Privacybeleid

Privacy Policy — The Leo Bag

Last updated: 3 June 2026

At The Leo Bag, we take the privacy of our customers seriously. This Privacy Policy explains what personal data we collect, why we collect it, and how we use it. It applies to all customers who purchase from our online store worldwide.

For customers located in the European Union or European Economic Area, this policy complies with the General Data Protection Regulation (GDPR / EU 2016/679).

1. Who We Are

The Leo Bag is an online retail store based in the Netherlands. We are the data controller responsible for your personal data.

Email: hello@geafirst.com

Website: www.theleobag.com

2. What Data We Collect

When you place an order or contact us, we may collect the following personal data:

Full name
Delivery address and billing address
Email address
Phone number
Payment information (processed securely via Shopify Payments or a third-party payment provider)
IP address and browser/device information (via cookies)
Order history and communication history

3. How We Use Your Data

We process your personal data for the following purposes:

Processing and fulfilling your order
Delivering your package to the specified address
Providing customer support and responding to enquiries
Sending order confirmations and shipping updates
Improving our website and services
Complying with legal and tax obligations
Sending marketing communications (only with your explicit consent)

4. Legal Basis for Processing (EU/EEA Customers)

If you are located in the EU or EEA, we process your personal data on the following legal grounds under the GDPR:

Contract performance: processing is necessary to fulfil your order
Legal obligation: processing is required to comply with applicable laws (e.g. tax records)
Legitimate interests: improving our services and preventing fraud
Consent: for marketing emails and non-essential cookies (you may withdraw consent at any time)

5. Shopify as Our Platform

Our webshop is powered by Shopify Inc. Shopify processes certain data on our behalf as a data processor. For more information on how Shopify handles personal data, please refer to Shopify's Privacy Policy at https://www.shopify.com/legal/privacy

6. Sharing Your Data with Third Parties

We only share your personal data with third parties where necessary to deliver our services or where required by law. This includes:

Shipping and logistics providers to deliver your order
Payment service providers to process your payment
Shopify Inc. as our technical platform provider
Marketing platforms (e.g. Meta, Google) for advertising purposes, subject to your cookie consent
Tax and legal authorities where required by applicable law

We do not sell your personal data to any third party.

7. International Data Transfers

As we operate globally, your personal data may be transferred to and processed in countries outside your country of residence, including countries outside the European Economic Area (EEA). Where such transfers occur, we ensure that appropriate safeguards are in place — such as Standard Contractual Clauses approved by the European Commission — to protect your data in accordance with applicable privacy laws.

8. Cookies

Our webshop uses cookies — small text files stored on your device. We use the following types of cookies:

Functional cookies: essential for the webshop to work correctly (e.g. shopping cart)
Analytical cookies: to understand how visitors use our website (e.g. Google Analytics)
Marketing cookies: to show you relevant advertisements (e.g. Meta Pixel, Google Ads)

You can manage or disable cookies through your browser settings or via our cookie consent banner. Please note that disabling certain cookies may affect the functionality of our website.

9. Data Retention

We retain your personal data only for as long as necessary for the purposes described in this policy:

Order and transaction data: 7 years (required by applicable tax law)
Customer account data: until you delete your account
Marketing data: until you unsubscribe
Cookie data: as specified in our cookie consent tool

10. Your Rights

Depending on your country of residence, you may have the following rights regarding your personal data:

Right of access: request a copy of the data we hold about you
Right to rectification: request correction of inaccurate or incomplete data
Right to erasure: request deletion of your personal data
Right to restriction: request that we limit how we process your data
Right to object: object to processing based on legitimate interests or for direct marketing
Right to data portability: receive your data in a structured, commonly used format
Right to withdraw consent: withdraw any previously given consent at any time

To exercise any of these rights, please contact us at hello@geafirst.com. We will respond within 30 days.

11. Data Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, loss, or misuse. Our webshop uses SSL encryption (https) and all payment data is handled through PCI-DSS compliant providers.

12. Complaints

If you are located in the EU or EEA and believe we are not handling your data in accordance with the GDPR, you have the right to lodge a complaint with the data protection authority in your country of residence. You can also contact us directly at hello@geafirst.com and we will do our best to resolve your concern.

Our lead supervisory authority is the Dutch Data Protection Authority (Autoriteit Persoonsgegevens): https://www.autoriteitpersoonsgegevens.nl

13. Changes to This Policy

We reserve the right to update this Privacy Policy at any time. Changes will be published on this page with an updated date at the top. We encourage you to review this policy periodically. Continued use of our website after changes constitutes acceptance of the updated policy.

14. Contact Us

If you have any questions or concerns about this Privacy Policy or how we handle your data, please do not hesitate to contact us:

The Leo Bag