Privacy Policy

Introduction

Greenleaf Blends ("the Company," "we," "us," or "our") respects your privacy and is committed to protecting your personal data. This Privacy Policy will explain how we collect, use, and protect your personal data when you visit or interact with our website and services, in compliance with the General Data Protection Regulation (GDPR) and Dutch privacy laws.

Information We Collect

We may collect the following types of information:

  • Personal Information: This includes details such as your name, address, email address, phone number, and payment information when you make purchases, sign up for newsletters, or participate in promotions or events.
  • Automatic Data Collection: We collect non-personal information through cookies and similar technologies, including details like your IP address, browser type, device model, and interactions with our website.
  • Third-Party Sources: We may receive information about you from third-party platforms, social media, or business partners, subject to your privacy settings on those platforms.

How We Use Your Information

We use your information for the following purposes:

  • Processing orders and payments
  • Providing personalized shopping experiences
  • Sending newsletters, promotional offers, and updates (with your consent)
  • Improving our website and services
  • Safeguarding the security of our website
  • Complying with legal obligations
  • Conducting data analysis and usage tracking
  • Providing customer support

Legal Bases for Processing Your Data

Under the GDPR, we process your personal data based on the following legal grounds:

  • Consent: We will seek your consent before sending marketing emails or processing sensitive personal data.
  • Contract: We process your data to fulfill a contract, such as processing your purchases.
  • Legitimate Interest: We may process your data when we have a legitimate business interest, such as improving our website and service.
  • Legal Obligation: To comply with tax, accounting, and other legal duties.

Your Rights

As a resident of the European Union, you have the following rights under the GDPR:

  • Right to Access: You can request access to the personal data we hold about you.
  • Right to Rectification: You have the right to request corrections to any incorrect or incomplete personal data.
  • Right to Erasure: You may request the deletion of your personal data when it is no longer necessary for the purposes for which it was collected.
  • Right to Restrict Processing: You can request that we limit the processing of your data under certain circumstances.
  • Right to Data Portability: You have the right to request that we transfer your data to another organization or directly to you.
  • Right to Object: You can object to the processing of your data for direct marketing or other legitimate interests.
  • Right to Lodge a Complaint: You have the right to lodge a complaint with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens) if you believe your data has been processed unlawfully.
  • Right to Withdraw Consent – You may withdraw your consent at any time, such as by clicking an unsubscribe link in emails or by contacting us.

To exercise any of these rights, please contact us at support@greenleafblends.nl

Data Retention

We will retain your personal data only for as long as necessary to fulfill the purposes for which it was collected or to comply with legal, tax, or accounting requirements. Specific retention periods are as follows:

  • Customer account information: 7 years after the last activity (as required by Dutch tax law)
  • Marketing preferences: Until you withdraw consent or 2 years after last interaction
  • Order history: 7 years (as required by Dutch tax law)
  • Website logs and analytics: 26 months
  • Correspondence: 2 years after last communication

Once the data is no longer required, we will securely delete or anonymize it.

Cookies and Tracking Technologies

We use cookies and similar technologies to enhance your experience on our website. This includes cookies that are:

  • Strictly Necessary: Required for the website to function properly.
  • Performance Cookies: Used to analyze site usage and improve functionality.
  • Functionality Cookies: Allow personalization, such as remembering your preferences.
  • Targeting Cookies: Used to deliver personalized advertisements.

When you first visit our website, you will be presented with a cookie banner allowing you to accept or decline non-essential cookies. You can change your preferences at any time through our Cookie Preference Center on our website.

You can also manage your cookie preferences through your browser settings or opt-out of certain advertising cookies using tools like the Network Advertising Initiative's opt-out page (http://www.networkadvertising.org/managing/opt_out.asp).

Data Security

We take appropriate technical and organizational measures to secure your personal data. However, no method of transmission over the internet or electronic storage is completely secure. We strive to use commercially acceptable means to protect your data but cannot guarantee its absolute security.

Third-Party Services

Our website may contain links to third-party websites or services. We are not responsible for the privacy practices of those websites and encourage you to review their privacy policies.

a. Facebook Ads (Meta Platforms, Inc.)

We use Facebook Ads for advertising and conversion tracking. The provider is Meta Platforms, Inc., 1 Hacker Way, Menlo Park, CA 94025, USA. This service allows us to display targeted advertisements to users who have previously interacted with our website or similar platforms. The data processed includes usage data, IP addresses, and device information. Processing is carried out based on your consent in accordance with Art. 6 (1) (a) GDPR. You can withdraw your consent anytime, for example, by adjusting your ad settings on Facebook. Data retention is subject to the platform’s privacy policy, and further details are available at https://www.facebook.com/policy.php.

b. Google Ads (Google LLC)

We use Google Ads for advertising and performance tracking. The provider is Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Google Ads helps us reach a broader audience by serving tailored ads across the Google network. Google processes data including usage, IP addresses, and device information. The legal basis for processing is consent under Art. 6 (1) (a) GDPR. You can withdraw consent by changing your ad settings on Google. The provider’s privacy policy is available at https://policies.google.com/privacy.

c. Pinterest Ads

We use Pinterest Ads to target ads to users based on their interactions with our website. The provider is Pinterest Inc., 505 Brannan Street, San Francisco, CA 94107, USA. This service processes data such as engagement metrics and usage data to optimize advertising campaigns. The processing is based on your consent as per Art. 6 (1) (a) GDPR. You can revoke consent by adjusting your ad preferences on Pinterest. For more details, refer to Pinterest's privacy policy at https://policy.pinterest.com/en/privacy-policy.

d. Outbrain

Outbrain is used to provide content recommendations on our website. The provider is Outbrain Inc., 39 W 37th St, New York, NY 10018, USA. Outbrain processes engagement data, click behavior, and device data to suggest relevant articles and products. The legal basis for processing is consent under Art. 6 (1) (a) GDPR. You can withdraw consent at any time by contacting us. The provider’s privacy policy can be found at https://www.outbrain.com/legal/privacy-policy/.

e. Heatmap Tools (e.g., Hotjar)

We use Hotjar to analyze how users interact with our website by tracking mouse movements, clicks, and scrolling behavior. The provider is Hotjar Ltd., Level 2, St. Julians Business Centre, 3, Elia Zammit Street, St. Julians STJ 1000, Malta. This helps us improve the user experience by understanding how visitors navigate our site. The data processed includes anonymized session recordings and engagement data. The processing is based on your consent as per Art. 6 (1) (a) GDPR. You can revoke consent by visiting Hotjar’s privacy policy at https://www.hotjar.com/legal/policies/privacy/.


f. Shopify

We use Shopify as our e-commerce platform for processing orders and customer accounts. The provider is Shopify Inc., 151 O'Connor Street, Suite 500, Ottawa, ON K2P 2L8, Canada. Shopify processes personal data such as billing information, shipping addresses, and order details to enable the purchase of products. This processing is necessary for the performance of the contract between you and us under Art. 6 (1) (b) GDPR. Shopify’s privacy policy can be reviewed at https://www.shopify.com/legal/privacy.

g. Okendo

We use Okendo to collect product reviews from customers. The provider is Okendo Pty Ltd, 31-35 Cope Street, Waterloo, NSW, 2017, Australia. Okendo processes data such as customer feedback, review ratings, and contact details. Processing is carried out based on your consent in accordance with Art. 6 (1) (a) GDPR. You can withdraw your consent at any time by contacting us. Okendo’s privacy policy is available at https://www.okendo.io/privacy/.

g. Klaviyo

Klaviyo is our email marketing and automation platform. The provider is Klaviyo, Inc., 125 Summer Street, 6th Floor, Boston, MA 02110, USA. Klaviyo processes personal data such as email addresses, marketing preferences, and customer interaction with emails. The legal basis for processing is your consent under Art. 6 (1) (a) GDPR. You can withdraw consent by clicking the unsubscribe link in any of our emails. Klaviyo’s privacy policy is available at https://www.klaviyo.com/legal/privacy.

h. Wetracked

Wetracked is used to track user activity for optimizing our website’s performance. The provider processes engagement data, device information, and browsing history. The legal basis for processing is consent under Art. 6 (1) (a) GDPR. You can revoke consent at any time by contacting us. Wetracked’s privacy policy will be shared with you once available.

i. Zigpoll Customer Surveys

We use Zigpoll to gather customer feedback through surveys. The provider is Zigpoll, Inc., [address pending]. This service processes responses to surveys and any associated personal details such as emails or survey answers. The legal basis for processing is consent (Art. 6 (1) (a) GDPR). You may withdraw consent by contacting us. The privacy policy is available at https://www.zigpoll.com/privacy.

j. PayPal

We use PayPal to process payments for orders. The provider is PayPal Inc., 2211 N. First St., San Jose, CA 95131, USA. PayPal processes transaction data such as payment information, billing address, and shipping details. This is necessary for the performance of the contract under Art. 6 (1) (b) GDPR. PayPal’s privacy policy can be found at https://www.paypal.com/webapps/mpp/ua/privacy-full.

k. Picqer

We use Picqer for order management and fulfillment. Picqer processes personal data such as shipping addresses and order details to facilitate the delivery of products. The processing is necessary for the performance of the contract (Art. 6 (1) (b) GDPR). Picqer’s privacy policy is available at https://picqer.com/en/privacy.

j. Google Analytics / YouTube Analytics

We use Google Analytics and YouTube Analytics to analyze site performance and video engagement. The provider is Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. This service processes website behavior data, interaction metrics, and video engagement data. The legal basis for processing is consent under Art. 6 (1) (a) GDPR. You can withdraw consent by adjusting your Google account settings. The privacy policy is available at https://policies.google.com/privacy.

l. TripleWhale

We use TripleWhale to gather marketing analytics and insights. This platform processes data from various advertising channels to track campaign performance. The legal basis for processing is consent under Art. 6 (1) (a) GDPR. TripleWhale’s privacy policy can be found at https://www.triplewhale.com/legal/privacy-policy.

m. Gorgias

We use Gorgias for customer service and ticket management. The provider is Gorgias Inc., [address pending]. Gorgias processes customer interaction data, including support tickets and communications. The processing is necessary for the performance of the contract under Art. 6 (1) (b) GDPR. Gorgias’s privacy policy is available at https://www.gorgias.com/privacy.


Data Transfers

Your personal data may be transferred to and stored on servers outside of the European Economic Area (EEA). We ensure that appropriate safeguards are in place to protect your data during these transfers, in line with GDPR requirements, including: **- Standard Contractual Clauses approved by the European Commission

  • Only transferring data to countries with an EU adequacy decision
  • Ensuring all processors and sub-processors comply with GDPR requirements**

Children's Privacy

Our website is not intended for individuals under the age of 16. We do not knowingly collect personal data from children. If we become aware that we have inadvertently collected such data, we will delete it immediately.

Automated Decision Making and Profiling

We do not engage in automated decision-making or profiling that produces legal or similarly significant effects on you. While we may use some automated processes to personalize our marketing efforts based on browsing behavior, these do not have significant impacts on your rights and you can opt out of such processing at any time by contacting us.

Data Protection Officer

We have appointed a Data Protection Officer who is responsible for overseeing questions in relation to this privacy policy. If you have questions about how we handle your data, you can contact our DPO at: Email: dpo@greenleafblends.nl Address: Coolsingel 104, 3011AG Rotterdam

Data Breach Notification

In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the relevant supervisory authority within 72 hours of becoming aware of the breach. If the breach is likely to result in a high risk to your rights and freedoms, we will also notify you directly as soon as reasonably possible.

Privacy by Design and Impact Assessments

We implement privacy by design principles in our systems and processes. For new initiatives that may involve the processing of sensitive data or present privacy risks, we conduct Data Protection Impact Assessments (DPIAs) to ensure appropriate safeguards are in place.

Changes to Our Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or for other operational, legal, or regulatory reasons. The latest version of the Privacy Policy will always be posted on our website, with the effective date clearly indicated.

Contact Us

If you have any questions about this Privacy Policy or wish to exercise your data protection rights, please contact us at:

Email: support@greenleafblends.com Address: Coolsingel 104, 3011AG Rotterdam

Greenleaf Blends (part of Create Brands BV) KVK: 93396090 Coolsingel 104 3011AG Rotterdam

Last updated: April 25, 2025