Privacy Policy & GDPR Compliance

Last updated: February 2026

Fontaine Farm SRL (“we”, “us”, “our”) is committed to protecting your personal data in compliance with the General Data Protection Regulation (EU) 2016/679 (“GDPR”) and Belgian data protection legislation.

1. Data Controller

Fontaine Farm SRL

Rue Dieudonné Lefèvre 17, 1020 Brussels, Belgium (Greenbizz.brussels)

VAT: BE 1004.190.223

Data Protection Contact: daniel@garden-stack.com

2. What Personal Data We Collect

We collect and process the following categories of personal data:

Category	Data collected	Purpose
Identity	Full name	Order fulfilment, communication
Contact	Email address, phone number	Order confirmation, customer support, marketing (with consent)
Delivery	Shipping address	Order delivery
Payment	Payment card details (processed by Stripe — we do not store card numbers)	Transaction processing
Browsing	IP address, browser type, pages visited, device information	Website analytics, improvement, and security

3. Legal Basis for Processing

We process your personal data under the following legal bases:

Contract performance (Art. 6(1)(b) GDPR): Processing necessary to fulfil your order, deliver products, and provide customer support.
Legitimate interests (Art. 6(1)(f) GDPR): Website analytics, fraud prevention, and improving our services. Our legitimate interest does not override your fundamental rights and freedoms.
Consent (Art. 6(1)(a) GDPR): Marketing communications, non-essential cookies, and analytics tracking. You may withdraw consent at any time.
Legal obligation (Art. 6(1)(c) GDPR): Tax and accounting record-keeping as required by Belgian law.

4. Data Processors (Third Parties)

We share your data with the following third-party processors, each bound by data processing agreements:

Processor	Purpose	Location	Safeguards
Stripe	Payment processing	United States	Standard Contractual Clauses (SCCs)
Plunk	Transactional and marketing email	United States	Standard Contractual Clauses (SCCs)
Vercel	Website hosting	United States	Standard Contractual Clauses (SCCs)
Google Analytics	Website analytics and performance measurement	United States	Standard Contractual Clauses (SCCs)
Microsoft Clarity	User behaviour analytics (heatmaps, session recordings)	United States	Standard Contractual Clauses (SCCs)

5. International Data Transfers

Some of our data processors are located in the United States. For these transfers, we rely on Standard Contractual Clauses (SCCs) as approved by the European Commission to ensure an adequate level of data protection in compliance with Articles 44–49 of the GDPR.

6. Data Retention

Order and transaction data: 7 years from the date of purchase (as required by Belgian accounting and tax law).
Marketing consent records: Retained until you withdraw your consent.
Analytics data: 26 months (Google Analytics default retention period).
Customer support correspondence: 3 years after the last interaction.

After the retention period expires, your data is securely deleted or anonymised.

7. Your Rights Under GDPR

As a data subject, you have the following rights:

Right of access (Art. 15): Request a copy of the personal data we hold about you.
Right to rectification (Art. 16): Request correction of inaccurate or incomplete data.
Right to erasure (Art. 17): Request deletion of your personal data (“right to be forgotten”), subject to legal retention obligations.
Right to restriction of processing (Art. 18): Request that we limit processing of your data in certain circumstances.
Right to data portability (Art. 20): Receive your personal data in a structured, commonly used, machine-readable format.
Right to object (Art. 21): Object to processing based on legitimate interests, including direct marketing.
Right to withdraw consent (Art. 7(3)): Withdraw consent at any time, without affecting the lawfulness of processing before withdrawal.

8. How to Exercise Your Rights

To exercise any of your rights, please contact us at:

Email: daniel@garden-stack.com

Please include your full name and order number (if applicable) so we can verify your identity. We will respond to your request within 30 days as required by the GDPR.

9. Cookies

Our website uses cookies and similar tracking technologies. For detailed information about the cookies we use and how to manage your preferences, please refer to our Cookie Policy.

10. Data Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction. These measures include encryption of data in transit (TLS/SSL), secure payment processing via Stripe (PCI-DSS compliant), and access controls for internal systems.

11. Supervisory Authority

If you believe that our processing of your personal data infringes the GDPR, you have the right to lodge a complaint with the Belgian supervisory authority:

Autorité de protection des données / Gegevensbeschermingsautoriteit

Rue de la Presse 35, 1000 Brussels, Belgium

Phone: +32 2 274 48 00

Website: www.dataprotectionauthority.be

12. Changes to This Policy

We may update this privacy policy from time to time to reflect changes in our practices or applicable law. Any significant changes will be communicated via our website. We encourage you to review this page periodically.

13. Contact Us

For any questions or concerns about this privacy policy or our data practices:

Email: daniel@garden-stack.com
Phone: +32 485 709 027
Hours: Monday – Friday, 09:00 – 18:00
Address: Fontaine Farm SRL, Rue Dieudonné Lefèvre 17, 1020 Brussels, Belgium