Privacy Policy

1. Who we are — the Controller

The data controller responsible for your personal data is:

Herbs Fusion SRL (trading as Meridian Advisory)
Registered office: Str. Ceahlău 24, Voluntari, Ilfov, 077190, Romania
Trade Register no.: J23/6579/2021 · Sole registration code (CUI): 45107350 · VAT: RO45107350
Email: hello@gomeridian.eu

We have not appointed a statutory Data Protection Officer (DPO) as we are not required to under Article 37 GDPR; however, you may direct all privacy queries to the email above. As we are established in the European Union (Romania), an Article 27 representative is not required.

2. Scope

This policy applies to personal data we process about visitors to this website, prospective and actual clients and their representatives, newsletter subscribers, and other individuals who contact us. It does not apply to third-party websites we link to.

3. The personal data we process

Category Examples Source
Identity & contact data Name, business email, telephone, company/brand name, role You
Enquiry & commercial data Approximate revenue, target markets, your message, product/formulation details you submit for a compliance screen You
Order & transaction data Products purchased, order value, billing details, payment confirmation (we do not store full card numbers) You / payment provider
Technical & usage data IP address, device and browser type, operating system, pages viewed, referring source, time stamps, interactions Collected automatically via cookies (see §6)
Marketing preferences Your consent choices and subscription status You

We do not intentionally collect special categories of data (Article 9 GDPR). Please do not send us such data unless strictly necessary.

4. Purposes and legal bases (Article 6 GDPR)

Purpose Legal basis
Responding to enquiries and preparing quotes/proposals Art. 6(1)(b) — pre-contractual steps at your request; and/or 6(1)(a) consent
Providing our services and performing your order Art. 6(1)(b) — performance of a contract
Taking payment and keeping accounting/tax records Art. 6(1)(c) — legal obligation (Romanian accounting and tax law)
Sending our newsletter/marketing (where you subscribe) Art. 6(1)(a) — consent (withdrawable at any time)
Analytics cookies to measure and improve the site Art. 6(1)(a) — consent
Advertising and remarketing cookies (Meta, Google, TikTok) Art. 6(1)(a) — consent
Site security, fraud prevention, and defending legal claims Art. 6(1)(f) — legitimate interests

Where we rely on legitimate interests, we have balanced those interests against your rights; you may object at any time (see §10).

5. If you do not provide data

Identity and contact data are necessary to respond to you and to enter into and perform a contract. Without it we may be unable to provide our services. Analytics and marketing data are optional and depend on your consent.

6. Cookies, analytics and advertising

We use strictly necessary cookies to operate the site and process orders. We do not place analytics or advertising cookies until you give consent through our cookie banner. With your consent we use:

  • Google Analytics 4 (Google Ireland Ltd.) — audience measurement and site improvement.
  • Meta Pixel (Meta Platforms Ireland Ltd.) — advertising measurement and remarketing on Facebook and Instagram.
  • Google Ads — conversion tracking and remarketing.
  • TikTok Pixel (TikTok Technology Ltd.), where used — advertising measurement.

You can change or withdraw consent at any time via the cookie banner or the “Cookie settings” link in the footer, and via your browser settings. You may opt out of personalised advertising through Google Ads Settings, your Meta ad preferences, and youronlinechoices.eu. See our Cookie Policy for the full list, purposes and durations.

7. Who we share your data with (recipients & processors)

We disclose personal data only to trusted recipients who process it on our behalf under Article 28 GDPR data-processing agreements, or where required by law:

  • Website and hosting: Shopify International Ltd.
  • Analytics and advertising: Google, Meta, TikTok (subject to your consent)
  • Payment processing: our payment service providers
  • Email, CRM and communication tools
  • Our vetted EU and international partners (regulatory, legal, customs and fulfillment specialists) strictly where needed to deliver your engagement
  • Professional advisers, auditors, and public authorities where legally required

We do not sell your personal data.

8. International transfers

Because we operate a corridor between India and the European Union, and use service providers that may process data outside the European Economic Area (including in India and the United States), your data may be transferred internationally. Where this occurs, we rely on an adequacy decision where available, or on appropriate safeguards under Article 46 GDPR — principally the European Commission’s Standard Contractual Clauses — and supplementary measures where necessary. You may request a copy of the relevant safeguards by contacting us.

9. How long we keep your data (retention)

Data Retention period
Enquiries that do not become clients Up to 24 months from last contact
Client engagement records Duration of the engagement + up to 3 years (limitation periods)
Invoicing and accounting records Up to 10 years (Romanian accounting law)
Newsletter data Until you unsubscribe/withdraw consent
Cookie/analytics data Per the durations in the Cookie Policy

When no longer needed, data is securely deleted or anonymised.

10. Your rights

Subject to the conditions in the GDPR, you have the right to: (a) access your data; (b) rectification; (c) erasure (“right to be forgotten”); (d) restriction of processing; (e) data portability; (f) object to processing based on legitimate interests or to direct marketing; and (g) withdraw consent at any time, without affecting the lawfulness of processing before withdrawal.

To exercise any right, email hello@gomeridian.eu. We will respond within one month (extendable by two further months for complex requests). We may need to verify your identity.

You also have the right to lodge a complaint with a supervisory authority — in Romania, the National Supervisory Authority for Personal Data Processing (ANSPDCP), B-dul G-ral. Gheorghe Magheru 28-30, Sector 1, 010336 Bucharest, www.dataprotection.ro — or with the authority in your country of residence.

11. Automated decision-making

We do not carry out automated decision-making producing legal or similarly significant effects on you within the meaning of Article 22 GDPR.

12. Children

Our website and services are directed at businesses and professionals and are not intended for children. We do not knowingly collect data from anyone under 16.

13. Security

We implement appropriate technical and organisational measures to protect personal data against unauthorised access, loss or alteration, including access controls, encryption in transit, and vendor due diligence. No transmission over the internet is completely secure, but we continually review our safeguards.

14. Changes to this policy

We may update this policy from time to time. The “last updated” date shows the current version, and we will highlight material changes on this page.

15. Contact

For any question about this policy or your personal data, contact hello@gomeridian.eu.

Legal

Privacy Policy

Herbs Fusion SRL, trading as Meridian Advisory · established in the European Union (Romania)

1. Who we are — the Controller

The data controller responsible for your personal data is:

Herbs Fusion SRL (trading as Meridian Advisory)
Registered office: Str. Ceahlău 24, Voluntari, Ilfov, 077190, Romania
Trade Register no.: J23/6579/2021 · Sole registration code (CUI): 45107350 · VAT: RO45107350
Email: hello@gomeridian.eu

We have not appointed a statutory Data Protection Officer (DPO) as we are not required to under Article 37 GDPR; however, you may direct all privacy queries to the email above. As we are established in the European Union (Romania), an Article 27 representative is not required.

2. Scope

This policy applies to personal data we process about visitors to this website, prospective and actual clients and their representatives, newsletter subscribers, and other individuals who contact us. It does not apply to third-party websites we link to.

3. The personal data we process

Category Examples Source
Identity & contact data Name, business email, telephone, company/brand name, role You
Enquiry & commercial data Approximate revenue, target markets, your message, product/formulation details you submit for a compliance screen You
Order & transaction data Products purchased, order value, billing details, payment confirmation (we do not store full card numbers) You / payment provider
Technical & usage data IP address, device and browser type, operating system, pages viewed, referring source, time stamps, interactions Collected automatically via cookies (see §6)
Marketing preferences Your consent choices and subscription status You

We do not intentionally collect special categories of data (Article 9 GDPR). Please do not send us such data unless strictly necessary.

4. Purposes and legal bases (Article 6 GDPR)

Purpose Legal basis
Responding to enquiries and preparing quotes/proposals Art. 6(1)(b) — pre-contractual steps at your request; and/or 6(1)(a) consent
Providing our services and performing your order Art. 6(1)(b) — performance of a contract
Taking payment and keeping accounting/tax records Art. 6(1)(c) — legal obligation (Romanian accounting and tax law)
Sending our newsletter/marketing (where you subscribe) Art. 6(1)(a) — consent (withdrawable at any time)
Analytics cookies to measure and improve the site Art. 6(1)(a) — consent
Advertising and remarketing cookies (Meta, Google, TikTok) Art. 6(1)(a) — consent
Site security, fraud prevention, and defending legal claims Art. 6(1)(f) — legitimate interests

Where we rely on legitimate interests, we have balanced those interests against your rights; you may object at any time (see §10).

5. If you do not provide data

Identity and contact data are necessary to respond to you and to enter into and perform a contract. Without it we may be unable to provide our services. Analytics and marketing data are optional and depend on your consent.

6. Cookies, analytics and advertising

We use strictly necessary cookies to operate the site and process orders. We do not place analytics or advertising cookies until you give consent through our cookie banner. With your consent we use:

  • Google Analytics 4 (Google Ireland Ltd.) — audience measurement and site improvement.
  • Meta Pixel (Meta Platforms Ireland Ltd.) — advertising measurement and remarketing on Facebook and Instagram.
  • Google Ads — conversion tracking and remarketing.
  • TikTok Pixel (TikTok Technology Ltd.), where used — advertising measurement.

You can change or withdraw consent at any time via the cookie banner or the “Cookie settings” link in the footer, and via your browser settings. You may opt out of personalised advertising through Google Ads Settings, your Meta ad preferences, and youronlinechoices.eu. See our Cookie Policy for the full list, purposes and durations.

7. Who we share your data with (recipients & processors)

We disclose personal data only to trusted recipients who process it on our behalf under Article 28 GDPR data-processing agreements, or where required by law:

  • Website and hosting: Shopify International Ltd.
  • Analytics and advertising: Google, Meta, TikTok (subject to your consent)
  • Payment processing: our payment service providers
  • Email, CRM and communication tools
  • Our vetted EU and international partners (regulatory, legal, customs and fulfillment specialists) strictly where needed to deliver your engagement
  • Professional advisers, auditors, and public authorities where legally required

We do not sell your personal data.

8. International transfers

Because we operate a corridor between India and the European Union, and use service providers that may process data outside the European Economic Area (including in India and the United States), your data may be transferred internationally. Where this occurs, we rely on an adequacy decision where available, or on appropriate safeguards under Article 46 GDPR — principally the European Commission’s Standard Contractual Clauses — and supplementary measures where necessary. You may request a copy of the relevant safeguards by contacting us.

9. How long we keep your data (retention)

Data Retention period
Enquiries that do not become clients Up to 24 months from last contact
Client engagement records Duration of the engagement + up to 3 years (limitation periods)
Invoicing and accounting records Up to 10 years (Romanian accounting law)
Newsletter data Until you unsubscribe/withdraw consent
Cookie/analytics data Per the durations in the Cookie Policy

When no longer needed, data is securely deleted or anonymised.

10. Your rights

Subject to the conditions in the GDPR, you have the right to: (a) access your data; (b) rectification; (c) erasure (“right to be forgotten”); (d) restriction of processing; (e) data portability; (f) object to processing based on legitimate interests or to direct marketing; and (g) withdraw consent at any time, without affecting the lawfulness of processing before withdrawal.

To exercise any right, email hello@gomeridian.eu. We will respond within one month (extendable by two further months for complex requests). We may need to verify your identity.

You also have the right to lodge a complaint with a supervisory authority — in Romania, the National Supervisory Authority for Personal Data Processing (ANSPDCP), B-dul G-ral. Gheorghe Magheru 28-30, Sector 1, 010336 Bucharest, www.dataprotection.ro — or with the authority in your country of residence.

11. Automated decision-making

We do not carry out automated decision-making producing legal or similarly significant effects on you within the meaning of Article 22 GDPR.

12. Children

Our website and services are directed at businesses and professionals and are not intended for children. We do not knowingly collect data from anyone under 16.

13. Security

We implement appropriate technical and organisational measures to protect personal data against unauthorised access, loss or alteration, including access controls, encryption in transit, and vendor due diligence. No transmission over the internet is completely secure, but we continually review our safeguards.

14. Changes to this policy

We may update this policy from time to time. The “last updated” date shows the current version, and we will highlight material changes on this page.

15. Contact

For any question about this policy or your personal data, contact hello@gomeridian.eu.