Privacy policy
Privacy Policy of Sativus.com
This Privacy Policy explains what personal data we collect, why we collect it, how long we keep it, and what rights you have under the GDPR.
Overview
This policy explains in plain language what we collect, why we process it, and how you can exercise your rights. It applies to webshop visitors, customers, and B2B contacts.
Effective date and controller
1. Introduction
Bloembollenbedrijf J.C. Koot, operating under the name Sativus.com, located at Vennewatersweg 29, 1935 AR Egmond-Binnen, The Netherlands, is the data controller responsible for the processing of personal data as described in this Privacy Policy.
We respect your privacy and process personal data in accordance with the General Data Protection Regulation (EU) 2016/679 (GDPR) and applicable Dutch data protection laws.
This Privacy Policy applies to all users of our website, webshop, B2B services, and related communications.
2. Personal data we collect
Depending on how you use our services, we may collect:
Identity and contact data
- Name
- Company name (if applicable)
- Email address
- Telephone number
- Billing and shipping address
- VAT number (for B2B customers)
Account data
- Login credentials
- Order history
- Customer ID
Payment data
Payments are processed securely via third-party providers (e.g., Stripe, PayPal). We do not store full credit card details.
Technical data
- IP address
- Browser type
- Device information
- Cookies
- Usage data
Communication data
- Messages via contact forms
- Email correspondence
- WhatsApp Business messages
3. Legal bases for processing (Article 6 GDPR)
We process personal data based on the following legal grounds:
Performance of a contract (Art. 6(1)(b))
- Processing orders
- Delivering products
- Customer account management
- Payment handling
Legal obligation (Art. 6(1)(c))
- Tax and accounting obligations (Dutch fiscal retention requirements)
Legitimate interest (Art. 6(1)(f))
- Fraud prevention
- Website security
- Service improvement
- Responding to inquiries
Consent (Art. 6(1)(a))
- Marketing cookies
- Analytics cookies (where required)
- Review invitations (where applicable)
You may withdraw consent at any time.
4. Purposes of processing
We use personal data to:
- Process and deliver orders
- Provide customer service
- Manage B2B quotations and invoices
- Prevent fraud and misuse
- Improve website performance
- Comply with legal obligations
- Send review invitations via Trustpilot
- Analyze website usage (Google Analytics, Microsoft Clarity)
We do not engage in automated decision-making or profiling that produces legal effects.
5. Data retention periods
We retain personal data only as long as necessary:
- Order and invoice data: 7 years (Dutch tax law)
- Customer accounts: Until account deletion or 2 years of inactivity
- Contact form submissions: 12 months
- WhatsApp communications: As long as necessary for customer service
- Analytics data: Maximum 14 months
- Marketing data (if applicable in future): Until withdrawal of consent
After these periods, data is securely deleted or anonymized.
6. Third-party processors
We work with trusted service providers who may process data on our behalf. These parties act as data processors and process data under contractual agreements where applicable.
- Shopify - E-commerce platform and hosting
- Render - Hosting provider for B2B application
- Stripe - Payment processing (including local payment methods)
- PayPal - Payment processing
- Exact Online - Accounting software
- Sendcloud - Shipping services
- Trustpilot A/S - Review invitations
- Google LLC - Analytics, Ads, Tag Manager, Gmail, reCAPTCHA
- Meta Platforms, Inc. - Facebook Pixel, WhatsApp Business
- Microsoft - Microsoft Clarity
- Consentmo GDPR - Cookie consent management
7. International data transfers
Some of our service providers are located outside the European Economic Area (EEA), including the United States. Where data is transferred outside the EEA, we ensure appropriate safeguards such as:
- EU Standard Contractual Clauses (SCCs)
- Certification under the EU-U.S. Data Privacy Framework (where applicable)
8. Cookies and tracking technologies
We use cookies and similar technologies to:
- Ensure website functionality
- Analyze website usage
- Improve performance
- Measure marketing effectiveness
We use a cookie consent tool (Consentmo GDPR) allowing visitors to accept or reject non-essential cookies. Marketing and analytics cookies are only placed after consent where required.
You can adjust your preferences at any time via the cookie settings.
9. Security measures
We implement appropriate technical and organizational measures, including:
- SSL encryption (HTTPS)
- Secure hosting environments
- Two-factor authentication for administrators
- Fraud detection tools
- Access controls
- Data backups
10. Children's privacy
Our services are not intended for individuals under 16 years of age.
We do not knowingly collect personal data from children under 16.
11. Your rights under GDPR
You have the right to:
- Access your personal data
- Rectify inaccurate data
- Request deletion
- Restrict processing
- Object to processing
- Data portability
- Withdraw consent
- Lodge a complaint with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens)
12. Contact information
Bloembollenbedrijf J.C. Koot
Vennewatersweg 29
1935 AR Egmond-Binnen
The Netherlands
Email: j.c.koot@sativus.com
Phone: +31 6 24590389
13. Changes to this policy
We may update this Privacy Policy from time to time. The most recent version will always be available on our website.