Privacy Policy

Last updated: 15 January 2026

This Privacy Policy describes how cobaltfrontier B.V. ("we", "our", or "us") collects, uses, and protects your personal information when you visit our website or use our services. We are committed to protecting your privacy and ensuring transparency about our data practices.

Data Controller Information

cobaltfrontier B.V. is the data controller for the personal data we collect. You can contact us at:

Data Collection

We collect personal data that you provide to us directly and information that is automatically collected when you use our services. The data we collect includes:

Information You Provide

  • Contact information (name, email address, phone number, postal address)
  • Account information when you create an account
  • Communication preferences and styling preferences
  • Order and payment information
  • Messages and correspondence when you contact us
  • Survey responses and feedback

Automatically Collected Information

  • Device information (IP address, browser type, operating system)
  • Usage data (pages visited, time spent, click patterns)
  • Location data (general geographic location based on IP address)
  • Cookies and similar tracking technologies

How We Use Your Information

We use your personal data for various purposes based on different legal grounds. How we use your information depends on the services you use and your relationship with us:

  • Providing and improving our services and customer support
  • Processing orders, payments, and delivering products
  • Communicating with you about your account, orders, and services
  • Personalising your experience and providing styling recommendations
  • Sending marketing communications (with your consent)
  • Conducting analytics to improve our website and services
  • Preventing fraud and ensuring security
  • Complying with legal obligations

Cookies and Tracking Technologies

We may use cookies and tracking technologies for analytics, advertising, and remarketing purposes, including Google Ads. These technologies help us measure campaign effectiveness, deliver relevant advertisements, and improve our services. You can manage your cookie preferences at any time through our cookie consent banner.

For detailed information about the cookies we use, please see our Cookie Policy.

Legal Basis for Processing

Under GDPR, we process your personal data based on the following legal grounds:

  • Contract: To provide services you've requested or purchased
  • Legitimate Interests: To improve our services, prevent fraud, and conduct analytics
  • Consent: For marketing communications and non-essential cookies
  • Legal Obligation: To comply with applicable laws and regulations

Data Sharing and Disclosure

We do not sell your personal data. We may share your information with:

  • Service providers who assist us in operating our business (payment processors, shipping companies, analytics providers)
  • Professional advisors (lawyers, accountants, auditors)
  • Law enforcement or regulatory authorities when required by law
  • Business partners for joint marketing activities (with your consent)
  • Potential buyers in case of business sale or merger

International Data Transfers

Your personal data may be transferred to and processed in countries outside the European Economic Area (EEA). When we transfer data internationally, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses or adequacy decisions by the European Commission.

Data Retention

We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected:

  • Account information: Until you delete your account or request deletion
  • Order and transaction data: 7 years for tax and accounting purposes
  • Marketing data: Until you withdraw consent or we no longer have a legitimate interest
  • Website analytics: Up to 26 months
  • Communication records: 3 years for customer service purposes

Your Rights

Under GDPR, you have the following rights regarding your personal data:

  • Access: Request a copy of your personal data
  • Rectification: Request correction of inaccurate data
  • Erasure: Request deletion of your data
  • Restriction: Request limitation of processing
  • Data Portability: Request transfer of your data
  • Objection: Object to processing based on legitimate interests
  • Withdraw Consent: Withdraw consent for consent-based processing

To exercise these rights, please contact us at privacy@cobaltfrontier.world or +31 509648072. We will respond to your request within one month.

Data Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction. These measures include encryption, access controls, regular security assessments, and staff training on data protection.

Children's Privacy

Our services are not intended for children under 16 years of age. We do not knowingly collect personal data from children under 16. If we become aware that we have collected personal data from a child under 16, we will take steps to delete such information.

Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. We will notify you of any material changes by posting the updated policy on our website and updating the "Last updated" date. Continued use of our services after such changes constitutes acceptance of the updated policy.

Contact Information

If you have any questions about this Privacy Policy or our data practices, please contact us:

Supervisory Authority

You have the right to lodge a complaint with a supervisory authority if you believe we have not complied with data protection laws. In the Netherlands, you can contact the Autoriteit Persoonsgegevens (Dutch Data Protection Authority) at autoriteitpersoonsgegevens.nl.