This Privacy Policy explains how Maus B.V. (“Stars and Stories”, “we”, “our”, or “us”) collects, processes, stores, and protects personal data in accordance with the General Data Protection Regulation (GDPR). This policy applies to all individuals whose personal data we process, including clients and members of our reviewer community.
Stars and Stories is a marketing and e-commerce technology company that helps consumer brands build trust and win customers by delivering authentic, user-generated content. We run product testing campaigns and invite real consumers to test and review products. We provide brands with content, insights, and support for their content strategies across multiple platforms.
We interact with two main groups:
This Privacy Policy applies to Maus B.V., including all affiliated legal entities operating under the Stars and Stories® brand, where the General Data Protection Regulation (GDPR) or other applicable European data protection laws apply. All references to “Stars and Stories” refer to Maus Holding B.V. and its affiliated legal entities.
Stars and Stories has appointed its Chief Technological Officer, Mohamed ElSioufy, as the Data Protection Officer (DPO). The DPO is registered with the Dutch Data Protection Authority under registration number FG001400 and can be reached at: privacy@starsandstories.com
We only process personal data where there is a valid legal basis under GDPR. These include contractual necessity, consent, legal obligation, and legitimate interest.
Stars and Stories® has appointed their Chief Technological Officer – Mohamed ElSioufy – as the Data Protection Officer (DPO) who will endeavor to ensure that all personal data is processed in compliance with this Policy and the Principles of the General Data Protection Regulation (GDPR). The Data Protection Officer is enlisted at the Dutch “Autoriteit Persoonsgegevens” under number FG001400 and can be reached at privacy@starsandstories.com.
Purpose of Processing | Categories of Data | Legal Basis |
Managing client relationships (e.g. communication, contracting, invoicing) | Name, email, phone, payment info | Contractual necessity |
Managing community members accounts and campaigns participations (e.g. invitations, selection, shipment, reimbursement, feedback) | Name, email, phone, address, payment information, preferences | Consent |
Analyzing campaign results and generating reports | Generated Content, feedback, product experience | Legitimate interest |
Marketing communications (e.g. newsletters) | Name, email, preferences | Consent or legitimate interest |
Website functionality, analytics, and security | IP address, cookies, browser/device info | Legitimate interest |
Legal obligations (e.g. accounting, regulatory compliance) | Relevant client and financial data | Legal obligation |
While processing is based on consent, you can withdraw consent at any time by contacting privacy@starsandstories.com
We use analytics tools to understand how visitors interact with our website and to improve user experience. These tools may collect anonymised usage data such as IP address, browser type, visited pages, and device details.
Analytics tools are only activated with your consent, obtained via our cookie banner. You can withdraw your consent at any time via our cookie settings.
Where data may be processed outside of the EU, appropriate safeguards are in place to ensure GDPR compliance, such as data anonymisation and standard contractual clauses.
Stars and Stories processes personal data lawfully, fairly, and transparently. Consent is obtained prior to collecting or processing personal data unless processing is necessary under another legal basis (e.g. contract).
Data subjects are always informed of:
If previously collected data is used for a new purpose, renewed consent will be requested where required.
Under the GDPR, you have the following rights regarding your personal data:
To exercise your rights, please contact: privacy@starsandstories.com We aim to respond within 14 days.
Stars and Stories employs appropriate technical and organizational measures to ensure a high level of data protection. These include:
We may engage third-party service providers (data processors) to support business operations, including cloud hosting, CRM systems, or analytics tools. We only work with processors who meet GDPR requirements and have signed a Data Processing Agreement (DPA) with Stars and Stories. We do not include a separate DPA agreement for vendors that have Data Processing Agreements (DPAs) as part of their Terms of Service
We retain personal data only for as long as necessary for the purpose for which it was collected, or as required by law. Data is securely deleted, anonymized or pseudonymized when no longer needed.
Retention periods are defined in internal documentation and vary depending on legal or contractual obligations.
In the event of a personal data breach, Stars and Stories will follow GDPR guidelines and notify the Dutch Data Protection Authority (Autoriteit Persoonsgegevens) within 72 hours, and affected data subjects when required.
If you believe your data has been processed in violation of this policy or the GDPR, you may contact our DPO at: privacy@starsandstories.com