logo

Privacy Policy

This Privacy Policy explains how Fraxylonshak processes personal data in connection with the Flora Harmony website and product. It is written in line with the General Data Protection Regulation (GDPR) in clear, neutral language.

Data controller

The data controller responsible for processing your personal data is:

  • Brand name: Fraxylonshak
  • Product line: Flora Harmony plant-based complex
  • Registered address: Burgemeester Fockema Andreaelaan 443, 444, 3582LK Utrecht, Netherlands
  • Email: talk@fraxylonshak.world
  • Domain: fraxylonshak.world

This Privacy Policy complies with the General Data Protection Regulation (GDPR) and the Dutch Implementation Act GDPR (Uitvoeringswet AVG). If you are located in the Netherlands, you also have rights under the Dutch Data Protection Act (Wet bescherming persoonsgegevens) where applicable.

Supervisory authority for data protection

If you are located in the Netherlands and wish to lodge a complaint about how we process your personal data, you can contact the Dutch Data Protection Authority (Autoriteit Persoonsgegevens - AP) at:

  • Website: www.autoriteitpersoonsgegevens.nl
  • Phone: 088 - 1805 250
  • Address: Autoriteit Persoonsgegevens, Postbus 93374, 2509 AJ Den Haag, Netherlands

Categories of personal data

Depending on how you interact with the website, the following categories of personal data may be processed:

  • Identification and contact details: name and email address provided through the contact or order form.
  • Communication content: the message you write in the form and any additional information you choose to share.
  • Technical data: IP address, device and browser information, and usage data such as pages visited and interaction with the cookie banner, to the extent permitted by your cookie choices.

Purposes and legal bases

Personal data is processed only for specified, explicit, and legitimate purposes. The main purposes and legal bases are:

  • Handling enquiries and requests about Flora Harmony, based on Article 6(1)(b) GDPR where the processing is necessary to take steps at your request prior to entering into a contract, and Article 6(1)(f) GDPR for legitimate interest in providing customer care.
  • Fulfilling legal obligations, for example obligations related to accounting or consumer protection, based on Article 6(1)(c) GDPR.
  • Operating and improving the website, including basic security and performance monitoring, based on Article 6(1)(f) GDPR with a focus on a safe and reliable service.
  • Using optional analytics or marketing cookies, where applicable, based on your consent under Article 6(1)(a) GDPR, which you can withdraw at any time through the cookie settings.

Data retention

Personal data is kept only for as long as necessary for the purposes described above or as required by law.

  • Contact and order enquiries are generally stored for up to three years after the last interaction, unless a longer period is required by legal obligations or to establish, exercise, or defend legal claims.
  • Technical logs and cookie-related data are stored for timeframes that are proportionate to security, analytics, or marketing needs, in line with your consent choices and the configuration of each tool.
  • When data is no longer needed, it is deleted or irreversibly anonymised.

Your rights under GDPR

Under the GDPR, you have several rights regarding your personal data. Subject to the conditions and exceptions in the law, you can:

  • Request access to your personal data and receive a copy.
  • Request rectification of inaccurate or incomplete data.
  • Request erasure of your data, for example where it is no longer necessary for the original purposes.
  • Request restriction of processing in certain circumstances.
  • Object to processing based on legitimate interests, including profiling related to those interests.
  • Withdraw your consent at any time, where processing is based on consent, without affecting the lawfulness of processing carried out before withdrawal.
  • Request data portability for data you have provided, where the processing is based on consent or contract and carried out by automated means.

To exercise your rights, you can contact the data controller at talk@fraxylonshak.world. You also have the right to lodge a complaint with a supervisory authority, in particular in the EU Member State of your habitual residence, place of work, or place of the alleged infringement.

Data sharing and recipients

Personal data may be shared with carefully selected service providers that support the operation of the website and related services, for example hosting providers, email service providers, analytics providers, or payment and logistics partners where necessary to process an order. These parties act as processors or independent controllers depending on their role and are required to protect personal data in accordance with applicable law.

International data transfers

If personal data is transferred outside the European Economic Area, appropriate safeguards will be used, such as adequacy decisions of the European Commission, standard contractual clauses, or other mechanisms recognised by the GDPR. Where relevant, you can request more information about these safeguards via the contact details above.

Security measures

Technical and organisational measures are implemented to protect personal data against accidental or unlawful destruction, loss, alteration, unauthorised disclosure, or access. These measures include secure hosting, restricted access based on roles, and regular review of the tools and configurations used on the website.

Contact for privacy questions

If you have any questions about this Privacy Policy or your personal data, you can contact Fraxylonshak via email at talk@fraxylonshak.world. Please avoid including sensitive information in your initial message. For health-related issues, always contact a qualified healthcare professional rather than using this website.