Hoeray
NL|EN

Privacy Statement

Last updated: March 2026

Hoeray attaches great importance to the protection of your personal data. In this privacy statement, we explain what data we collect, why we do so, and how we handle it. This statement applies to all services provided by Hoeray.

1. Identity of the controller

Hoeray (trade name)

Established in Amsterdam, the Netherlands

KVK: [to be added]

Email: hello@hoeray.com

2. What personal data we process

Customer data

  • Name
  • Email address
  • Phone number
  • Address details
  • Chamber of Commerce number
  • VAT number

Employee data (via HR integration)

  • Name
  • Date of birth
  • Address details
  • Start date of employment
  • End date of employment

Usage data (functional only)

  • IP address
  • Browser type

3. Purposes of processing

  • Delivering our services (sending birthday cards and flowers)
  • Invoicing and administration
  • Communication about the service
  • Improvement of the service

4. Legal basis for processing

  • Performance of a contract (Art. 6(1)(b) AVG/GDPR) — for delivering our services to you.
  • Legitimate interest (Art. 6(1)(f) AVG/GDPR) — for improving our service.
  • Legal obligation (Art. 6(1)(c) AVG/GDPR) — for fiscal retention obligations.

5. Retention periods

  • Customer data for the duration of the agreement plus 2 years after termination.
  • Employee data until deletion by the customer or termination of the agreement.
  • Financial data 7 years (fiscal retention obligation).

6. Processors and third parties

We share personal data with the following processors, only to the extent necessary for our services:

  • Stripe Inc. payment processing (Ireland/US)
  • Print.one B.V. printing and sending cards (the Netherlands)
  • Fleurop Interflora Nederland B.V. flower delivery (the Netherlands)
  • Neon Inc. database hosting (EU region)
  • Resend Inc. email delivery (US — EU adequacy decision)
  • Vercel Inc. hosting (EU edge network)

Data processing agreements have been concluded with all processors in accordance with the GDPR.

7. Security

We take appropriate technical and organizational measures to protect your personal data against loss, misuse, and unauthorized access. Our security measures include:

  • TLS encryption for all data transfers
  • Encrypted storage of sensitive data
  • Role-based access control
  • Regular backups

8. Your rights as a data subject

Under the GDPR, you have the following rights regarding your personal data:

  • Right of access you can request which data we process about you.
  • Right to rectification you can have incorrect data corrected.
  • Right to erasure you can request the deletion of your data.
  • Right to restriction of processing you can request the restriction of processing.
  • Right to object you can object to the processing of your data.
  • Right to data portability you can request to receive your data in a structured format.

You can submit your request via hello@hoeray.com. We will respond to your request within 30 days.

9. Cookies

Hoeray only uses functional cookies that are necessary for the proper functioning of the website. These include:

  • Session cookies (for login functionality)
  • Language preference cookies

We do not use tracking or marketing cookies.

10. Changes to this privacy statement

We reserve the right to modify this privacy statement. Changes will be published on this page with the date of the latest update. In case of significant changes, we will inform you by email.

11. Complaints

Do you have a complaint about the processing of your personal data? Please contact us first at hello@hoeray.com. You also always have the right to file a complaint with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens), the supervisory authority for privacy protection.

autoriteitpersoonsgegevens.nl