Privacy & Safety
We don't store any of your personal data other than necessary for administrative purposes and shipping information (labelling). To comply with the newest General Data Protection Regulation (GDPR), we store this data in an encrypted environment. By placing an order through our BrickOwl shop you accept the use of your personal data as described in this privacy statement.
Processing of personal data
To provide our services we process certain personal data. This personal data is provided by BrickOwl and in some cases may be provided by you. Usually, this is the following personal data:
- Name and address information
- Contact details (e-mail addresses & phone numbers)
- Bank account, PayPal & Creditcard information
Purpose and foundation for processing personal data
We have to process personal data to process your order correctly, as well as to comply with legal obligations as a business in some cases. Personal data may also be stored to improve the efficiency of our services, when we assume this is beneficial for you, like;
- Communication and information facilities
- To provide maximum efficiency of our service
- Improvement of our services
The above-stated means we may use this data for future marketing purposes or information about our services—which is currently not in effect—if we think this may be beneficial for you.
In some cases, we may want to use your personal data for purposes other than the reasons stated above and for which we will always ask your explicit permission.
Finally, we may use your personal data for the protection of our rights and properties, as well as for our customers, and if necessary, to comply with legal proceedings.
Sharing personal data
Your address information, email or phone number may be shared with postal services if necessary for the delivery of your order. By placing an order through our store, which needs to be shipped to an address you have provided through the BrickOwl system, you accept passing on any relevant personal information to the postal service entrusted with the delivery of your order.
By law, we are obligated to keep records of all our transactions as well as other business administration. In these records, personal data may occur. Although these third parties are no processors of your personal data, they have or can have an insight into your personal data. These third parties are; the system administrator, accountant and hosting services. Before enabling third parties access to your personal data, we shall establish if they comply with all GDPR obligations. Of course, we will only grant access to your personal data if these parties comply with the GDPR obligations. This means all third parties can only process your personal data when strictly necessary and in compliance with the law.
We will never share any personal data for commercial purposes or charities without your explicit permission.
How long do we keep records?
We don't store your personal data any longer than is useful and necessary for the purpose for which they were provided. By law, we are obliged to keep certain records as long as 7 years, due to retention of information (such as fiscal retention).
For the protection of personal data, we have implemented appropriate technical measures, as far as reasonably can be expected from us, taking into account the importance, the available technical solutions and costs of relevant security measures. We oblige our staff and third parties, which have access to personal data, confidentiality. Furthermore, we ensure our staff is properly and fully instructed on how to handle personal data, and are familiar with the responsibilities and obligations of the GDPR.
Insight of personal data
You are entitled to request which personal data we have stored in our system, rectify this information or submit a delete request by sending an email to; firstname.lastname@example.org subject; "Request insight/delete personal data" (however this request may not compromise any legal obligations). Furthermore, you can oppose the possible processing of personal data by third parties. You are entitled to let us provide any personal data to you or another party if you wish to do so.
Incidents with personal data
If there is a data leak concerning personal data, we will inform you about this without delay (except for pressing reasons), if there is a concrete possibility of negative effects on your personal privacy. We strive to inform you within 48 hours after we discover this data leak or have been informed by our third parties about this.
In case you may have complaints about the processing of your personal data, we ask you to contact us. In case this doesn't provide a satisfying result, you are always entitled to file a complaint at the Dutch Data Protection Authority.
Website cookies and tracking
We are not liable for any personal data stored by the BrickOwl platform concerning your registration or order history, nor any cookies BrickOwl may use.
Please be aware; BrickOwl is a UK-based company. Any personal data stored upon registration on BrickOwl falls under UK privacy regulations.
WARNING! Lego® pieces are intended for children over 3 years. Be advised that Lego® parts should not be swallowed as they can present a choking hazard!
Last Updated: 5 Nov 2021