Privacy Policy

1. Owner and Data Controller

AndBloom BV

Prins Hendrikstraat 99

2405 AH Alphen aan den Rijn

The Netherlands

Contact (privacy): hello@andbloom.com

Contact (general): andbloom.com/en/contact

This Privacy Policy explains how we collect, use, share, and protect personal data when you visit andbloom.com, interact with our content, place an order, subscribe to our newsletter, or engage with our ads.

2. Scope and Updates

This Policy applies to our website, checkout and customer support channels. We may update it to reflect legal, technical, or business changes. We will post updates here and indicate the 

“Last updated” date. Where legally required, we will request renewed consent.

3. Categories of Personal Data We Process

Depending on your interactions with AndBloom, we may process:

Identity and contact data: first/last name, email address, phone number, billing/shipping address, company name (if provided).

Order and customer service data: order ID, items purchased, returns/exchanges, support messages.

Payment data: last 4 digits / payment token (processed by PCI-compliant PSPs; AndBloom does not store full card numbers).

Usage and device data: IP address, device type, browser, locale/language, cookie IDs, page views, clicks, scrolling, session statistics.

Marketing and ads data: consent status, newsletter preferences, campaign attribution, conversion events.

Social and widgets: interactions with embedded social/content widgets (e.g., Pinterest, Instagram).

See also our Cookie Policy for tracker details: andbloom.com/en/cookies

4. Legal Bases for Processing (GDPR)

We process personal data on the following legal grounds (Art. 6(1) GDPR):

Contract – to process orders, payments, shipping, returns, and customer service.

Consent – for non-essential cookies/trackers, email marketing, and certain ad personalisation (where required).

Legitimate interests – site security, fraud prevention, service analytics, improving UX, limited direct marketing to existing customers (within legal limits).

Legal obligation – tax/audit retention, consumer protection, regulatory compliance.

5. Purposes of Processing

E-commerce operations: checkout, payment, shipping, returns, warranty.

Customer support: responding to questions/requests.

Analytics and performance: measuring traffic, fixing errors, improving content and navigation.

Marketing and remarketing: newsletters (opt-in), campaign measurement, audience insights, interest-based ads where permitted.

Security and fraud prevention: bot/spam filtering, abuse detection.

Compliance: statutory bookkeeping, handling legal requests.

6. Cookies and Trackers

We use essential cookies for core functionality and, subject to consent, analytics/advertising cookies. Manage your preferences anytime via our Cookie Banner or visit andbloom.com/en/cookies.

7. Payment Processing

Payments are handled by PCI DSS-compliant providers (e.g., Stripe, PayPal, Klarna, Shop Pay/Apple Pay/Google Pay via Shopify Payments where available). AndBloom BV only receives status updates (success/failure) and does not store full card details.

8. Service Providers and (Categories of) Recipients

We share data with carefully selected providers strictly for the purposes described above, under data-processing agreements where required. This may include (but is not limited to):

E-commerce platform & hosting: Shopify (platform, hosting, basic analytics).

Payments: Stripe, PayPal, Klarna, Apple/Google/Shop Pay (depending on country/method).

Fulfillment & logistics: Sendcloud/return portal, shipping partners (PostNL, DHL, DPD, UPS, FedEx).

Marketing & analytics: Google Analytics 4, Google Ads, Meta (Facebook/Instagram) Pixel & Events Manager, Pinterest Ads/Conversion Tag, Northbeam (attribution), tag management (Google Tag Manager).

Email & CRM: Klaviyo/Mailchimp (newsletters, transactional emails).

Security & anti-spam: reCAPTCHA or similar solutions.

An up-to-date list per category is available upon request via hello@andbloom.com.

9. International Data Transfers

Some service providers are located outside the EEA (e.g., US/Canada). Where necessary, we use EU Standard Contractual Clauses (SCCs) and additional measures. More information or copies of relevant safeguards are available upon request.

10. Retention

We retain personal data as long as reasonably necessary for the respective purpose:

Orders/accounting: Usually 7–10 years (due to fiscal obligations).

Customer service and warranty: As long as needed to handle the request/warranty.

Marketing (opt-in): Until withdrawal/unsubscribe; limited logs for proof of consent/unsubscribe.

Analytics and logs: According to proportionality and minimization principles; aggregation/anonymization where possible.

After these periods, data is deleted or anonymized unless longer retention is required by law.

11. Your GDPR Rights

You have, within applicable legal limits, the right to:

Access your data.

Rectify incorrect or incomplete data.

Erase (“right to be forgotten”) in the cases mentioned in Art. 17 GDPR.

Restrict processing.

Data portability of the data you have provided (Art. 20).

Object to processing based on legitimate interests and object to direct marketing (at any time).

Withdraw consent (this does not affect the lawfulness of processing before withdrawal).

File a complaint with the supervisory authority.

Dutch Supervisory Authority: Authority for Personal Data Protection – autoriteitpersoonsgegevens.nl

Submit requests via hello@andbloom.com. We typically respond within one month (extended in complex cases in accordance with GDPR).

12. Children’s Data

Our site and products are not aimed at children under 16 years old. We do not intentionally collect data from children. If you suspect that a child has provided us with data, please contact us at

hello@andbloom.com for removal.

13. Security

We implement appropriate technical and organizational measures (TLS/SSL, access control, need-to-know, pseudonymization where appropriate) to protect personal data against unauthorized access, loss, or misuse. No method is 100% foolproof; we continuously evaluate and improve our measures.

14. Social, Widgets, and External Content

Embedded content and social widgets (e.g., Pinterest) may collect data according to the privacy policies of the respective third parties. Log out of social networks if you do not want your visit to be linked to your profile.

15. Advertising, Analytics and Remarketing

With your consent, we (or our partners) may use cookies/IDs for:

Analytics: Google Analytics 4 (with IP masking during collection); aggregation for reporting.

Ads & remarketing: Google Ads (including Similar Audiences/Remarketing), Meta (Custom/Lookalike Audiences, Pixel), Pinterest Ads/Conversion Tag, where legally permitted.

You can manage your preferences through our cookie settings and the opt-out pages of these providers.

16. Your Choices: Consent and Opt-Out

Cookie preferences: change via the banner or at andbloom.com/en/cookies.

Newsletter: unsubscribe via any email or by sending an email to hello@andbloom.com.

Interest-based ads: review the settings/opt-outs of Google, Meta, Pinterest, and your device (IDFA/AAID).

17. Contact, Questions, and Requests

For privacy questions, rights requests, or complaints:

AndBloom BV – Privacy

Prins Hendrikstraat 99, 2405 AH Alphen aan den Rijn, The Netherlands

Email: hello@andbloom.com

Contact page: andbloom.com/en/contact

18. Legal Information

This policy applies solely to andbloom.com unless stated otherwise. Nothing in this policy limits your statutory consumer or privacy rights under applicable law.