Go Back
Legal & Privacy
Jump To Section
01Data Controller 02Data We Collect 03How We Use It 04Legal Basis 05Security Measures 06Data Retention 07Third Parties 08Your Rights 09Cookies & Sessions 10Policy Changes 11Contact
Privacy Questions?

For any questions about your personal data, data access requests, or deletion requests, contact the owner directly.

ricardo@explorericardo.com
Legal

Privacy Policy

Last updated: July 2, 2026 GDPR / AVG Compliant 11 Sections

Ricardo's World ("we", "us", "our") is committed to protecting your personal data. This Privacy Policy explains what personal data we collect, why we collect it, how we use and store it, and what rights you have under the General Data Protection Regulation (GDPR) and the Dutch implementation thereof (Algemene Verordening Gegevensbescherming, AVG).

By creating an account or using our services, you acknowledge that you have read and understood this Privacy Policy. If you have any questions or wish to exercise your rights, please contact the owner at ricardo@explorericardo.com.

On This Page
  • Data Controller
  • Data We Collect
  • How We Use Your Data
  • Legal Basis For Processing
  • Security Measures
  • Data Retention
  • Third-Party Services
  • Your Rights Under GDPR
  • Cookies & Sessions
  • Changes To This Policy
  • Contact
01

Data Controller

The data controller responsible for your personal data is Ricardo Neudorfer, reachable at ricardo@explorericardo.com. As a data controller, i determine the purposes and means of processing your personal data and are fully responsible for ensuring that our processing activities comply with the GDPR and AVG.

If you have questions, concerns, or requests regarding your personal data, you may contact us at any time using the email address above. The owner will respond to all data subject requests within the timeframes required by law.

02

Data We Collect

We only collect personal data that is strictly necessary to deliver our services to you. Below is a clear overview of the categories of personal data we store and why each category is needed.

Account Identity

Your full name, email address, and company name (if applicable). Required to create and manage your account.

Billing Address

Street address, city, postal code, state/province, and country. Required for invoicing and tax compliance.

Phone Number

Your phone number and associated country code, where you choose to provide them. This information is optional and may be used for account-related communication or support when needed.

VAT Number

Business VAT identification number where applicable. Used for EU VAT compliance on invoices.

Payment Information

Payment method type, card brand, and the last 4 digits only. Full card numbers are never stored by us and are handled exclusively by Stripe.

Subscription & Invoice Records

Details of your active and past subscriptions, payments, and invoices. Required for billing history and legal financial record-keeping.

Session & Login Data

IP address, browser user agent, login timestamps, and session identifiers. Used to manage authenticated sessions and detect unauthorized access.

Authentication Credentials

Password data, two-factor authentication (2FA) credentials, passkey credentials, and related account security information needed to protect your account and support secure login features.

Delivery Address (Parcel Tracking)

Where parcel tracking is used, your delivery address, tracking number, order number, status updates, and related tracking details are stored to enable shipping notifications and parcel status updates.

Email Address

Used for account notifications, invoices, service updates, and responding to your requests. We do not send unsolicited marketing emails.

We do not sell, trade, or rent your personal data to any third party. All data collected is used solely for the purpose of delivering and improving our services.
03

How We Use Your Data

We use the personal data we collect only for the following specific purposes. We do not process your data for any purpose that is incompatible with the reason it was originally collected.

  • 1

    Account management — to create and maintain your account, verify your identity, and provide access to our services.

  • 2

    Billing and invoicing — to process payments, generate invoices, apply VAT correctly, and maintain financial records required by law.

  • 3

    Service delivery — to provide subscriptions, manage parcel tracking notifications, and deliver the services you have signed up for.

  • 4

    Security and fraud prevention — to detect and prevent unauthorized access, account takeovers, and fraudulent activity using login and session data.

  • 5

    Communication — to send transactional emails such as payment confirmations, subscription updates, and responses to your support requests.

  • 6

    Legal compliance — to meet our obligations under applicable Dutch and EU law, including financial record-keeping requirements.

04

Legal Basis For Processing

Under the GDPR and AVG, we are required to have a lawful basis for each type of personal data processing. The legal bases we rely on are listed below.

  • Contract

    Performance of a contract (Article 6(1)(b) GDPR) — Processing your account identity, billing address, payment details, and subscription data is necessary to provide the services you have agreed to receive.

  • Legal Obligation

    Compliance with a legal obligation (Article 6(1)(c) GDPR) — Retaining invoices and financial records is required under Dutch tax and accounting law.

  • Legitimate Interest

    Legitimate interests (Article 6(1)(f) GDPR) — Storing session data, IP addresses, and login history is necessary to protect the security of our platform and your account from unauthorized access and fraud.

05

Security Measures

We take the security of your personal data seriously. We implement technical and organizational measures appropriate to the risk level of the data we process.

Password Hashing

Passwords are stored using strong one-way cryptographic hashing. Plain-text passwords are never stored or logged.

2FA Protection

Two-factor authentication data and recovery-related account security data are handled as restricted account security information and are not displayed publicly.

Address Protection

Billing addresses and shipping addresses are stored only where needed for invoicing, delivery, and account administration.

Card Data Truncation

Only the last 4 digits and card brand are stored. Full card numbers are never held by us, and payment processing is handled by Stripe.

IP Address Handling

IP addresses are stored only in session and audit records for security purposes and are not shared with third parties for tracking.

Passkey Credential Security

WebAuthn and passkey-related account security data is used only for secure authentication and account access control.

In the event of a data breach that is likely to result in a risk to your rights and freedoms, the owner will notify you and the relevant supervisory authority (Autoriteit Persoonsgegevens) within 72 hours of becoming aware of it, as required by Article 33 and 34 of the GDPR.
06

Data Retention

We retain personal data for as long as it is needed to provide and operate your account, comply with legal obligations, and support the services you use. Specific retention periods may differ depending on the type of data and whether your account remains active or has been deleted.

  • 1

    Account data — retained for as long as your account exists. If your account is deleted, some related data may also be removed, while certain records may be retained where required for legal, billing, fraud prevention, or administrative purposes.

  • 2

    Invoices and financial records — retained for 7 years as required by Dutch tax law (Belastingdienst).

  • 3

    Session data and login records — retained for up to 1 year for security, account access control, and fraud prevention purposes.

  • 4

    Parcel tracking data — retained for as long as your account exists where parcel tracking features are connected to your account. Once your account is deleted, we may remove parcel tracking data that is no longer needed for service, legal, or administrative purposes.

  • 5

    Deleted accounts — if your account is deleted, some personal data may be removed or no longer actively used, but certain records may remain where retention is required for legal, billing, fraud prevention, dispute handling, or other legitimate business purposes.

07

Third-Party Services

We work with a limited number of trusted third-party processors to deliver our services. Each processor only receives the data they need to perform their specific function and is bound by a Data Processing Agreement (DPA) in accordance with GDPR requirements.

Stripe (Payment Processing)

Handles all payment card processing. We share your email, billing name, and billing address with Stripe to generate a customer record. Stripe is GDPR-compliant and operates under Standard Contractual Clauses for EU data transfers. See stripe.com/privacy.

Hosting Infrastructure

Our servers are hosted within the EU. All personal data is stored and processed on EU-based infrastructure. No personal data is transferred outside the EEA without appropriate safeguards.

We do not use advertising networks, analytics tracking services that process personal data, or any third party that would receive your personal data for purposes other than direct service delivery.
08

Your Rights Under GDPR

As a data subject under the GDPR and AVG, you have the following rights regarding your personal data. To exercise any of these rights, contact the owner at ricardo@explorericardo.com. He will respond within one month of receiving your request.

  • 1

    Right of access (Article 15) — You may request a copy of all personal data we hold about you, along with information about how and why it is processed.

  • 2

    Right to rectification (Article 16) — You may request that we correct any inaccurate or incomplete personal data we hold about you. Most account data can also be updated directly in your account settings.

  • 3

    Right to erasure (Article 17) — You may request that we delete your personal data where it is no longer necessary for the purpose it was collected, subject to any overriding legal retention obligations.

  • 4

    Right to restriction of processing (Article 18) — You may request that we limit the processing of your personal data in certain circumstances, such as while a dispute about accuracy is being resolved.

  • 5

    Right to data portability (Article 20) — You may request a machine-readable copy of the personal data you provided to us, where processing is based on your consent or a contract.

  • 6

    Right to object (Article 21) — You may object to the processing of your personal data where we rely on legitimate interests as our legal basis.

  • 7

    Right to lodge a complaint — If you believe your data is being processed unlawfully, you have the right to file a complaint with the Dutch data protection authority: Autoriteit Persoonsgegevens.

09

Cookies & Sessions

We use strictly necessary session cookies to maintain your authenticated session after you log in. These cookies do not track you across other websites and are not used for advertising or analytics.

Session Cookie

A secure, HTTP-only session identifier stored in a cookie. This is required to keep you logged in while you navigate our portal. It expires when your session ends or at the configured session timeout.

No Tracking Cookies

We do not use Google Analytics, Meta Pixel, or any other third-party tracking cookies. Your browsing behaviour on our platform is not profiled or shared with advertisers.

Because we only use strictly necessary cookies, we are not required to display a cookie consent banner under the Dutch Telecommunicatiewet. However, you may block cookies in your browser settings, which will prevent you from logging in to our services.

10

Changes To This Policy

We may update this Privacy Policy from time to time to reflect changes in our services or applicable law. When we make material changes, the owner will notify you by email to your registered address and update the "Last updated" date at the top of this page.

We encourage you to review this policy periodically. Continued use of our services after a policy update constitutes your acknowledgment of the revised policy.

11

Contact

If you have any questions about this Privacy Policy, wish to exercise your data rights, or want to report a privacy concern, please contact the owner directly. He aims to respond to all requests within 30 days.

ricardo@explorericardo.com