Privacy policy

Last updated: May 25, 2026

MattiMooCards is operated by MJC Ventures B.V., a besloten vennootschap incorporated under Dutch law, registered at Bekkerstraat 61, 3572SC Utrecht, Netherlands (KvK: 42035779, VAT: NL869411160B01). MattiMooCards operates this store and website, including all related information, content, features, tools, products and services (the "Services").

This Privacy Policy explains how we collect, use, store, and disclose your personal data when you visit, use, or make a purchase through the Services, or otherwise communicate with us. It also explains your rights under the General Data Protection Regulation (GDPR / AVG) and other applicable Dutch and EU data protection law.

If there is a conflict between our Terms of Service and this Privacy Policy, this Privacy Policy controls with respect to the collection, processing, and disclosure of your personal data.

Please read this Privacy Policy carefully. By using the Services, you acknowledge that you have read and understood this policy.


Who We Are (Data Controller)

For the purposes of the GDPR, MJC Ventures B.V. (trading as MattiMooCards) is the data controller of your personal data.

Contact details:

MJC Ventures B.V. | contact@mattimoocards.com | Bekkerstraat 61, 3572SC Utrecht, Netherlands | +31623085108

If you have any questions about how we handle your personal data, please contact us at the address above. You do not need to use a formal process to contact us — a simple email is fine.


Personal Data We Collect

We collect and process the following categories of personal data, depending on how you interact with the Services:

  • Contact details: name, billing address, shipping address, phone number, email address
  • Financial information: payment card details, transaction details, payment confirmation (note: full card numbers are processed by our payment provider and not stored by us)
  • Account information: username, password, preferences and settings
  • Transaction information: items viewed, added to cart or wishlist, purchased, returned or cancelled; order history
  • Communications: content of messages or enquiries you send us
  • Device and usage information: IP address, browser type, device identifiers, pages visited, time spent on the Services, referring URLs


Legal Bases for Processing (GDPR Article 6)

We are required under the GDPR to have a legal basis for every processing activity. The table below sets out our purposes and the legal basis we rely on for each:


Purpose

Examples

Legal Basis (GDPR Art. 6)

Fulfil your order

Processing payment, shipping, returns, account management

Art. 6(1)(b) — Performance of a contract

Customer support

Responding to enquiries and complaints

Art. 6(1)(b) — Performance of a contract

Marketing emails

Promotional emails, newsletters, offers

Art. 6(1)(a) — Consent (you can withdraw at any time)

Personalised advertising

Showing you relevant ads based on browsing/purchase history

Art. 6(1)(a) — Consent (via cookie banner)

Fraud prevention & security

Detecting suspicious activity, protecting accounts

Art. 6(1)(f) — Legitimate interests

Service improvement

Analytics, understanding how users interact with the site

Art. 6(1)(f) — Legitimate interests

Legal compliance

Responding to legal requests, tax obligations, litigation

Art. 6(1)(c) — Legal obligation


Where we rely on legitimate interests (Art. 6(1)(f)), we have assessed that our interests are not overridden by your rights and interests. You have the right to object to processing based on legitimate interests — see Your Rights below.


How We Collect Your Personal Data

  • Directly from you: when you create an account, place an order, contact us, or submit a review
  • Automatically: through cookies and similar tracking technologies when you visit the Services
  • From Shopify: as our hosting and e-commerce platform, Shopify collects certain data about your interactions with our store
  • From third-party partners: such as advertising platforms, analytics providers, or payment processors


Cookies and Tracking Technologies

We use cookies and similar technologies on our website. Cookies are small text files placed on your device. We use them for the following purposes:

  • Essential cookies: necessary for the website to function (e.g. shopping cart, login session). These do not require your consent.
  • Analytics cookies: to understand how visitors use our site (e.g. Google Analytics). These require your consent.
  • Marketing/advertising cookies: to show you relevant ads on other websites. These require your consent.

When you first visit our website, you will be presented with a cookie consent banner. You can withdraw or change your consent at any time via the cookie settings link in our website footer. Refusing non-essential cookies will not affect your ability to use the Services.


How We Share Your Personal Data

We may share your personal data with the following categories of recipients, for the purposes described in this policy:

  • Shopify: as our e-commerce and hosting platform. Shopify processes data as both a processor on our behalf and independently as a controller for its own purposes. See Shopify's Privacy Policy at https://www.shopify.com/legal/privacy
  • Payment processors: to process transactions securely (e.g. Shopify Payments, Stripe, PayPal)
  • Shipping and fulfilment partners: to deliver your orders
  • Marketing and advertising partners: where you have consented to personalised advertising
  • Analytics providers: to help us understand site usage (where you have consented)
  • Professional advisers: lawyers, accountants, and insurers, where necessary
  • Authorities: law enforcement, courts, or regulators where required by law or to protect our legal rights
  • Business transfers: in the event of a merger, acquisition, or sale of all or part of our business, your data may be transferred to the new owner

We do not sell your personal data to third parties.


Relationship with Shopify

The Services are hosted by Shopify. Shopify collects and processes personal data about your access to and use of the Services in order to provide and improve the Services. Information you submit may be transmitted to and shared with Shopify and third parties located in countries other than where you reside.

For Shopify's enhanced features (such as cross-merchant analytics and personalisation), Shopify acts as an independent data controller for those purposes. To learn more and to exercise your rights in relation to Shopify's processing, visit: https://privacy.shopify.com/en


International Data Transfers

Some of our service providers (including Shopify) are based outside the European Economic Area (EEA). Where we transfer your personal data outside the EEA, we ensure that appropriate safeguards are in place, specifically:

  • Standard Contractual Clauses (SCCs) approved by the European Commission, or
  • Transfers to countries recognised by the European Commission as providing an adequate level of data protection

You can request a copy of the relevant transfer mechanism by contacting us at contact@mattimoocards.com.


How Long We Keep Your Data

We retain your personal data for as long as necessary to fulfil the purposes set out in this policy, unless a longer retention period is required or permitted by law. Our general retention periods are:

  • Order and transaction data: 7 years (to comply with Dutch tax and accounting law)
  • Account data: for the duration of your account, plus up to 2 years after closure
  • Marketing preferences and consent records: until you withdraw consent, plus 1 year
  • Customer support communications: up to 2 years from resolution
  • Cookie consent records: 1 year

When data is no longer needed, we securely delete or anonymise it.


Children's Data

The Services are not intended for children under the age of 16. We do not knowingly collect personal data from children under 16. If you are a parent or guardian and believe your child has provided us with personal data, please contact us at contact@mattimoocards.com and we will delete it promptly.


Security of Your Data

We implement appropriate technical and organisational measures to protect your personal data against accidental or unlawful destruction, loss, alteration, unauthorised disclosure, or access. These include encryption of data in transit (SSL/TLS), access controls, and regular security reviews.

However, no method of transmission over the internet or electronic storage is completely secure. We cannot guarantee absolute security. We recommend that you do not share sensitive information over unsecured channels and that you keep your account credentials confidential.

In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the Autoriteit Persoonsgegevens (Dutch Data Protection Authority) within 72 hours, and will notify affected individuals where required by law.


Your Rights Under the GDPR

As a data subject under the GDPR, you have the following rights. These rights are not absolute and may be subject to exceptions under applicable law:

  • Right of access (Art. 15): You can request a copy of the personal data we hold about you.
  • Right to rectification (Art. 16): You can ask us to correct inaccurate or incomplete personal data.
  • Right to erasure / 'right to be forgotten' (Art. 17): You can ask us to delete your personal data in certain circumstances (e.g. if it is no longer necessary for the purpose it was collected, or you withdraw consent).
  • Right to restriction of processing (Art. 18): You can ask us to restrict how we use your data in certain circumstances.
  • Right to data portability (Art. 20): You can ask us to provide your data in a structured, machine-readable format, or to transfer it to another controller, where technically feasible.
  • Right to object (Art. 21): You can object to processing based on legitimate interests or for direct marketing purposes. We will stop unless we have compelling legitimate grounds that override your interests.
  • Right to withdraw consent (Art. 7(3)): Where we rely on consent, you can withdraw it at any time. Withdrawal does not affect the lawfulness of processing before withdrawal.
  • Right not to be subject to automated decision-making (Art. 22): We do not use fully automated decision-making (including profiling) that produces legal or similarly significant effects on you.

To exercise any of these rights, contact us at contact@mattimoocards.com. We will respond within one month of receiving your request. We may ask you to verify your identity before processing your request. There is no fee for exercising your rights, unless your request is manifestly unfounded or excessive.


Complaints and Supervisory Authority

If you have concerns about how we handle your personal data, please contact us first at contact@mattimoocards.com — we will do our best to resolve your concern.

If you are not satisfied with our response, you have the right to lodge a complaint with the Dutch supervisory authority:


Autoriteit Persoonsgegevens (AP)

Website: https://www.autoriteitpersoonsgegevens.nl

Phone: +31 (0)88 1805 250

Address: Hoge Nieuwstraat 8, 2514 EL Den Haag, Netherlands

If you are based in another EU member state, you may also lodge a complaint with the supervisory authority in your country of residence.


Marketing Communications

We will only send you marketing emails where you have given us your consent to do so, or where we have an existing customer relationship and are marketing similar products (soft opt-in), in accordance with Dutch and EU law.

You can opt out of marketing emails at any time by clicking the unsubscribe link in any marketing email, or by contacting us at contact@mattimoocards.com. Opting out of marketing will not affect transactional emails related to your orders or account.


Third-Party Websites and Links

Our Services may contain links to third-party websites. We are not responsible for the privacy practices of those sites and recommend you review their privacy policies before providing any personal data. Our inclusion of a link does not imply endorsement.


Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will post the updated policy on our website and update the 'Last updated' date at the top. Where changes are material, we will provide more prominent notice (for example, by email or a banner on our website). Your continued use of the Services after any changes take effect constitutes acceptance of the updated policy.


Contact Us

If you have any questions, requests, or complaints about this Privacy Policy or our data practices, please contact us:

MJC Ventures B.V. (trading as MattiMooCards)

Email: contact@mattimoocards.com

Address: Bekkerstraat 61, 3572SC Utrecht, Netherlands

Phone: +31623085108

KvK: 42035779 | VAT: NL869411160B01