Privacy Policy

Effective date: 18 October 2025
Last updated: 15 December 2025

1. Introduction

This Privacy Policy explains how Naturoki (“we”, “our”, “us”) collects, uses, and protects your personal data when you visit our website www.naturoki.com, subscribe to our newsletter, or use our services.

We comply with the General Data Protection Regulation (EU) 2016/679 (GDPR) and the Dutch GDPR Implementation Act (UAVG). We are committed to handling your personal data transparently, lawfully, and securely.

2. Data Controller

Naturoki
Registered office: Haarlem, the Netherlands (Full registered address available on request)
Chamber of Commerce (KvK): 66971756
VAT (BTW): NL002505237B08
Email: solene_at_naturoki.com (use the …@… format)
You can also contact us via our online contact form.

3. Type of Personal Data Collected

We may collect and process the following categories of data, depending on your interaction with our website or services:

Information you provide directly:

  • First and last name
  • Email address
  • Birth date, time, and place (for Human Design charts)
  • Energy type, profile, strategy, and authority (if you share these)
  • Contact form messages
  • Billing or payment information

Information collected automatically:

  • IP address, browser type, and device data
  • Pages visited and session duration
  • Cookies data (only the necessary ones for this website, no marketing or tracking at the moment)

Information from third parties:

  • Mailchimp (newsletter and marketing)
  • HubSpot or other CRM integrations (if applicable)
  • Stripe (payments and invoicing)
  • BodyGraph (Human Design chart generation)

4. Purpose and Legal Basis for Processing

Purpose

Legal Basis

To provide services and generate Human Design charts

Contract performance (Art. 6(1)(b)) or consent (Art. 6(1)(a))

To send newsletters and updates via Mailchimp

Consent (Art. 6(1)(a))

To process payments and issue invoices (Stripe)

Contract performance (Art. 6(1)(b))

To manage client relationships (HubSpot or CRM)

Legitimate interest (Art. 6(1)(f))

To respond to inquiries or contact requests

Legitimate interest (Art. 6(1)(f))

To secure and host the website

Legitimate interest (Art. 6(1)(f))

To comply with legal or fiscal obligations

Legal obligation (Art. 6(1)(c))

You may withdraw your consent at any time without affecting prior lawful processing.

5. Use of Third-Party Services

WordPress and Elementor (Website Platform)

Our website is built using WordPress and Elementor, which may use cookies or load assets (such as fonts and scripts) from content delivery networks (CDNs). These tools collect anonymized technical data such as IP address and browser type to ensure website functionality.
WordPress.org Privacy Policy
Elementor Privacy Policy

WPForms and Google reCAPTCHA (Contact Forms)

We use WPForms for contact forms to allow visitors to reach us securely.
To prevent spam, the forms use Google reCAPTCHA, which may collect your IP address and usage data to verify that you are not a bot.
WPForms Privacy Policy
Google Privacy Policy

Scaleway (Website Hosting)

Our website is hosted by Scaleway SAS, headquartered in France.
Scaleway processes server logs that may include visitors’ IP addresses for security and maintenance purposes. Data is stored within the European Union.
Scaleway Privacy Policy

Google Meet (Videocall for live sessions)

When you participate in a 1:1 live session via Google Meet, we may process personal data necessary to facilitate the videocall, including:

  • Your name and email address (used by Google to join the meeting)

  • Audio, video, and any text/chat content shared during the session

  • Metadata related to your participation, such as connection timestamps

Google Meet is operated by Google LLC or its regional data controllers. Google may process personal data under its own privacy policy and may transfer data outside the EU/EEA under the EU-U.S. Data Privacy Framework or other safeguards.

Google Privacy Policy

MailerLite (Email Marketing)

We use MailerLite to manage our email marketing and send newsletters or updates.
By subscribing to our mailing list, you acknowledge that your information will be transferred to MailerLite for processing.
You can unsubscribe at any time by clicking the link in our emails.
Learn more about MailerLite’s privacy practices here: MailerLite’s privacy policy

HubSpot (CRM and Marketing Automation)

We use HubSpot (HubSpot Inc., headquartered in the United States, with EU branches in Ireland and Germany) on a limited basis for customer-relationship management, form submissions, and email communication.
HubSpot may process personal data such as your name, email address, and message details to help us manage interactions and improve our communication.

HubSpot participates in the EU–U.S. Data Privacy Framework and provides appropriate safeguards for transfers of personal data outside the European Economic Area in accordance with the GDPR.
HubSpot’s Privacy Policy.

Stripe (Payments and Invoicing)

We use Stripe Payments Europe Ltd. and Stripe, Inc. for secure payment processing.
Stripe collects payment-related data including name, email address, billing address, payment method, and transaction details.
Stripe complies with the EU–U.S. Data Privacy Framework and the Payment Card Industry Data Security Standard (PCI-DSS).
Stripe Privacy Policy

Google Drive and Microsoft (Document Storage)

We use Google Drive and Microsoft OneDrive to store invoices and business records.
These platforms may process limited client data (e.g., names, contact details on invoices).
Both providers participate in the EU–U.S. Data Privacy Framework and apply strong encryption and access controls.
Google Privacy Policy
Microsoft Privacy Statement

BodyGraph (Human Design Platform)

We use BodyGraph (operated by BodyGraph Chart / Jovian Archive or affiliated providers) to generate Human Design charts and reports.
To create a chart, the following personal data is processed:

  • Name
  • Date, time, and place of birth

This data is stored on BodyGraph servers for approximately 90 days, after which it is automatically deleted. Processing is based on your consent or the performance of a contract.
BodyGraph Privacy Policy 

Make.com (Automations and Integrations)

We use Make.com (formerly Integromat) to automate some workflows between tools (for example, connecting our website, email system, and forms).
This means your data may be securely transferred between these systems to ensure you receive your requested resources (like your Human Design chart or report).
Make.com does not use or share your data beyond these purposes.
Read Make’s privacy policy here: https://www.make.com/en/privacy-policy

ManyChat (Message automation)

We use ManyChat to automate direct messages on Instagram and other supported platforms.
If you comment with a keyword or send us a DM, your data (e.g., your username and message) may be processed by ManyChat to deliver the requested information or resources automatically.
You can opt out of automated communication at any time by messaging “STOP.”
ManyChat’s privacy policy: https://manychat.com/privacy.html

6. Cookies and Tracking

Our website currently does not use cookies or similar tracking technologies other than those that are strictly necessary for its basic operation and security (for example, those used by our hosting provider or spam-protection tools such as Google reCAPTCHA).

If we introduce analytical or marketing cookies in the future, we will update this Privacy Policy and, where required, request your explicit consent before such cookies are placed.

7. Data Retention

Data Type

Retention Period

Mailchimp newsletter data

Until you unsubscribe

Contact form messages

Up to 12 months

Payment and invoicing data (Stripe)

7 years (legal obligation)

BodyGraph chart data

90 days (auto-deleted)

Website analytics and cookies

14 months (default)

CRM records

Duration of relationship + 7 years (legal retention)

After these periods, data is securely deleted or anonymized.

8. Data Sharing and International Transfers

Some of our service providers are based outside the European Economic Area (EEA), primarily in the United States.
When data is transferred outside the EEA, we ensure adequate protection through one of the following mechanisms:

  • Participation in the EU–U.S. Data Privacy Framework, or
  • Standard Contractual Clauses (SCCs) approved by the European Commission.

9. Your GDPR Rights

You have the following rights under the GDPR:

  • Access your personal data
  • Rectify incorrect or incomplete data
  • Erase your data (“right to be forgotten”)
  • Restrict or object to processing
  • Data portability (receive data in a structured format)
  • Withdraw consent at any time

To exercise your rights, contact us at solene_at_naturoki.com (use the usual …@… format).
If you believe your rights have been violated, you may lodge a complaint with the Autoriteit Persoonsgegevens (Dutch Data Protection Authority):
https://autoriteitpersoonsgegevens.nl

10. Security

We apply technical and organizational measures such as encryption, SSL certificates, secure hosting, and restricted access to protect your personal data against loss, alteration, or unauthorized access.

11. Changes to This Privacy Policy

We may update this Privacy Policy periodically. The latest version will always be available on our website with the date of the last revision clearly stated.

12. Contact

If you have questions or requests regarding this Privacy Policy, please contact:
Naturoki
Haarlem, The Netherlands (Full registered address available on request)
Email: solene_at_naturoki.com (use the …@… format)
Or use our online contact form.