Privacy statement for webshop — modular checklist

See also our article GDPR starter kit for webshop. Webshop extras on top of freelancer base: (1) Cookies + Tracking: separate cookie statement + cookie banner (Dutch Telecoms Act 11.7a). (2) Payment providers (Mollie, Adyen, Stripe, Klarna): each a processor — list in privacy statement + DPA designate. Schrems II aspect for US providers. (3) Customer account: retention, rights, optional removal. (4) Email marketing (Mailchimp, Brevo, MailerLite): consent + DPA + Schrems II if USA. (5) Google Analytics + Meta Pixel: see our GA rules + Meta Pixel. (6) Reviews: privacy statement mention. (7) Returns data: 7 years fiscal + removal procedure. (8) Customer Service: recording consent if call recording. (9) Review platforms (Trustpilot, Kiyoh): DPA. Best practice: per-category section + summary table + FAQ-style. Clear for visitors + complete for AP audit. Update frequency: minimum 1x/year + on each change (new tool, new purpose, etc).