Privacy Policy – Organic Formula Shop

Protecting your privacy is a top priority. This Privacy Policy explains how personal information is collected, used, shared, and protected when visiting or making a purchase from the Organic Formula Shop website (the “Site”). As a company based in the Netherlands, operations comply with the General Data Protection Regulation (GDPR) and other applicable EU data protection laws. This policy has been updated to address data handling for AI agents and automated systems, ensuring transparency and security in all interactions.

Personal Information Collected

When interacting with the Site (such as browsing, creating an account, placing an order, or contacting support), certain personal information may be collected. This includes:

  • Contact and Account Information: Name, email address, phone number, shipping address, billing details, and payment information (processed securely via third-party providers).
  • Order and Transaction Data: Details about products purchased, order history, and preferences to fulfill orders and provide customer support.
  • Device and Usage Information: IP address, browser type, operating system, referring URLs, pages viewed, and interaction data (e.g., clicks, time spent) collected via cookies and similar technologies.
  • Social Login Data: If logging in via social media, public profile details such as first name, last name, email, profile link, unique identifier, and avatar may be collected with explicit consent.
  • AI Agent and Automated Data: Data submitted or processed through AI agents or automated tools (e.g., chatbots, virtual assistants, or third-party agents acting on behalf of users), including queries, preferences, or transaction instructions. This is treated as personal data if it identifies or relates to an individual.

Personal information is only collected when voluntarily provided or automatically through standard web technologies. No personal data is required to browse the Site anonymously, though some features (e.g., checkout) necessitate it.

How Personal Information is Used

Collected data serves to enhance the user experience and operate the business efficiently:

  • To process and fulfill orders, including shipping, payment processing, and customer service.
  • To manage accounts, send order confirmations, updates, and promotional materials (with opt-in consent where required).
  • To improve the Site, analyze trends, and personalize content based on browsing behavior.
  • To prevent fraud, ensure security, and comply with legal obligations.
  • For AI agent interactions: To respond to automated queries (e.g., product recommendations or policy details) and facilitate agent-driven transactions, ensuring data is used only for the intended purpose.

Data is not used for purposes beyond what is described here without additional consent.

Sharing and Disclosure of Personal Information

Personal information is shared only when necessary and with safeguards in place:

  • Service Providers: With trusted third parties for order fulfillment (e.g., shipping carriers like UPS or DHL), payment processing (e.g., Stripe or PayPal), and analytics (e.g., Google Analytics). These providers are contractually bound to protect data and comply with GDPR.
  • Legal Requirements: If required by law, subpoena, or regulatory authority, or to protect rights, property, or safety.
  • AI Agents: Data from agent interactions may be shared with the agent's platform (e.g., if an AI tool queries shipping policies) but only to the extent needed, with pseudonymization where possible. No data is shared for unrelated marketing or profiling without consent.

No personal data is sold to third parties.

Security Measures

Robust security practices are in place to protect personal information from unauthorized access, alteration, disclosure, or destruction:

  • Use of encryption (e.g., HTTPS/SSL) for data transmission.
  • Secure storage in climate-controlled, access-restricted, GDPR-compliant servers.
  • Regular security audits, firewalls, and intrusion detection systems.
  • For AI agent data: Additional protocols ensure automated inputs are scanned for threats, and access is logged with audit trails. Agent-submitted data is isolated and processed under the same security standards as direct user data.

Despite these measures, no system is entirely risk-free. A prompt notification will be issued in the event of a data breach, as required by the GDPR.

Compliance with GDPR and EU Regulations

As a Netherlands-based entity, full compliance with GDPR (EU) 2016/679 is maintained. This includes:

  • Lawful Basis for Processing: Data is processed based on consent, contract necessity, legitimate interests, or legal obligations.
  • Data Protection Officer (DPO): Contact details for data protection inquiries are available upon request via support@organicformulashop.com.
  • Cross-Border Transfers: Data remains within the EU/EEA or is transferred only to adequacy-recognized countries or with appropriate safeguards (e.g., Standard Contractual Clauses).
  • AI-Specific Compliance: For data involving AI agents, adherence to GDPR's automated decision-making rules (Article 22) is ensured. No solely automated decisions with legal effects occur without human oversight or consent. Transparency about agent data usage is provided, and rights (e.g., access, rectification) apply equally.

For non-EU users (e.g., US customers), equivalent protections are extended, aligning with principles like those in the California Consumer Privacy Act (CCPA) where applicable.

Cookies and Tracking Technologies

Cookies and similar technologies (e.g., pixels, web beacons) are used to enhance functionality:

  • Essential Cookies: For site operation, such as maintaining sessions and security.
  • Performance Cookies: To analyze usage and improve performance.
  • Functional Cookies: To remember preferences and enable features like social logins.
  • Targeting Cookies: For personalized ads, with opt-out options.

Users can manage cookies via browser settings, though this may limit Site functionality. 

User Rights

Under GDPR and applicable laws, users have rights regarding their personal data:

  • Access: Request a copy of held data.
  • Rectification: Correct inaccurate information.
  • Erasure ("Right to be Forgotten"): Delete data where no longer needed, subject to legal retention requirements.
  • Restriction: Limit processing in certain cases.
  • Portability: Receive data in a structured, machine-readable format.
  • Objection: Object to processing based on legitimate interests or for direct marketing.
  • Withdraw Consent: Revoke consent at any time, without affecting prior processing.
  • Complaint: Lodge a complaint with a supervisory authority (e.g., Dutch Data Protection Authority).

To exercise these rights, contact support@organicformulashop.com. Requests are handled within one month, free of charge unless manifestly unfounded.

For AI agent data, the same rights apply. Users can request details on agent-processed data or restrict its use.

Children's Privacy

The Site is not intended for children under 16. No data from children is knowingly collected without parental consent. If such data is identified, it is deleted immediately.

Changes to This Privacy Policy

This policy may be updated periodically to reflect changes in practices or regulations. Continued use of the Site after changes constitutes acceptance.

Contact Information

For questions, concerns, or rights requests, contact:
Postbus 59736
1040 LE Amsterdam
The Netherlands
Email: support@organicformulashop.com

Get The Latest Updates

Subscribe To Our Newsletter

We’re excited to share our product updates, parenting tips, and exclusive discounts with you.