PRIVACY POLICY · AMSTERDAM
Privacy Policy
This Privacy Notice for The Mate Company B.V., doing business as We Mate ("we", "us", "our"), describes how and why we may access, collect, store, use, and share ("process") your personal information when you use our services ("Services"), including when you:
- Visit our website at https://wematedrink.com, or any website of ours that links to this Privacy Notice
- Engage with us in other related ways, including any marketing or events
Questions or concerns? Reading this Privacy Notice will help you understand your privacy rights and choices. We are responsible for making decisions about how your personal information is processed. If you do not agree with our policies and practices, please do not use our Services. If you have any questions or concerns, contact us at info@wematedrink.com.
Summary of key points
This summary provides the headline points of our Privacy Notice. You can find more detail in the full sections below.
- What personal information do we process? We process information you give us directly (name, email, address, account credentials, payment information) and information collected automatically when you visit our Website (IP address, device, browser, usage data).
- Do we process sensitive personal information? No. We do not process special-category data such as racial origin, religious beliefs, health data, or sexual orientation.
- Do we receive information from third parties? Yes, in limited cases — primarily from Google when you use Google sign-in, and from Stripe when you make a payment.
- How do we use your information? To provide our Services, fulfil your orders, communicate with you, prevent fraud, comply with legal obligations, and (where you have consented) send you marketing.
- Who do we share information with? With service providers we rely on to operate the Services (Stripe, Supabase, Netlify, Resend, Google Analytics) and where required by law. We do not sell your personal information.
- How do we keep your information safe? Through reasonable technical and organisational measures, while acknowledging that no system is completely secure.
- What are your rights? Depending on your location, you may have rights to access, correct, delete, restrict, or port your information; to object to certain processing; and to withdraw consent. To exercise any of these rights, email info@wematedrink.com.
Table of contents
- What information do we collect?
- How do we process your information?
- What legal bases do we rely on?
- When and with whom do we share your information?
- Do we use cookies and tracking technologies?
- How do we handle social logins?
- How long do we keep your information?
- How do we keep your information safe?
- What are your privacy rights?
- Controls for do-not-track features
- Do we make updates to this notice?
- How can you contact us?
- How can you review, update, or delete your data?
1. What information do we collect?
Personal information you provide to us
We collect personal information that you voluntarily provide when you register on the Services, place an order, sign up to our Founding 500 waitlist, or otherwise contact us. This may include:
- Names
- Email addresses
- Phone numbers
- Mailing addresses
- Billing addresses
- Usernames
- Passwords
- Contact preferences
We do not process sensitive personal information.
Payment data. We collect data necessary to process your payment when you make a purchase. All card data is handled and stored by Stripe. We do not store full card numbers on our servers. You can view Stripe's privacy notice at https://stripe.com/privacy.
Social login data. If you choose to register or log in using your Google account, we receive certain profile information about you from Google (such as name, email, and profile picture). What we receive depends on your privacy settings on that platform. See section 6 for more.
All personal information you provide must be true, complete, and accurate, and you must notify us of any changes.
Information collected automatically
We automatically collect certain information when you visit our Services. This information does not directly reveal your identity but may include:
- Log and usage data. IP address, browser type and version, operating system, language, referring URLs, pages viewed, time spent on pages, and other diagnostic information.
- Device data. Device type, hardware model, operating system, identifiers, and configuration information.
- Location data. Approximate location based on your IP address (typically country and city level). We do not collect precise GPS location.
We collect this information through our analytics provider (Google Analytics 4) and through standard server logs. See our Cookie Policy for full detail on the cookies and tracking technologies we use.
Information from third parties
We may receive information about you from:
- Google — when you sign in with your Google account.
- Stripe — when you make a payment, we receive transaction-related information.
- Public sources and marketing partners — in limited cases, for fraud prevention or to verify business contacts (e.g. HORECA enquiries).
Google API services
Our use of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.
2. How do we process your information?
We process your personal information for several reasons, including to:
- Create and manage your account so you can sign in, place orders, and access your purchase history.
- Fulfil and manage your orders, including processing payments, arranging shipping, handling returns, and sending you order updates.
- Send administrative information, such as updates to our Terms, Privacy Notice, or product changes that affect you.
- Respond to your enquiries and provide support.
- Send marketing and promotional communications where you have given consent. You can opt out at any time.
- Identify usage trends to understand how our Services are used and improve them.
- Protect our Services, including fraud monitoring, prevention of abuse, and security.
- Comply with legal obligations, such as tax, accounting, and regulatory requirements.
- Save or protect a vital interest, such as preventing harm.
We process your information only when we have a valid legal reason to do so (see section 3).
3. What legal bases do we rely on?
Under the EU GDPR and the UK GDPR, we process your personal information based on the following legal bases:
- Consent. Where you have given us clear consent for a specific purpose (e.g. subscribing to our marketing newsletter, accepting non-essential cookies). You can withdraw consent at any time.
- Performance of a contract. When processing is necessary to fulfil our contract with you — for example, to deliver your order or manage your account.
- Legitimate interests. When we have a legitimate business interest that does not override your rights — for example, analysing how the Website is used to improve it, preventing fraud, or sending limited marketing communications about products similar to those you have already purchased.
- Legal obligation. When we are required by law to process your information — for example, retaining transaction records for tax purposes.
- Vital interests. In rare cases where processing is necessary to protect someone's life or physical safety.
4. When and with whom do we share your information?
We share your personal information only with trusted third-party service providers who help us operate our Services. We have data processing agreements in place with these providers to ensure your information is handled in accordance with applicable law.
The third parties we share information with are:
- Stripe — payment processing. Privacy Policy
- Supabase — database, authentication, and account management. Privacy Policy
- Netlify — website hosting. Privacy Policy
- Resend — transactional and marketing email delivery. Privacy Policy
- Google — for Google Analytics (analytics) and Google OAuth (sign-in). Privacy Policy
- Cloudflare — bot protection and security (via Supabase). Privacy Policy
We may also share information in the following situations:
- Business transfers. In connection with any merger, sale of company assets, financing, or acquisition of all or part of our business.
- Legal obligations. Where required by law, court order, or to protect our rights and the rights of others.
We do not sell your personal information to third parties.
5. Do we use cookies and tracking technologies?
Yes. We use cookies and similar tracking technologies (such as web beacons and pixels) to operate the Website, maintain security, remember preferences, and understand how the Website is used. Detailed information on the cookies we use, the purposes for which we use them, and how you can control them is provided in our Cookie Policy.
To opt out of Google Analytics tracking across all websites, install the Google Analytics opt-out browser add-on.
6. How do we handle social logins?
Our Services offer you the ability to register and log in using your Google account. If you choose to do this, we receive certain profile information from Google: your name, email address, and profile picture.
We use this information only for the purposes described in this Privacy Notice. We do not control, and are not responsible for, the privacy practices of Google or any other social login provider. We recommend you review Google's privacy notice and adjust your privacy settings on your Google account.
7. How long do we keep your information?
We keep your personal information only for as long as necessary for the purposes set out in this Privacy Notice, unless a longer retention period is required or permitted by law (such as for tax, accounting, or legal compliance).
In practice:
- Active accounts. We retain your information for as long as you maintain an account with us.
- Order records. We retain transaction and order records for 84 months (7 years) after your account is closed, in line with Dutch tax and accounting requirements (Belastingdienst).
- Inactive accounts. Accounts that have been inactive for 36 months may be deleted or anonymised, subject to the retention periods above.
- Marketing data. We retain marketing preferences for as long as you maintain consent. If you unsubscribe, we keep a minimal record of the opt-out itself to ensure we honour your preference.
When we have no ongoing legitimate business need to process your personal information, we will either delete or anonymise it, or — if this is not possible (for example, because it has been stored in backup archives) — securely store it and isolate it from further processing until deletion is possible.
8. How do we keep your information safe?
We have implemented appropriate technical and organisational security measures designed to protect the security of any personal information we process. These include encrypted connections (HTTPS), encrypted storage, role-based access control, two-factor authentication on administrative accounts, and regular security reviews.
However, no electronic transmission over the internet or information storage technology can be guaranteed to be 100% secure. We cannot guarantee that hackers, cybercriminals, or other unauthorised third parties will not be able to defeat our security and improperly collect, access, steal, or modify your information. You should only access the Services within a secure environment.
9. What are your privacy rights?
If you are located in the European Economic Area (EEA), United Kingdom (UK), or Switzerland, you have the following rights under applicable data protection law:
- Right of access — to obtain a copy of the personal information we hold about you.
- Right to rectification — to correct inaccurate or incomplete information.
- Right to erasure — to request deletion of your personal information ("right to be forgotten"), subject to legal exceptions.
- Right to restrict processing — to limit how we use your information in certain circumstances.
- Right to data portability — to receive your information in a structured, commonly used, machine-readable format and to transmit it to another controller.
- Right to object — to object to processing based on legitimate interests, including profiling and direct marketing.
- Right not to be subject to automated decision-making — including profiling, where it produces legal or similarly significant effects on you.
- Right to withdraw consent — at any time, where we rely on consent as the legal basis.
To exercise any of these rights, contact us at info@wematedrink.com. We will respond within 30 days.
If you believe we are unlawfully processing your personal information, you also have the right to lodge a complaint with your local data protection authority. In the Netherlands, this is the Autoriteit Persoonsgegevens. A list of EU authorities is available at the European Data Protection Board.
Withdrawing consent. If we are relying on your consent to process your information, you can withdraw it at any time by contacting us. This will not affect the lawfulness of any processing carried out before your withdrawal.
Opting out of marketing. You can unsubscribe from our marketing communications at any time by clicking the unsubscribe link in any marketing email, or by contacting us directly. You will continue to receive transactional emails (e.g. order confirmations) as these are necessary for the performance of the contract.
10. Controls for do-not-track features
Most web browsers and some mobile operating systems include a Do-Not-Track ("DNT") feature you can activate to signal your privacy preference not to have data about your online browsing activities monitored and collected. No uniform technology standard for recognising and implementing DNT signals has been finalised, and we do not currently respond to DNT browser signals or any other automatic mechanism that communicates your choice not to be tracked. If a standard for online tracking is adopted that we must follow in the future, we will inform you about that practice in a revised version of this Privacy Notice.
11. Do we make updates to this notice?
Yes. We may update this Privacy Notice from time to time to stay compliant with relevant laws or to reflect changes in our practices. The updated version will be indicated by an updated "Last updated" date at the top of this notice. If we make material changes, we may notify you by email (sent from noreply@wematedrink.com) or by prominently posting a notice on our Website. We encourage you to review this Privacy Notice periodically.
12. How can you contact us?
If you have questions or comments about this notice, you can email us at info@wematedrink.com, or write to us at:
The Mate Company B.V.
12HS Egidiusstraat
Amsterdam, Noord-Holland 1055 GT
Netherlands
13. How can you review, update, or delete your data?
Based on the applicable laws of your country, you may have the right to request access to the personal information we collect from you, details about how we have processed it, correct inaccuracies, or delete your personal information. You may also have the right to withdraw your consent to our processing of your personal information. These rights may be limited in some circumstances by applicable law.
To request a review, update, or deletion of your personal information, email us at info@wematedrink.com and we will respond within 30 days.
The Mate Company B.V. · Amsterdam · 2026