PRIVACY POLICY 1. CONTROLLER The controller in the sense of the General Data Protection Regulation (GDPR) and other national laws is: The Challenge Zone B.V. Herengracht, 320, 1016 CA Amsterdam, The Netherlands E-mail: info@the-challenge-zone.com 2. COLLECTION OF PERSONAL DATA We collect personal data when you visit our website, place an order, create an account, or subscribe to our newsletter. The collected data includes: Identification Data: Name, address, e-mail address, telephone number. Order Data: Products purchased, payment information. Usage Data: IP address, browser information, date, and time of access. 3. PURPOSES OF DATA PROCESSING Your data is processed for the following purposes: Performance of the Contract: To process and fulfill your orders, including shipping and payment. Customer Service: To respond to your inquiries and handle complaints. Marketing: For sending our newsletter (if you have consented) and to personalize our offers. Legal Obligations: To comply with statutory data retention requirements. 4. LEGAL BASES FOR PROCESSING The processing of your data is based on the following legal grounds: Performance of a Contract (Art. 6 Para. 1 lit. b GDPR): For processing orders and deliveries. Your Consent (Art. 6 Para. 1 lit. a GDPR): For sending the newsletter. Legitimate Interest (Art. 6 Para. 1 lit. f GDPR): For improving our website and preventing fraud. Legal Obligation (Art. 6 Para. 1 lit. c GDPR): For compliance with tax and commercial obligations. 5. TRANSFER OF DATA TO THIRD PARTIES Your data is only transferred to third parties if this is necessary for the performance of the contract (e.g., to shipping service providers or payment service providers), if you have given explicit consent, or if a legal obligation exists. 6. YOUR RIGHTS AS A DATA SUBJECT You have the right at any time to access the data we store about you (Art. 15 GDPR), the right to rectification (Art. 16 GDPR), erasure (Art. 17 GDPR), restriction of processing (Art. 18 GDPR), objection to processing (Art. 21 GDPR), and the right to data portability (Art. 20 GDPR). You also have ~the~ right to lodge a complaint with a supervisory authority if you believe that the processing of your personal data infringes the GDPR.