Last updated: December 3rd, 2025

1. Introduction

Welcome to The House of Unalome (“we”, “us”, “our”). We deeply value the privacy of our community, whether you are browsing our Site, purchasing ceremonial clothing, ordering cacao, or joining our circles and programmes.

This Privacy Policy explains how we collect, use, store and protect your personal data when you visit thehouseofunalome.com (the “Site”) or otherwise interact with us.

We are established in the Netherlands and process your personal data in accordance with:

• the General Data Protection Regulation (EU) 2016/679 (“GDPR”); and

• the Dutch Implementation Act of the GDPR (UAVG).

For the purposes of the GDPR, we are the data controller of your personal data.

Data Controller Contact Details
Company: The House of Unalome
Email: customer@thehouseofunalome.com
Location: Amsterdam, Netherlands

2. What Personal Data We Collect

The type of information we collect depends on how you interact with us.

A. Information you provide directly

• Order information
  When you place an order (for example, for a kimono or ceremonial cacao), we collect:

  • name

  • billing and shipping address

  • email address

  • telephone number (if provided)

  • order details
    This information is necessary to process and deliver your order and to provide customer service.

• Account information
  If you create an account on our Site, we store your login details (email/username and password). Your password is stored in encrypted form and cannot be viewed by us.

• Correspondence
  If you contact us by email, contact form or social media, we will process the information you provide to respond to your enquiry (for example, your name, email address and the content of your message).

• Event & retreat intake information (special category data)
  For programmes such as The Butterfly Effect or other circles, we may ask for information that helps us understand whether the programme is suitable and safe for you and for the group. This may include, for example:

  • your age

  • experience as a single mother

  • current emotional / energetic state

  • other information you choose to share about your wellbeing

  Because some of this may be considered special category data (e.g. health-related information), we only process it where you give explicit consent by submitting the intake form. This information is treated with strict confidentiality and is never used for marketing.

B. Information collected automatically

When you use our Site, we automatically collect certain information from your device:

• Device and technical data

  • IP address

  • browser type and version

  • time zone setting

  • operating system and platform

• Usage data
  Information about how you use the Site, such as the pages you visit (e.g. which products you view, time spent on pages, clicks and navigation paths).

This information is collected mainly through cookies and similar technologies. More information is provided in the Cookie section below and in our separate Cookie Policy.

3. Purposes and Legal Bases for Processing

We only use your personal data where we have a valid legal basis under the GDPR. The main purposes and legal bases are:

1. To fulfil orders and provide services

   • Processing and delivering your orders, managing payments, sending order confirmations and updates, handling returns or complaints.

   • Legal bases:

     • Performance of a contract with you (Article 6(1)(b) GDPR).

     • Compliance with our legal obligations (e.g. tax and accounting laws) (Article 6(1)(c) GDPR).

2. To manage your account

   • Creating and maintaining your account, allowing you to log in, view past orders and save details.

   • Legal basis: Performance of a contract / steps prior to entering into a contract (Article 6(1)(b) GDPR).

3. To run events, circles and mentorship programmes

   • Reviewing applications, curating groups, ensuring safety, and communicating with you about the programme.

   • Legal bases:

     • Performance of a contract / steps at your request prior to entering into a contract (Article 6(1)(b));

     • For special category data, your explicit consent (Article 9(2)(a) GDPR).

4. To communicate with you

   • Responding to your messages, emails and enquiries, and providing customer support.

   • Legal bases:

     • Legitimate interests (to respond to and support our community) (Article 6(1)(f));

     • or performance of a contract, where your query relates to an order (Article 6(1)(b)).

5. Marketing and newsletters

   • Sending you emails about new collections, events, circles, offers or other updates that may interest you.

   • Legal bases:

     • Your consent, where you sign up to our newsletter or marketing list (Article 6(1)(a));

     • For existing customers, our legitimate interest in promoting similar products and services, where permitted by law (Article 6(1)(f)).
       You can unsubscribe at any time by clicking “unsubscribe” in the email or contacting us.

6. Analytics and site improvement

   • Monitoring how our Site is used, understanding which products and pages are popular, improving design and performance.

   • Legal basis: Legitimate interests (to improve our services and user experience) (Article 6(1)(f)), and consent where required for non-essential cookies.

7. Security and fraud prevention

   • Protecting our Site, preventing fraud, abuse and unauthorised access.

   • Legal bases: Legitimate interests (to ensure security and protect our business) (Article 6(1)(f)), and compliance with legal obligations where applicable (Article 6(1)(c)).

4. How We Share Your Personal Data

We do not sell your personal data. We only share it with trusted third parties where necessary for the purposes described above:

• E-commerce and hosting providers
  We use an e-commerce platform (currently WooCommerce on WordPress) and website hosting providers to operate our Site and store data securely.

• Payment processors
  To process your payments securely we share relevant transaction data with payment service providers such as Stripe, PayPal, or local options like iDEAL, depending on what you choose at checkout.

• Delivery and logistics partners
  We share your name, delivery address and contact details with carriers such as PostNL, DHL or other couriers so that your order can be delivered.

• Email and marketing tools
  If you subscribe to our newsletters or forms, your email address and preferences may be stored in reputable email marketing platforms solely for sending and managing communications.

• Professional advisers and authorities
  We may share information with accountants, legal advisers or public authorities (such as the Dutch tax authorities or the Autoriteit Persoonsgegevens) where required by law or necessary to protect our rights.

Where we use third-party processors, they act on our instructions, are bound by contracts, and must provide appropriate security measures.

5. International Data Transfers

Some of our service providers may be located outside the European Economic Area (EEA). Where personal data is transferred outside the EEA, we ensure that an appropriate safeguard is in place, such as:

• an adequacy decision by the European Commission; or

• Standard Contractual Clauses (SCCs) approved by the European Commission.

You can contact us for more information about the safeguards we use.

6. Data Retention

We keep your personal data only for as long as necessary for the purposes for which it was collected, and to comply with our legal obligations.

Indicatively:

• Order and invoicing data: kept for 7 years to comply with Dutch tax and accounting requirements.

• Account data: kept for as long as your account is active. If you request deletion of your account, we will delete or anonymise your personal data, except where we must retain it for legal reasons.

• Event / programme intake forms (special category data):

  • kept only for the duration of the application process and the programme itself;

  • deleted or anonymised once the programme concludes or your application is not successful, unless you have expressly consented to us keeping it for future opportunities or waitlists.

• Marketing data: we keep your email address and communication preferences until you unsubscribe or we cease sending marketing communications.

7. Your Rights under the GDPR

As an individual within the EEA, you have a number of rights in relation to your personal data:

• Right of access
  To obtain confirmation whether we process your personal data and, if so, receive a copy of that data.

• Right to rectification
  To request correction of inaccurate or incomplete personal data.

• Right to erasure (“right to be forgotten”)
  To request deletion of your personal data, in particular where it is no longer necessary for the purposes for which it was collected, you withdraw your consent (where processing is based on consent), or you successfully object to our processing. We may need to retain certain data where required by law (e.g. tax records).

• Right to restriction of processing
  To request that we limit the processing of your personal data in certain circumstances (for example, while we verify accuracy or review an objection).

• Right to data portability
  To receive your personal data in a structured, commonly used and machine-readable format and to transmit it to another controller where technically feasible, when processing is based on consent or contract and carried out by automated means.

• Right to object
  To object, on grounds relating to your particular situation, to our processing of your personal data based on legitimate interests. You also have the right to object at any time to processing for direct marketing, in which case we will stop such marketing.

• Right to withdraw consent
  Where we rely on your consent (e.g. newsletter subscription, special category data for programmes), you may withdraw that consent at any time. This will not affect processing that took place before withdrawal.

To exercise any of these rights, please contact us at customer@thehouseofunalome.com. We aim to respond within one month of receipt of your request, in accordance with the GDPR.

8. Cookies and Similar Technologies

Our Site uses cookies and similar technologies.

• Essential cookies – strictly necessary for the Site to function (for example, to keep items in your cart or maintain your session when you log in). These are set without your consent.

• Analytical / performance cookies – help us understand how visitors use the Site so we can improve layout, content and performance.

• Marketing / targeting cookies – used to deliver relevant advertising and measure the effectiveness of campaigns.

When you first visit our Site, you will see a cookie banner giving you the option to accept or reject non-essential cookies. You can also adjust your browser settings to block or delete cookies.

For more details about the cookies we use, please refer to our Cookie Policy or contact us.

9. Anti-Spam and Direct Marketing

We have a zero-tolerance approach to spam.

• We only send marketing emails where you have opted in or where you are an existing customer and the law permits us to send information about similar products or services.

• Every marketing email contains an “Unsubscribe” link you can use at any time.

• We do not purchase, rent or sell email lists.

10. Security

We take appropriate technical and organisational measures to protect your personal data from unauthorised access, loss, misuse, alteration or disclosure. These measures include, for example:

• using secure (HTTPS) connections on the Site;

• limiting access to personal data to staff and service providers who need it;

• using strong passwords and, where supported, additional security safeguards.

However, no system can be guaranteed to be completely secure. If you suspect any misuse or loss of, or unauthorised access to, your personal data, please contact us immediately.

11. Children

Our Site and services are not directed at children under the age of 16, and we do not knowingly collect personal data from children under this age without parental consent. If you believe we have collected personal data from a child without proper consent, please contact us so we can delete it.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time, for example to reflect changes in legal requirements or in how we operate our business.

When we make changes, we will:

• update the “Last updated” date at the top; and

• where appropriate, provide additional notice (for example, via email or a notice on our Site).

We encourage you to review this Policy periodically to stay informed about how we protect your information.

13. Questions, Concerns and Complaints

If you have any questions or concerns about this Privacy Policy or how we handle your personal data, please contact us first:

Email: customer@thehouseofunalome.com

We will do our best to resolve your query.

If you are not satisfied with our response, you have the right to lodge a complaint with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens):

• Website: www.autoriteitpersoonsgegevens.nl

You may also contact your local supervisory authority if you are based in another EEA country.