Sustainability

Premium denim

Fast delivery

Privacy policy

Version: 14 October 2025
Controller: Martens Fashion Group B.V. (trading as NYDJ)
Address: Koningin Wilhelminaplein 13, 1062 HH Amsterdam, The Netherlands
Chamber of Commerce (KvK): 34210049 · VAT: NL813404022B01
Privacy contact: customercare@nydj.eu
Website: https://www.nydj.eu

1. Scope and who we are

We respect and protect your personal data when you use our services. This Notice explains what personal data we collect, for which purposes and legal bases, with whom we share it, how long we keep it, and what rights you have.

This Notice is drafted in accordance with the EU General Data Protection Regulation (GDPR – Regulation (EU) 2016/679) and the Dutch GDPR Implementation Act. Any previous references to the Dutch Data Protection Act (Wbp) and Directive 95/46/EC are obsolete.

2. What data we process

Depending on how you use our Website and services, we may process:

  • Identity & contact: name, title, e‑mail address, phone number, billing/shipping address, country.

  • Account: login credentials, preferences, order history, returns history.

  • Order & delivery: items ordered, payment status, delivery details, returns details.

  • Payment information: limited/tokenised card details via payment service providers; payment method (e.g., credit card, PayPal, Klarna, iDEAL).

  • Marketing & communications: newsletter signup, marketing consent preferences.

  • Technical & usage: device/browser data, cookie IDs, truncated/anonymised IP for analytics, logs and error reports.

  • Customer service: content of your inquiries/complaints, attachments, relevant interaction records.

  • Recruitment: CV, cover letter, and data required for the recruitment process.

We do not intentionally process special categories of personal data via the Website.

Data sources. We collect data directly from you when you browse, create an account, place an order, contact us or consent to marketing/cookies. We may also receive limited data from third‑party sources such as payment providers (payment status/fraud signals), carriers/fulfilment partners (delivery updates/returns), IT/hosting and customer support tools, analytics/cookie‑consent platforms (consent status), and—where a “pay later” option is selected—credit/fraud‑prevention providers.

3. Purposes and legal bases (Art. 6 GDPR)

We use your personal data for the following purposes and legal bases:

  1. Purchases & fulfilment (contract) – process your order, take payment, deliver, handle returns and refunds, provide customer service.

  2. Account management (contract / legitimate interests) – create and maintain your account; prevent misuse.

  3. Customer service & communications (contract / legitimate interests) – respond to queries, send service messages and updates.

  4. Marketing communications (consent or legitimate interests/soft opt‑in where permitted) – newsletters and offers; you can unsubscribe at any time (see §10 and §12).

  5. Website performance, security & statistics (consent for non‑essential cookies; legitimate interests for security and essential logging) – error monitoring, performance measurement, fraud prevention.

  6. Legal obligations – tax/bookkeeping, consumer rights, responding to competent authorities.

  7. Recruitment (consent / pre‑contractual steps) – evaluate and process your application.

Where we rely on consent, you may withdraw it at any time (this does not affect prior processing).

4. Sharing your data (recipients)

We share data only as necessary for the purposes above, with the following categories of recipients:

  • Payment service providers and banks (e.g., card processors/PSPs, PayPal, Klarna, iDEAL providers) for taking and refunding payments.

  • Logistics partners (carriers, warehouse/fulfilment partners) for delivery and returns handling.

  • IT and hosting providers (site hosting, maintenance, security, e‑mail delivery).

  • Customer support/communications tools (ticketing/e‑mail tools) where required.

  • Credit and fraud‑prevention providers where necessary for payment method selection (e.g., “pay later”); such providers may act as independent controllers.

  • Trusted Shops (see §9) to display the trustmark/reviews if you opt to use that service.

We do not sell your personal data.

5. International data transfers

We host and process EU/EEA customer data in the EEA by default and use region‑based storage where feasible. Where data needs to be transferred outside the European Economic Area (EEA) (for example because a service provider is located or processes data abroad), we ensure appropriate safeguards such as the EU Standard Contractual Clauses (SCCs) together with additional technical and organisational measures. Details are available on request via the privacy contact above.

6. Retention periods

We do not keep personal data longer than necessary:

  • Orders & invoices: 7 years (Dutch tax law).

  • Account data: for as long as your account is active; deleted or anonymised after a reasonable period of inactivity.

  • Customer service: typically 2 years after resolution, unless longer is necessary (e.g., legal claims/warranty).

  • Marketing contacts: until you unsubscribe/withdraw consent or object; then we delete or restrict use.

  • Technical logs/analytics: as short as practical and in line with configured tool retention (see §8).

  • Recruitment: 4 weeks after the procedure, or 1 year with your consent.

7. Security

We implement appropriate technical and organisational measures to protect personal data, including TLS encryption, access controls on a need‑to‑know basis, logging and back‑ups. Card data is handled by certified payment service providers in accordance with PCI DSS. No system is 100% secure; we continuously assess and improve our measures.

8. Cookies and similar technologies

8.1 Categories

We use cookies and similar technologies. We distinguish:

  • Strictly necessary (required; no consent) – session, basket, load‑balancing, security.

  • Functional (consent where required) – preferences.

  • Analytics (consent) – aggregated statistics on Website use.

  • Marketing (consent) – personalised marketing/retargeting (off by default unless you agree). You can set and change your choices via our Cookie Settings on the Website.

8.2 Analytics

We currently use Google Analytics 4 (GA4) with privacy‑friendly settings (IP masking, data minimisation, no advertising features unless you consent). Data generated by cookies may be processed by Google on our behalf. You can disable Analytics via our Cookie Settings or the Google browser add‑on: https://tools.google.com/dlpage/gaoptout.

8.3 Cookie list & vendors

We maintain an up‑to‑date list of cookies and vendors, including each cookie’s purpose, lifetime and type. You can view this information at any time via our Cookie Settings on the Website. You can also request a copy by contacting customercare@nydj.eu.

8.4 Consent management (CMP)

We use a consent management platform to record and honour your choices. Your consent status, timestamp and preferences are logged. You can change or withdraw consent at any time via Cookie Settings; changes apply to future processing.

9. Trusted Shops Trustbadge

To display the Trusted Shops trustmark, collected reviews and the Trusted Shops product offer after an order, the Trustbadge is integrated on the Website. When the Trustbadge is called, the server automatically stores a server log file (e.g., IP address, date/time, transferred data volume, ISP). These access data are not further analysed and are overwritten at the latest after 7 days. Personal data is only shared with Trusted Shops if, after an order, you choose to use Trusted Shops products; then the terms between you and Trusted Shops apply.

10. Your rights

Under the GDPR you have the right to access, rectification, erasure, restriction, data portability, and to object (including to direct marketing) as well as the right to withdraw consent at any time. We respond within one month. You can exercise your rights via customercare@nydj.eu or through links in our messages (e.g., Unsubscribe in newsletters). You also have the right to lodge a complaint with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens) or your local supervisory authority.

11. Credit checks and “pay later” options

If you choose a “pay later” method, a creditworthiness assessment may be performed by the relevant provider. Details of processing are presented at checkout and in the provider’s privacy notice. For such assessments the provider may act as an independent controller.

12. Marketing communications

We send newsletters and offers based on your consent (or, where permitted, our legitimate interests/soft opt‑in after a purchase). You can unsubscribe at any time via the link in each e‑mail or by contacting us (see §15). Objecting to direct marketing will stop such communications.

13. Changes to this Notice

We may change this Notice from time to time. The version date appears at the top. For material changes we will inform you in an appropriate manner (e.g., via the Website, e‑mail or within your account).

14. Contact & complaints

Questions or requests about privacy?
E‑mail: customercare@nydj.eu
Postal address: Martens Fashion Group B.V. (NYDJ), Koningin Wilhelminaplein 13, 1062 HH Amsterdam, The Netherlands
You can also lodge a complaint with the Dutch Data Protection Authority: https://www.autoriteitpersoonsgegevens.nl/