Privacy Policy
Midoricha sells ceremonial matcha through midoricha.com. To process your order, we handle personal data. In this privacy policy you can read which data we process, what we use it for, who we share it with and which rights you have. We treat your data with care and comply with the General Data Protection Regulation (GDPR).
Last updated: 3 July 2026
Who is responsible for your data
The controller for the processing of your personal data is:
- Company: Midoricha Netherlands, trading as Midoricha
- Registered address: Tijnmuiden 25, 1046 AK Amsterdam
- Chamber of Commerce (KvK) number: 89382951
- VAT number: NL864963646B01
- Email: shop@midoricha.com
Do you have questions about this privacy policy or about your data? Email us at support@midoricha.com.
Which data we process
We only process the data we need to run our webshop and handle your order. This includes:
- your name and address details;
- your email address;
- your phone number, if you provide it (optional);
- your order and payment details, such as your order history, your chosen payment method and the details of your Subscribe & Save subscription;
- your customer account details, if you create an account;
- technical data that is processed automatically when you visit the webshop, such as your IP address and browser and device data (through the necessary cookies, see our cookie policy).
We do not store full payment details ourselves, such as credit card numbers. Payment takes place in the secure environment of Shopify Payments and the provider of your chosen payment method.
What we use your data for
We only use your data for the purposes below. Each purpose lists the legal basis under the GDPR.
- Processing your order. We process your data to accept, process and deliver your order or subscription. Legal basis: performance of the contract (Article 6(1)(b) GDPR).
- Shipping. We pass on your name, address and email address to the carrier so your parcel can be delivered and you automatically receive Track & Trace updates. If you have provided a phone number, the carrier may use it for delivery updates. Legal basis: performance of the contract.
- Payment. We process your payment details to handle your payment through Shopify Payments. Legal basis: performance of the contract.
- Customer service. If you contact us, we use your data to answer your question. Legal basis: performance of the contract or steps taken at your request before entering into a contract (Article 6(1)(b) GDPR), and our legitimate interest in helping you properly (Article 6(1)(f) GDPR).
- Security and fraud prevention. We process technical data to secure the webshop, your account and the checkout and to prevent misuse. Legal basis: our legitimate interest in a secure webshop (Article 6(1)(f) GDPR).
- Legal records. We keep invoice and payment data for our statutory tax record-keeping obligation. Legal basis: legal obligation (Article 6(1)(c) GDPR).
- Newsletter. Only if you sign up for it, we send you our email newsletter. Legal basis: your consent (Article 6(1)(a) GDPR). You can withdraw that consent at any time via the unsubscribe link at the bottom of every email.
We never sell your personal data to third parties. Nor do we ourselves use automated decision-making that affects you.
Who we share your data with
We only share your data with parties we need to run our webshop and deliver your order:
- Shopify: the platform our webshop runs on, including hosting and customer accounts;
- payment providers: your payment is handled through Shopify Payments and the provider of your chosen payment method, such as iDEAL, Bancontact, credit card, Apple Pay, Google Pay, Klarna or Shop Pay. If you choose to pay later with Klarna, Klarna processes your data as an independent controller, including for a creditworthiness assessment; see Klarna's privacy policy for details;
- DHL eCommerce: the carrier that delivers your order and sends you Track & Trace updates;
- our accounting: for processing invoices and the statutory records.
Payment providers and the carrier process part of your data as independent controllers, in accordance with their own privacy statements. If you choose to pay later with Klarna, for example, the checkout shares the necessary data with Klarna and Klarna itself decides whether you can use that payment method.
With parties that process your data solely on our behalf, we conclude a data processing agreement. It requires them to use your data only for the agreed purpose and to protect it properly.
Transfers outside the EEA
Shopify is an international company. As a result, your data may be processed outside the European Economic Area (EEA), for example in the United States. Appropriate safeguards apply to those transfers: the EU Standard Contractual Clauses and the EU-US Data Privacy Framework. This keeps your privacy protected at the level of the GDPR outside the EEA as well.
How long we keep your data
We do not keep your data longer than necessary:
- Tax records: we keep invoice and payment data for 7 years, because the law requires this.
- Customer account: we keep your account details for as long as your account exists. If you delete your account, we delete your data, except for the data we are legally required to keep.
- Order data without an account: if you order without an account, we keep your order data for up to 2 years after your order has been completed, except for the data covered by the 7-year tax retention obligation.
- Customer service: we keep emails and other correspondence for up to 2 years after your question or complaint has been handled.
- Newsletter: we keep your email address until you unsubscribe.
Cookies
Our webshop only uses functional and necessary cookies. You can read which ones these are and how to delete them through your browser in our cookie policy.
How we protect your data
We take appropriate technical and organisational measures to protect your data against loss and unauthorised access. Our webshop runs on Shopify's secure platform. The connection to midoricha.com is encrypted with SSL, recognisable by the padlock in your browser, and payments take place in the secure environment of Shopify Payments. Only people who need access for their work can access your data.
Your rights
Under the GDPR you have the following rights:
- Access: you may request which data we hold about you;
- Rectification: you may have incorrect data corrected;
- Erasure: you may ask us to delete your data;
- Restriction: you may ask us to temporarily restrict the processing of your data;
- Data portability: you may receive your data in a common, machine-readable format, for example to take it to another party;
- Objection: you may object to the processing of your data;
- Withdrawing consent: if you have given consent, for example for the newsletter, you can withdraw it at any time. This does not affect the processing that took place before.
Do you want to exercise one of these rights? Email support@midoricha.com. We will respond within one month at the latest. If your request is complex or we receive many requests at the same time, we may extend this period by two months. We will let you know within one month if that is the case. To make sure the request really comes from you, we may ask you to confirm your identity.
If you disagree with how we handle your data, we would like to resolve that together with you first. In addition, you always have the right to file a complaint with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens) via autoriteitpersoonsgegevens.nl.
Changes to this privacy policy
We may amend this privacy policy, for example if our webshop, our service providers or the law changes. The current version is always available on this page, with the date of the latest change at the top. For important changes we will also inform you where possible, for example by email if you have an account or subscription.
Contact
Do you still have questions about your personal data after reading this privacy policy? Contact us at support@midoricha.com. We will respond as soon as possible.
This document is a translation of the Dutch version. In the event of any discrepancies, the Dutch version prevails.