EARLY BIRD·15% OFF WITH CODE
Legal

Privacy Policy

Last updated: 29 May 2026

1. Introduction

Mystery Shirt x FUTBIN (“we,” “us,” “our”) respects your privacy. This Privacy Policy explains how we collect, use, store, and share your personal information when you visit our website or make a purchase. We are committed to complying with the EU General Data Protection Regulation (GDPR), the Dutch Implementation Act (UAVG), and any other applicable data protection laws.

2. Data Controller

The data controller responsible for your personal data is:

MysteryShirt B.V.

Zwarte Woud 212, 3524SL Utrecht, the Netherlands

BTW/VAT: NL869303168B01

For privacy-related inquiries, contact us at [email protected].

3. Information We Collect

3.1 Information you provide directly

When you create an account, place an order, or contact us, we may collect your name, email address, shipping and billing address, phone number, payment information (processed securely by our third-party payment providers), order preferences (size, teams to avoid, leagues to avoid, color preferences), and any messages or content you send us.

3.2 Information collected automatically

When you visit our site, we may automatically collect your IP address, browser type and version, device type and operating system, pages visited and time spent on those pages, referring URL, and information collected through cookies and similar tracking technologies (see Section 8 below).

3.3 Information from third parties

We may receive information from our payment processors (transaction confirmations, fraud checks), shipping partners such as Sendcloud and DHL (delivery status updates), and analytics providers.

4. How We Use Your Information

We use your personal data for the following purposes:

  • Processing and fulfilling your orders, including shirt selection, quality inspection, packing, and shipping.
  • Communicating with you about your order (confirmations, tracking updates, delivery notifications).
  • Providing customer support and handling returns, exchanges, or complaints.
  • Processing payments through our third-party payment providers.
  • Improving our website, products, and services through analytics.
  • Sending marketing communications (only with your consent, and you can opt out at any time).
  • Complying with legal obligations, including tax and accounting requirements.
  • Detecting and preventing fraud.

5. Legal Basis for Processing

Under the GDPR, we process your personal data on the following legal bases:

  • Contract: Processing necessary to fulfill our contract with you (processing orders, shipping, customer support).
  • Legitimate interest: Processing necessary for our legitimate business interests (fraud prevention, website analytics, improving our services), where those interests are not overridden by your rights.
  • Consent: Where you have given consent (marketing emails, non-essential cookies). You may withdraw consent at any time.
  • Legal obligation: Processing required to comply with applicable laws (tax records, regulatory requirements).

6. How We Share Your Information

We do not sell your personal data. We share your information only with the following categories of third parties, and only to the extent necessary:

  • Payment processors (Stripe, PayPal, Klarna, or other providers shown at checkout) to process your payment securely.
  • Shipping partners (Sendcloud, DHL, and other carriers in the Sendcloud network) to deliver your order.
  • Hosting and infrastructure providers (Shopify) to operate our online store.
  • Analytics tools (Google Analytics or similar) to understand how our site is used.
  • Customer support tools to manage and respond to your inquiries.
  • FUTBIN, our official partner, to the extent required for membership verification and promotional activities.
  • Legal authorities, if required by law or to protect our rights.

7. International Data Transfers

Your data is primarily stored and processed within the European Economic Area (EEA). If any of our service providers transfer data outside the EEA, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses approved by the European Commission, or the service provider’s participation in an approved certification framework.

8. Cookies and Tracking Technologies

Our site uses cookies and similar technologies. We categorize them as follows:

  • Strictly necessary cookies: Required for the site to function (shopping cart, checkout, authentication). These cannot be disabled.
  • Analytics cookies: Help us understand how visitors use the site (page views, traffic sources). Enabled only with your consent.
  • Marketing cookies: Used to deliver relevant advertising and track campaign performance. Enabled only with your consent.

When you first visit our site, a cookie consent banner will allow you to accept or reject non-essential cookies. You can change your preferences at any time through the cookie settings link in the site footer. You can also manage cookies through your browser settings.

9. Data Retention

We retain your personal data only for as long as necessary:

  • Order data (name, address, purchase history): retained for 7 years after the transaction to comply with Dutch tax and accounting obligations.
  • Account data: retained as long as your account is active, and for up to 12 months after account deletion.
  • Marketing consent records: retained for as long as the consent is valid, plus 12 months after withdrawal.
  • Customer support correspondence: retained for 24 months after resolution.
  • Cookie data: retention periods vary by cookie type and are detailed in our cookie consent tool.

10. Your Rights

Under the GDPR, you have the following rights regarding your personal data:

  • Right of access: Request a copy of the personal data we hold about you.
  • Right to rectification: Request correction of inaccurate or incomplete data.
  • Right to erasure: Request deletion of your personal data (subject to legal retention obligations).
  • Right to restrict processing: Request that we limit how we use your data.
  • Right to data portability: Request your data in a structured, machine-readable format.
  • Right to object: Object to processing based on legitimate interest or for direct marketing purposes.
  • Right to withdraw consent: Withdraw consent for any processing based on consent, at any time.

To exercise any of these rights, contact us at [email protected]. We will respond within 30 days. If you are unsatisfied with our response, you have the right to file a complaint with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens) at https://autoriteitpersoonsgegevens.nl.

11. Data Security

We implement appropriate technical and organizational measures to protect your personal data, including encrypted connections (TLS/SSL) for all data transmission, secure payment processing through PCI-DSS compliant providers, access controls limiting employee access to personal data on a need-to-know basis, and regular review of our security practices.

12. Children’s Privacy

Our site is not directed at children under 16. We do not knowingly collect personal data from children under 16. The Kids Box product is intended to be purchased by adults (parents or guardians) on behalf of children. If you believe we have inadvertently collected data from a child under 16, contact us and we will delete it promptly.

13. Changes to This Policy

We may update this Privacy Policy from time to time. The updated version will be posted on the site with a revised “Last updated” date. Material changes will be communicated via email or a prominent notice on the site.

14. Contact

For questions or concerns about this Privacy Policy, or to exercise your data rights, contact us at:

Mystery Shirt x FUTBIN

Email: [email protected]

Zwarte Woud 212, 3524SL Utrecht, the Netherlands

BACK TO HOME