priivacy policy
Last updated: August 2025.
DIBA Foods (“DIBA Foods”, “DIBA”, “we” or “us”) is committed to protecting your privacy and handling your personal data in accordance with applicable data protection laws including the EU GDPR and the UK GDPR. This Privacy Policy explains what personal data we collect, why we collect it, how we use it, and your rights.
1. Controller
DIBA Foods is the data controller for personal data collected via this website and in relation to sales unless otherwise specified.
Contact: info@dibafoods.nl
2. Personal data we collect
We collect personal data you give us directly and data collected automatically:
Data you provide: name, company name, billing and delivery address, email, telephone number, purchase history, order details, invoicing details, customs information for shipments, correspondence and product enquiries, VAT or tax identifiers where required.
Payment data: payment card or bank details are processed by our third party payment providers. We do not store full card details on our servers unless otherwise agreed and encrypted.
Communications: any messages, queries, feedback or Contributions you send to us.
Website and technical data: IP address, device and browser information, pages visited, referrer, cookies and analytics data used to operate and improve the website.
3. Legal bases for processing
We process personal data only where we have a lawful basis, commonly including:
Contract performance: to fulfil orders, deliveries and invoicing;
Legal compliance: to comply with tax, customs, food safety and regulatory obligations;
Legitimate interests: for fraud prevention, security, site administration and improvement of services;
Consent: where we ask for consent for marketing or cookies; and
Legal claims: to establish, exercise or defend legal claims.
If you are an EU or UK data subject, you may request information about the lawful basis used for processing your personal data. More on your rights appears below. For controllers/processors guidance see the EDPB and ICO resources.
4. How we use personal data
We will use personal data to:
process and fulfil orders and related customer service;
communicate about orders, deliveries, delays and recalls;
manage accounts and billing;
comply with legal obligations related to food safety, export controls, taxation and customs;
detect and prevent fraud and misuse;
run and improve our website and services (analytics and research);
send marketing where you consent or where permitted by law (you may opt out).
5. Sharing personal data
We share personal data only with:
service providers who perform services for us (payment processors, freight forwarders, fraud prevention, cloud hosting and email providers);
law enforcement, courts and regulators where required by law;
other companies for the purpose of a corporate sale, merger or reorganisation (subject to confidentiality).
We have contracts or data processing agreements with our processors where required by law.
6. International transfers
Where personal data is transferred outside the EEA/UK to countries that do not provide an adequate level of protection, we use appropriate safeguards (e.g., Standard Contractual Clauses, adequacy decisions, or other lawful transfer mechanisms). Please contact us for details of specific transfers. See GDPR Art 32 and related guidance on security and transfers.
7. Retention
We retain personal data only as long as necessary to fulfil the purpose for which it was collected, comply with legal obligations (e.g., tax, accounting, food safety traceability) and to resolve disputes. Typical retention periods: order & billing data (7 years or as required by local laws), marketing consent until withdrawn, website analytics for a limited period (e.g., 13 months) unless aggregated.
8. Security
We apply appropriate technical and organisational measures to protect personal data, including encryption, access controls and regular security testing. However no method of transmission over the internet is completely secure and we cannot guarantee absolute security. For requirements on security measures see GDPR Art 32.
9. Cookies and tracking
We use cookies and similar technologies to operate the website, to remember preferences, and for analytics and advertising where consent is obtained. You can control cookies via your browser and our cookie banner/settings.
10. Marketing and consent
We only send direct marketing where you have consented or where permitted by local laws for existing customers. You can opt out at any time by clicking unsubscribe in marketing emails or by contacting us at info@dibafoods.nl.
11. Your rights
Subject to applicable law you have the right to: access personal data; rectify inaccurate data; request erasure; restrict or object to processing; data portability; withdraw consent; and lodge a complaint with a supervisory authority. For EU/EEA residents this includes the right to lodge a complaint with your national data protection authority. For UK residents contact the ICO. Guidance on rights and enforcement is available from relevant regulators.
12. Minors
Our services are not directed at children under 16. If you are under 16 please do not provide personal data without parental consent. Where local law requires a different age, that will apply.
13. Breach notification
If we become aware of a personal data breach that creates a risk to your rights we will notify the appropriate supervisory authority and affected individuals where required by law within required timeframes.
14. Third party websites
This policy does not cover third party websites linked from our site. We encourage you to read third party privacy policies.
15. Changes to this policy
We may change this Privacy Policy to reflect changes in law, technology or services. We will publish the revised policy and indicate the date it was last updated.
16. Contact and complaints
Controller: DIBA Foods
Email: info@dibafoods.nl.
Address: Delistraat 38f, 1094 CX Amsterdam, Netherlands
If you are unhappy with our handling of your data, please contact us. You also have the right to lodge a complaint with your local supervisory authority, for example the ICO in the UK or an EU national authority.