Privacy Policy
Last updated: 5 June 2025
1. Who we are
Tuuma Running SRL ("Tuuma", "we", "us" or "our") designs and sells performance apparel to both business customers (B2B) and consumers (B2C). We trade via our website tuumarunning.net, which is built and hosted on the Odoo e‑commerce platform provided by Odoo SA.. This Privacy Policy explains how we collect, use, disclose and safeguard the personal information of anyone who:
- visits or interacts with the Site;
- buys or enquires about our products or services;
- communicates with us in any other way (together, the "Services").
For the purposes of the EU General Data Protection Regulation (GDPR) and its UK and Swiss equivalents, Tuuma Running SRL (company no. xxxxxxx, registered at Chaussée de la Hulpe 26, 1000 Brussels, Belgium) is the data controller for the processing described in this notice.
2. Changes to this Privacy Policy
We keep this notice under regular review. Any material changes will be posted on the Site with an updated "Last updated" date. Where required by law we will also notify you by email or another prominent method.
3. What personal information we collect
The exact data we hold depends on how you interact with us.
3.1 Information you provide directly
| Context | Typical data items |
|---|---|
| Account creation / checkout | Name, email, phone, billing & shipping address, company name & VAT number (if B2B), chosen password |
| Orders & returns | Product details, size, purchase price, payment confirmation, delivery preferences, RMA numbers |
| Payment | Last four digits of card, payment token, IBAN/Swift (for bank transfer) — processed by our payment processor, not stored in full by us |
| Customer support / live chat | Content of emails, chat transcripts, attachments |
| Newsletter sign‑up / marketing forms | Name, email, marketing preferences, explicit consents |
3.2 Information we collect automatically ("Usage Data")
When you browse the Site, Odoo automatically logs:
- device & browser type, OS, screen resolution;
- IP address and rough geolocation (city, country);
- pages viewed, clicks, referring/exit pages, time‑stamp;
- cookies that remember your basket, language, login session and analytics identifiers.
3.3 Information from third parties
- Odoo SA – hosting, e‑commerce and database services;
- Payment processors (e.g. Stripe, Mollie) – to validate and settle payments;
- Logistics partners – to print labels, track parcels and manage returns;
- Marketing & analytics providers – to measure campaign performance (e.g. Google Analytics, Meta Ads, LinkedIn Ads).
We only receive limited data from these providers and use it in accordance with this Policy.
4. How and why we use your data
| Purpose | GDPR legal basis | Details |
| Fulfilling orders & providing Services | Contract (Art. 6 (1)(b)) | Process payments, deliver goods, manage your account, handle returns, issue invoices (incl. VAT info for B2B) |
| Customer service & technical support | Legitimate interest (Art. 6 (1)(f)) | Respond to enquiries, troubleshoot, record interactions for training/quality |
| Marketing & newsletters | Consent / Legitimate interest* | Send product updates, offers and event invites; you can unsubscribe at any time |
| Analytics & site optimisation | Legitimate interest | Understand traffic patterns, improve UX, prevent fraud |
| Legal & tax compliance | Legal obligation (Art. 6 (1)(c)) | Keep VAT records, comply with consumer‑protection and accounting laws |
| Security & fraud prevention | Legitimate interest | Monitor access logs, block malicious traffic, enforce T&Cs |
* We rely on legitimate interest for B2B email marketing that meets the "soft opt‑in" rules of the e‑Privacy Directive, and on consent for B2C electronic marketing.
5. How we share personal information
We do not sell or rent your data. We only disclose it:
- To service providers acting on our instructions (Odoo SA, payment processors, couriers, IT‑security & cloud‑hosting firms, accountants). Each is bound by contract to keep the data confidential and secure.
- Within our corporate group (subsidiaries, parent or sister companies) for internal administration.
- To authorities or professional advisers where required by law, to defend legal claims or to protect our rights or those of others.
- In connection with a business transaction (e.g. merger, acquisition) provided the recipient agrees to respect your privacy.
6. Cookies & similar technologies
Our Site uses first‑party and third‑party cookies to:
- remember your basket and login session;
- provide essential security and load‑balancing;
- gather anonymous analytics;
- personalise marketing (only where cookies are accepted).
You can manage cookies in your browser settings or via the consent banner on our Site. Blocking strictly‑necessary cookies may impair the Store. For a full list of cookies set by the Odoo platform, please consult Odoo’s Cookie Policy at odoo.com/privacy.
7. International transfers
Your data is stored on Odoo servers located in the EU. Where we or our processors transfer data outside the EEA/UK/Switzerland, we rely on:
- an adequacy decision (Art. 45 GDPR), or
- Standard Contractual Clauses approved by the European Commission (Art. 46 GDPR).
8. Retention
We retain personal information only for as long as necessary:
- Order & invoicing data – 7 years (Belgian accounting law);
- Customer account – until you delete it or it becomes inactive for 3 years;
- Marketing consents – until you withdraw consent or 3 years after last interaction;
- Support tickets & chat logs – 2 years.
We may keep data longer if required to establish, exercise or defend legal claims.
9. Your rights
Under GDPR you may:
- Access the personal data we hold about you;
- Rectify inaccurate or incomplete data;
- Erase data ("right to be forgotten");
- Restrict or object to processing in certain cases;
- Port data to another provider;
- Withdraw consent at any time (for marketing emails or other consent‑based processing).
To exercise any right, email privacy@tuumarunning.net. We will respond within one month. You also have the right to lodge a complaint with the Belgian Data Protection Authority (www.autoriteprotectiondonnees.be).
10. Children
Our Services are not directed to children under 13. We do not knowingly collect data from minors. If you believe we have done so, please contact us and we will delete it.
11. Contact
Questions or requests? Reach us at:
- Email: privacy@tuumarunning.net
- Post: Tuuma Running SRL, Chaussée de la Hulpe 26, 1000 Brussels, Belgium
We are committed to safeguarding your privacy and will update this notice as our Services and legal obligations evolve.