Processing Register

Last update: 04.12.2025

This processing register has been prepared by Bianlos in the context of its obligations under Article 30 of the General Data Protection Regulation (GDPR). The document provides an overview of all processing of personal data carried out by Bianlos as a data controller.

The purpose of this register is to provide insight into:

• which personal data are processed;
• from whom these personal data are processed;
• for what purpose the processing is carried out;
• which parties have access to or are involved in the processing;
• how long the data are kept;
• what technical and organizational measures have been taken to secure the data;
• Whether and how data is transferred outside the European Economic Area (EEA).

This register serves as an internal management tool for Bianlos and may be provided to the Personal Data Authority or another competent supervisory authority upon request.

Bianlos keeps this register up to date and supplements it when new processing operations are started, existing processing operations are changed or terminated.

Name and contact details of controller

• Name: Bianlos
• Address: Ferrandweg 8a, 2523 XT, The Hague, The Netherlands
• E-mail address: info@bianlos.com
• Website: www.bianlos.com

Data Protection Officer (FG)

Daniel Losos, owner Bianlos.

Purposes of data processing.

• Performance of agreements with customers (orders and delivery of products).
• Administration and accounting.
• Sending of newsletters (after registration).
• Use of contact forms, chat function and review system.
• Hosting and technical operation of the website.
• Management of customer data in cloud storage.
• Compliance with legal obligations (e.g., tax retention obligations).

Categories of data subjects.

• Customers of Bianlos (consumers and businesses).
• Website visitors.
• Newsletter subscribers.
• Persons who post a review.
• Persons who contact us by phone, email or chat.

Categories of personal data.

• Name, address and place of residence (NAW data).
• E-mail address and phone number.
• Order and payment information.
• Content of messages via contact form/chat.
• IP address and browser data (via cookies).

Retention periods

• Customer and order data: 7 years (legal retention obligation).
• Newsletter data: until unsubscription.
• Contact details via forms/chat: as long as necessary for handling questions/complaints.
• Cookies: in accordance with cookie declaration on the website.

Recipients of personal data

• Transport company for delivery of orders: DPD, DHL, InPost and UPS.
• Online payment provider: iDeal, Klarna and PayPal.
• Hosting party: [insert name].
• Accounting firm: [insert name].
• Supplier of accounting and administration software: [insert name].
• Supplier of newsletter software: [insert name].
• Supplier of chat module: [insert name].
• Supplier of review software: [insert name].
• Supplier of cloud storage: Microsoft.

Recipients outside the EU / EEA.

Any external service provider outside the EEA:

• Nature of service: (e.g. cloud storage or newsletter software).
• Name and location: [insert].

Technical and organizational security measures.

• Access management with unique accounts and password protection.
• Two-factor authentication.
• Encryption of data.
• Secure storage of data.
• Antivirus software.
• Restrictions on access to personal data (authorized personnel only).
• Processor agreements with all external service providers.