Privacy policy

Last updated: 28 May 2026

At Q Drinks we believe in being straight with you — about what goes into our capsules and about what happens with your data. We don't hide behind fine print or vague promises. This Privacy Policy explains exactly what personal data we collect, why we need it, and how we protect it. No more, no less.

This Privacy Policy forms part of Q Drinks' Terms and Conditions. If there is any inconsistency between both documents regarding the processing of personal data, this Privacy Policy shall prevail.

Who we are

Q-DRINKS Group B.V. ("Q Drinks") is the controller for the processing of personal data described here.

Company details:

• Q-DRINKS Group B.V. (Q Drinks)
• Veldoven 11-1, 6826 TS Arnhem, The Netherlands
• Chamber of Commerce (KvK): 82995346
• Email: info@q-drinks.com

What data we process

We may process the following personal data:

• Name and address details
• Email address
• Payment details (processed via payment providers)
• IP address
• Order history
• Preferences and subscriptions
• Customer service communications (including contact form submissions)
• Waitlist and back-in-stock notification sign-ups
• Shopping cart contents and browsing behaviour on our website
• Cookie identifiers and behavioural analytics data (see 'Cookies' section)

Why we process your data

We process personal data for the following purposes:

• Processing and delivery of orders (including subscriptions)
• Customer service and account management
• Handling contact form submissions
• Invoicing and administration
• Marketing and newsletters (with consent or soft opt-in for existing customers)
• Sending back-in-stock and waitlist notifications
• Recovering abandoned shopping carts and sending purchase reminders
• Improving our services, website usability and security
• Analysing website behaviour and performance via analytics tools
• Compliance with legal obligations (such as tax retention)

Legal bases (GDPR)

We rely on the following legal bases:

• Performance of a contract — processing orders, delivery and subscriptions
• Consent — newsletters, marketing/analytics cookies and waitlist notifications
• Legitimate interest — recovering abandoned shopping carts, improving services, usability, security and communications. Where we rely on legitimate interest, we have assessed that our interest does not override the rights and freedoms of the data subject.
• Legal obligation — tax and administrative retention requirements

Retention periods

We retain personal data only as long as necessary:

• Inactive accounts: up to 2 years after last activity
• Orders in progress: up to 90 days
• Failed orders: up to 30 days
• Cancelled orders: up to 1 year
• Completed orders: 7 years (tax retention)
• Abandoned shopping cart data: up to 15 days after cart abandonment
• Newsletter data: up to 6 months after unsubscribe
• Waitlist sign-ups: until the notification is sent or consent is withdrawn
• Contact form submissions: up to 1 year after last contact
• Customer data without an order: up to 2 years after last contact

Sharing with third parties (processors)

We share data only where necessary for:

1. Performing the contract (delivery partners, payment providers, IT vendors)
2. Complying with legal obligations
3. Providing and improving our services

We conclude data processing agreements with processors where required. Our processors include providers of the following services:

• Payment processing
• Email marketing and transactional email delivery
• Website analytics and behavioural analysis
• Review and reputation management
• Website security and performance
• Shopping cart recovery and conversion optimisation
• AI-assisted tooling and automation (Anthropic) to operate and improve our webshop and marketing tasks
• Subscription management and recurring payments (Juo)

Payment processing

We use a third-party payment service provider based in the Netherlands to process payment data (such as card details or bank information) on our behalf. This provider operates under GDPR.

Email marketing and communications

We use third-party services for email marketing, newsletters, and transactional emails. When you subscribe, your email address and name may be shared with these providers. Where a provider is based outside the EEA, data transfers are safeguarded by EU Standard Contractual Clauses or equivalent legal safeguards.

Fonts in our emails: for a consistent brand identity, our emails use the Jost typeface, served by Google Fonts (Google LLC, United States). When you open one of our emails, your IP address may be sent temporarily to Google to load the font. This transfer is covered by the EU-US Data Privacy Framework, of which Google is a certified participant. Our legal basis: legitimate interest (consistent brand identity) — GDPR art. 6(1)(f).

Shopping cart recovery

We use tools to monitor shopping cart activity on our website. If you add items to your cart and do not complete your purchase, we may send you reminder emails to help you complete your order. This processing is based on our legitimate interest in reducing abandoned transactions and improving customer experience. You can opt out of these reminders at any time by using the unsubscribe link in the email or by contacting us.

Website analytics and behavioural analysis

We use analytics services to understand how visitors use our website. These services may process anonymised IP addresses, device and browser information, and interaction data (such as clicks, scrolling and navigation). Sensitive data fields such as forms and passwords are automatically masked. Analytics cookies are only placed after you provide consent via our cookie banner.

Review and reputation management

We share limited data with a review platform (only with cookie consent) to invite customers to write reviews and to verify reviews.

Website security and performance

We use services for website security, performance and uptime monitoring. These services may process IP addresses and basic visitor data. Where a provider is based outside the EEA, data transfers are safeguarded by EU Standard Contractual Clauses or equivalent legal safeguards.

Transfers outside the EEA

Some of our service providers operate outside the European Economic Area. Where this is the case, we ensure appropriate safeguards such as EU Standard Contractual Clauses or equivalent legal safeguards are in place. For US-based providers we rely where applicable on the EU-US Data Privacy Framework.

Cookies and similar technologies

We use functional, analytics and marketing cookies. On your first visit, we inform you via a cookie banner and request consent where required.

We may use cookies and similar technologies for purposes including:

• Website analytics and performance measurement
• Social media integration and advertising
• Behavioural analysis (such as heatmaps and session recordings)
• Review platform integration

These services only place cookies after you have given consent via the cookie banner. You can update your cookie preferences at any time via the cookie settings.

Contact forms

We use a contact form on our website to handle enquiries. The data you provide (such as your name, email address and message) is sent to us via email and may be stored for the purpose of responding to your enquiry.

Your rights

Under the GDPR you have the right to:

• Access your personal data
• Rectify incorrect data
• Request erasure of your data
• Object to processing
• Restrict processing
• Data portability
• Withdraw consent at any time

You may submit a request via info@q-drinks.com. You also have the right to lodge a complaint with your local data protection authority.

Security

We take appropriate technical and organisational measures to protect personal data against loss, misuse or unlawful processing.

Contact

For privacy questions, please contact info@q-drinks.com.

© 2026 — Q-DRINKS Group B.V. — Q Drinks