Privacy Policy

Salaba Bloemen- en Plantenexport B.V.

Effective date: April 8, 2026

Last updated: April 8, 2026

1. Data Controller

The data controller for the processing of your personal data is:

Salaba Bloemen- en Plantenexport B.V.

Legmeerdijk 313 Location 076 D, 1431GB Aalsmeer

CoC-number: 28035154

E-mail: info@salaba.nl

Phone: +31-297 322 737

2. Personal data we collect

In the course of our business activities, we collect and process the following categories of personal data:

  • Full names of contact persons
  • E-mail addresses
  • Company names
  • Business and/or delivery addresses
  • IP addresses (automatically collected when using our webshop)
  • Webshop login credentials (username and hashed password)
  • Order history and order details
  • Outstanding invoices and payment information

3. Purposes and legal basis for processing

We process your personal data for the following purposes, each with a corresponding legal basis under Article 6(1) of the GDPR:

3.1 Performance of a contract (Article 6(1)(b) GDPR)

  • Processing and fulfilling orders for flowers and plants
  • Managing your webshop account
  • Issuing invoices and processing payments
  • Managing outstanding invoices and debtors
  • Arranging shipment and export logistics

3.2 Legal obligations (Article 6(1)(c) GDPR)

  • Compliance with tax and accounting regulations
  • Compliance with customs and export regulations
  • Retention of financial records as required by Dutch law

3.3 Legitimate interest (Article 6(1)(f) GDPR)

  • Ensuring the security of our webshop and IT systems (logging of IP addresses)
  • Improving our services and customer experience
  • Communicating with customers regarding existing business relationships

4. Data sharing and recipients

We may share your personal data with the following categories of recipients, solely to the extent necessary for the purposes described above:

  • Payment service providers (for processing transactions)
  • Shipping and logistics partners (for delivery and export of orders)
  • Customs authorities (as required for compliance with export regulations)
  • Accountants and tax advisors
  • IT service providers (hosting, webshop platform, maintenance)
  • Collection agencies (for unpaid invoices, if necessary)
  • Artificial intelligence (AI) providers – We use AI service providers for the processing of (personal) data. This processing takes place exclusively within the European Union (EU). We have concluded data processing agreements with these providers to ensure that your data is processed in accordance with the GDPR.

We ensure that all third parties process your data in accordance with the GDPR. Where required, we have concluded data processing agreements with these parties.

5. International data transfers

As an export company, we may transfer personal data to recipients outside the European Economic Area (EEA). When we do so, we ensure appropriate safeguards are in place, such as:

  • Adequacy decisions by the European Commission
  • Standard Contractual Clauses (SCCs) approved by the European Commission
  • Other appropriate safeguards as permitted under Chapter V of the GDPR

You may request a copy of the safeguards in place by contacting us using the details in Section 1.

6. Retention periods

We retain your personal data no longer than necessary for the purposes for which it was collected, or as required by law:

  • Order and invoice data: 7 years (Dutch tax retention obligation)
  • Webshop account data: for the duration of your account, plus 12 months after account deletion
  • IP addresses: maximum 6 months
  • Business correspondence: 7 years after the end of the business relationship

After the retention period has expired, your data will be securely deleted or anonymized.

7. Your rights

Under the GDPR, you have the following rights regarding your personal data:

  • Right of access – You may request a copy of the personal data we hold about you.
  • Right to rectification – You may request correction of inaccurate or incomplete data.
  • Right to erasure – You may request deletion of your data, subject to legal retention obligations.
  • Right to restriction of processing – You may request restriction of the processing of your data in certain circumstances.
  • Right to data portability – You may request to receive your data in a structured, commonly used, and machine-readable format.
  • Right to object – You may object to processing based on legitimate interest.
  • Right to withdraw consent – Where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of prior processing.

To exercise any of these rights, you may contact us using the details in Section 1. We will respond to your request within one month.

8. Data security

We take appropriate technical and organizational measures to protect your personal data against unauthorized access, loss, alteration, or destruction. These measures include, among others, encrypted connections, access controls, and regular security assessments.

9. Automated decision-making

We may use automated processing, including artificial intelligence, to support our business operations. Final decisions with legal effects concerning you are always made by a human. No fully automated decision-making takes place within the meaning of Article 22 GDPR.

10. Complaints

If you believe that the processing of your personal data is in violation of the GDPR, you have the right to lodge a complaint with the Dutch Data Protection Authority:

Dutch Data Protection Authority

Website: https://autoriteitpersoonsgegevens.nl

Phone: +31 (0)88 1805 250

11. Changes to this privacy policy

We may update this privacy policy from time to time. Any changes will be communicated to you through the usual channels. We recommend that you review this policy regularly. The date of the most recent revision is stated at the top of this document.

Questions? Contact us at info@salaba.nl.

© Salaba Bloemen- en Plantenexport B.V.