Privacy Policy

1) INFORMATION ON THE COLLECTION OF PERSONAL DATA AND CONTACT DETAILS OF THE CONTROLLER

1.1 We are pleased that you are visiting our website and thank you for your interest. Below, we inform you about how we handle your personal data when you use our website. Personal data means all data by which you can be personally identified.

1.2 The controller responsible for data processing on this website within the meaning of applicable data protection law (including the UK GDPR and EU GDPR where applicable) is:
GentleFlow
Email: support@gentleflow.co.uk
The controller is the natural or legal person who alone or jointly with others determines the purposes and means of processing personal data.

1.3 For security reasons and to protect the transmission of personal data and other confidential content (e.g. orders or enquiries), this website uses SSL or TLS encryption. You can recognise an encrypted connection by the string “https://” and the lock symbol in your browser line.

2) DATA COLLECTION WHEN VISITING OUR WEBSITE

If you use our website for informational purposes only (i.e. you do not register or otherwise provide information), we only collect the data that your browser transmits to our server (so-called “server log files”). When you access our website, we collect the following data, which is technically necessary to display the website to you:

  • The website visited

  • Date and time of access

  • Amount of data sent in bytes

  • Source/referrer from which you came to the page

  • Browser used

  • Operating system used

  • IP address (where applicable: in anonymised form)

Processing is carried out on the basis of our legitimate interest in improving the stability and functionality of our website. This data is not disclosed or used in any other way. However, we reserve the right to review the server log files retrospectively if there are specific indications of unlawful use.

3) COOKIES

To make your visit to our website attractive and to enable the use of certain functions, we use cookies on various pages. Cookies are small text files that are stored on your device.

Some of the cookies we use are deleted after you close your browser (so-called session cookies). Other cookies remain on your device and enable us or our partner companies (third-party cookies) to recognise your browser when you visit again (persistent cookies). When cookies are set, they collect and process certain user information (e.g. browser and location data, IP values) in an individual scope. Persistent cookies are automatically deleted after a specified period, which may differ depending on the cookie.

In some cases, cookies simplify the ordering process by saving settings (e.g. remembering the contents of a virtual shopping cart for a later visit). Where cookies implemented by us process personal data, processing is carried out either for the performance of a contract or on the basis of our legitimate interests in the best possible functionality of the website and a customer-friendly and effective design of your visit.

We may work with advertising partners who help us make our online offering more interesting. For this purpose, when you visit our website, cookies from partner companies may also be stored on your device (third-party cookies). Where we work with such partners, you will be informed about the use of such cookies and the scope of information collected in the sections below.

You can configure your browser so that you are informed about cookies being set and can decide individually whether to accept them or exclude the acceptance of cookies for certain cases or in general. Each browser differs in how it manages cookie settings. This is described in your browser’s help menu.

Please note that if you do not accept cookies, the functionality of our website may be limited.

4) CONTACTING US

If you contact us (e.g. via a contact form or email), personal data will be collected. Which data is collected in the case of a contact form can be seen from the respective form. This data is stored and used exclusively for the purpose of responding to your enquiry or contacting you and the associated technical administration.

The legal basis for processing is our legitimate interest in responding to your enquiry. If your contact is aimed at concluding a contract, the additional legal basis is the performance of a contract. Your data will be deleted after final processing of your enquiry, provided there are no statutory retention obligations.

5) DATA PROCESSING WHEN OPENING A CUSTOMER ACCOUNT AND FOR CONTRACT PERFORMANCE

Personal data is collected and processed when you provide it to us for the performance of a contract or when opening a customer account. Which data is collected can be seen from the respective input forms.

You may delete your customer account at any time by sending a message to the controller. We store and use the data you provide for contract performance. After full contract processing or deletion of your account, your data will be restricted with regard to statutory retention periods and deleted after these periods, unless you have expressly consented to further use or further lawful processing is permitted.

6) USE OF YOUR DATA FOR DIRECT MARKETING

6.1 Newsletter subscription
If you subscribe to our email newsletter, we will regularly send you information about our offers. The only required information is your email address. Any further details are voluntary and used to address you personally.

We use the double opt-in procedure. This means we will only send you a newsletter once you have expressly confirmed your subscription. We then send a confirmation email asking you to confirm by clicking a link.

By activating the confirmation link, you consent to the use of your personal data. When you subscribe, we also store your IP address and the date and time of registration to be able to trace possible misuse of your email address.

You can unsubscribe at any time via the link in the newsletter or by messaging the controller. After unsubscribing, your email address will be deleted from the mailing list unless you have expressly consented to further use or further lawful processing is permitted.

6.2 Newsletter to existing customers
If you provided your email address when purchasing goods or services, we may send you offers for similar goods or services from our range by email. You can object to this use at any time with effect for the future by notifying the controller. After receiving your objection, we will stop using your email address for this purpose.

7) DATA PROCESSING FOR ORDER HANDLING

7.1 We transfer your personal data to the shipping company commissioned with delivery insofar as this is necessary to deliver the goods. We transfer your payment data to the commissioned payment institution insofar as this is necessary for payment processing.

7.2 Payment service providers

  • PayPal
    If you pay via PayPal (including credit card via PayPal, direct debit via PayPal, or where offered invoice purchase/instalments), your payment data will be transferred to PayPal (Europe) S.à r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg (“PayPal”), insofar as necessary for payment processing. PayPal may carry out credit checks for certain payment methods. Further information can be found in PayPal’s privacy policy.

  • SOFORT
    If you choose the payment method “SOFORT”, payment processing is carried out by SOFORT GmbH, Theresienhöhe 12, 80339 Munich, Germany (“SOFORT”), a company within the Klarna Group. We transfer the information you provide during the ordering process, together with order information, to SOFORT solely for the purpose of payment processing and only insofar as necessary. Further information is available in SOFORT/Klarna’s privacy information.

8) CONTACT FOR REVIEW REMINDERS

We use your email address for a one-time reminder to submit a review of your order for the review system we use, provided you have given us your express consent. You can withdraw your consent at any time by messaging the controller.

9) USE OF SOCIAL MEDIA: SOCIAL PLUGINS

9.1 Facebook plugins (Shariff solution)
This website uses social plugins (“plugins”) of the social network Facebook. To increase the protection of your data when you visit our website, these buttons are not integrated as full plugins but only via an HTML link. This ensures that no connection to Facebook servers is established when a page containing such buttons is accessed. When you click the button, a new browser window opens and calls up Facebook, where you can interact with the plugins.

Purpose and scope of data collection and the further processing and use of data by Facebook, as well as your rights and setting options to protect your privacy, can be found in Facebook’s data protection information.

9.2 Instagram plugin (Shariff solution)
This website uses social plugins of Instagram. For data protection reasons, the buttons are integrated via an HTML link. When you click the button, a new browser window opens and calls up Instagram, where you can interact with the plugins. Further information is available in Instagram’s privacy information.

10) ONLINE MARKETING

10.1 DoubleClick by Google
This website uses the online marketing tool DoubleClick by Google. DoubleClick uses cookies to serve relevant ads, improve campaign performance reporting, and avoid showing the same ads repeatedly. Google uses a cookie ID to record which ads are displayed in which browser.

You can disable cookies for conversion tracking by adjusting your browser settings or by using Google’s ad settings.

Further information about DoubleClick by Google can be found in Google’s privacy policy.

10.2 Google Ads Conversion Tracking
This website uses Google Ads and conversion tracking. Cookies are used to create conversion statistics for Google Ads customers. You can prevent participation in this tracking by disabling the relevant cookies in your browser settings. Further information can be found in Google’s privacy information.

11) WEB ANALYTICS SERVICES

Google (Universal) Analytics
This website uses Google Analytics, a web analytics service provided by Google. Google Analytics uses cookies to analyse your use of the website. The information generated by the cookie about your use of this website is usually transferred to a Google server and stored there.

This website uses Google Analytics with IP anonymisation, so your IP address is truncated within the UK/EU/EEA before transmission. Only in exceptional cases is the full IP address transmitted and shortened there.

You can prevent the storage of cookies by adjusting your browser settings. You can also prevent the collection and processing of data by Google by downloading and installing a browser plugin.

12) RETARGETING / REMARKETING / RECOMMENDATION ADVERTISING

Facebook Custom Audiences (Pixel)
This website uses the Facebook Pixel. With your consent, it can track user behaviour after users have seen or clicked a Facebook ad. This helps evaluate ad effectiveness and optimise future advertising. Data collected is anonymous to us, but stored and processed by Facebook and may be linked to user profiles. You can disable cookies or opt out via appropriate settings.

Google Ads Remarketing
Our website uses Google Ads remarketing features to advertise this website in Google search results and on third-party websites. Google uses cookies to enable interest-based advertising. You can disable this by adjusting your settings and/or installing Google’s relevant tools.

13) RIGHTS OF THE DATA SUBJECT

You have rights regarding your personal data, including:

  • Right of access

  • Right to rectification

  • Right to erasure

  • Right to restriction of processing

  • Right to data portability

  • Right to withdraw consent at any time

  • Right to lodge a complaint with a supervisory authority

Right to object: If we process your personal data based on legitimate interests, you have the right to object to this processing at any time for reasons arising from your particular situation. If your data is processed for direct marketing, you have the right to object at any time.

14) DURATION OF STORAGE OF PERSONAL DATA

The duration of storage of personal data is based on statutory retention periods (e.g. commercial and tax retention periods). After expiry of the period, the corresponding data is routinely deleted unless it is required for contract performance or contract initiation and/or we no longer have a legitimate interest in further storage.