Privacy Policy

This Privacy Policy describes how Bloomherbal ("we," "us," or "our") collects, uses, stores, shares, and protects personal data when you visit our website at bloomherbal.world (the "Website") or interact with our educational micro-exercise programs and consulting services. We are committed to protecting your privacy and processing personal data in accordance with the General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA) where applicable, and other relevant international data protection laws.

1. Data Controller Information

The data controller responsible for your personal data is:

Bloomherbal
33 E 17th St, New York, NY 10003, USA
Email: touch@bloomherbal.world
Phone: +1 212-253-0810

If you have questions about this Privacy Policy or wish to exercise your data protection rights, please contact us using the details above.

2. Scope of This Policy

This Privacy Policy applies to all personal data collected through our Website, contact forms, email communications, consulting services, educational product purchases, and any other channels through which you interact with Bloomherbal. It does not apply to third-party websites or services that may be linked from our Website. We encourage you to review the privacy policies of any third-party sites you visit.

3. Categories of Personal Data We Collect

We may collect and process the following categories of personal data depending on how you interact with our services:

3.1 Identity and Contact Data

When you submit our contact form or purchase educational products, we may collect your full name, email address, phone number, and mailing address if provided.

3.2 Communication Data

We collect the content of messages you send us, including inquiries about micro-exercise programs, consulting requests, and support communications.

3.3 Technical and Usage Data

When you visit our Website, we automatically collect certain technical information including your IP address, browser type and version, operating system, device type, referring URL, pages viewed, time spent on pages, and the date and time of your visit.

3.4 Cookie and Tracking Data

We use cookies and similar technologies to collect data about your browsing behavior and preferences. For detailed information, please refer to our Cookie Policy.

3.5 Transaction Data

If you purchase educational products or consulting services, we collect details about the transaction including product purchased, payment amount, and payment method. Payment processing is handled by third-party payment processors, and we do not store full credit card numbers on our servers.

4. Purposes of Data Processing and Legal Bases

We process your personal data for the following purposes and on the following legal bases under GDPR:

• Responding to inquiries: To process and respond to contact form submissions and email communications. Legal basis: Legitimate interest in providing customer support and pre-contractual measures at your request (GDPR Art. 6(1)(b) and 6(1)(f)).
• Providing services: To deliver educational micro-exercise programs, consulting guidance, and personalized plans you have requested or purchased. Legal basis: Performance of a contract (GDPR Art. 6(1)(b)).
• Website functionality: To operate, maintain, and improve our Website, including ensuring security and preventing fraud. Legal basis: Legitimate interest (GDPR Art. 6(1)(f)).
• Analytics: To analyze Website usage patterns and improve our content and user experience, subject to your cookie consent preferences. Legal basis: Consent (GDPR Art. 6(1)(a)) where required.
• Legal compliance: To comply with applicable laws, regulations, legal processes, and enforceable governmental requests. Legal basis: Legal obligation (GDPR Art. 6(1)(c)).
• Marketing communications: To send promotional materials about our programs and services, only where you have provided explicit consent. Legal basis: Consent (GDPR Art. 6(1)(a)).

5. Data Retention Periods

We retain personal data only for as long as necessary to fulfill the purposes for which it was collected, including to satisfy legal, accounting, or reporting requirements. Specific retention periods include:

• Contact form submissions: Retained for 24 months from the date of submission, unless an ongoing business relationship exists.
• Customer and transaction records: Retained for 7 years from the date of the last transaction to comply with tax and accounting obligations.
• Consulting service records: Retained for 3 years from the completion of the consulting engagement.
• Technical and analytics data: Retained for 14 months from the date of collection, unless a shorter period is configured in our analytics tools.
• Cookie consent records: Retained for 12 months from the date consent was given or updated.
• Marketing consent records: Retained until consent is withdrawn, plus 3 years for compliance documentation.

After the applicable retention period expires, personal data is securely deleted or anonymized so that it can no longer be associated with an identifiable individual.

6. Data Sharing and Third-Party Processors

We do not sell your personal data to third parties. We may share personal data with the following categories of recipients:

• Service providers: Third-party companies that assist us in operating our Website, processing payments, delivering emails, and providing analytics services. These processors act on our instructions and are bound by data processing agreements requiring them to protect your data.
• Legal authorities: When required by law, court order, or governmental regulation, we may disclose personal data to law enforcement or regulatory bodies.
• Business transfers: In the event of a merger, acquisition, or sale of assets, personal data may be transferred to the acquiring entity, subject to the same privacy protections described in this policy.

Some of our service providers may be located outside the European Economic Area (EEA). Where international data transfers occur, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses approved by the European Commission.

7. Security Measures

We implement appropriate technical and organizational measures to protect personal data against unauthorized access, alteration, disclosure, or destruction. These measures include:

• HTTPS encryption for all data transmitted between your browser and our Website.
• Access controls limiting personal data access to authorized personnel on a need-to-know basis.
• Regular security assessments and updates to our Website infrastructure.
• Secure storage of data with encryption at rest where applicable.
• Employee training on data protection practices and confidentiality obligations.
• Incident response procedures to address potential data breaches promptly.

While we strive to protect your personal data, no method of transmission over the Internet or electronic storage is completely secure. We cannot guarantee absolute security but are committed to maintaining industry-standard protections.

8. Your Data Protection Rights

Under GDPR and applicable data protection laws, you have the following rights regarding your personal data:

• Right of access (Art. 15): You may request a copy of the personal data we hold about you.
• Right to rectification (Art. 16): You may request correction of inaccurate or incomplete personal data.
• Right to erasure (Art. 17): You may request deletion of your personal data where there is no compelling reason for continued processing.
• Right to restrict processing (Art. 18): You may request that we limit the processing of your personal data in certain circumstances.
• Right to data portability (Art. 20): You may request your personal data in a structured, commonly used, machine-readable format.
• Right to object (Art. 21): You may object to processing based on legitimate interests or for direct marketing purposes.
• Right to withdraw consent (Art. 7(3)): Where processing is based on consent, you may withdraw consent at any time without affecting the lawfulness of prior processing.
• Right to lodge a complaint: You have the right to file a complaint with a supervisory authority, particularly in the EU member state of your residence, place of work, or where an alleged infringement occurred.

To exercise any of these rights, please contact us at touch@bloomherbal.world. We will respond to your request within 30 days, or inform you if an extension is necessary.

9. Children's Privacy

Our Website and services are intended for adults aged 18 and older. We do not knowingly collect personal data from individuals under 18 years of age. If we become aware that we have collected personal data from a minor, we will take steps to delete that information promptly. If you believe a minor has provided us with personal data, please contact us immediately.

10. Automated Decision-Making

We do not use automated decision-making or profiling that produces legal effects or similarly significantly affects individuals. Any personalization of educational program recommendations is performed manually by our consulting team based on information you provide.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will update the effective date at the top of this page and, where appropriate, notify you via email or a prominent notice on our Website. We encourage you to review this policy periodically.

12. Contact Information

For any questions, concerns, or requests related to this Privacy Policy or our data processing practices, please contact:

Bloomherbal — Privacy Inquiries
33 E 17th St, New York, NY 10003, USA
Email: touch@bloomherbal.world
Phone: +1 212-253-0810