Privacy Statement

This is the privacy statement of MegaGroup Trade Holding B.V. and its subsidiaries (such as Bosta, Bevo, Bevo Nordic, Norsup, Reber and Aquadrip) (hereinafter together and in singular referred to as: “MegaGroup”).

MegaGroup consists of a group of wholesalers active in water technology in Europe. In order to maintain (current) customer relationships and provide a better product and communication experience, we may process (i.e. collect, store, record, modify, retrieve, access or destroy) personal information (i.e. any data that could contain information about an identifiable natural person) about you. By means of this privacy statement, we would like to inform you about what personal information we process from you and how we use it within our organisation.

Controller of the processing of the personal data within MegaGroup is MegaGroup Trade Holding B.V. (Doornhoek 4205, 5465 TG Veghel). The Privacy Officer of MegaGroup can be reached at

Our compliance with privacy laws

MegaGroup is the data controller as described in this privacy policy. MegaGroup is committed to handling your personal information with care. In doing so, we comply with the laws and regulations that apply to us, such as the General Data Protection Regulation (GDPR).

Please note that you are not obliged to provide us with personal information, but that much of the information we request is essential in order to provide or improve our services to you. If you withhold requested information, we may not be able to provide you with our services.

Information we collect

In order to maintain (current) customer relationships and provide a better product and communication experience (such as website visits, (telephone) contact, contract management, procurement of products/services and execution of logistics), we process information relating to basic personal data.
We receive this information:

  • Via the contact form on our site;
  • Via the cookies placed on our web pages (please refer to our cookie statement for an overview of these);
  • Via means of communication such as telephone and e-mail.

We process the following personal data in this context:

  • Customer number;
  • Company name;
  • First name and surname;
  • Address (street, house number, postcode, town)
  • E-mail address;
  • Telephone number;
  • Sales tax ID;
  • IP addresses.


We process your personal data for the following purposes:

  • Processing of your order (only if this site contains a web shop);
  • Answering your questions or comments;
  • Executing agreements with you;
  • Sending a newsletter, offer, user information, service message, e-mail or other electronic message (an unsubscribe option is included in every communication);
  • Performing relationship management;
  • Market analyses and customer surveys;
  • Compliance with legal obligations;
  • Analysing, monitoring, optimising and securing our websites and the technologies used;
  • Conducting market research and management reports on the performance and status of our platforms.

The legal grounds for processing your personal data are consent (where applicable, this can be revoked by you at any time), performance of a contract, serving our legitimate interests (the proper functioning and improvement of the quality of our business, such as recording telephone conversations) or complying with a legal obligation incumbent upon us.

Retention period

We will not retain your data any longer than is necessary to fulfil the purposes set out in this privacy statement. In some cases, you can delete your personal data yourself if you no longer wish to make use of our services.

Provision of personal data to third parties

MegaGroup may share your personal data within the MegaGroup group for internal administrative purposes, for example. The legal ground for doing so is a legitimate interest.

MegaGroup only shares your personal information with third parties if you have given your consent, if that is necessary for the fulfilment of one of the purposes or if it is required by law. Third parties can be wholesalers, suppliers, courier services or cloud services. When we share your personal information, we have made arrangements both within the group and with third parties regarding privacy and security.

After your explicit consent, your personal information may also be shared with Aqua2life, MegaGroup’s non-profit foundation.

Data security

We have implemented appropriate security measures to protect your personal data and to limit misuse and unauthorised access to your personal data. We ensure that the software and technology used to process the personal data are sufficient and comply with current legislation to prevent unauthorised access, modification, disclosure or loss of personal data. If, despite the security measures in place, a security incident does occur, we will take measures to minimise the impact on everyone’s privacy. We will also fulfil our obligation to report any breach of your personal data.

Sending information safely outside the European Union

If it is necessary to work with a recipient located outside the European Economic Area (EEA), for example because they offer a service that is not offered within the EEA, we always provide adequate and appropriate safeguards.
We use third parties based outside the European Union for certain processing operations. We have taken appropriate security measures to ensure that your information is properly protected.

Third parties

The following third parties may process personal data as part of our services:

Third party Reason
Information about the functioning of the website and optimising the customer experience.
ShopWare Optimising the webshop and the customer experience.
AppyThings Optimising the webshop and the customer experience.
MailChimp Sending information and campaign to optimise the customer experience.
Klaviyo Sending information and campaigns to optimise the customer experience.
SurveyMonkey Sending information and questionnaires to optimise the customer experience.
Sana-commerce Optimising the webshop and the customer experience.
TeamLeader Processing customer complaints, creating jobs for repairs and returning manufactured
Feedback Company We use the Feedback Company to collect reviews.
Watermelon We use Watermelon for our chat function.
Hotjar Hotjar is a technology service that helps MegaGroup to better understand the experiences and needs of users of this website (e.g. how much time is spent on which pages and how often which links are clicked).
Adyen We use different payment methods to be able to process orders.
Close Alerts We use Close Alerts to solicit customer feedback in our emails.
Touch Incentive Marketing Bosta customers can participate in the Waterpoints loyalty programme. For the development and management of the Waterpoints Incentive Programme, Bosta has entered into a partnership with Touch Incentive Marketing.
Google Ads Customer Match We use Google Ads Customer Match, a feature of Google Ads that allows for more effective targeting and personalized advertising to customers in Google Search, the Google Shopping tab, Gmail, YouTube, and Google Networks for ads. The personalization of Google Ads is based on assignment to a target audience and is performed by Google using information from your Google account. For this purpose, Google receives customer data in the form of hashed codes and compares them with its own user database.
If you do not wish to use this service, you can object by sending an email to
Recruitee We use recruitee for our jobs website and the whole recruitment process.

We have made proper arrangements with the above processors. We require these third parties to provide at least the same level of security for the personal data as we, the data controller, offer you.

Third party websites

This statement does not apply to third-party websites that are connected to our website through links. We cannot guarantee that these third parties will handle your personal data in a reliable or secure manner. We recommend that you read the privacy statements of these websites before using them.

Deleting, changing or retrieving your data

You can invoke the following rights as set out in the GDPR (Articles 13 to 20):

  • Right to information: The right to ask how your personal information is processed.
  • Right of inspection: The right to check whether and how your personal information is processed.
  • Right to rectification: If it becomes clear that the data are incorrect, you can request that these be rectified.
  • Right to object: You have the right to ask us to stop using your personal information.
  • Right to be forgotten: In some cases, you also have the right to have your personal data deleted.

Please contact us via the e-mail address We will respond to your request within one month. We reserve the right to extend this period once by up to two months in the case of complex issues. You also have the right to submit a complaint to the Dutch Data Protection Authority against the processing of your personal data. You may contact the Dutch Data Protection Authority for this. For the United Kingdom this can be done at the Information Commissioner’s Office via For the Netherlands, this can be done via

Amendments to this statement

In order to comply with the laws and regulations applicable to us, we will continuously review and update this document. This privacy statement is reviewed regularly and amended as necessary. Any amendments will be published on our website. It is therefore advisable to consult this privacy statement regularly in order to keep abreast of these amendments. If you wish to contact us regarding this privacy statement, you can do so via

This privacy statement was last amended on 11 March 2022.