Legal

Privacy Policy

Last updated:

1. Who we are

This website is operated by Naturalyoungherb, an educational resource providing free information on workplace wellbeing routines for office workers. We do not sell products or services through this website, and we do not provide medical care.

Data controller: Naturalyoungherb
Address: Schieweg 30, 3039 BB Rotterdam, Netherlands
Email: hello@naturalyoungherb.world
Phone: +31 6 38402910
Website: naturalyoungherb.world

For questions about our business identity or statutory registration details (e.g. KVK), contact us using the details above. We respond to legitimate information requests within a reasonable time.

2. Applicable law

This Privacy Policy complies with the General Data Protection Regulation (EU) 2016/679 (GDPR), as implemented in the Netherlands by the Algemene verordening gegevensbescherming (AVG) and the Uitvoeringswet Algemene verordening gegevensbescherming (UAVG). References to "GDPR" include equivalent rights and obligations under Dutch law.

Cookie and similar technologies are described in our Cookie Policy, in line with the Telecommunicatiewet and EU ePrivacy rules.

3. Data we collect

We collect only the minimum personal data necessary to operate this website and respond to enquiries.

Contact form data: name, email address, and the content of your message, submitted voluntarily when you use our contact form.
Technical data: IP address, browser type and version, operating system, referring URL, pages visited, and time of access. This data is collected automatically by server logs and, where analytics are enabled, analytics software.
Cookie data: See our Cookie Policy for full details of the cookies we use.

We do not collect sensitive personal data (special category data under GDPR Art. 9) and we do not knowingly collect data from persons under the age of 16 without parental consent, in accordance with Article 8 AVG (minimum age 16 in the Netherlands).

You are not obliged to provide personal data unless it is necessary to use certain features (for example, sending a message via the contact form). If you choose not to provide required data, we may be unable to respond to your enquiry.

4. How we use data

We use personal data for the following purposes:

To respond to enquiries submitted via our contact form.
To maintain the security and technical operation of the website.
To analyse aggregated, anonymised usage patterns to improve website content and structure.
To comply with our legal obligations under applicable law.

We do not use personal data for automated decision-making or profiling that produces legal or similarly significant effects.

5. Legal basis for processing

We process personal data under the following legal bases as defined by GDPR Art. 6:

Consent (Art. 6(1)(a)): When you submit the contact form, you give explicit consent to process your name, email, and message so we can reply. You may withdraw this consent at any time. Analytics and marketing cookies are used only if you consent via the cookie banner.
Legitimate interests (Art. 6(1)(f)): We process technical and security-related data (such as server logs) to operate, protect, and improve the website. We have assessed that these interests are necessary and do not override your rights; you may object under Art. 21.
Legal obligation (Art. 6(1)(c)): Where retention or disclosure is required by Dutch or EU law (for example, responding to lawful requests from authorities).

6. Retention periods

We retain personal data only as long as necessary for the purposes described in this policy:

Contact form enquiries: Up to 24 months from the date of the last correspondence, or until you request deletion.
Server and access logs: Up to 90 days, after which they are automatically deleted.
Analytics data: Up to 26 months in aggregated, anonymised form.
Cookie consent records: Up to 12 months.

After the applicable retention period, data is securely deleted or anonymised beyond re-identification.

7. Third parties and processors

We do not sell, rent, or trade personal data. We may share limited data with processors who act only on our instructions and under a written data processing agreement (verwerkersovereenkomst) as required by Art. 28 GDPR:

Hosting provider: Stores website files and server logs. Located within the EEA or subject to appropriate safeguards.
Analytics provider: Only if you accept analytics cookies. Processes aggregated usage data under our instructions.
Content delivery (CDN): Font and icon libraries may process technical connection data (IP address, user agent) when loading assets. See the Cookie Policy.

We do not share your contact form data with third parties for their own marketing. We do not use your data for automated decision-making that produces legal or similarly significant effects.

8. International transfers

We aim to process personal data within the European Economic Area (EEA). If a processor is located outside the EEA, we ensure a valid transfer mechanism under GDPR Chapter V, such as an adequacy decision by the European Commission, Standard Contractual Clauses (SCCs), or another approved safeguard. You may request more information about specific transfers by contacting us.

9. Your rights under the AVG/GDPR

As a data subject under GDPR, you have the following rights:

Right of access (Art. 15): Request a copy of the personal data we hold about you.
Right to rectification (Art. 16): Request correction of inaccurate personal data.
Right to erasure (Art. 17): Request deletion of your personal data where there is no overriding legal basis to retain it.
Right to restriction (Art. 18): Request that we restrict processing of your data in certain circumstances.
Right to data portability (Art. 20): Receive your data in a structured, machine-readable format where applicable.
Right to object (Art. 21): Object to processing based on legitimate interests.
Right to withdraw consent: Where processing is based on consent, you may withdraw it at any time without affecting prior processing.

To exercise any of these rights, contact us at hello@naturalyoungherb.world. We will respond within one month, as required by Art. 12 GDPR. That period may be extended by two further months where necessary; we will inform you of any extension and the reasons.

If you believe we process your data unlawfully, you have the right to lodge a complaint with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens, AP):

Website: autoriteitpersoonsgegevens.nl
Telephone: +31 (0)70 888 8500

You may also seek a judicial remedy before a court in the Netherlands. We are not required to appoint a Data Protection Officer (functionaris gegevensbescherming) for our current processing activities; privacy enquiries can be sent to the contact details in section 1.

10. Security measures and data breaches

We implement appropriate technical and organisational measures to protect personal data against unauthorised access, alteration, disclosure, or destruction. These include HTTPS encryption for data in transit, access controls, and proportionate security reviews.

If a personal data breach is likely to pose a risk to your rights and freedoms, we will notify the AP without undue delay and, where feasible, within 72 hours of becoming aware of the breach, and we will inform affected individuals when required by Art. 34 GDPR.

11. Contact and amendments

For any questions about this Privacy Policy or to exercise your rights, contact us at:

Naturalyoungherb
Schieweg 30, 3039 BB Rotterdam, Netherlands
hello@naturalyoungherb.world
+31 6 38402910

We may update this policy periodically. The date at the top reflects the most recent revision. Material changes will be notified via a notice on this page.