top of page
Pink Poppy Flowers
Privacy Policy
Pink Poppy Flowers

Summary

We process personal data to operate our e-commerce (Wix), fulfil orders, provide the Placebo Tribe loyalty program, run our Digital Passport (NFC/QR), provide customer service, and conduct analytics/marketing (Google Analytics 4; Meta) with consent where required.

Categories of data
 

  • Identification & contact (name, email, phone, addresses)
     

  • Account data (login, preferences, Tribe level)
     

  • Order & fulfilment (products, payments, delivery, returns)
     

  • Device/usage (IP, device identifiers, logs)
     

  • Digital Passport data (unique item serial, activation status, tap/scan events, ownership registration metadata)
     

  • Marketing data (consents, campaign interactions, UTM, cookies/SDK signals)

     

Purposes & legal bases (GDPR Art. 6)
 

  • Contract: orders, accounts, returns, support.
     

  • Legal obligation: invoices, tax and accounting retention.
     

  • Legitimate interests: fraud prevention, service security, limited direct marketing to existing customers (opt-out anytime).
     

  • Consent: non-essential cookies/analytics/ads (GA4, Meta pixel/Conversions API), email/SMS marketing, Tribe profiling features (if any), and Digital Passport ownership registration beyond core product functions.
     

Digital Passport (NFC/QR)

Each eligible item includes a unique identifier. If you register ownership, we link your account ID to the item’s serial to enable features. If the NFC/QR label is destroyed or removed, we cannot reissue a Digital Passport for that item. Registration is optional; some features may be unavailable if you opt out.

Sharing
 

  • Payment providers, warehouses, carriers and returns partners (fulfilment)
     

  • Wix (hosting/e-commerce), IT/security providers (hosting, logging, anti-fraud)
     

  • Google (Analytics) and Meta (ads/measurement) — only with consent where required
     

  • Professional advisers and authorities (where legally required)
     

International transfers

We use providers in and outside the EEA. We rely on adequacy decisions or EU Standard Contractual Clauses plus supplementary measures where appropriate.

Retention
 

  • Order data: kept per statutory periods (e.g., accounting/tax).
     

  • Marketing consents/analytics identifiers: kept until withdrawn, or per tool settings; consent logs retained for compliance (typically up to 36 months).
     

  • Digital Passport logs: retained while the feature is active, then anonymised/aggregated where possible.
     

Your rights

Access, rectification, erasure, restriction, portability, objection, and withdraw consent at any time (without affecting lawfulness before withdrawal). You may contact IMY (Sweden) or your local authority.
Cookies
See our Cookie Policy for details on cookies, SDKs and consent choices. Change preferences anytime via the “Cookie settings” link in the site footer.

Contact

For privacy questions, email contact@placebodesignlab.com.

bottom of page