Privacy Policy
How Koopster collects, uses, and protects your personal data under GDPR.
Last updated: 2025-03-28
Introduction
Koopster ("we", "us", "our") operates the Koopster platform accessible via Telegram and koopster.site. This Privacy Policy explains how we collect, use, store, and protect your personal data when you use our services. We are committed to protecting your privacy and complying with the General Data Protection Regulation (GDPR) and Dutch data protection law (Uitvoeringswet AVG). By using Koopster, you acknowledge that you have read and understood this policy.
Data We Collect
We collect data you provide directly: your Telegram user ID and display name when you start a conversation, service credentials you choose to connect (e.g. Albert Heijn, Jumbo accounts), your shopping preferences and order history within Koopster, and payment information processed through our payment provider Mollie. We also collect data automatically: usage patterns such as commands sent and features used, device and connection metadata provided by Telegram, and error logs for service improvement.
How We Use Your Data
We use your personal data to: provide and operate the Koopster service including searching products, comparing prices, and placing orders on your behalf; personalise your experience by remembering your preferences, favourite products, and shopping habits; process payments securely through Mollie; send you order confirmations, delivery updates, and service notifications; improve our service based on aggregated, anonymised usage patterns; and comply with legal obligations. We do not sell your data. We do not share your data with advertisers. We do not use your data for any purpose other than operating and improving Koopster.
Third-Party Services
Koopster integrates with third-party services to function. Mollie B.V. processes payments — when you subscribe to Koopster Pro, your payment data is handled directly by Mollie under their privacy policy. WorkOS provides authentication infrastructure — your identity verification data is processed under WorkOS's privacy policy. Telegram Bot API delivers messages between you and Koopster — your Telegram user ID and messages are transmitted through Telegram's infrastructure. Connected retail services (Albert Heijn, Jumbo, etc.) receive requests on your behalf — we only access these services when you explicitly ask us to, and only with credentials you provide.
Data Storage and Security
Your data is encrypted in transit (TLS 1.2+) and at rest (AES-256). Service credentials are encrypted using industry-standard encryption before storage. We use secure cloud infrastructure within the European Economic Area (EEA). Access to personal data is restricted to authorised personnel only, and all access is logged. We conduct regular security reviews and promptly address any identified vulnerabilities.
Your Rights Under GDPR
Under the GDPR, you have the right to: access your personal data and receive a copy of it (Art. 15); rectify inaccurate or incomplete personal data (Art. 16); erase your personal data ('right to be forgotten') when it is no longer necessary for the purposes for which it was collected (Art. 17); restrict processing of your personal data in certain circumstances (Art. 18); data portability — receive your data in a structured, machine-readable format (Art. 20); object to processing of your personal data based on legitimate interests (Art. 21); and withdraw consent at any time where processing is based on consent (Art. 7). To exercise any of these rights, message Koopster on Telegram or email us. We will respond within 30 days.
Data Retention
We retain your personal data only as long as necessary: active account data is kept while your account is active and for 30 days after deletion; chat history and order records are retained for 12 months after your last interaction; payment records are retained for 7 years as required by Dutch tax law; and anonymised analytics data may be retained indefinitely. When you delete your account, we remove all personally identifiable data within 30 days, except where retention is required by law.
Children's Privacy
Koopster is not intended for use by children under the age of 16. We do not knowingly collect personal data from children under 16. If we become aware that we have collected personal data from a child under 16 without parental consent, we will take steps to delete that data promptly. If you are a parent or guardian and believe your child has provided us with personal data, please contact us.
International Data Transfers
Your data is primarily stored and processed within the European Economic Area (EEA). Where data is transferred outside the EEA (for example, through third-party service providers), we ensure appropriate safeguards are in place, such as Standard Contractual Clauses approved by the European Commission or adequacy decisions.
Dutch Data Protection Authority
If you believe we have not handled your personal data properly, you have the right to file a complaint with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens). You can reach them at autoriteitpersoonsgegevens.nl or by post at Autoriteit Persoonsgegevens, Postbus 93374, 2509 AJ Den Haag.
Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of significant changes through the Koopster Telegram bot or via koopster.site. The date at the top of this policy indicates when it was last updated. We encourage you to review this policy periodically.
Disclaimer
This document is for informational purposes. Please consult a legal professional for compliance verification.