Privacy Policy

At we constantly strive to be at our best in serving you. In some cases it is absolutely crucial that you provide us of your personal information. We would love to involve you in that process as much as possible and inform you as best as possible conform the new European privacy Law better known as GDPR which will come into effect on the 25 of May 2018. At the end of the day we’re talking about your privacy, which in our eyes should never be a obscure subject.

Who we are

The contact person and the person responsible for the processing of your personal data within the context of the data protection laws is :
Giok –
Located at :
Kogelerbos 16 
7543 GT Enschede 
Chamber of Commerce number: 61621811
VAT number: NL002496201B46
E-mail :

Our website address is:

What personal data we collect and why we collect it

We will collect personal data from users and site visitor. This may include personal data, such as name, email address, personal account preferences; transactional data, such as purchase information; and technical data, such as information about cookies.

Twinkle So Bright is a very personal service provider. We collect data from our customers in order to continuously improve, and provide optimal service. For this purpose, we collect address data, and personal data such as clothing size and style preferences, as well as other similar information. We acknowledge that this data is sensitive and requires special protection. Therefore, we take every required effort necessary for the protection of this data.

In order to benefit from all the services offered by Twinkle So Bright, the user has to log in and provide the mentioned data. This data is required to use the products and services of Twinkle So Bright, such as when ordering a item. It is also used to respond to enquiries, questions and complaints about our service. We process your data for the placing and managing of your order, inclusive of any potential warranty, for technical administration and for our own marketing purposes, as well as for selecting fitting outfits in your future orders. Legal basis is GDPR.

Personal data is not just created by a user’s interactions with our site. Personal data is also generated from technical processes such as contact forms, comments, cookies, analytics, and third party embeds.


When visitors leave comments on the site we collect the data shown in the comments form, and also the visitor’s IP address and browser user agent string to help spam detection.

An anonymized string created from your email address (also called a hash) may be provided to the Gravatar service to see if you are using it. The Gravatar service privacy policy is available here: After approval of your comment, your profile picture is visible to the public in the context of your comment.


If you upload images to the website, you should avoid uploading images with embedded location data (EXIF GPS) included. Visitors to the website can download and extract any location data from images on the website.

IP addresses will be deleted or made anonymous after seven days at the latest.

Data of logged in users or user accounts are used to store information for future orders for personal shopping service. As a company providing a personal service, we also learn from previous orders in order to be able to send you suitable outfits for you and your style in the future. If you have a user account with Twinkle So Bright, your data will therefore only be deleted when you approach us with the request for deletion.


If you leave a comment on our site you may opt-in to saving your name, email address and website in cookies. These are for your convenience so that you do not have to fill in your details again when you leave another comment. These cookies will last for one year.

If you have an account and you log in to this site, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser.

When you log in, we will also set up several cookies to save your login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If you select “Remember Me”, your login will persist for two weeks. If you log out of your account, the login cookies will be removed.

If you edit or publish an article, an additional cookie will be saved in your browser. This cookie includes no personal data and simply indicates the post ID of the article you just edited. It expires after 1 day.

Embedded content from other websites

Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.

These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracking your interaction with the embedded content if you have an account and are logged in to that website.

Who we share your data with

The data collected by us will only be passed on if this is necessary for the purpose of contract processing or if there is another legal basis for passing on data. Part of the data processing can be carried out by our service providers. In addition to the service providers mentioned in this privacy policy, this may include data centers that store our website and databases, IT service providers that maintain our systems, and consulting firms. If we pass on data to service providers, they may use the data exclusively for the fulfilment of their tasks. The service providers have been carefully selected and commissioned by us. They are contractually bound by our instructions, have appropriate technical and organisational measures in place to protect the rights of the persons concerned and are regularly monitored by us.

In addition, data may be disclosed in connection with official inquiries, court orders and legal proceedings if this is necessary for legal prosecution or enforcement.

How long we retain your data

If you leave a comment, the comment and its metadata are retained indefinitely. This is so we can recognize and approve any follow-up comments automatically instead of holding them in a moderation queue.

For users that register on our website (if any), we also store the personal information they provide in their user profile. All users can see, edit, or delete their personal information at any time (except they cannot change their username). Website administrators can also see and edit that information.

What rights you have over your data

If you have an account on this site, or have left comments, you can request to receive an exported file of the personal data we hold about you, including any data you have provided to us. You can also request that we erase any personal data we hold about you. This does not include any data we are obliged to keep for administrative, legal, or security purposes.

Where we send your data

Visitor comments may be checked through an automated spam detection service.

How we protect your data

Our site offer
SSL offers our website the best possible security of all ways of accessing your data. Click on the lock/certificate to view the validity of the secure connection.

This is how you can be sure that your data is safe with us:

  • By the lock symbol in the search bar of your browser.
  • By the “s” (stands for Secure) at the start of the URL (Web address) in “https: //”.

SSL offers a triple security:

  • Your data will be transferred encrypted.
  • The form can only be returned to the server from which it is opened.
  • Checks are carried out to ensure that the data reaches the recipient completely and unchanged.

This makes your data secure and not accessible to outsiders.

What third parties we receive data from

At we work with partners to process all orders properly, below an overview of our partners and what they do:

  •          Google Analytics – Data traffic monitor system and data analysis tool.
  •          Google Adwords – Online advertisements based on surfing behavior & interest.
  • , DHL, TNT – Parcel service for sending the orders placed.

Industry regulatory disclosure requirements

Processing agreements have been concluded with all these services in accordance with GDPR. This means that clear agreements have been made between and our partners. This means, among other things, that it is legally signed that it is forbidden to sell or leak your information.

Who is who in the GDPR?
The person to whom the data relates to is referred to in the GDPR as the “data subject”.A person can be anyone, such as a patient, a client, a student, an employee or a volunteer.

The person who determines the purpose of and the means for the use of personal data is referred to in the GDPR as the ‘responsible party’.These are ultimately the directors as the chairman of a Board or Board of Directors.

Obviously, data processing is outsourced to an external organization in many organizations. Think, for example, of a service provider who arranges your payroll administration. For this the service provider uses data that can be returned to persons. The GDPR calls the service provider the ‘processor’ in this context.