EN | NL

Privacy Policy of floracle.nl

Last updated: February 11, 2026 · English version · floracle.nl/privacy_en

We are Floracle. This privacy policy explains how we collect, use, store and protect your personal data when you use our website and webshop, and what your rights are. We process your data in accordance with the General Data Protection Regulation (GDPR) and Dutch data protection law.

For information about cookies and similar technologies we use on this website, please see our Cookie policy.

Table of contents

  • Who we are
  • What data we collect and for what purpose
  • Legal basis for processing
  • How long we keep your data
  • Sharing and international transfers
  • Security
  • Your rights
  • Complaints
  • Changes to this policy
  • Contact

Who we are

The controller responsible for your personal data is:

VOF Floracle
Carel Fabritiusstraat 34
7545 DL Enschede
The Netherlands

Email: [email protected]
Chamber of Commerce (KvK): 91549809
VAT identification number: NL865692488B01

What data we collect and for what purpose

We collect and use the following categories of personal data:

Website and usage data

When you visit our website, we automatically collect technical and usage data such as your IP address, browser type, device type, pages visited, and time spent on the site. We use this to operate the website, analyse how it is used, and improve our services. Part of this data is collected via cookies and similar technologies. For details, see our Cookie policy.

Order and customer data

When you place an order in our webshop, we collect your name, billing and delivery address, email address, phone number (if provided), and payment-related information. We use this data to process and deliver your order, communicate with you about your order, handle returns and complaints, and comply with legal obligations (e.g. tax and accounting). Payment details (such as card or bank information) are processed by our payment provider; we do not store full card numbers on our servers.

Contact and support

If you contact us via email, a contact form, or our support page, we use the data you provide (name, email, message) to respond to your request and, where relevant, to provide support or follow up.

Newsletter and marketing (if applicable)

If you sign up for our newsletter or other marketing, we use your email address (and any other details you give) to send you updates and offers. You can unsubscribe at any time via the link in each email or by contacting us.

Legal basis for processing

We process your personal data on the following grounds:

  • Performance of a contract – to fulfil your order and provide the products and services you have requested.
  • Legal obligation – to comply with tax, accounting and other laws (e.g. retaining order data for the required period).
  • Legitimate interest – to operate and improve our website and webshop, prevent fraud, and handle complaints (where this does not override your privacy rights).
  • Consent – where we use non-essential cookies or send marketing communications, we do so only with your consent. You can withdraw consent at any time (e.g. via our cookie banner or by unsubscribing from emails).

How long we keep your data

We keep your data only as long as necessary for the purposes above:

  • Order and customer data – for the duration of the order and for the period required by law (e.g. 7 years for tax and accounting in the Netherlands).
  • Contact and support – for as long as needed to handle your request and any follow-up; we may retain a record for a limited period for quality and legal purposes.
  • Website and usage data – as described in our Cookie policy (e.g. session data until you close the browser; analytics data as set by the relevant provider).
  • Marketing – until you unsubscribe or withdraw consent; we may keep a minimal record to ensure we do not contact you again if you have opted out.

After the retention period, we delete or anonymise your data.

Sharing and international transfers

We may share your data with:

  • Service providers – such as hosting, payment processing, shipping and delivery, and analytics (e.g. Cloudflare, Google Fonts, WooCommerce-related services). These providers process data on our behalf and are contractually bound to protect it.
  • Authorities – when required by law (e.g. tax or law enforcement).

Some of these providers are located outside the European Economic Area (EEA), including in the United States. Where we transfer data outside the EEA, we ensure appropriate safeguards are in place (e.g. adequacy decisions, standard contractual clauses, or other approved mechanisms). You can request more information about these safeguards by contacting us.

For details on which third parties receive data via cookies and similar technologies, see our Cookie policy.

Security

We take appropriate technical and organisational measures to protect your personal data against loss, misuse and unauthorised access. Our website uses HTTPS; payment data is processed by certified payment providers; and we limit access to personal data to those who need it for the purposes described in this policy.

Your rights

Under the GDPR you have the right to:

  • Access – obtain a copy of the personal data we hold about you.
  • Rectification – have inaccurate data corrected.
  • Erasure – request deletion of your data in certain circumstances (e.g. where it is no longer necessary or you withdraw consent).
  • Restriction – request that we limit how we use your data in certain situations.
  • Data portability – receive your data in a structured, machine-readable format where the processing is based on contract or consent.
  • Object – object to processing based on legitimate interest (including profiling), and to marketing at any time.
  • Withdraw consent – where we rely on your consent (e.g. for non-essential cookies or marketing), you may withdraw it at any time without affecting the lawfulness of processing before withdrawal.

To exercise any of these rights, contact us at [email protected]. We will respond within one month. You also have the right to lodge a complaint with a supervisory authority; for the Netherlands, this is the Autoriteit Persoonsgegevens (AP).

Complaints

If you have a complaint about how we handle your personal data, please contact us first. You also have the right to submit a complaint to the Dutch data protection authority, the Autoriteit Persoonsgegevens (autoriteitpersoonsgegevens.nl).

Changes to this policy

We may update this privacy policy from time to time. The “Last updated” date at the top indicates when it was last revised. We encourage you to review this page periodically. Where changes are significant, we may notify you by email or a notice on the website.

Contact

For questions about this privacy policy or your personal data, please contact us:

VOF Floracle
Carel Fabritiusstraat 34
7545 DL Enschede
The Netherlands

Email: [email protected]