment processing is handled by third-party payment providers. We do not store full card details. We receive transaction confirmations and related order status information, as well as order and purchase information including items purchased, returns, and cancellations.
2.3 Communications Messages, support enquiries, and other communications you send to us, including customer service interactions.
2.4 Device and Technical Data IP address, browser type, device identifiers, network information, and system logs used for security and operational stability.
2.5 Usage Data Information about how you interact with the website, including pages viewed, products viewed, cart activity, session duration, and navigation behaviour.
2.6 Custom Order Data For custom and personalised orders, we may collect and retain design specifications, approved proofs, names, club or team details, and related order records for the purpose of fulfilling the order, providing customer support, and enabling future reorders. Retention of this data is subject to the schedule in Section 13.2.
2.7 Special Category Data We do not knowingly collect or process special category data as defined under Article 9 GDPR, such as health, biometric, or ethnicity data. If such information is incidentally included in a communication you send us, it will not be used for any purpose beyond resolving your enquiry and will not be retained beyond what is necessary for that purpose.
3. COOKIES AND TRACKING TECHNOLOGIES
3.1 Use of Cookies
We use cookies and similar technologies to operate the website, remember your preferences, and where you have provided consent, support advertising and measurement.
Strictly necessary cookies are required for core website functionality such as checkout, currency handling, security, and the correct display of regional pricing and language. These are always active and do not require consent.
Functional cookies remember preferences that improve your experience but are not required for the website to operate. These are only activated after consent is provided through the cookie settings tool.
Advertising and tracking cookies are used, where you have given consent through our cookie banner, to measure advertising performance, support remarketing, and improve campaign effectiveness. These are only activated after consent is given.
No non-essential cookies are activated unless consent is provided through the cookie settings tool.
3.2 Cookie Inventory
The following cookies are set on this website. This list is updated when our cookie usage changes.
Strictly necessary, active before consent:
Cookie: _shopify_essential | Provider: Shopify | Purpose: Essential for secure checkout, session management, and anti-tampering protection | Duration: 1 year
Cookie: cart_currency | Provider: Shopify | Purpose: Remembers your country of origin to display the correct transaction currency | Duration: 14 days
Cookie: localization | Provider: Shopify | Purpose: Stores your language and region settings. This cookie is set by Shopify as a platform-level default and cannot be disabled at the merchant level. It is classified as strictly necessary because it is required to display correct regional pricing and VAT-inclusive amounts, which is a legal requirement for compliant checkout under EU consumer law. | Duration: 1 year
Advertising and marketing, active only after consent:
Cookie: _shopify_analytics | Provider: Shopify | Purpose: Website performance and analytics measurement | Duration: 1 year
Cookie: _shopify_marketing | Provider: Shopify | Purpose: Marketing attribution and personalisation | Duration: 1 year
Cookie: _shopify_s | Provider: Shopify | Purpose: Session tracking for analytics | Duration: 30 minutes
Cookie: _shopify_y | Provider: Shopify | Purpose: Visitor tracking for analytics | Duration: 1 year
Cookie: _fbp | Provider: Meta (Facebook) | Purpose: Advertising measurement, remarketing, and campaign performance tracking | Duration: 3 months
Cookie: _ttp | Provider: TikTok | Purpose: Advertising performance measurement and attribution | Duration: 3 months
Cookie: ttcsid | Provider: TikTok | Purpose: Session identifier for conversion tracking and campaign measurement | Duration: 3 months
Cookie: ttcsid_D85CNP3C77U8UFHB2NA0 | Provider: TikTok | Purpose: Pixel-specific session identifier for conversion tracking | Duration: 3 months
Local and Session Storage:
In addition to cookies, this website uses browser local storage and session storage for strictly necessary functions including referral tracking for session integrity and Shopify platform operations.
3.3 Cookie Control
You can manage or withdraw consent at any time through the cookie settings tool or your browser settings. Withdrawing consent does not affect core website functionality and does not affect the lawfulness of any processing that took place before withdrawal.
Where your browser or device sends a Global Privacy Control opt-out signal, we will treat this as a request to opt out of non-essential cookies and tracking for that browser and device. We do not otherwise recognise Do Not Track signals.
4. HOW WE COLLECT INFORMATION
We collect information directly from you through orders, forms, and support requests; automatically through cookies and similar technologies when you use or navigate our website; from service providers involved in payment processing, fulfilment, analytics, advertising, and communications; and from advertising or social media platforms where you interact with our content or ads.
5. HOW WE USE YOUR INFORMATION AND LEGAL BASIS
5.1 Order Processing To process payments, fulfil orders, arrange delivery, and handle returns. Legal basis: contract performance.
5.2 Customer Communications To send order confirmations, shipping updates, service-related messages, and transactional follow-up communications relating to incomplete purchases where permitted by applicable law. Legal basis: contract performance.
5.3 Legal Compliance To comply with tax, accounting, and legal obligations. Legal basis: legal obligation.
5.4 Security and Fraud Prevention To detect fraud, prevent abuse, and protect website security. This may include automated systems and risk analysis tools used to identify suspicious transactions or security threats. Fraud prevention measures may include temporary restriction, cancellation, or manual review of high-risk transactions.
Where automated fraud detection tools are used, they support rather than replace human decision-making. A significant effect in this context means a decision that results in your order being cancelled, your account being restricted, or a transaction being declined on fraud grounds. No decision with those consequences is made solely by automated means without the ability to request human review. You may request human review of any such decision by contacting us at Anaconda@Armwrestling.shop with the subject line Human Review Request, describing the decision you want reviewed. We will respond within 5 business days. Legal basis: legitimate interests.
5.5 Analytics Where you have provided consent, we use Shopify's built-in analytics tools to understand website performance and improve our services. Legal basis: consent.
5.6 Personalisation Where you have provided consent, we may use information about your browsing behaviour, purchase history, and interactions with our website to personalise content, product recommendations, and marketing communications. We do not rely on legitimate interests for behavioural personalisation. Legal basis: consent.
5.7 Marketing Communications Marketing emails are sent only where you have provided explicit consent. You can withdraw consent at any time by unsubscribing from any marketing email or by contacting us directly. Withdrawal of consent does not affect the lawfulness of any marketing communications sent before withdrawal.
5.8 Advertising and Measurement Where consent is provided, we may use advertising tools to measure performance and deliver relevant ads, including remarketing and conversion tracking through Meta and TikTok. These tools are only activated after consent is given. Legal basis: consent.
5.9 Business Transactions In the event of a merger, acquisition, restructuring, or sale of assets, personal information may be transferred as part of that transaction. Where this occurs, we will take reasonable steps to ensure the receiving party handles your personal information consistently with this policy. We have assessed the impact of such a transfer and concluded that the legitimate interest in enabling business continuity is proportionate, provided appropriate confidentiality obligations are in place. Legal basis: legitimate interests.
6. HOW WE SHARE INFORMATION
We share personal information only with third parties involved in the following activities: our ecommerce platform provider for checkout, hosting, order management, and email infrastructure; payment processors for payment processing and transaction authentication; logistics providers for delivery and fulfilment; email service providers for transactional and marketing communications where applicable; advertising platforms where you have provided consent; fraud prevention and security providers (see Section 7.5); parties involved in a business transaction such as a merger or acquisition, subject to appropriate confidentiality obligations; and law enforcement or government agencies where required by applicable law or valid legal process.
We do not sell personal information. Some advertising and analytics processing may be considered sharing or targeted advertising under applicable privacy laws when consent is provided.
7. KEY THIRD-PARTY SERVICE PROVIDERS
The providers listed below represent systems we may use in normal operations. Not all tools are active at all times, and some are only activated following your consent through our cookie settings tool. Where a provider acts as an independent data controller, they are responsible for their own compliance with applicable data protection law and requests related to their processing should be directed to them. Where a provider acts as our data processor, they process personal data only on our instructions.
7.1 Ecommerce and Hosting Shopify Inc. (Canada), ecommerce platform, store hosting, checkout infrastructure, order management, and email infrastructure. Shopify acts as both a data processor on our behalf and as an independent data controller for certain platform-level activities. See Section 8 for further detail.
7.2 Payments Shopify Payments, PayPal, Klarna, Visa, Mastercard, Apple Pay, Google Pay, payment processing and transaction authentication. These providers act as independent controllers for payment-related processing.
7.3 Logistics PostNL, DHL, DPD, or equivalent carriers depending on destination, order fulfilment and delivery. These providers act as independent controllers for delivery-related processing.
7.4 Advertising Meta (Facebook) and TikTok, where you have provided consent, used for advertising delivery, remarketing, and advertising performance measurement. These tools are only activated after consent is given. These providers act as independent controllers for data processed through their own platforms.
7.5 Fraud Prevention Fraud prevention and transaction security tools are integrated within our ecommerce and payment infrastructure, primarily through Shopify's built-in fraud detection systems. These tools process order and device data to identify high-risk transactions.
8. SHOPIFY'S ROLE AS DATA CONTROLLER
Our store is hosted and operated through Shopify. In addition to acting as a data processor on our behalf for certain services, Shopify independently collects and processes personal information about your access to and use of our store in order to provide, improve, and secure its platform across all merchants. For these activities Shopify acts as an independent data controller and is directly responsible for that processing, including responding to your rights requests in relation to it.
To learn more about how Shopify uses your personal information and to exercise rights related to Shopify's own processing, visit the Shopify Privacy Policy and the Shopify Privacy Portal.
9. DATA PROCESSORS AND CONTROLLERS
Some service providers act as data processors on our behalf, processing personal data only on our instructions. Others act as independent controllers for specific processing activities. Where a provider acts as an independent controller, their processing is governed by their own privacy policies and legal obligations. For a breakdown of which providers act in which capacity, see Section 7.
10. THIRD PARTY LINKS
We are not responsible for the privacy practices of third-party websites linked from our site. If you follow an external link you should review that site's privacy policy independently.
11. YOUR RIGHTS
11.1 General Rights
Depending on where you live, you may have the right to access your personal data, request correction or deletion, object to or restrict certain processing, withdraw consent at any time, opt out of marketing communications, request data portability where applicable, and request information about categories of third parties with whom your data has been shared.
Withdrawal of consent does not affect the lawfulness of processing carried out before withdrawal. We will act on consent withdrawals and rights requests within 30 days of receiving them.
We may decline requests where permitted by applicable law, including where requests are manifestly unfounded or excessive, or where retention is required for a specific legal obligation. Where we decline, we will identify that obligation in writing. We will not discriminate against you for exercising any of these rights.
Where we need to verify your identity before processing a request, we may ask you to provide reasonable proof. You may also designate an authorised agent to submit requests on your behalf, in which case we will require proof of authorisation and may verify your identity directly before proceeding.
11.2 Additional Rights for EU Residents
You have the right to object to processing based on legitimate interests, to request information about automated decision-making where it produces significant effects on you, and to request human review of such decisions. This is relevant where automated systems are used for fraud detection or transaction risk assessment, as described in Section 5.4.
You have the right to lodge a complaint with your local data protection supervisory authority. For the Netherlands this is the Autoriteit Persoonsgegevens at autoriteitpersoonsgegevens.nl.
EU residents may also use the European Commission's Online Dispute Resolution platform at ec.europa.eu/consumers/odr for disputes related to our processing of personal data in connection with online purchases.
11.3 Additional Rights for UK Residents
If you are located in the United Kingdom, you are subject to the UK GDPR, which is a separate legal framework from the EU GDPR. Your supervisory authority is the Information Commissioner's Office at ico.org.uk. We process requests from UK residents on that basis and will address any UK GDPR-specific considerations in our response to your request.
Privacy requests may be submitted to Anaconda@Armwrestling.shop with the subject line Privacy Request.
12. CHILDREN
Our services are not directed at children under 18. We do not knowingly collect personal information from minors. If you are a parent or guardian and believe your child has submitted personal information to us, please Contact Uss and we will delete it promptly.
13. SECURITY AND RETENTION
13.1 Security
We implement appropriate technical and organisational measures to protect personal data, including access controls, encrypted communications, fraud monitoring systems, secure hosting infrastructure, and restricted internal access to personal information. No system is completely impenetrable and we cannot guarantee absolute security. We recommend that you avoid using unsecured channels to communicate sensitive or confidential information to us.
13.2 Retention
We retain personal data only for as long as necessary for the purpose for which it was collected.
Order and tax records: minimum 7 years as required by Dutch law.
Custom order design files, approved proofs, and related production records containing personal data such as names, club details, and addresses: retained for up to 3 years from the date of the order to support reorders and customer service. Where deletion is requested during this period, we will delete or anonymise the relevant data within 30 days. The only circumstance in which we would not fulfil a deletion request within that window is where we are required to retain the specific data by a legal obligation, in which case we will identify that obligation in writing.
Marketing data: until consent is withdrawn, after which data is deleted or anonymised within 30 days.
Customer support communications: retained only as long as reasonably necessary to resolve the matter and comply with legal obligations, and no longer than 2 years unless a legal claim is active or anticipated.
Analytics and advertising data: according to the retention settings of those platforms, typically anonymised or aggregated after defined periods.
Security logs: retained for operational and fraud prevention purposes, typically up to 12 months.
We may retain certain information for longer periods where necessary to establish, exercise, or defend legal claims. Aggregated or anonymised information that does not identify individuals may be used for analytics, service improvement, and business operations without time limit.
14. INTERNATIONAL TRANSFERS
Personal data may be transferred outside the EEA or UK. Where this occurs, we ensure an adequate level of protection through Standard Contractual Clauses approved by the European Commission, the EU-US Data Privacy Framework where the recipient is certified, or adequacy decisions where the destination country has been recognised as providing adequate protection.
Key providers that may transfer data internationally include Shopify (United States, subject to Standard Contractual Clauses and the EU-US Data Privacy Framework), Meta (United States, subject to Standard Contractual Clauses), and TikTok (United States and other jurisdictions, subject to Standard Contractual Clauses). Other providers may process data through affiliates or cloud infrastructure in jurisdictions outside the EEA, subject to equivalent safeguards.
15. CHANGES TO THIS POLICY
We may update this policy from time to time to reflect changes in our practices or legal requirements. The current version is always published on this page. Where changes are material we may provide additional notice through our website or by email where required by applicable law.
Last updated: May 19th 2026.
Questions about how we handle your privacy? Contact Us