Developed with the support of
Join our GIMMY Community
Sign up for our newsletter and save 10% on your first order!
Privacy policy
PRIVACY STATEMENT â GIMMY PRODUCTS BV â 04/07/2025Â
Weâre glad youâve come to GIMMY; together we will bring out the best in ourselves.
This is the privacy statement (hereinafter: Privacy Statement) of GIMMY Products BV, a company active in the sale of dietary supplements, located at Nieuwstraat 8, 9770 Kruisem, Belgium, with company number 0785.985.060 (hereinafter: GIMMY, we or us). This Privacy Statement aims to inform each customer about how GIMMY processes and uses your data.
It is important that you read this privacy statement so that you are aware of how and why your data is used. This privacy statement may be amended at any time.
This statement applies to all personal data collected by GIMMY, both through the use of www.gimmyvitamins.com (hereinafter: Website), as well as by creating an account on our website, the sale of our products, and the provision of services to consumers.
1. DEFINITIONSÂ
In this Privacy Statement, the following definitions apply:
- GDPR: the General Data Protection Regulation, formally Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data.
- Data Subject: the natural person who uses this website, or who makes use of the services, or purchases goods from GIMMY.
- Personal Data: any information relating to an identified or identifiable natural person. An identifiable natural person is someone who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier.
- Processing: any operation or set of operations performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction of data.
- Controller: the legal entity that determines the purposes and means of the processing of personal data. In this case, GIMMY is the controller.
All terms used in this Privacy Statement that are not explicitly defined herein are deemed to have the meaning given to them in the GDPR. In case of conflict between a definition in this Privacy Statement and the meaning under the GDPR, the GDPR definition shall prevail.
2. WHICH PERSONAL DATA DO WE PROCESS, FROM WHOM, FOR WHAT PURPOSES?Â
Visitors to the Website
|
Processed Personal Data |
Purpose of Processing |
Legal Basis |
| IP address, browser type and version, time of visit, pages visited, duration, location data, unique device IDs, cookie data | Technical and functional operation of the Website; usage analysis; security and improvement of the Website | GIMMYâs legitimate interest in providing a safe, well-functioning, and user-friendly website |
Accounts and Orders
|
Processed Personal Data |
Purpose of Processing |
Legal Basis |
| First name, last name, email address, shipping and billing address, phone number | Creating and managing customer accounts; processing and tracking orders | Performance of the contract |
| Payment details (bank account, card number, transaction details) | Processing payments; refunds and invoicing | Performance of the contract |
| Order history, preferences, feedback, survey responses | Personalized service; analysis of customer preferences; product and service improvement | Legitimate interest |
| Marketing preferences, newsletter consent | Sending newsletters, offers, and promotions | Consent |
| Username, password, login history | Access to and security of customer accounts | Performance of the contract |
Subscribers
| Processed Personal Data | Purpose of Processing | Legal Basis |
| Name, email address, shipping address, phone number, subscription preferences, payment information, change history | Managing, modifying, pausing subscriptions; communication about shipments | Performance of the contract |
| Interests and feedback regarding products | Service improvement and personalized product recommendations | Legitimate interest |
Contact without Purchase
| Processed Personal Data | Purpose of Processing | Legal Basis |
| Name, email address, phone number, message content (including complaints and attachments) | Answering questions, handling complaints, general communication | GIMMYâs legitimate interest in efficient communication and complaint handling |
| Customer number (if provided), previous orders (if mentioned), feedback | Service improvement, follow-up on prior communications | Legitimate interest |
Newsletter Subscribers
| Processed Personal Data | Purpose of Processing | Legal Basis |
| Email address, communication preferences | Sending newsletter and marketing communications | Consent (upon signup) |
| Email interactions (e.g. clicks, open rates) | Evaluating marketing effectiveness | Legitimate interest |
Job Applicants
| Processed Personal Data | Purpose of Processing | Legal Basis |
| Name, email address, address, phone number, cover letter, CV, diplomas, prior work experience | Processing applications and recruiting personnel | GIMMYâs legitimate interest and consent of the applicant |
| Notes during the selection process, communication about progress | Evaluation and follow-up of the application process | Legitimate interest |
3. WHO HAS ACCESS TO YOUR PERSONAL DATA?
Website Hosting
The Website is hosted and managed by Shopify Inc. GIMMY has entered into a data processing agreement with Shopify Inc. to ensure the security of your personal data. You can find Shopifyâs privacy statement at this link.
Website Usage Analysis
GIMMY uses Shopify Analytics and Google Analytics to analyze Website usage. Both tools provide insights into visitor behavior. More info: Shopify Privacy and Google Partner Sites.
Social Media Buttons and Plugins
The Website may contain buttons or links to social media platforms such as Instagram, Facebook, LinkedIn, X, and YouTube. When you click these buttons or visit our social media pages, these external platforms may collect personal data about you. These data are processed directly by those platforms without GIMMYâs involvement, and we are not responsible for their data practices. Refer to their own privacy statements:
- X (formerly Twitter)
- YouTube
Other Third Parties
GIMMY may share your personal data with:
- Service providers (e.g., delivery services, IT or cloud providers, payment processors);
- Subcontractors assisting in service delivery;
- Professional advisors (accountants, lawyers, auditors) when needed for advice;
- Investors or buyers in the event of a merger or restructuring;
- Judicial or administrative authorities when legally required.
In all cases, GIMMY only shares data with third parties who (a) act as processors under the GDPR or (b) have signed a data processing agreement binding them to this privacy statement. For a detailed list of processors, contact us at info@gimmy.be.
4. PROCESSING OUTSIDE THE EEAÂ
GIMMY is a Belgian company and aims to process personal data exclusively within the European Economic Area. If data are transferred to countries outside the EEA that do not provide an adequate level of protection according to the European Commission, GIMMY ensures appropriate safeguards, including:
- Standard Contractual Clauses approved by the European Commission;
- Additional technical or organizational measures.
Contact us for more information about these safeguards.
5. HOW DO WE PROTECT YOUR PERSONAL DATA?
GIMMY implements appropriate technical and organizational measures to secure your personal data against loss, misuse, unauthorized access, or alteration.
Examples include:
- Encryption and pseudonymization of sensitive data;
- Secure connections via HTTPS;
- Access restrictions and confidentiality obligations for staff and service providers.
All processors have signed written data processing agreements, and strict internal confidentiality rules apply.
6. HOW LONG DO WE RETAIN YOUR PERSONAL DATA?
GIMMY retains your personal data no longer than necessary for the purposes for which they were collected or as required by law (e.g., tax retention periods).
For example:
- Purchase-related data: 7 years (accounting law);
- Marketing preferences: until consent is withdrawn;
- Website usage data: up to 24 months after last visit.
For specific retention questions, contact us at info@gimmy.be.
7. WHAT ARE YOUR RIGHTS?
As a data subject, you have the following rights under applicable law:
- Right of access: you can request which personal data we process about you;
- Right of rectification: you can correct inaccurate or incomplete data;
- Right to erasure: you can request deletion of your data;
- Right to restrict processing;
- Right to data portability;
- Right to object, including to direct marketing;
- Right to withdraw consent, where processing is based on consent.
To exercise these rights, email info@gimmy.be. We may verify your identity before responding and will reply within 30 days.
8. COMPLAINTS AND SUPERVISORY AUTHORITYÂ
If you believe we have processed your data unlawfully, you may file a complaint with the Belgian Data Protection Authority:
- Website: https://www.gegevensbeschermingsautoriteit.be
- Email: contact@apd-gba.be
- Phone: +32 (0)2 274 48 00
We recommend contacting us first so we can resolve the issue together.
Â
COOKIE POLICY â GIMMY PRODUCTS BV â 04/07/2025
Weâre glad youâve come to GIMMY; together we will bring out the best in ourselves.
This is the cookie policy (hereinafter: Cookie Policy) of GIMMY Products BV, a company active in the sale of dietary supplements, located at Nieuwstraat 8, 9770 Kruisem, Belgium, with company number 0785.985.060 (hereinafter: GIMMY, we or us). This Cookie Policy aims to inform each customer about how GIMMY uses cookies on its website www.gimmyvitamins.com (hereinafter: Website).
1. WHAT ARE COOKIES?
Cookies are small text files that a website stores on your computer. When you revisit the Website, cookies remember your personal preferences, such as chosen language, so you donât have to reset them.
You can delete cookies via your browser settings or set your browser to reject cookies. However, this may impair Website functionality or access to certain features.
2. TYPES OF COOKIES
Functional
These cookies are essential for the Website to function properly. They remember your language choice or login status. They can be placed without consent.
Analytical
These cookies help us understand how visitors use the Website by collecting anonymous information about visitor numbers, pages visited, times, etc. We use this data to improve our Websiteâs operation.
Marketing
These cookies track browsing across websites to display personalized ads. They are only placed with your explicit consent.
3. COOKIES WE USE
Functional Cookies
| Name | Function | Retention Period |
|---|---|---|
| _ab | Used for admin panel access. | 2 years |
| _secure_session_id | Tracks session during checkout to link order, payment, and delivery. | 24 hours |
| _shopify_country | Stores detected country via GeoIP. | Session |
| _shopify_m | Manages privacy settings. | 1 year |
| _shopify_tm | Manages privacy settings. | 30 minutes |
| _shopify_tw | Manages privacy settings. | 2 weeks |
| _storefront_u | Facilitates updating customer account data. | 1 minute |
| _tracking_consent | Stores cookie preferences. | 1 year |
| c | Used during checkout. | 1 year |
| cart | Used for the shopping cart. | 2 weeks |
| cart_currency | Ensures new carts use the same currency as the previous checkout. | 2 weeks |
| cart_sig | Verifies integrity of cart contents. | 2 weeks |
| cart_ts | Used during checkout. | 2 weeks |
| cart_ver | Used for the shopping cart. | 2 weeks |
| checkout | Used during checkout. | 4 weeks |
| checkout_token | Used during checkout. | 1 year |
| dynamic_checkout_shown_on_cart | Used during checkout. | 30 minutes |
| hide_shopify_pay_for_checkout | Used during checkout. | Session |
| keep_alive | Used for buyer localization. | 2 weeks |
| master_device_id | Used for merchant login. | 2 years |
| previous_step | Used during checkout. | 1 year |
| remember_me | Used during checkout. | 1 year |
| secure_customer_sig | Identifies customer after login. | 20 years |
| shopify_pay | Used during checkout. | 1 year |
| shopify_pay_redirect | Used during checkout. | 1 hour / 3 weeks / 1 year |
| storefront_digest | Allows merchants to view password-protected site. | 2 years |
| tracked_start_checkout | Used during checkout. | 1 year |
| checkout_one_experiment | Used during checkout. | Session |
| checkout_session_lookup | Used during checkout. | 3 weeks |
| checkout_session_token_<> | Used during checkout. | 3 weeks |
| identity_state | Used for customer authentication. | 24 hours |
| identity_state_<> | Used for customer authentication. | 24 hours |
| identity_customer_account_number | Used for customer authentication. | 12 weeks |
Â
Analytical Cookies
| Name | Function | Retention Period |
|---|---|---|
| _landing_page | Tracks landing pages. | 2 weeks |
| _orig_referrer | Tracks landing pages. | 2 weeks |
| _s | Shopify analytics. | 30 minutes |
| _shopify_d | Shopify analytics. | Session |
| _shopify_fs | Shopify analytics. | 30 minutes |
| _shopify_s | Shopify analytics. | 30 minutes |
| _shopify_y | Shopify analytics. | 1 year |
| _y | Shopify analytics. | 1 year |
| _shopify_evids | Shopify analytics. | Session |
| _shopify_ga | Shopify + Google Analytics. | Session |
| customer_auth_provider | Shopify analytics. | Session |
| customer_auth_session_created_at | Shopify analytics. | Session |
Â
Marketing Cookies
| Name | Function | Retention Period |
|---|---|---|
| _shopify_sa_p | Shopify analytics for marketing & referrals. | 30 minutes |
| _shopify_sa_t | Shopify analytics for marketing & referrals. | 30 minutes |