Privacy Policy

At Costa Card, we value the protection of the privacy of everyone who uses our services. In this privacy policy, we outline how we handle personal data and protect your privacy.


Contact Information:



Address: Rietschoot 48, Oostzaan, Netherlands

Postal Code: 1511 WK



Processing of Personal Data


We only process personal data to the extent necessary to fulfill our duties. The following personal data is processed:


  • Email address,
  • First name,
  • Middle name,
  • Last name,
  • Address details,
  • Date of birth,
  • Place of birth,
  • Gender,
  • Phone number,
  • Customer number,
  • Order history,
  • Bank details,
  • Other relevant personal data.

We only use personal data for the following purposes:


  • To maintain contact with you,
  • Execution of the agreement with you,
  • Sending newsletters,
  • Informing you about new developments, including offers,
  • To comply with our administrative obligations,
  • To combat fraud.
  • Special and/or sensitive personal data


We only process personal data of persons under the age of 16 if we have permission from the person with parental authority. By offering personal data for processing to us, you declare to be at least 16 years old or to have obtained consent from parents or other persons with parental authority for processing. If we find that a person in our records is younger than 16 years old and processing has not been consented to by a person with parental authority, we will delete the personal data.


If you suspect that we are processing personal data of a person under 16 without the consent of the authorized person, please contact us at so that we can delete the relevant data.


Retention period of personal data


To minimize the risk of losing personal data, we only retain personal data for one year. We do this for your convenience. By retaining your personal data for one year, you do not need to provide us with your personal data every time. If you agree to our privacy policy again within the year in which we retain your personal data, we can retain your data for another year from that moment. We may retain your personal data longer only to comply with our legal obligations.


Security of personal data


We value your personal data and have therefore taken the following measures to prevent misuse, loss, unauthorized access, unwanted disclosure, and unauthorized modification:


  • The connection to the website ( is established through a secure connection.
  • The computers on which personal data is processed and stored always have the latest security updates from Windows or Apple.
  • The computers on which personal data is processed and stored are equipped with an adequate antivirus scanner.
  • The group of employees who have access to personal data is kept to a minimum.
  • All employees who have access to personal data are bound by a confidentiality agreement aimed at protecting the personal data.

We have entered into data processing agreements with all external parties who have access to personal data, under which these third parties have committed to confidentiality and to processing the personal data only on behalf of Costa Card.

If you still suspect that your data is not properly secured or if you have evidence of misuse of your data, please let us know via


Sharing personal data with third parties


We do not sell personal data to third parties and only provide it to others if necessary for the execution of our agreement with you or to comply with a legal obligation. We enter into data processing agreements with companies that process your data on our behalf to ensure that our partners maintain the same level of security and confidentiality of personal data.


Cookies on


To optimize our website, we use services from third parties, but even then, we consider your privacy. The cookies on our website do not compromise your privacy. A cookie is a small text file that is stored on your computer, tablet, or smartphone when you first visit our website. The cookies ensure that the website functions properly and that preference settings are retained. We, and any third parties we may engage, do not process your IP address in a manner that is traceable to you. Cookies can be deleted via your browser settings. Additionally, it is possible to configure your browser to no longer store cookies.


Rights of individuals whose personal data we process


Your data belongs to you. You always have the option to view which data we process about you, have the data corrected or deleted, withdraw your consent for data processing, or object to the processing of your data by us. If you wish, we can send your data to you or to an organization designated by you in a computer file.


A request for access, correction, deletion, transfer of personal data, withdrawal of consent given, or objection to the processing of the data can be sent to


To ensure that the request for access is made by you, we ask you to include a copy of your identity document with the request. In this copy, please black out the photo, MRZ (machine-readable zone, the strip with numbers at the bottom of the passport), passport number, and Citizen Service Number (BSN) so that this data cannot be intercepted by third parties. We will respond to a request within four weeks.


Automated decision-making


We do not use personal data for automated decision-making. This is self-evident, but we are obliged to mention it.


Complaints to the Dutch Data Protection Authority


For completeness, we would like to point out that there is a possibility to complain to the Dutch Data Protection Authority about the processing of your data. This can be done via the following link: [link to the Dutch Data Protection Authority’s complaint page]




Costa Card reserves the right to make changes to the Privacy Policy without further notice. These changes will take effect immediately upon being posted on the site. This Privacy Policy was last modified on 08-04-2024.


We hope this information has been sufficient for you.


Costa Card


This privacy policy has been drafted by Bleijerveld Legal Advice.