Privacy policy

Last updated: 6 May 2026

1. Who we are

Moov Health B.V. is responsible for the processing of your personal data as described in this privacy policy.

Company details
Moov Health B.V.
Utrecht, The Netherlands
Chamber of Commerce (KvK): 94619980
Email: support@moovmore.com

Moov Health B.V. is subject to supervision by the Dutch Data Protection Authority (Autoriteit Persoonsgegevens), which acts as the lead supervisory authority within the European Union.

No Data Protection Officer has been appointed, as there is no legal obligation to do so.

2. What personal data we process

We process personal data that you provide to us directly, as well as data collected through your use of our website and services.

This may include:

• Name and contact details such as email address and phone number

• Account information

• Order and payment details

• Communication history with customer support

• Marketing preferences

• Technical data such as IP address, device information and browsing behaviour

• User-generated content such as reviews

If you create an account, your order history and account information may be linked to your profile. If you make a purchase without creating an account, we may still process your data to fulfil your order and retain it as required for legal and administrative purposes.

3. How we use your data and legal basis

Where we rely on legitimate interests, we have assessed that our interests are not overridden by your fundamental rights and freedoms.

We process your personal data for the following purposes:

Account management

• Purpose: Creating and managing your account

• Legal basis: Performance of a contract (Article 6(1)(b) GDPR)

Order processing, payment and shipping

• Purpose: Processing, payment, delivery and fraud prevention 

• Legal basis: Performance of a contract (Article 6(1)(b) GDPR) and legal obligations (Article 6(1)(c) GDPR)

• Data processed: Name, billing and delivery address, email address, phone number, payment details and order information

• Providing this data is necessary to enter into and perform the contract.

Payment providers
Depending on your chosen payment method, your payment details are processed by the selected payment provider, who may act as an independent controller. This may include:

• Klarna Bank AB (Sweden)

• Mollie B.V.

• PayPal (Europe) S.à r.l.

• American Express

• Trustly

• Riverty (AfterPay)

• EPS

• Apple Pay and Google Pay

The selected payment provider receives the data necessary to process the payment. Payment providers may act as independent controllers for the processing of your payment data.

Shipping and fulfilment
For the delivery of your order, we share your data with logistics partners:

• Fulfilment: Monta B.V.

• Carriers: DHL and DPD

For delivery purposes, we share your name, address and, where necessary, your email address and phone number.

Customer support

• Purpose: Handling questions, complaints and support requests

• Legal basis: Performance of a contract (Article 6(1)(b) GDPR) and legitimate interest (Article 6(1)(f) GDPR) (providing efficient customer service)

Marketing communications

• Purpose: Sending newsletters and promotional messages via email, SMS or messaging services such as WhatsApp Business

• Legal basis: Consent (Article 6(1)(a) GDPR) or, where permitted by law, legitimate interest (Article 6(1)(f) GDPR), for example in the context of existing customer relationships

Personalised marketing and analytics

• Purpose: Analysing behaviour and personalising content, advertisements and offers

• Legal basis: Consent via cookies (Article 6(1)(a) GDPR) and legitimate interest (Article 6(1)(f) GDPR)  (improving services and marketing effectiveness)

Website operation and security (server log files)

• Purpose: Ensuring the security, stability and proper functioning of the website and detecting misuse or incidents

• Legal basis: Legitimate interest (Article 6(1)(f) GDPR), in particular for system security and stable availability of the website

Reviews and user-generated content

• Purpose: Publishing and managing reviews via platforms such as Trustpilot

• Legal basis: Legitimate interest (Article 6(1)(f) GDPR)  (transparency and service improvement)

Referral and loyalty programs

• Purpose: Managing referral programs and rewarding customers for referrals or loyalty activities

• Legal basis: Legitimate interest (Article 6(1)(f) GDPR) and, where applicable, consent (Article 6(1)(a) GDPR)

Product improvement and testing

• Purpose: Improving products, services and user experience

• Legal basis: Legitimate interest (Article 6(1)(f) GDPR) 

Business operations

• Purpose: Internal administration, reporting and B2B sales

• Legal basis: Legitimate interest (Article 6(1)(f) GDPR) 

Legal and administrative obligations

• Purpose: Complying with legal obligations such as tax and accounting requirements

• Legal basis: Legal obligation (Article 6(1)(c) GDPR)

Recruitment and job applications

• Purpose: Processing job applications and managing recruitment procedures

• Data processed:
  Name, contact details, CV, motivation letter, employment history, education details, and any other information you provide as part of your application

• Legal basis: Legitimate interest (Article 6(1)(f) GDPR), in particular to assess candidates and manage recruitment processes in an efficient and consistent manner.

• If required, we may process additional data to comply with legal obligations.

• You may withdraw your job application at any time by contacting us.
  

4. Marketing and cookies

We use cookies and similar technologies to improve your experience and personalise marketing.

• Our website uses a cookie banner to collect your consent for non-essential cookies

• You can manage your preferences at any time

• Email marketing is only sent if you have given consent or where legally permitted

• You can unsubscribe at any time via the link in our emails

5. Profiling and automated decision-making

We use tracking and marketing tools to better understand user behaviour and personalise content and advertisements.

This may include:

• Analysing browsing behaviour and interactions on our website

• Building audiences for targeted advertising via platforms such as Meta, Google, TikTok and others

• Measuring the effectiveness of campaigns

• We may combine information about your website usage with purchase data to better understand customer behaviour and improve our products and services.

These activities may qualify as profiling under the GDPR.

We do not make decisions that have legal or similarly significant effects on you based solely on automated processing.

6. Sharing your data

We do not sell your personal data. We only share your data with trusted service providers who help us operate our business. Depending on the service, these parties may act as processors on our behalf or as independent controllers.

These service providers may include:

• E-commerce platform: Shopify

• Analytics and tracking: Google Analytics, Elevar, Triple Whale, Shogun Analytics

• Marketing platforms: Klaviyo, Meta, TikTok, Pinterest, Snapchat

• Messaging services: WhatsApp Business (Meta)

• Customer support: Gorgias, Aircall, Minimal AI

• Payment providers: Klarna

• Fulfilment partners: Monta

• Review platforms: Trustpilot, Trusted Shops

• Behaviour analytics: Hotjar, Microsoft Clarity

• Recruitment software: Greenhouse Software, Inc.

We ensure that appropriate data processing agreements are in place.

Shopify platform

Our webshop is hosted on Shopify Inc., which acts as a data processor on our behalf.

Shopify provides the technical infrastructure required to operate our online store, including hosting, checkout functionality, payment processing, and order management.

When you use our website, your personal data is processed through Shopify’s systems in order to:

• enable the functioning of the webshop

• process orders and payments

• ensure the security and integrity of transactions

• detect and prevent fraud

Shopify may process certain data for its own purposes, such as maintaining, improving and securing its platform, which may include the use of aggregated or pseudonymised information. In such cases, Shopify may act as an independent controller.

Where applicable, Shopify complies with industry security standards such as the Payment Card Industry Data Security Standard (PCI DSS) for payment processing.

For more information, please refer to Shopify’s privacy policy:
https://www.shopify.com/legal/privacy

7. International data transfers

Some of our service providers are located outside the European Economic Area, including in the United States.

Where personal data is transferred outside the European Economic Area, we ensure appropriate safeguards such as:

• Standard Contractual Clauses

• EU–US Data Privacy Framework certification

• where applicable, the Swiss–US Data Privacy Framework

We assess transfers on a case by case basis and apply additional safeguards where needed.

8. How long we keep your data

We retain personal data only as long as necessary for the purposes described above.

In general, we apply the following retention periods:

• Account data: as long as your account remains active

• Order and invoice data: 7 years (legal obligation under tax law)

• Customer support data: up to 2 years after resolution

• Marketing data: until you withdraw your consent or unsubscribe

• Server log data: up to 7 days, unless required longer for security purposes

• Recruitment data: up to 4 weeks after the end of the recruitment process, unless you have given consent to retain your data for a longer period (e.g. up to 1 year for future opportunities)

9. Your rights

You have the following rights under the GDPR:

• Right of access

• Right to rectification

• Right to erasure

• Right to restriction of processing

• Right to data portability

• Right to object

• Right to withdraw consent

You can exercise your rights by contacting support@moovmore.com or by using the contact form on our website.

We will respond to your request within one month, unless the request is complex, in which case this period may be extended as permitted by law.

We may ask you to verify your identity before processing your request.

If you are not satisfied with how we handle your request, you can file a complaint with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens).

10. Security

We take appropriate technical and organisational measures to protect your personal data against loss, misuse and unauthorised access.

These measures include, among others:

• The use of secure connections (SSL/TLS encryption) to protect data transmitted via our website

• Hosting our webshop on Shopify, which provides a secure infrastructure with industry-standard security measures and certifications. Shopify is certified in accordance with recognised industry standards such as PCI DSS for payment security.

• Access controls and authentication measures to ensure that only authorised personnel can access personal data

• Regular updates and monitoring of our systems to detect and prevent vulnerabilities

• Limiting access to personal data to employees and service providers who need it for their work

• The use of trusted third-party service providers that are contractually bound to protect your data

Where appropriate, we also implement measures such as pseudonymisation and data minimisation.

Despite these measures, no system can be completely secure. If you have reason to believe that your interaction with us is no longer secure, please contact us immediately.

11. Children’s data

Our website and services are not intended for individuals under the age of 16. We do not knowingly collect personal data from children.

12. Third-party websites

Our website may contain links to third-party websites. We are not responsible for the privacy practices of these websites. We recommend that you review their privacy policies before providing any personal data.

13. Changes to this policy

We may update this privacy policy from time to time. We recommend reviewing it regularly.