PRIVACY POLICY

This privacy policy applies to the sites and apps where it appears.

This Privacy Policy describes how holistikbloom.com (the “Site” or “we”) collects, uses, and discloses your Personal Information when you visit or make a purchase from the Site.

Your use of this website indicates you agree to our collection, use and disclosure of your information as described in this Privacy Policy.

 

I.     Collecting Personal Information

Who is the Data Controller of your personal data?

Holistik Bloom, S.L. trading as Holistik Bloom, Tax ID: B06798821

Address: c/ Juntas Generales 82, 4ºI – 01010 Vitoria

Email: cs@holistikbloom.com

We collect information from and about you.

When you visit the Site, we collect certain information about your device, your interaction with the Site, and information necessary to process your purchases. We may also collect additional information if you contact us for customer support. In this Privacy Policy, we refer to any information that can uniquely identify an individual (including the information below) as “Personal Information”. See the list below for more information about what Personal Information we collect and why.

We collect contact information. For example, we collect your name and mailing address if you register with us. We also collect email addresses and phone numbers. If you register, we will also have your created password.

We collect payment and order information. If you order a product, we will collect your debit or credit card number. If you use a different payment method, we will collect the necessary information to manage the transaction as well.

  • Examples of Personal Information collected: name, billing address, shipping address, payment information (including credit card numbers), email address, and phone number.
  • Purpose of collection: to provide products or services to you to fulfill our contract, to process your payment information, arrange for shipping, and provide you with invoices and/or order confirmations, communicate with you, screen our orders for potential risk or fraud, and when in line with the preferences you have shared with us, provide you with information or advertising relating to our products or services.

We collect information you submit online. This includes information you post when you interact with us on social media platforms, and the information we need to provide customer support.

We collect information about your product preferences.

We collect information about your device and location. We collect the type of device you use to access our Website. We also collect information about the version of web browser, IP address, time zone, cookie information, what sites or products you view, search terms, and how you interact with the Site. And, we may look at what site you came from or what site you go to when you leave us.

  • Purpose of collection: to load the Site accurately for you, and to perform analytics on Site usage to optimize our Site.

 

We collect information from you in different ways

We collect information directly from you. This includes when you create an account our purchase product. We also collect information if you contact Customer Service or sign up for our newsletter. We also collect information when you take a survey or participate in a promotion.

We collect information passively. We use tracking tools like browser cookies, web beacons, log files, tags, or pixels. We use these tools on our website and in emails we send to you. We collect information about users over time when you use our website. We have third parties who collect information this way as well.

We get information about you from third parties. This includes social media platforms. We may receive information about you from other sources.

 

This Site is not intended for children

The Site is not intended for individuals under the age of 18. We do not intentionally collect Personal Information from children. If you are the parent or guardian and believe your child has provided us with Personal Information, send us an email to cs@holistikbloom.com to request deletion.

 

II.   Using Personal Information

We use your personal Information to provide our services to you, which includes: offering products for sale, processing payments, shipping and fulfillment of your order, and keeping you up to date on new products, services, and offers.

We use your information to provide you with products and services. This includes sending you product you purchase or processing a return. It also includes sending you newsletters you signed up to receive and/ or SMS if authorized.

We use information to improve our products and website. We may use your information to make our website or products better. We may also use your information to customize your experience with us. This includes understanding your interests and preferences.

We use your information to respond to your requests. This includes responding to customer inquiries.

We use your information to communicate with you about our relationship. We may communicate with you about your account or our relationship. This includes calls about order status. We may also contact you about this Policy or our Website Terms & Conditions of Service.

We use your information for marketing purposes. We may provide you with information about new products and special offers. We may also use information to serve you ads about products and offers. We might tell you about new features or updates. This might include sending you our email newsletter. These might be third party offers or products we think you might find interesting.

We use information for security and fraud prevention purposes. We may use your information to protect our company and our customers. We also use information to protect our website.

We use information as otherwise permitted by law or as we may notify you. For instance, we may send you push notifications through our mobile app and/ or SMS if so authorized.

Lawful basis

Pursuant to the General Data Protection Regulation (“GDPR”), if you are a resident of the European Economic Area (“EEA”), we process your personal information under the following lawful bases:

  • Your consent;
  • The performance of the contract between you and the Site;
  • Compliance with our legal obligations;
  • To protect your vital interests;
  • To perform a task carried out in the public interest;
  • For our legitimate interests, which do not override your fundamental rights and freedoms.

Retention

When you place an order through the Site, we will retain your Personal Information for our records unless and until you ask us to erase this information. For more information on your right of erasure, please see the ‘Your rights’ section below.

Automatic decision-making

If you are a resident of the EEA, you have the right to object to processing based solely on automated decision-making (which includes profiling), when that decision-making has a legal effect on you or otherwise significantly affects you.

We do not engage in fully automated decision-making that has a legal or otherwise significant effect using customer data.

Our processor Shopify uses limited automated decision-making to prevent fraud that does not have a legal or otherwise significant effect on you.

Services that include elements of automated decision-making include:

  • Temporary denylist of IP addresses associated with repeated failed transactions. This denylist persists for a small number of hours.
  • Temporary denylist of credit cards associated with denylisted IP addresses. This denylist persists for a small number of days.

 

III. Sharing Personal Information

We may share information with third parties who help us provide our services and fulfill our contracts with you. We use Shopify to power our online store. You can read more about how Shopify uses your Personal Information here: https://www.shopify.com/legal/privacy. We share information with payment processors and with our platform suppliers. We also share information with advertising and marketing service providers that, for example send emails on our behalf.

We may share information with any successor to all our part of our business. For example, if Holistik Bloom is sold we may give a customer list as part of that transaction.

We will share information if we think we have to in order to comply with the law or to protect our rights. This could include responding to a court order or subpoena. It could also include sharing information if a government agency or investigatory body requests.

We might share information when we are investigating a potential fraud. This could include fraud we think has occurred during a sweepstakes or promotion. We may also share information if you are the winner of a sweepstakes or other contest with anyone who requests a winner's list.

We may share information for other reasons we may describe to you.

Behavioural Advertising: Choices about how we use your information

You can opt out of receiving our marketing emails. To stop receiving our promotional emails, send us an email to cs@holistikbloom.com or follow the instructions in any promotional message you get from us. Even if you opt out of getting marketing messages, we will still send you transactional messages. These include responses to your questions.

You can control cookies and tracking tools. Your browser may give you the ability to control cookies or other tracking tools. How you do so, depends on the type of tool. Certain browsers can be set to reject browser cookies. Some of the cookies we use may be flash cookies or Adobe cookies. They may contain demographic information and depending on your browser these cookies may not normally be deleted when your cookies are deleted. Please check your browser to determine where these types of cookies are stored and how they may be deleted.

Interest Based Advertising: We may use advertisers, third party ad networks, and other advertising companies, to serve advertisements on our website and on third-party websites. Please be advised that such advertising companies may gather information about your visit to our website (such as through cookies, web beacons and other technologies) to enable such advertising companies to market products or services to you, to monitor which ads have been served to your browser and which web pages you were viewing when such ads were delivered.

As described above, we use your Personal Information to provide you with targeted advertisements or marketing communications we believe may be of interest to you. For this purpose, we use Facebook Pixel and Google Analytics to help us understand how our customers use the Site. You can read more about how Google uses your Personal Information here: https://policies.google.com/privacy?hl=en. You can also opt-out of Google Analytics here: https://tools.google.com/dlpage/gaoptout

If you would like more information about this practice, would like to know your choices or opt-out, please visit:

  1. For more information about how targeted advertising works, you can visit the Network Advertising Initiative’s (“NAI”) educational page at https://www.networkadvertising.org/
  2. You can opt-out of targeted advertising by:
  1. Additionally, you can opt out of some of these services by visiting the Digital Advertising Alliance’s opt-out portal at: http://optout.aboutads.info/.

 

Our Do Not Track Policy: Some browsers have “do not track” features that allow you to tell a website not to track you. These features are not all uniform. We do not currently respond to those signals. If you block cookies, certain features on our sites may not work. If you block or reject cookies, not all of the tracking described here will stop.

You can control tools on your mobile devices. For example, you can turn off the GPS locator or push notifications in your phone settings. Options you select are browser and device specific.

 

Use of social network login services by the user.

You have the possibility to use the login or sign in through a social network or another collaborator that enables this service (social login) when it is available on our login/sign in screen, either to link the social login to your account or by registering a new one. In that case, your login credentials, as well as your name and email / phone number (you might need to authorize it), will be imported from your social network or collaborator account.

By using this login option, these third parties may send us certain additional information about your public profile, such as: your name, gender, approximate age or profile photograph, according to the terms of use from the social network / collaborator, which we recommend you read carefully. Unless you give us your authorization, we will not retain this additional data.

Likewise, the use of this functionality may imply that you provide certain information about your activity to the social network or the collaborator. In any case, we recommend that you review your privacy settings and the privacy policies of the collaborator or social network to learn how these third parties process your data.

 

We use standard security measures.

The Internet is not 100% secure. We cannot promise that your use of our website will be completely safe. We encourage you to use caution when using the Internet. A username and a password are needed to access certain areas of the website. It is your responsibility to protect your username and password.

We may link to platforms or have third party tools on our platforms we don’t control.

If you click on a link to a third-party site, you will be taken to a site we do not control. We are not responsible for the privacy practices of third parties. This includes third parties who may have ads or content on our site. We suggest that you read their privacy policies carefully.

 

IV. Your rights

GDPR

If you are a resident of the EEA, you have the right to access the Personal Information we hold about you, to port it to a new service, and to ask that your Personal Information be corrected, updated, or erased. If you would like to exercise these rights, please contact us through the contact information below.

Your Personal Information will be initially processed in Ireland and then will be transferred outside of Europe for storage and further processing, including to Canada and the United States. For more information on how data transfers comply with the GDPR, see Shopify’s GDPR Whitepaper: https://help.shopify.com/en/manual/your-account/privacy/GDPR.

 

CCPA

If you are a resident of California, you have the right to access the Personal Information we hold about you (also known as the ‘Right to Know’), to port it to a new service, and to ask that your Personal Information be corrected, updated, or erased. If you would like to exercise these rights, please contact us through the contact information below.

If you would like to designate an authorized agent to submit these requests on your behalf, please contact us at the address below.

 

 

V.  Cookies Policy

In this Cookies Policy you will find information on how we use cookies and similar devices installed on the terminals of our customers and users. The use of cookies may sometimes be related to personal data processing, therefore we recommend you consult this Privacy Policy, if you would like information on how we use the personal data of our customers and users, how to exercise your rights, or the terminology we use to refer to our Website.

 

What is a Cookie

A cookie is a small amount of information that’s downloaded to your computer or device when you visit our Site. We use a number of different cookies, including functional, performance, advertising, and social media or content cookies. Cookies make your browsing experience better by allowing the website to remember your actions and preferences (such as login and region selection). This means you don’t have to re-enter this information each time you return to the site or browse from one page to another. Cookies also provide information on how people use the website, for instance whether it’s their first time visiting or if they are a frequent visitor.

By “Cookies” we are also referring to other, similar technologies used to install and/or collect information on or from your device such as flash cookies, web beacons or bugs and pixels. These technologies sometimes run alongside cookies to collect and store information, either to provide you with certain features or services on our website, or to display third-party advertising according to your browsing.

 

What type of Cookies are there?

Please check this section which provides an overview of the type of Cookies that can be used in an online environment.

Cookies can be classified as follows, depending on the owner:

  1. First-party cookies: Are sent to the user’s computer or device from a computer or domain managed by the editor, and which provides the platform or service requested by the user.
  2. Third-party cookies: Are sent to the user’s computer or device from a computer or domain not managed by the editor, but rather by another entity that processes data obtained from the cookies.

Cookies can be classified as follows, depending on the purpose:

  1. Strictly necessary cookies (technical): The cookies that allow the user to browse a website, platform or app, and use the various options or services on it. For example, control traffic, identify data or session, access restricted access sections or content, remember the elements of an order, complete an order purchase process, manage payment, control fraud related to service security, use security elements during browsing, complete an application to register or participate in an event, store content for publishing videos and audio, enable dynamic content (for example, loading animation of a text or image) and share content on social media. As they are strictly necessary, technical cookies are downloaded by default when they are needed to display the platform or provide the service requested by the user
  2. Functionality or customization cookies: These cookies are needed to remember information so that the user can access the service or platform with specific characteristics that can differentiate their experience from that of other users. For example, number of results displayed when the user runs a search, appearance or content of the service based on the type of browser used, or the region from where the service is accessed, etc. Not accepting cookies may cause slow website performance or poorly adapted recommendations.
  3. Analysis cookies: These cookies can quantify the number of users, sections visited on the platform and how users interact with it to carry out statistical measurement and analysis on use, in order to implement improvements based on the analysis of data on how users use the platform or service.
  4. Behavioural advertising cookies: Are those which store information on user behaviour obtained from continuous observation of their browsing habits, which allows us to develop a specific profile for displaying advertising adapted to these habits. These cookies allow for the most effective management possible of any advertising space the editor has included directly or in collaboration with third parties.

 

We use the following cookies to optimize your experience on our Site and to provide better service.

Cookies Necessary for the Functioning of the Store

Name

Function

_ab

Used in connection with access to admin.

_secure_session_id

Used in connection with navigation through a storefront.

cart

Used in connection with shopping cart.

cart_sig

Used in connection with checkout.

cart_ts

Used in connection with checkout.

checkout_token

Used in connection with checkout.

secret

Used in connection with checkout.

secure_customer_sig

Used in connection with customer login.

storefront_digest

Used in connection with customer login.

_shopify_u

Used to facilitate updating customer account information.

Cookies for Reporting and Analytics

Name

Function

_tracking_consent

Tracking preferences.

_landing_page

Track landing pages

_orig_referrer

Track landing pages

_s

Shopify analytics.

_shopify_fs

Shopify analytics.

_shopify_s

Shopify analytics.

_shopify_sa_p

Shopify analytics relating to marketing & referrals.

_shopify_sa_t

Shopify analytics relating to marketing & referrals.

_shopify_y

Shopify analytics.

_y

Shopify analytics.

The length of time that a cookie remains on your computer or mobile device depends on whether it is a “persistent” or “session” cookie. Session cookies last until you stop browsing and persistent cookies last until they expire or are deleted. Most of the cookies we use are persistent and will expire between 30 minutes and two years from the date they are downloaded to your device.

You can control and manage cookies in various ways. Please keep in mind that removing or blocking cookies can negatively impact your user experience and parts of our website may no longer be fully accessible.

Most browsers automatically accept cookies, but you can choose whether or not to accept cookies through your browser controls, often found in your browser’s “Tools” or “Preferences” menu. For more information on how to modify your browser settings or how to block, manage or filter cookies can be found in your browser’s help file or through such sites as https://www.allaboutcookies.org/

Additionally, please note that blocking cookies may not completely prevent how we share information with third parties such as our advertising partners. To exercise your rights or opt-out of certain uses of your information by these parties, please follow the instructions in the “Behavioural Advertising” section above.

 

VI. Changes

We may update this Privacy Policy from time to time in order to reflect, for example, changes to our practices or for other operational, legal, or regulatory reasons. From time to time, we may change our privacy policy. We will notify you of any material changes to our Policy as required by law. Please check our website periodically for updates.

 

VII. Contact

If you have additional questions about our privacy practices, please contact us by e-mail at cs@holistikbloom.com or by mail using the details provided below:

Holistik Bloom, S.L. Address:  c/Juntas Generales, nº 82, 4º I.,

01010 Vitoria-Gasteiz, Álava, Spain. 

If you are not satisfied with our response to your complaint, you have the right to lodge your complaint with the relevant data protection authority. You can contact your local data protection authority, or our supervisory authority here: https://www.aepd.es/

 

Last updated: July 9, 2021