Privacy policy

Effective date: June 9, 2026

This Privacy Policy describes how Korhonen ("we," "us," or "our") collects, uses, and protects your personal information when you visit korhonen.nl, place an order, or interact with us in any way.

1. Who we are

Korhonen is a Dutch design studio based in Rotterdam, Netherlands.

  • Legal entity: Korhonen
  • Address: Spanjaardstraat 115B, 3025 TM Rotterdam, Netherlands
  • Chamber of Commerce (KVK): 88117529
  • VAT (BTW): NL003326698B05
  • Privacy contact: info@korhonen.nl

We are the data controller for personal information collected through our website and services.

2. Information we collect

We collect the following categories of personal information:

Information you provide directly

  • Order information: name, shipping address, billing address, email address, phone number
  • Payment information: processed securely by our payment provider (we do not store full card numbers)
  • Account information: if you create an account — email, password, order history
  • Communications: any messages you send us via our contact form or email

Information collected automatically

  • Browsing data: pages viewed, time spent, click paths, referring sites
  • Device information: browser type, operating system, IP address, device identifiers
  • Cookies and similar technologies: see Section 9 below

Information from third parties

  • Shipping carriers: delivery status updates
  • Payment processors: verification of payment, fraud prevention signals
  • Marketing platforms: if you've opted into marketing emails

3. How we use your information

We use your personal information to:

  • Process and fulfill orders: including shipping, payment, customer service
  • Communicate about your order: confirmations, shipping updates, delivery notifications
  • Provide customer service: respond to inquiries, handle returns and refunds
  • Improve our products and website: analyzing browsing behavior in aggregate
  • Send marketing communications: ONLY if you have actively opted in
  • Detect and prevent fraud: protecting our customers and our business
  • Comply with legal obligations: tax, accounting, consumer protection laws

4. Legal basis for processing (GDPR)

Under the EU General Data Protection Regulation (GDPR), we process your personal information based on:

  • Contractual necessity: to fulfill orders you place with us
  • Legitimate interests: to improve our products, detect fraud, and operate our business
  • Consent: for marketing emails, optional cookies, and any other situation where you've actively agreed
  • Legal obligation: for tax reporting, customs documentation, and other required disclosures

You can withdraw consent at any time without affecting prior processing (see Section 8).

5. How we share your information

We share your personal information only with the following types of parties, and only as necessary:

Recipient Purpose
Shopify (our e-commerce platform) Order processing, hosting, payments
Payment processors (Shopify Payments, Stripe, PayPal) Transaction processing
Shipping carriers (DHL, USPS, UPS, etc.) Delivery
Fulfillment partners Order preparation and shipping
Email service providers Order confirmations and (with consent) marketing
Analytics providers (Shopify Analytics, Google Analytics) Aggregated website performance
Legal and tax authorities When required by law

We do not sell your personal information to third parties for marketing purposes.

6. International data transfers

Because we serve customers globally and use international service providers, your personal information may be transferred to and stored in countries outside the European Economic Area (EEA), including the United States and China (for fulfillment).

When this happens, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses approved by the European Commission, or transfers to countries with adequate data protection levels.

7. How long we keep your information

We retain your personal information only as long as necessary:

  • Order information: 7 years (required by Dutch tax law)
  • Account information: until you delete your account
  • Marketing data: until you unsubscribe
  • Browsing data (cookies): typically 12-24 months
  • Customer service correspondence: 3 years

After these periods, we securely delete or anonymize your data.

8. Your rights

Under GDPR (if you're in the EU, EEA, or UK)

You have the right to:

  • Access the personal information we hold about you
  • Correct inaccurate or incomplete information
  • Delete your data ("right to be forgotten") — subject to legal retention requirements
  • Restrict processing of your data
  • Object to processing based on legitimate interests or for direct marketing
  • Data portability — receive your data in a portable format
  • Withdraw consent at any time
  • Lodge a complaint with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens)

Under CCPA (if you're a California resident)

You have the right to:

  • Know what personal information we collect about you and how it's used
  • Delete personal information we have collected
  • Opt-out of the sale of personal information (we do not sell your data)
  • Non-discrimination — we won't treat you differently for exercising your rights

To exercise any of these rights, email us at info@korhonen.nl with your request. We'll respond within 30 days.

9. Cookies and tracking

Our website uses cookies and similar technologies to:

  • Essential cookies: make the site work (cart, checkout, login) — cannot be disabled
  • Analytics cookies: understand how visitors use the site — anonymized where possible
  • Marketing cookies: if you've consented, used to personalize your experience and measure ad performance

When you first visit our site, you'll see a cookie banner where you can accept or reject non-essential cookies. You can change your preferences at any time via the Cookie Settings link in the footer.

You can also control cookies through your browser settings. Note that disabling certain cookies may affect site functionality.

10. Children's privacy

Our website is not intended for children under 16. We do not knowingly collect personal information from children. If you believe a child has provided us information, please contact us at info@korhonen.nl and we will delete it promptly.

11. Security

We take reasonable technical and organizational measures to protect your personal information against loss, misuse, and unauthorized access. This includes:

  • Encrypted connections (HTTPS) across our entire site
  • PCI-DSS-compliant payment processing
  • Limited access to personal data within our team
  • Regular security reviews

However, no system is 100% secure. We cannot guarantee absolute security of information transmitted online.

12. Changes to this policy

We may update this Privacy Policy from time to time. When we do:

  • We'll change the "Effective date" at the top
  • For significant changes, we'll notify you via email or a prominent notice on our website
  • Continued use of our services after changes means you accept the updated policy

13. Contact us

For any privacy-related questions, requests, or concerns:

Email: info@korhonen.nl
Mail:
Korhonen
Spanjaardstraat 115B
3025 TM Rotterdam
Netherlands

We aim to respond to privacy inquiries within 5 business days.