Privacy Policy

Stars and Stories Privacy Policy

This Privacy Policy explains how Maus B.V. (“Stars and Stories”, “we”, “our”, or “us”) collects, processes, stores, and protects personal data in accordance with the General Data Protection Regulation (GDPR). This policy applies to all individuals whose personal data we process, including clients and members of our reviewer community.

1. What We Do

Stars and Stories is a marketing and e-commerce technology company that helps consumer brands build trust and win customers by delivering authentic, user-generated content. We run product testing campaigns and invite real consumers to test and review products. We provide brands with content, insights, and support for their content strategies across multiple platforms.

We interact with two main groups:

  • Clients (brands and agencies using our services)
  • Community members (consumers who participate in user generated content campaigns)

2. Definitions

  • Data Subject: An individual whose personal data is being processed.
  • Data Controller: The entity that determines the purpose and means of personal data processing.
  • Data Processor: A party that processes personal data on behalf of the Data Controller.
  • Personal Data: Any information relating to an identified or identifiable individual.
  • Data Breach: A security incident in which personal data is accessed, disclosed, or used without authorization.

3. Data Controller

This Privacy Policy applies to Maus B.V., including all affiliated legal entities operating under the Stars and Stories® brand, where the General Data Protection Regulation (GDPR) or other applicable European data protection laws apply. All references to “Stars and Stories” refer to Maus Holding B.V. and its affiliated legal entities.

4. Data Protection Officer (DPO)

Stars and Stories has appointed its Chief Technological Officer, Mohamed ElSioufy, as the Data Protection Officer (DPO). The DPO is registered with the Dutch Data Protection Authority under registration number FG001400 and can be reached at: privacy@starsandstories.com

5. Purpose and Legal Basis for Processing

We only process personal data where there is a valid legal basis under GDPR. These include contractual necessity, consent, legal obligation, and legitimate interest.

DATA PROTECTION OFFICER

Stars and Stories® has appointed their Chief Technological Officer – Mohamed ElSioufy – as the Data Protection Officer (DPO) who will endeavor to ensure that all personal data is processed in compliance with this Policy and the Principles of the General Data Protection Regulation (GDPR). The Data Protection Officer is enlisted at the Dutch “Autoriteit Persoonsgegevens” under number FG001400 and can be reached at privacy@starsandstories.com.

Overview of Processing Activities

Purpose of ProcessingCategories of DataLegal Basis
Managing client relationships (e.g. communication, contracting, invoicing)Name, email, phone, payment infoContractual necessity
Managing community members accounts and campaigns participations (e.g. invitations, selection, shipment, reimbursement, feedback)Name, email, phone, address, payment information, preferencesConsent
Analyzing campaign results and generating reportsGenerated Content, feedback, product experienceLegitimate interest
Marketing communications (e.g. newsletters)Name, email, preferencesConsent or legitimate interest
Website functionality, analytics, and securityIP address, cookies, browser/device infoLegitimate interest
Legal obligations (e.g. accounting, regulatory compliance)Relevant client and financial dataLegal obligation

While processing is based on consent, you can withdraw consent at any time by contacting privacy@starsandstories.com

6. Categories of Personal Data Collected

For Clients

  • Identification Data: Name, email address, phone number
  • Company Payment Information: Billing details, bank account or VAT number
  • Marketing Data: Preferences, opt-ins, and feedback

For Community Members

  • Identification Data: Name, email address, phone number
  • Demographic Data: Age, gender, language preferences
  • Payment Details: Bank account information or PayPal email (for reimbursements)
  • Marketing Data: Preferences, opt-ins, and feedback
  • Technical Data: IP address, browser type, cookies, and device information
  • Review/Test Participation Data: Product preferences, shipping addresses, and submitted reviews or campaign feedback

7. Use of Analytics Tools

We use analytics tools to understand how visitors interact with our website and to improve user experience. These tools may collect anonymised usage data such as IP address, browser type, visited pages, and device details.

Analytics tools are only activated with your consent, obtained via our cookie banner. You can withdraw your consent at any time via our cookie settings.

Where data may be processed outside of the EU, appropriate safeguards are in place to ensure GDPR compliance, such as data anonymisation and standard contractual clauses.

8. Transparency and Consent

Stars and Stories processes personal data lawfully, fairly, and transparently. Consent is obtained prior to collecting or processing personal data unless processing is necessary under another legal basis (e.g. contract).

Data subjects are always informed of:

  • What data is collected
  • The purpose of collection
  • The lawful basis for processing

If previously collected data is used for a new purpose, renewed consent will be requested where required.

9. Rights of Data Subjects

Under the GDPR, you have the following rights regarding your personal data:

  • Right of Access: Request confirmation and a copy of personal data we hold about you
  • Right to Rectification: Request correction of inaccurate or incomplete data
  • Right to Erasure (“Right to be Forgotten”): Request deletion of your personal data once legal or contractual obligations are met
  • Right to Restrict Processing: Request limited use of your data under specific conditions
  • Right to Data Portability: Receive your data in a commonly used, machine-readable format
  • Right to Object: Object to processing based on legitimate interest or direct marketing

To exercise your rights, please contact: privacy@starsandstories.com We aim to respond within 14 days.

10. Data Security

Stars and Stories employs appropriate technical and organizational measures to ensure a high level of data protection. These include:

  • Secure Socket Layer (SSL) encryption on all websites and tools
  • Encrypted storage for internally developed software
  • Use of a password vault with two-factor authentication
  • Role-based access control to limit data access

11. Use of External Processors

We may engage third-party service providers (data processors) to support business operations, including cloud hosting, CRM systems, or analytics tools. We only work with processors who meet GDPR requirements and have signed a Data Processing Agreement (DPA) with Stars and Stories. We do not include a separate DPA agreement for vendors that have Data Processing Agreements (DPAs) as part of their Terms of Service

12. Data Retention

We retain personal data only for as long as necessary for the purpose for which it was collected, or as required by law. Data is securely deleted, anonymized or pseudonymized when no longer needed.
Retention periods are defined in internal documentation and vary depending on legal or contractual obligations.

13. Data Breach Notification

In the event of a personal data breach, Stars and Stories will follow GDPR guidelines and notify the Dutch Data Protection Authority (Autoriteit Persoonsgegevens) within 72 hours, and affected data subjects when required.

14. Enforcement and Complaints

If you believe your data has been processed in violation of this policy or the GDPR, you may contact our DPO at: privacy@starsandstories.com