Privacy Policy — The Shipping Playbook
Effective Date: May 2026
Language: English (governing language)
This Privacy Policy applies to all visitors, users, and customers of VOF The Shipping Playbook worldwide. It is drafted in full compliance with Regulation (EU) 2016/679 (GDPR) — Articles 13 and 14 — the Dutch Telecommunications Act (Telecommunicatiewet, Art. 11.7a), the EU ePrivacy Directive, and applicable US privacy law including the California Consumer Privacy Act (CCPA). Where mandatory local privacy law grants stronger rights than described here, those rights apply.
1. Who We Are — Data Controller
The data controller responsible for your personal data is:
- Trading name: The Shipping Playbook
- Legal name: VOF The Shipping Playbook
- Registered address: Delta 61 unit 54c, 6825ML Arnhem, Netherlands
- KvK number: 98841874
- VAT number: NL868666592B01
- Email: info@theshippingplaybook.com
- Platform: academy.theshippingplaybook.com
VOF The Shipping Playbook acts as the data controller, meaning we determine the purposes and means of processing your personal data. We do not have a mandatory Data Protection Officer (DPO) given our scale, but privacy‑related questions and requests can be directed to info@theshippingplaybook.com.
2. What Personal Data We Collect
We collect only the personal data that is necessary for the purposes described in this Policy (data minimisation principle, Art. 5(1)(c) GDPR). Depending on how you interact with us, this may include:
2.1 Data You Provide Directly
- Identity data: full name, company name (if applicable)
- Contact data: email address, billing address, country of residence
- Account data: username, password (stored in hashed form), platform preferences
- Payment data: billing name, billing address, payment method type (e.g. card type); note: full card details are processed exclusively by our payment processor and are never stored by us
- Purchase data: products purchased, purchase date, order reference, invoice details
- Communication data: messages, emails, or support requests you send to us
- Marketing preferences: consent to marketing communications
2.2 Data Collected Automatically
- Usage data: pages viewed, course modules accessed, progress and completion data on the Platform, time and duration of access
- Technical data: IP address, browser type and version, operating system, device type, time zone, referring URL
- Cookie and tracking data: see Section 8 (Cookies and Tracking Technologies)
2.3 Data from Third Parties
We may receive limited personal data from:
- Payment processors (transaction confirmation, billing address validation)
- Our learning platform provider (login events, course progress)
- Email marketing tools (delivery status, open/click events where consent is given)
3. How and Why We Use Your Personal Data — Legal Bases
We process personal data only on one of the lawful bases listed in Art. 6 GDPR. The table below sets out our processing activities, purposes, and legal bases:
| Purpose | Data used | Legal basis (Art. 6 GDPR) | Retention period |
|---|---|---|---|
| Processing and fulfilling your purchase | Identity, contact, payment, purchase data | Contract (Art. 6(1)(b)) | 7 years (tax / accounting obligation) |
| Creating and managing your Platform account | Identity, contact, account data | Contract (Art. 6(1)(b)) | Duration of access period + 6 months |
| Delivering the Product (course access) | Account, usage data | Contract (Art. 6(1)(b)) | Duration of access period |
| Sending transactional emails (order confirmation, access credentials, invoices) | Identity, contact, purchase data | Contract (Art. 6(1)(b)) | 7 years |
| Responding to support requests and complaints | Communication data, identity, purchase data | Contract / Legitimate interest (Art. 6(1)(b)(f)) | 2 years after resolution |
| Sending marketing emails (newsletters, offers, tips) | Identity, contact, marketing preferences | Consent (Art. 6(1)(a)) | Until consent is withdrawn |
| Analysing Platform usage to improve the Product | Usage data, technical data (aggregated/anonymised where possible) | Legitimate interest (Art. 6(1)(f)) | 12 months rolling |
| Fraud prevention and platform security | Technical data, usage data, payment data | Legitimate interest (Art. 6(1)(f)) | 12 months |
| Compliance with legal obligations (e.g. tax records, consumer rights) | Identity, purchase, payment data | Legal obligation (Art. 6(1)(c)) | As required by applicable law (min. 7 years for financial records) |
| Enforcing our Terms and Conditions (e.g. IP infringement) | Identity, usage, communication data | Legitimate interest (Art. 6(1)(f)) | Duration of proceedings + 5 years |
We never sell your personal data to third parties.
4. Marketing Communications
We send marketing emails (newsletters, new product announcements, tips on e‑commerce shipping) only with your explicit prior consent.
You can give consent at purchase by ticking the marketing opt‑in checkbox, or via our website sign‑up form.
You can withdraw consent at any time by clicking the unsubscribe link in any marketing email or by emailing info@theshippingplaybook.com. Withdrawal of consent does not affect the lawfulness of processing carried out before withdrawal.
We use the soft opt‑in rule only where permitted, i.e. we may send relevant product updates to existing customers by email where they have not objected, provided the communication relates to similar products and the customer was given a clear opportunity to opt out at time of purchase.
5. Third‑Party Processors (Sub‑processors)
We use trusted third‑party service providers that process personal data on our behalf as data processors under Article 28 GDPR Data Processing Agreements. These include:
- Kajabi (USA) hosts our learning platform and processes your name, email address, and course usage data to manage your account and deliver course content — Standard Contractual Clauses (SCCs) and Kajabi's Data Protection Addendum are in place.
- CheckoutJoy processes payments and handles your billing name, billing address, and transaction data securely on our behalf.
- ActiveCampaign (USA) manages our email communications and processes your name and email address for transactional and marketing emails — SCCs apply.
- Google Analytics (USA) collects anonymised and pseudonymised technical and usage data (including IP address) to help us understand how the Platform is used and improve it — SCCs apply and IP anonymisation is enabled.
We only share data with processors who provide sufficient guarantees of GDPR compliance and with whom we have a valid Data Processing Agreement. We do not allow any of these processors or their sub‑processors to use your personal data for their own independent purposes beyond the services they provide to us.
6. International Data Transfers
VOF The Shipping Playbook is based in the Netherlands (EU). Where we transfer personal data to countries outside the European Economic Area (EEA) — in particular to the United States — we ensure an appropriate transfer mechanism is in place, such as:
- Standard Contractual Clauses (SCCs) as adopted by the European Commission (Decision of 4 June 2021), where applicable
- Adequacy decision where the recipient country has been granted an adequacy decision by the European Commission
- Binding Corporate Rules where applicable
The primary US transfer relates to our learning platform (see Section 5). Kajabi has executed updated SCCs incorporating the new EU Standard Contractual Clauses. Details of applicable transfer mechanisms for each sub‑processor are available on request at info@theshippingplaybook.com.
7. Your Rights Under GDPR
If you are located in the EU/EEA or another jurisdiction with equivalent data protection rights, you have the following rights regarding your personal data:
| Right | What it means | How to exercise it |
|---|---|---|
| Right of access (Art. 15) | Request a copy of all personal data we hold about you | Email info@theshippingplaybook.com |
| Right to rectification (Art. 16) | Request correction of inaccurate or incomplete data | Email info@theshippingplaybook.com |
| Right to erasure (Art. 17) | Request deletion of your data (subject to legal retention obligations) | Email info@theshippingplaybook.com |
| Right to restriction (Art. 18) | Request that we limit processing of your data in certain circumstances | Email info@theshippingplaybook.com |
| Right to data portability (Art. 20) | Receive your data in a structured, machine‑readable format | Email info@theshippingplaybook.com |
| Right to object (Art. 21) | Object to processing based on legitimate interest or for direct marketing | Email us or use the unsubscribe link |
| Right to withdraw consent (Art. 7(3)) | Withdraw any consent given at any time without penalty | Email us or use the unsubscribe link |
| Right not to be subject to automated decisions (Art. 22) | Not to be subject to solely automated decisions with significant effects | Contact us if you believe this applies |
We respond to all data rights requests within one calendar month of receipt. Where a request is complex or numerous, we may extend this by a further two months, with notice to you. We do not charge a fee for exercising your rights, unless requests are manifestly unfounded or excessive.
8. Cookies and Tracking Technologies
8.1 What Are Cookies?
Cookies are small text files placed on your device when you visit a website. We use cookies and similar technologies (pixels, local storage) on academy.theshippingplaybook.com and associated pages.
8.2 Categories of Cookies We Use
| Category | Purpose | Consent required? | Examples |
|---|---|---|---|
| Strictly necessary | Essential for the Platform to function (login sessions, shopping cart, security tokens) | No — exempt under ePrivacy rules | Session cookies, CSRF tokens |
| Functional / preference | Remember your preferences (language, timezone, course progress) | No — where used exclusively for the user's benefit | Platform preference cookies |
| Analytics | Understanding how visitors use the Platform to improve it | Yes (unless fully anonymised and not shared) | Google Analytics, Plausible |
| Marketing / tracking | Tracking across websites for targeted advertising (e.g. Meta Pixel, TikTok Pixel) | Yes | Meta Pixel, TikTok Ads Pixel |
8.3 Cookie Consent
In accordance with the Dutch Telecommunications Act (Art. 11.7a Tw) and the GDPR, we obtain your prior, freely given, informed, and unambiguous consent before placing any non‑essential cookies.
- Our cookie banner presents choices clearly. Refusing cookies is as easy as accepting them — we do not use pre‑ticked boxes, hidden reject buttons, or cookie walls.
- You can change your cookie preferences at any time via the cookie settings link in the footer of our website.
- Withdrawing cookie consent does not affect the lawfulness of prior processing.
8.4 Advertising Pixels
Where you have given consent to marketing cookies, we may use advertising pixels from Meta (Facebook/Instagram) and TikTok to measure the effectiveness of our advertising campaigns. These pixels may transmit certain technical and behavioural data to Meta Inc. and TikTok Inc. as independent data controllers. Their privacy policies govern their processing of that data. We have implemented the relevant Conversion APIs (CAPI) in compliance with applicable data protection requirements.
9. Data Security
We implement appropriate technical and organisational measures to protect your personal data against accidental or unlawful destruction, loss, alteration, unauthorised disclosure, or access, including:
- Encryption: data in transit is protected by TLS/SSL; passwords are stored in hashed form.
- Access control: access to personal data is limited to those who need it on a need‑to‑know basis.
- Platform security: our learning platform (Kajabi) maintains its own security certifications.
- Incident response: in the event of a personal data breach that poses a risk to your rights and freedoms, we notify the Dutch Data Protection Authority (Autoriteit Persoonsgegevens) within 72 hours and affected individuals without undue delay, as required by Art. 33–34 GDPR.
No method of transmission over the internet or electronic storage is completely secure. While we take commercially reasonable precautions, we cannot guarantee absolute security.
10. Data Retention
We retain personal data only for as long as necessary for the purposes for which it was collected, or as required by applicable law. Typical retention periods include:
- Purchase and financial records: 7 years (Dutch tax law / Art. 2:10 BW)
- Account and course access data: access period + 6 months after expiry (to handle post‑access queries)
- Support communications: 2 years after the matter is resolved
- Marketing data (with consent): until consent is withdrawn, or 2 years of inactivity, whichever is sooner
- Analytics data: 13 months rolling (Google Analytics default) or immediately upon anonymisation
- Security/fraud data: 12 months
After the applicable retention period, data is securely deleted or irreversibly anonymised.
11. Children’s Privacy
The Shipping Playbook is designed for adults operating or working in e‑commerce businesses. We do not knowingly collect personal data from individuals under the age of 16 (or the applicable minimum age in their country of residence). If we become aware that we have inadvertently collected data from a minor, we will delete it promptly. If you believe a minor has submitted personal data to us, please contact info@theshippingplaybook.com.
12. California Residents — CCPA Rights
If you are a resident of California, USA, the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA) may grant you the following additional rights:
- Right to know: the categories and specific pieces of personal information we collect about you, and how it is used and shared.
- Right to delete: request deletion of your personal information, subject to legal exceptions.
- Right to correct: request correction of inaccurate personal information.
- Right to opt out of sale or sharing: we do not sell or share personal information for cross‑context behavioural advertising — no opt‑out action is needed.
- Right to limit use of sensitive personal information: we do not process sensitive personal information beyond what is necessary.
- Right to non‑discrimination: we do not discriminate against you for exercising your CCPA rights.
To exercise your CCPA rights, contact us at info@theshippingplaybook.com with the subject line “CCPA Request”. We respond within 45 days.
Note on CCPA applicability: The CCPA applies to for‑profit businesses meeting certain thresholds (annual gross revenues exceeding $25 million; processing of data of 100,000+ consumers or households; or deriving 50%+ of annual revenues from selling personal information). We nonetheless offer all California residents the rights listed above as a matter of good practice.
13. Other Jurisdictions
Customers in other jurisdictions may have additional privacy rights under their local law. We will honour any data rights requests that are legally required in the customer’s country of residence. Contact us at info@theshippingplaybook.com for jurisdiction‑specific requests.
14. Supervisory Authority — Right to Lodge a Complaint
If you believe we have not processed your personal data in accordance with applicable data protection law, you have the right to lodge a complaint with the competent supervisory authority:
Netherlands (lead supervisory authority as our home jurisdiction):
Autoriteit Persoonsgegevens (AP)
Website: www.autoriteitpersoonsgegevens.nl
Postal address: Hoge Nieuwstraat 8, 2514 EL Den Haag, Netherlands
You also have the right to lodge a complaint with the supervisory authority in your own EU/EEA country of habitual residence or place of work. We would, however, ask that you first contact us directly at info@theshippingplaybook.com so we have the opportunity to address your concern.
15. Links to Third‑Party Websites
The Platform may contain links to third‑party websites or services. This Privacy Policy does not apply to those third parties. We recommend reviewing the privacy policies of any external sites you visit.
16. Updates to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in law, our data practices, or our services:
- Material changes are communicated by email and/or by prominent notice on the Platform at least 30 days before they take effect.
- The effective date at the top of this document will be updated upon any revision.
Your continued use of the Platform after the effective date of an updated Policy constitutes acceptance of the changes.
17. Contact — Data Rights Requests and Privacy Questions
For all data rights requests, privacy questions, or concerns regarding this Privacy Policy, contact us at:
VOF The Shipping Playbook
Delta 61 unit 54c, 6825ML Arnhem, Netherlands
Email: info@theshippingplaybook.com
Subject line: “Privacy Request”
We aim to respond to all enquiries within 14 business days and to all formal data rights requests within one calendar month.
