Skip to content
Sculpturesly
Legal

Privacy Policy

Last updated: 1 March 2026

Information We Collect

We collect different types of information depending on how you interact with Sculpturesly:

  • Personal information: name, email address, phone number, and shipping/billing address — provided when you create an account, place an order, or contact us.
  • Payment information: payment processing is handled entirely by Stripe. We never receive, store, or have access to your full card number or CVV.
  • Browsing data: pages visited, products viewed, search queries, time spent on pages, referral sources, device type, browser, and IP address — collected automatically via cookies and analytics tools.
  • Account data: wishlist items, order history, saved addresses, and communication preferences — stored when you use your account features.

How We Use Your Information

We use the information we collect for the following purposes:

  • Order processing: to fulfil your orders, process payments, arrange shipping, and send order confirmations and updates.
  • Account management: to maintain your account, save your preferences, and provide a personalised shopping experience.
  • Customer support: to respond to your enquiries, resolve issues, and provide assistance with orders or returns.
  • Marketing communications: to send newsletters, product announcements, and promotional offers — only with your explicit consent. You can unsubscribe at any time.
  • Fraud prevention: to detect and prevent fraudulent transactions and protect the security of our platform.
  • Site improvement: to analyse usage patterns, understand user behaviour, and improve the website's functionality, content, and user experience.

Cookies & Tracking

We use cookies and similar tracking technologies to provide essential site functionality, remember your preferences, analyse traffic, and measure the effectiveness of our marketing campaigns. Cookies help us deliver a better, more personalised experience.

For detailed information about the cookies we use, their purposes, and how to manage your preferences, please see our Cookie Policy.

Data Sharing

We may share your personal data with the following categories of third-party service providers, strictly to fulfil the purposes described in this policy:

  • Stripe: for secure payment processing. Stripe is PCI-DSS Level 1 certified and operates under its own privacy policy.
  • Shipping carriers: your name, address, and contact number are shared with our delivery partners to fulfil and deliver your order.
  • Email service provider: your email address is shared with our email platform to send transactional emails (order confirmations, shipping updates) and, with your consent, marketing communications.
  • Analytics providers: anonymised and pseudonymised usage data is shared with PostHog for website analytics and Meta for advertising measurement, in accordance with our Cookie Policy.

We may also disclose personal data when required by law, to protect our legal rights, or in connection with a business transfer such as a merger or acquisition.

Data Retention

We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected:

  • Order data: retained for a minimum of 7 years as required by Dutch tax and commercial law for accounting and legal compliance.
  • Account data: retained for as long as your account is active. You may request deletion of your account and associated data at any time.
  • Marketing consent: your marketing preferences are stored until you withdraw consent. You can unsubscribe from marketing emails at any time using the link in every email or by contacting us.

Your Rights (GDPR)

Under the General Data Protection Regulation (GDPR), you have the following rights regarding your personal data:

Right of access — request a copy of the personal data we hold about you, including how it is being used and who it has been shared with.

Right to rectification — ask us to correct any inaccurate or incomplete personal data we hold about you.

Right to erasure — request that we delete your personal data, subject to legal obligations that may require us to retain certain records.

Right to data portability — request your personal data in a structured, commonly used, machine-readable format to transfer it to another service.

Right to restriction — ask us to temporarily stop processing your personal data in certain circumstances, such as while we verify its accuracy.

Right to object — object to the processing of your personal data for direct marketing purposes or where processing is based on legitimate interests.

Right to withdraw consent — withdraw previously given consent at any time without affecting the lawfulness of prior processing.

To exercise any of these rights, please email us at support@sculpturesly.com. We will respond to your request within 30 days. If you are not satisfied with our response, you have the right to lodge a complaint with your local data protection authority.

Data Security

We take the security of your personal data seriously and implement appropriate technical and organisational measures to protect it:

  • SSL encryption: all data transmitted between your browser and our servers is encrypted using industry-standard TLS/SSL protocols.
  • PCI-DSS compliance: payment processing is handled by Stripe, a PCI-DSS Level 1 certified provider — the highest level of payment security certification.
  • Access controls: access to personal data is restricted to authorised personnel only, on a need-to-know basis.
  • Regular reviews: we regularly review and update our security practices to address emerging threats and maintain the integrity of your data.

While we strive to protect your personal data, no method of electronic transmission or storage is 100% secure. If you become aware of any security breach, please notify us immediately at support@sculpturesly.com.

International Transfers

Your personal data is primarily stored and processed within the European Union. Our servers and primary service providers operate within the EU, ensuring your data benefits from the full protection of GDPR.

In cases where data is transferred to countries outside the EU/EEA — for example, through certain third-party service providers — we ensure that appropriate safeguards are in place, including Standard Contractual Clauses (SCCs) approved by the European Commission, or transfers to countries with an adequacy decision.

Children's Privacy

Sculpturesly is not directed at individuals under the age of 16. We do not knowingly collect personal data from children. If we become aware that we have inadvertently collected data from a child under 16, we will take steps to delete that information as quickly as possible.

If you are a parent or guardian and believe your child has provided us with personal data, please contact us at support@sculpturesly.com so we can take appropriate action.

Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make changes, we will update the "Last updated" date at the top of this page.

For significant changes that materially affect how we process your personal data, we will notify you by email or through a prominent notice on the website before the changes take effect. We encourage you to review this policy periodically to stay informed.

Contact

If you have any questions about this Privacy Policy, your personal data, or would like to exercise your rights under GDPR, please contact us:

You also have the right to lodge a complaint with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens) or your local supervisory authority.

Questions About Your Data?

We take your privacy seriously. If you have questions about how we handle your personal data, we are here to help.

support@sculpturesly.com