Privacy Statement - AET Europe Webshop

Last updated: September 10, 2025

This Privacy Statement explains how AET Mobile Identity Services B.V. (“AET Europe”, “we”, “us”, or “our”) processes your personal data when you purchase products via our Webshop. We are committed to protecting your privacy and handling your data in compliance with the General Data Protection Regulation (GDPR) and other applicable laws.

      1.          Controller

AET Mobile Identity Services B.V. IJsselburcht 3 6825 BS Arnhem, The Netherlands Chamber of Commerce (KvK): 64144976 Email: webshopsupport@aeteurope.com

     2.          Categories of Personal Data

When you place an order via our webshop, we process the following categories of personal data:

  • Identification and contact details: Name, organization (if applicable), address, email address, telephone number.
  • Order details: Products ordered, quantities, order history.
  • Payment information: Payment method, transaction details (processed via secure payment providers; we do not store full credit card details).
  • Delivery details: Delivery address, tracking information.
  • Support communications: Any data you provide when contacting us (e.g., order number, description of issue).

We do not process sensitive personal data unless explicitly provided by you in support communications.

     3.          Purposes and Legal Bases

We process your personal data for the following purposes, based on the specified legal grounds under the GDPR:

  • Order processing and delivery: To confirm, prepare, and deliver your order (legal basis: performance of a contract, Art. 6(1)(b) GDPR).
  • Customer support: To respond to your questions, complaints, or requests (legal basis: performance of a contract or legitimate interests, Art. 6(1)(b) and (f) GDPR).
  • Payment processing: To handle payments via trusted providers (legal basis: performance of a contract, Art. 6(1)(b) GDPR).
  • Legal obligations: To retain invoices and transaction records as required by law (legal basis: compliance with a legal obligation, Art. 6(1)(c) GDPR, e.g., Dutch tax law).
  • Security and fraud prevention: To ensure secure transactions and prevent misuse of our services (legal basis: legitimate interests, Art. 6(1)(f) GDPR).
  • Partnership tracking with VZVZ (ZORG-ID only): For ZORG-ID related purchases, we share limited data (company names where these qualify as personal data, and purchase quantities) with Stichting VZVZ Servicecentrum as an independent controller. This enables tracking of key performance indicators (KPIs) and ensures the proper functioning of the ZORG-ID Smartcard Facility (legal basis: legitimate interests, Art. 6(1)(f) GDPR). We have conducted a legitimate interest assessment to balance our interests with your rights.

We do not use your data for marketing purposes.

     4.          Recipients

Your personal data may be shared with the following recipients, only to the extent necessary for the purposes outlined above:

  • Stichting VZVZ Servicecentrum (for ZORG-ID related purposes, as described in Section 3.6).
  • Payment service providers (e.g., credit card processors, banks).
  • Logistics and delivery partners (e.g., shipping companies to fulfill deliveries).
  • IT service providers (for webshop hosting, maintenance, and technical support).

We require all recipients to handle your data securely and in accordance with GDPR. We do not sell or rent your personal data to third parties.

      5.          Transfers Outside the EEA

We process and store your data within the European Union.

     6.          Retention

We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected, or as required by law:

  • Order and payment data: Retained for 7 years to comply with Dutch tax and accounting obligations.
  • Support communications: Retained for up to 2 years after the issue is resolved, or longer if required for legal reasons.
  • VZVZ KPI data: Shared in aggregated or limited form (company name where personal data, and purchase quantities) and retained only as long as necessary for KPI monitoring and to monitor the functioning of the ZORG-ID Smartcard Facility.

After the retention period, data is securely deleted or anonymized.

     7.          Your Rights

Under the GDPR, you have the following rights regarding your personal data:

  • Right of access: To obtain a copy of your data.
  • Right to rectification: To correct inaccurate or incomplete data.
  • Right to erasure (“right to be forgotten”): To request deletion, subject to our legal obligations (e.g., tax retention).
  • Right to restriction: To limit processing in certain circumstances.
  • Right to data portability: To receive your data in a structured, commonly used format.
  • Right to object: To object to processing based on legitimate interests (including data shared with VZVZ for KPI purposes), which we will honor unless we have compelling reasons to continue.

To exercise these rights, contact us at webshop@aeteurope.com. We will respond within one month, though this may be extended in complex cases. You also have the right to lodge a complaint with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens) at www.autoriteitpersoonsgegevens.nl.

     8.          Security

We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, loss, or alteration. These include encrypted communications (e.g., HTTPS), secure payment gateways, access controls, regular security audits, and employee training.

     10.          Changes to This Statement

We may update this Privacy Statement from time to time. Changes will be posted here with an updated "Last updated" date. We encourage you to review it periodically.

     11.          Contact

For any questions about this Privacy Statement or our data processing practices, please contact us at: webshop@aeteurope.com.