Privacy Policy

Last updated: 13 May 2026

This Privacy Policy explains how Stonemore BV (trading as Koroway) collects, uses, and protects your personal data when you visit koroway.com or place an order with us. We are committed to transparency: this policy is written to be read, not skimmed.

1. Who we are

The controller of your personal data is:

Stonemore BV, trading as Koroway
Graaf Jansdijk 9, 8300 Knokke-Heist, Belgium
VAT: BE0832.022.943 · KBO: 0832.022.943
Email: info@koroway.com

You can also reach us through the form on our Contact page.

2. What we collect

If you place an order or create an account

  • Name, billing and shipping addresses, phone number, and email address.
  • Order details (products, quantities, prices, payment method, order date).
  • Payment confirmation. We do not store full card details — these are handled by our payment processor.
  • Communication you send us (e.g. through the contact form).

If you subscribe to our email list

  • Your name and email address.
  • Your subscription preferences and engagement with our emails (opens, clicks).

If you simply visit our website

  • IP address, browser type, device type, operating system, and language.
  • Pages you view, time spent, and how you arrived (referrer).
  • Cookie identifiers (see our cookie section below).

3. Why we collect it and the legal basis

  • Processing and delivering your order — performance of a contract (Art. 6(1)(b) GDPR).
  • Customer service and warranty handling — performance of a contract / legitimate interest.
  • Sending marketing emails (only with your consent) — consent (Art. 6(1)(a)).
  • Site analytics and improvement — legitimate interest (Art. 6(1)(f)).
  • Fraud prevention and security — legitimate interest.
  • Tax and accounting records — legal obligation (Art. 6(1)(c)).

4. Who we share it with

We share your data only with the parties needed to deliver our service to you:

  • Shopify Inc. — our ecommerce platform, which hosts our shop and stores order and customer data.
  • Payment processors — Shopify Payments and other providers handle your payment securely. They receive only what is necessary to complete the transaction.
  • Shipping carriers and freight forwarders — your name, address, and phone are shared with the carrier handling your delivery.
  • Email service providers — if you've subscribed to our list, your email and name are shared with the service we use to send communications.
  • Analytics and advertising providers — pseudonymised usage data is shared with analytics services. We also use marketing pixels operated by Pinterest (Pinterest Europe Ltd), Meta (Meta Platforms Ireland Ltd), and X (X Corp) where you have given consent.
  • Belgian authorities — when required by law, such as for tax records or a court order.

5. International transfers

Some of our service providers (e.g. Shopify, X Corp) are based outside the EEA. When personal data is transferred outside the EEA, we ensure appropriate safeguards are in place — typically the European Commission's Standard Contractual Clauses or, where applicable, the EU–US Data Privacy Framework.

6. How long we keep it

  • Customer and order records: 10 years after the last transaction (Belgian commercial and tax law).
  • Email subscription data: until you unsubscribe, plus a short retention period for compliance proof.
  • Browsing and analytics data: typically up to 26 months, in aggregate or pseudonymised form.
  • Communications: as long as needed to address your enquiry, then archived for reference.

7. Cookies and tracking

We use a small number of cookies and similar technologies:

  • Essential cookies — required for the cart, checkout, and account session. These do not need consent.
  • Analytics cookies — to understand which pages and products people visit. Used only with your consent.
  • Marketing pixels — the Pinterest Tag, Meta Pixel, and X Pixel for retargeting and audience building. Used only with your consent.

You can change your cookie preferences at any time via the cookie banner on our site, or through your browser settings.

8. Your rights

Under the GDPR, you have the right to:

  • Access the personal data we hold about you.
  • Rectify data that is inaccurate or incomplete.
  • Erase your data, where there is no compelling reason for us to keep it.
  • Restrict how we use your data.
  • Object to certain uses, including direct marketing.
  • Data portability — receive your data in a structured, commonly used format.
  • Withdraw consent at any time, where consent is the basis for processing.

To exercise any of these rights, contact us at info@koroway.com or via the form on our Contact page. We aim to respond within 30 days.

You also have the right to lodge a complaint with the Belgian data protection authority:

Gegevensbeschermingsautoriteit / Autorité de protection des données
Drukpersstraat 35, 1000 Brussels
+32 (0)2 274 48 00 · gegevensbeschermingsautoriteit.be

9. Security

We use industry-standard technical and organisational measures to protect your data: SSL encryption, PCI-DSS compliant payment processing, access controls, and regular security updates through our hosting platform.

10. Children

Our website and products are not directed at children under 16. We do not knowingly collect personal data from children.

11. Changes to this policy

We may update this policy from time to time. The “last updated” date at the top of this page will reflect any change. For substantial changes, we will notify subscribers by email.

12. Contact

For any privacy-related question, write to info@koroway.com or use the form on our Contact page.