Cloris FloristCloris
es
← Back to home

Privacy policy

Information template aligned with GDPR and Spanish data protection law. Complete bracketed sections and adapt to your real processing (vendors, cookies, etc.).

1. Data controller

[Company name] — Tax ID: [NIF/CIF] — Address: [address] — Email: [privacy contact email].

2. Purposes and legal basis

  • Order and enquiry handling (web form, email, phone): legal basis in pre-contractual or contractual measures (GDPR Art. 6.1.b).
  • Legal obligations (invoicing, tax): GDPR Art. 6.1.c.
  • Web analytics (if you enable cookies or analytics tools): consent (Art. 6.1.a) or legitimate interest depending on setup; describe precisely here.

3. Retention

Data are kept as long as needed for the purpose and, where applicable, for legal retention periods (e.g. commercial or tax).

4. Recipients

We will not share data with third parties except where required by law or needed to provide the service (e.g. courier, payment gateway or transactional email such as Resend). List processors and links to their policies here if applicable.

5. Rights

You may exercise access, rectification, erasure, objection, restriction and portability by writing to [email], proving your identity. You may complain to the Spanish Data Protection Agency (www.aepd.es).

6. Security

We apply appropriate technical and organisational measures to protect personal data against unauthorised access, loss or alteration.

Flora Assistant — Chat processing

Cloris offers an automated assistant named Flora inside the site (🌸 button in the bottom-right corner). Your messages are processed on a server to generate a response, but the conversation content is not persistently stored.

When you close the browser tab, the conversation is no longer accessible. After 15 minutes of inactivity, the server purges the session context.

Flora can read the public catalog (products, shipping settings) to answer questions. It has no access to orders or other customers' data.

Site analytics

We record anonymous page visits in an internal table hosted on Supabase. We store only: visited path, a random anonymous identifier (no personal data), referrer origin (no full URL) and timestamp. We do not store IP nor user agent. This data is used to understand which pages are useful and is kept for a maximum of 12 months.