Privacy Policy — Remerkable
Last updated: October 2025
Remerkable (“we,” “our,” or “us”) respects your privacy and is committed to protecting the personal data of our customers and users. This Privacy Policy explains how we collect, use, store, and protect information in connection with our SaaS platform and related services (collectively, the “Service”).
This policy applies to webshop clients who use our Service to operate their own websites. We act as a data controller for the information of our webshop clients, and as a data processor for personal data processed on behalf of those clients (for example, data about their sellers or buyers).
1. Data Controller
Remerkable
Email: privacy@remerkable.com
We have not appointed a Data Protection Officer, as this is not legally required under Article 37 of the GDPR. However, all privacy inquiries may be directed to the email address above.
2. Data We Collect
When you use our Service, we may collect and process the following categories of data:
-
Business and account information: company name, contact person, email address, billing address, and VAT number.
-
Authentication and access data: login credentials, API keys, IP addresses, device information, and security logs.
-
Financial and transactional data: payment and payout details for sellers (handled securely via Stripe), invoicing records, and transaction references.
-
Operational data: logs of webshop activity, such as order processing, shipping, and listings.
-
Shipping data: sender and recipient address details, parcel information, and shipping status (through Sendcloud).
-
Usage data: logs of feature use and performance metrics for the purpose of product maintenance and improvement.
We do not collect sensitive personal data (e.g., health, religion, or biometric data).
3. Purpose and Legal Basis
We process personal data for the following purposes and legal grounds:
| Purpose | Legal Basis | Description |
|---|---|---|
| To provide and maintain our Service | Performance of contract | Managing webshop accounts, authentication, hosting, and updates. |
| To process payments and payouts | Performance of contract | Facilitating transactions via Stripe. |
| To manage shipping logistics | Performance of contract | Sending and tracking shipments via Sendcloud. |
| To provide customer support | Legitimate interest | Responding to technical or billing inquiries. |
| To improve our platform | Legitimate interest | Analyzing anonymized usage data to enhance features and performance. |
| To comply with legal obligations | Legal obligation | Recordkeeping, fraud prevention, tax, and accounting duties. |
4. Processing on Behalf of Webshops
For data belonging to sellers or buyers of the webshop (end customers), Remerkable acts solely as a data processor.
-
The webshop is the data controller responsible for providing its own privacy policy to those end users.
-
We process such data strictly according to the webshop’s documented instructions and the applicable Data Processing Agreement (DPA).
5. Sub-Processors and Third Parties
We use trusted third parties to support our operations. Each sub-processor is bound by a written data processing agreement ensuring data protection and compliance with GDPR.
| Sub-Processor | Purpose | Location | Safeguard |
|---|---|---|---|
| DirectNode | Hosting infrastructure | EU | Data stored in the EEA |
| Stripe, Inc. | Payments and payouts | USA | EU–US Data Privacy Framework / SCCs |
| Sendcloud BV | Shipping management | EU | GDPR-compliant processor |
| Remerkable Mail Server | Email communications | EU | Managed by Remerkable |
We do not sell or share personal data for advertising or marketing purposes.
6. Data Retention
We retain personal data only as long as necessary to fulfill contractual and legal obligations.
Typical retention periods include:
-
Account and billing records: 7 years (legal requirement)
-
Log and usage data: up to 12 months
-
OTP or authentication tokens: minutes to hours
-
Data processed on behalf of webshops: deleted or returned within 90 days after account termination, unless otherwise required by law.
7. International Data Transfers
Some data may be transferred outside the European Economic Area (“EEA”), particularly to Stripe in the United States.
All transfers are protected under:
-
Adequacy decisions (e.g., EU–US Data Privacy Framework), or
-
Standard Contractual Clauses (SCCs) approved by the European Commission.
8. Security Measures
We apply industry-standard security controls, including:
-
Encrypted data transmission (HTTPS/TLS)
-
Firewalled, access-controlled servers
-
Role-based authentication and logging
-
Regular security updates and vulnerability management
-
Access limited to authorized personnel only
In the event of a personal data breach, we will notify affected clients and supervisory authorities in accordance with GDPR Articles 33–34.
9. Data Subject Rights
If you are a webshop client or one of its authorized users, you have the following rights under applicable data protection law:
-
Right of access (Article 15 GDPR)
-
Right to rectification (Article 16 GDPR)
-
Right to erasure (Article 17 GDPR)
-
Right to restriction of processing (Article 18 GDPR)
-
Right to data portability (Article 20 GDPR)
-
Right to object (Article 21 GDPR)
Requests can be submitted to privacy@remerkable.com.
Requests from end users (buyers/sellers) must be directed to the webshop controlling their data.
10. Cookies and Tracking
Remerkable uses only functional and strictly necessary cookies to operate the platform (e.g., login sessions and security tokens).
We do not use third-party advertising or analytics cookies.
Webshops may implement their own tracking tools within their own websites, for which they are independently responsible.
11. Changes to this Policy
We may update this Privacy Policy from time to time to reflect legal, technical, or business developments. The “Last updated” date will always indicate the latest revision.
Material changes will be communicated to clients via email or dashboard notification.
12. Contact
For questions, concerns, or to exercise your privacy rights, please contact:
Remerkable
Email: privacy@remerkable.com
If you are not satisfied with our response, you may lodge a complaint with your local data protection authority. In the Netherlands, this is the Autoriteit Persoonsgegevens (www.autoriteitpersoonsgegevens.nl).