Verdisgrow
Grow TentsLED LightsVentilationNutrientsBuild-a-Kit

Privacy Policy

Last updated: April 2026. Verdisgrow respects your privacy. This policy explains what personal data we collect, why we collect it, how we use it, and what rights you have under the EU General Data Protection Regulation (GDPR).

1. Data controller

The data controller responsible for your personal data is Texas Star Novelties Limited, a company registered in England and Wales under company number 16385151, trading as Verdisgrow. For any privacy-related question, contact privacy@verdisgrow.com.

2. What data we collect

  • Order data: name, shipping and billing address, email address, phone number (optional, for carrier delivery notices).
  • Payment data: handled exclusively by our PCI-DSS certified payment processor. Verdisgrow never sees or stores your full card number.
  • Order history: products purchased, order date, invoice number — required for warranty, accounting and tax obligations.
  • Customer support correspondence: emails you send us and our replies.
  • Technical data: a minimal server log of IP address and request timestamps, kept for 14 days for security and fraud prevention.

3. Why we use your data (legal basis)

  • To fulfil your order — performance of the sales contract (Art. 6(1)(b) GDPR).
  • To provide warranty and support — performance of the contract and our legitimate interest.
  • To meet tax & accounting obligations — legal obligation (Art. 6(1)(c) GDPR).
  • To prevent fraud and abuse — our legitimate interest in protecting the shop and our customers.

We do not use your data for behavioural advertising and we do not sell, rent or share it with third parties for marketing purposes.

4. Who receives your data

  • The shipping carrier you select (name, address, phone, email for delivery notices).
  • Our payment processor (for processing payment only).
  • Our hosting and email providers, acting as data processors under GDPR-compliant contracts inside the EU/EEA.
  • Tax authorities, when legally required.

5. International transfers

Your data is stored on servers located inside the European Union. Where a processor must transfer data outside the EU/EEA, we rely on the European Commission's Standard Contractual Clauses to ensure an equivalent level of protection.

6. Cookies

Verdisgrow uses only a minimal set of strictly necessary functional storage in your browser:

  • Cart contents and wishlist (kept locally on your device).
  • Session preferences (e.g. region selection).

We do not use third-party tracking cookies, advertising pixels or cross-site analytics. No consent banner is required because we set no non-essential cookies.

7. Data retention

  • Order, invoice and accounting data: 10 years, as required by EU tax and commercial law.
  • Customer support emails: up to 3 years after the last contact.
  • Server access logs: 14 days.
  • Cart and wishlist (browser storage): until you clear it yourself.

8. Your rights

Under the GDPR you have the right to:

  • Access the personal data we hold about you.
  • Have inaccurate data rectified.
  • Have your data erased ("right to be forgotten"), where no overriding legal obligation applies.
  • Restrict or object to processing based on legitimate interest.
  • Receive your data in a portable, machine-readable format.
  • Lodge a complaint with your national Data Protection Authority.

To exercise any of these rights, write to privacy@verdisgrow.com. We respond within 30 days.

9. Security

We use TLS 1.3 encryption for every page of the shop, restrict access to personal data on a need-to-know basis, and review our security setup regularly. Despite our best efforts, no system on the internet is 100% secure — please use a strong, unique password for your account.

10. Changes to this policy

We may update this policy from time to time. The version applicable to you is the one published at the moment you place your order or visit the site.