Tietosuojakäytäntö
CALQIX is committed to handling your personal data with care, transparency, and respect. This Privacy Policy explains what data we collect, why we collect it, how we use it — including for advertising and personalisation — and what rights you have over it.
We believe that data, when handled responsibly, creates value for everyone. That is why a portion of the commercial benefit generated through data-driven decisions is directly returned to our customers in the form of discounts and rewards. You can read more about this in Section 6.
This policy applies to all personal data processed in connection with purchases made through calqix.com and all interactions with CALQIX across our digital platforms, including social media.
Who We Are
The data controller responsible for your personal data is Kesekesa Holding B.V., operating under the trade name CALQIX. Kesekesa Holding B.V. is a private limited company incorporated under the laws of the Netherlands and registered with the Dutch Chamber of Commerce (Kamer van Koophandel / KVK).
In accordance with our business privacy policy, our registered company address is not published on this website. Customers or third parties seeking corporate or legal information are referred to the public KVK registry at kvk.nl or to our contact page at calqix.com.
For all privacy-related enquiries, requests, or complaints, you may contact CALQIX via the contact page at calqix.com. We will respond to all privacy-related correspondence within 30 calendar days.
Data We Collect
We collect personal data in the following ways: directly from you when you place an order, create an account, contact us, or subscribe to our communications; and automatically through your interaction with our website and advertising platforms.
| Data Category | Examples | How Collected |
|---|---|---|
| Identity data | First name, last name | Provided by you at checkout |
| Contact data | Email address, phone number (if provided) | Provided by you at checkout or signup |
| Delivery data | Shipping address, country, postal code | Provided by you at checkout |
| Transaction data | Order number, product(s) purchased, purchase value, payment method type, currency | Generated at the time of purchase |
| Payment data | Payment confirmation reference (we do not store card numbers or full payment details) | Processed by our payment provider |
| Behavioural data | Pages visited, products viewed, time on site, add-to-cart actions, purchase funnel behaviour | Automatically via cookies & analytics tools |
| Device & technical data | IP address, browser type, operating system, device type, screen resolution, referral source | Automatically via your browser & server logs |
| Marketing interaction data | Ad impressions, click-throughs, conversions attributed to advertising campaigns on Meta, TikTok, and Google platforms | Via advertising pixels, SDKs, and platform APIs |
| Communication data | Content of messages sent to us, support requests, return requests | Provided by you via contact form or email |
| Preference & consent data | Cookie preferences, marketing opt-in/opt-out status, communication preferences | Recorded via cookie consent tool and account settings |
We do not knowingly collect special category data (also known as sensitive personal data) as defined under Article 9 GDPR — including data relating to health, race, religion, political opinions, sexual orientation, or biometric data — unless you voluntarily provide such information in the context of a support or return enquiry, in which case it is used solely to resolve that specific matter.
We do not collect or process full payment card details. All card and payment data is processed exclusively by our authorised payment service providers (such as Shopify Payments, Mollie, or equivalent), which operate under their own security certifications (PCI-DSS compliance). CALQIX only receives a tokenised transaction reference and payment status confirmation.
Legal Bases for Processing
Under the GDPR, we must have a valid legal basis for every way in which we process your personal data. The table below sets out the legal bases we rely on:
| Processing Activity | Legal Basis | Explanation |
|---|---|---|
| Fulfilling your order and arranging delivery | Contract | Necessary to perform the purchase agreement with you (Art. 6(1)(b) GDPR) |
| Processing payment and preventing fraud | Contract / Legal Obligation | Necessary for the transaction and for compliance with financial regulations |
| Sending transactional emails (order confirmation, shipping, returns) | Contract | Necessary to keep you informed about your purchase |
| Retaining financial records | Legal Obligation | Required by Dutch accounting and tax law (Art. 6(1)(c) GDPR) |
| Sending marketing emails and newsletters | Only sent where you have opted in. Withdrawal of consent does not affect prior processing (Art. 6(1)(a) GDPR) | |
| Placing advertising pixels and marketing cookies | Only activated after you accept marketing cookies via our cookie consent tool | |
| Running targeted advertising campaigns (Meta, TikTok, Google) | Based on your cookie/tracking consent. Advertising data is used to optimise campaign performance and reduce acquisition costs | |
| Website analytics and performance monitoring | Legitimate Interest | We have a legitimate interest in understanding how our website is used in order to improve it (Art. 6(1)(f) GDPR) |
| Customer support and complaint handling | Legitimate Interest / Contract | Necessary to respond to your enquiries and resolve issues relating to your purchase |
| Generating aggregate commercial insights for pricing and discount decisions | Legitimate Interest | We use aggregated, anonymised behavioural and purchase data to inform business decisions, including the calculation and distribution of customer discounts and rewards |
How We Use Your Data
Order fulfilment. We use your identity, contact, delivery, and transaction data to process and fulfil your order, communicate its status, and manage any returns or complaints. This is the primary purpose for which we collect personal data and is necessary for the performance of our contract with you.
Marketing communications. Where you have opted in to receive marketing communications, we will use your email address to send you relevant information about CALQIX products, promotions, new launches, and personalised offers. You may withdraw consent and unsubscribe at any time by clicking the unsubscribe link in any email or by contacting us via the contact page.
Advertising campaign optimisation. We use behavioural, device, and marketing interaction data — collected via advertising pixels, browser cookies, and platform SDKs — to measure the performance of our advertising campaigns on Meta (Facebook and Instagram), TikTok, Google, and their associated applications and networks. This data helps us understand which campaigns generate the most value, reduce our cost per acquisition, and improve the relevance of the ads you see. Further details are set out in Section 5.
Commercial analysis and revenue optimisation. We analyse aggregated purchase behaviour, campaign performance, and customer lifetime value data to make informed business decisions, including pricing strategy, product selection, inventory planning, and the allocation of commercial surplus to customer rewards and discounts. This analysis is conducted on anonymised or pseudonymised datasets where possible. Further details are set out in Section 6.
Fraud prevention and security. We use technical and device data to detect and prevent fraudulent transactions, chargebacks, and misuse of our platform. This processing is necessary to protect both CALQIX and its customers.
Legal and regulatory compliance. We retain and process certain data as required by Dutch law, including financial records, VAT documentation, and records of consumer transactions, for the legally mandated retention periods.
Advertising & Marketing Partners
CALQIX uses the following advertising platforms to reach potential customers and measure the effectiveness of our marketing. Each platform operates under its own terms of service and privacy policy. By accepting marketing cookies on our website, you consent to the data sharing described below.
We use the Meta Pixel and Conversions API on our website, and Meta's advertising tools across Facebook, Instagram, Messenger, and the Meta Audience Network. This enables conversion tracking, retargeting, Lookalike Audiences, and campaign performance measurement.
Meta Privacy Policy →We use the TikTok Pixel and TikTok Events API for conversion tracking, audience building, and campaign optimisation across TikTok, TikTok Lite, and the TikTok advertising network. This includes data on purchases, add-to-cart events, and page views.
TikTok Privacy Policy →We use Google Ads, Google Analytics 4, Google Tag Manager, and associated Google properties (including YouTube and the Google Display Network) for advertising, remarketing, conversion tracking, and website analytics. Google's advertising tools may also use cross-device tracking.
Google Privacy Policy →In addition to the primary platforms above, our advertising activity may extend to associated applications and partner networks operated by these platforms, including Meta Audience Network, Google Display Network, TikTok's partner apps, and future platforms we may adopt. This policy will be updated accordingly.
Policy update process →What data is shared with advertising platforms. Depending on your consent, the following categories of data may be transmitted to our advertising platforms via tracking pixels, browser cookies, server-side APIs, or hashed audience uploads:
- Hashed (encrypted) email addresses, used to match your profile on advertising platforms for custom audience creation and attribution — transmitted only via server-side Conversions APIs, not in plain text.
- Behavioural event data from our website, including page views, product views, add-to-cart events, checkout initiations, and purchase completions — transmitted with event value, product identifiers, and currency.
- Device and technical identifiers, including browser cookies, IP addresses (which may be anonymised or truncated in compliance with GDPR before transmission), and user agent strings.
- Aggregated conversion data used to train advertising platform algorithms for automated bidding and audience targeting optimisation.
Purpose of advertising data use. Data shared with advertising platforms is used exclusively for the following purposes: measuring the return on investment of our paid advertising campaigns; retargeting visitors who have not yet completed a purchase; building Lookalike Audiences to reach new customers with similar profiles to our existing buyers; and optimising automated bidding strategies to reduce cost per acquisition — savings that are partially passed back to customers in the form of discounts and rewards (see Section 6).
Consent and opt-out. Advertising tracking is only activated after you provide explicit consent via our cookie consent tool. You may withdraw consent at any time by updating your cookie preferences on our website. Additionally, you may opt out of personalised advertising directly through each platform using the links below:
- Meta: facebook.com/ads/preferences
- Google: adssettings.google.com
- TikTok: Settings → Privacy → Ads Personalisation within the TikTok app
- General opt-out: youronlinechoices.eu (EU) or optout.aboutads.info (US)
Data Processing Agreements. Where required under GDPR, CALQIX has entered into or relies on standard data processing terms with each advertising platform. Meta, TikTok, and Google each act as independent data controllers for the data they receive and process within their own platforms, in addition to acting as data processors in respect of conversion tracking. Their respective privacy policies govern their use of data once received.
Data-Driven Discounts & Customer Rewards
CALQIX uses aggregated, anonymised purchase and behavioural data to make smarter commercial decisions. By understanding what our customers value, which campaigns perform, and where efficiencies can be gained, we lower our operating costs. A portion of the commercial surplus generated through these data-driven decisions is directly returned to our customers in the form of discounts, promotional offers, and loyalty rewards.
This is not a vague promise — it is a core principle of how CALQIX operates. The better our data-driven decision-making, the more value we can pass back to the people who make CALQIX possible: our customers.
What data informs commercial decisions. CALQIX uses the following categories of aggregated and anonymised data to inform commercial and pricing decisions:
- Aggregate purchase volumes, average order values, and repeat purchase rates — used to negotiate better pricing with suppliers and to plan inventory efficiently.
- Advertising campaign performance data (cost per click, cost per acquisition, return on ad spend) — used to reduce marketing expenditure per order, with savings contributing to the customer rewards pool.
- Conversion funnel data — used to identify and remove friction in the purchasing process, thereby reducing cart abandonment and increasing the efficiency of each marketing euro spent.
- Product-level profitability analysis — used to determine which products generate sufficient margin to fund discount programmes without compromising product quality or supply chain integrity.
How savings are returned to customers. Commercial efficiencies generated through data-driven operations are partially distributed back to customers in the following forms:
- Promotional discounts — time-limited discount codes communicated via email or social media to our customer base, funded by reductions in our cost base.
- Loyalty rewards — discounts or added value offered to repeat customers and subscribers, reflecting the reduced cost of serving an existing customer versus acquiring a new one.
- Referral benefits — rewards for customers who refer new buyers, funded by the reduction in advertising spend that a referred customer represents.
- Volume and bundle pricing — price reductions on multi-unit or subscription orders that reflect the operational efficiencies of serving higher-volume customers.
What data is not used. Commercial and pricing decisions at CALQIX are made on the basis of aggregated, anonymised datasets and never on the basis of individual customer profiling for the purpose of dynamic pricing or price discrimination. We do not charge different prices to different customers based on their individual browsing history, location, or personal characteristics.
No automated decision-making with legal effect. No decisions that produce legal effects or similarly significantly affect individual customers — such as eligibility for products, credit assessments, or access restrictions — are made solely on the basis of automated processing of personal data. All such decisions involve human review.
Third-Party Service Providers
CALQIX works with a limited number of third-party service providers to operate its business. These providers only receive data that is strictly necessary for the specific service they provide, and all are engaged under appropriate data processing agreements where required by GDPR.
| Service Category | Provider(s) | Data Shared | Role |
|---|---|---|---|
| E-commerce platform | Shopify Inc. | All order and customer data | Data Processor |
| Payment processing | Shopify Payments, Mollie, or equivalent | Transaction & billing data | Independent Controller / Processor |
| Shipping & logistics | Carriers (PostNL, DHL, etc.) | Name, delivery address | Data Processor |
| Email marketing | Shopify Email / Klaviyo or equivalent | Email address, purchase history, preferences | Data Processor |
| Advertising & analytics | Meta, Google, TikTok | Behavioural & conversion data (hashed where applicable) | Independent Controller / Processor |
| Subscription management | Recharge, Bold Subscriptions, or equivalent | Customer ID, order & subscription data | Data Processor |
| Customer reviews | Judge.me or equivalent | Name, email, order reference, review content | Data Processor |
CALQIX does not sell, rent, trade, or otherwise commercially transfer your personal data to any third party for their own marketing or commercial purposes. Data sharing with third parties is strictly limited to what is necessary for the operational purposes described in this policy.
CALQIX may be required to disclose personal data to governmental authorities, law enforcement agencies, or regulatory bodies where required by applicable law, court order, or legal process. In such cases, CALQIX will disclose only the minimum data required and, where permitted by law, will notify the affected customer.
International Data Transfers
As CALQIX operates globally and uses service providers headquartered outside the European Economic Area (EEA) — including Shopify (Canada/USA), Meta (USA), Google (USA), and TikTok (Singapore/USA) — your personal data may be transferred to and processed in countries outside the EEA.
Wherever personal data is transferred outside the EEA, CALQIX ensures that appropriate safeguards are in place in accordance with Chapter V of the GDPR. These safeguards include:
- Adequacy decisions — transfers to countries that the European Commission has determined offer an adequate level of data protection (e.g. Canada for certain processing activities).
- Standard Contractual Clauses (SCCs) — where an adequacy decision does not apply, transfers are governed by the European Commission's standard contractual clauses for international data transfers.
- Platform compliance frameworks — Meta, Google, and TikTok each participate in data transfer compliance frameworks applicable to their platforms and have implemented SCCs for EEA data transfers.
You may request further information about the specific safeguards applied to any particular transfer by contacting CALQIX via the contact page at calqix.com.
Cookies & Tracking Technologies
CALQIX uses cookies and similar tracking technologies on its website. The table below sets out the categories of cookies we use, their purpose, and whether they require your consent.
| Cookie Category | Purpose | Consent Required? |
|---|---|---|
| Strictly Necessary Always Active | Essential for the website to function — including shopping cart, checkout, login sessions, and security. Cannot be disabled. | No consent required — activated automatically |
| Functional Always Active | Remembers your preferences such as language, currency, and cookie consent choices. | No consent required — activated automatically |
| Analytics Consent Required | Collects anonymised data about how visitors use our website — pages visited, session duration, referral source. Used via Google Analytics 4 to improve site performance. | Only activated after your explicit consent |
| Marketing & Advertising Consent Required | Enables conversion tracking, retargeting, and personalised advertising via Meta Pixel, TikTok Pixel, and Google Ads tags. Also used to build custom and lookalike audiences on advertising platforms. | Only activated after your explicit consent |
| Performance Consent Required | Monitors website speed, uptime, and technical performance to identify and resolve issues affecting the customer experience. | Only activated after your explicit consent |
You may manage, update, or withdraw your cookie preferences at any time by accessing the cookie settings on our website. Note that disabling certain cookie categories — particularly marketing cookies — may reduce the quality and relevance of advertisements you see from CALQIX and will also reduce the data available to us for the customer reward calculations described in Section 6.
In addition to browser cookies, we may use pixel tags (also known as web beacons) in our emails to determine whether an email has been opened and whether links have been clicked. You may prevent this by disabling image loading in your email client.
We do not use cookie "walls" — you are not required to accept non-essential cookies as a condition of accessing or purchasing from our website. Consent to non-essential cookies is always freely given, specific, informed, and unambiguous, in accordance with Article 7 GDPR and Recital 32.
Data Retention
We retain personal data only for as long as necessary to fulfil the purposes for which it was collected, or as required by applicable law. The following retention periods apply:
- Order and transaction data — retained for 7 years from the date of the transaction, in compliance with Dutch accounting and tax retention obligations (Artikel 52 Algemene Wet inzake Rijksbelastingen).
- Customer contact and identity data — retained for the duration of the customer relationship and for a period of 2 years thereafter, to handle any post-purchase enquiries, warranty claims, or disputes.
- Marketing communications data (email lists) — retained for as long as you remain subscribed. Upon unsubscribing, your email address is suppressed (retained on a do-not-contact list) to prevent accidental re-subscription, but is not used for any further marketing communications.
- Behavioural and analytics data — retained in anonymised or aggregated form for up to 26 months in Google Analytics 4 (the platform maximum), after which it is automatically deleted or anonymised.
- Advertising pixel and conversion data — governed by the respective platform's data retention policies (typically 180 days to 2 years for attribution windows).
- Support and communication records — retained for 3 years from the date of the last communication, to handle any follow-up claims or disputes.
At the end of the applicable retention period, personal data is securely deleted, anonymised, or pseudonymised. Data that has been anonymised such that it can no longer be attributed to an identifiable individual is not subject to GDPR and may be retained indefinitely for statistical or commercial analysis purposes.
Your Rights Under the GDPR
As a data subject under the GDPR, you have the following rights in relation to your personal data. These rights apply to EU residents; customers outside the EU may have equivalent rights under their local data protection laws.
You have the right to request a copy of the personal data we hold about you and information about how it is used.
You may request that inaccurate or incomplete personal data we hold about you be corrected or completed.
You may request that we delete your personal data, subject to our legal obligations to retain certain records (e.g. financial data).
You may request that we restrict our processing of your data in certain circumstances, such as while a dispute about accuracy is resolved.
Where processing is based on consent or contract, you may request your data in a structured, commonly used, machine-readable format.
You may object to processing based on legitimate interests, including profiling for direct marketing purposes. We will cease that processing unless we can demonstrate compelling legitimate grounds.
Where processing is based on consent (e.g. marketing emails, advertising cookies), you may withdraw that consent at any time. Withdrawal does not affect the lawfulness of prior processing.
You have the right not to be subject to decisions based solely on automated processing that significantly affect you. CALQIX does not make such decisions without human oversight.
How to exercise your rights. To exercise any of the rights listed above, please submit a written request via the contact page at calqix.com. We may ask you to verify your identity before processing your request. We will respond within 30 calendar days. Where a request is complex or numerous, we may extend this period by a further 2 months, in which case we will notify you.
Free of charge. Exercising your data rights is free of charge. However, where requests are manifestly unfounded or excessive, particularly if repetitive, CALQIX may charge a reasonable administrative fee or refuse to act on the request.
Children's Privacy
CALQIX's products and website are not directed at children under the age of 16. We do not knowingly collect personal data from individuals under 16 years of age. If we become aware that a child under 16 has provided us with personal data without verifiable parental or guardian consent, we will take immediate steps to delete such data.
If you are a parent or guardian and believe that your child has provided us with personal data, please contact us via the contact page at calqix.com and we will address the matter without delay.
Security
CALQIX implements appropriate technical and organisational security measures to protect your personal data against unauthorised access, accidental loss, disclosure, alteration, or destruction. These measures include, but are not limited to: SSL/TLS encryption for all data transmitted to and from calqix.com; access controls limiting data access to authorised personnel on a need-to-know basis; use of reputable, security-certified third-party processors (including Shopify, which is PCI-DSS Level 1 certified); and regular reviews of our data handling practices.
In the event of a personal data breach that is likely to result in a high risk to your rights and freedoms, CALQIX will notify the affected individuals and, where required by Article 33 GDPR, the Dutch Data Protection Authority (Autoriteit Persoonsgegevens) within 72 hours of becoming aware of the breach.
No method of data transmission over the internet or method of electronic storage is 100% secure. While we strive to protect your personal data, we cannot guarantee its absolute security. We encourage you to use strong, unique passwords for any account you create with us and to notify us immediately if you suspect any unauthorised access to your account.
Policy Updates
CALQIX may update this Privacy Policy from time to time to reflect changes in our business practices, legal requirements, or the introduction of new advertising platforms or data processing activities. The most current version of this policy is always available at calqix.com, alongside its effective date and version number.
Where a material change is made to this policy that affects the processing of your personal data in a way that requires renewed consent, CALQIX will notify you by email (where we hold your email address) or via a prominent notice on the website, and will request fresh consent where required.
Your continued use of calqix.com or continued purchasing from CALQIX after the effective date of any non-material update constitutes acceptance of the updated policy. For material changes requiring consent, continued use is conditional upon providing that consent.
Contact & Complaints
Contact CALQIX. For all privacy-related enquiries, data subject requests, or concerns about how we handle your personal data, please contact us via the contact page at calqix.com. We will acknowledge receipt of your message within 2 Business Days and respond substantively within 30 calendar days.
Right to lodge a complaint. If you are not satisfied with our response to a privacy concern, or if you believe that we are processing your personal data in breach of the GDPR, you have the right to lodge a complaint with the competent supervisory authority. In the Netherlands, this is:
Website: autoriteitpersoonsgegevens.nl
Postal address and contact details available on their website.
If you are resident in another EU member state, you may also lodge a complaint with the data protection authority of your country of residence.
We encourage you to contact us directly before lodging a formal complaint with a supervisory authority, as we are committed to resolving privacy concerns swiftly and transparently.
