Florismart – Privacy Notice for Customers, Website Visitors and Business Contacts
Effective Date: 25 May 2018
1.1 The Florismart Group of Companies (“Florismart” “we”, “our”, “us”) is committed to respecting your privacy and protecting your personal data in line with the GDPR. Florismart is a B2B digital market place and processes limited personal data. Should we process your personal data you can be assured that it will only be used in accordance with this privacy notice (‘Notice’).
1.2 This Notice sets out how and why we process personal data that we obtain from you or about you.
1.3 The Florismart Group of Companies, to which this Notice applies, is made up of the following legal entities:
(a) Florismart B.V.;
(b) Florismart UK Ltd; and
(c) Florismart Deutschland GmbH
1.4 This Notice may be amended from time to time. We are aware of our transparency obligations under the GDPR and will post changes to this Notice on our website and any changes will take effect 30 calendar days a reasonable amount of time after posting, in keeping with our continuing transparency obligation under the GDPR. The effective date will be shown on the face of the Notice and the most recent amendments will be highlighted during the period between posting and the effective date of the amendments.
2 Data Controller
2.1 The data controller is the Florismart entity with which you have a contractual relationship, or another form of commercial relationship, with. Our main establishment is Florismart B.V. with its registered office at Van Cleeffkade 15, 1431BA, Aalsmeer, The Netherlands.
2.2 Questions, comments and requests regarding this Notice may be emailed to our Privacy Officer at firstname.lastname@example.org or sent by post to the above-mentioned address, alternatively you can call us on (+31) 297 303014.
3 WHAT PERSONAL DATA WE COLLECT AND WHY
We collect various types of personal data about our prospective and current customers, providing functional, operational and management support, for the purposes outlined in the table below.
Prospective and Current Customers and Suppliers
3.2 Where we use your email to communicate marketing information to you we will seek your prior consent where required to do so by law.
4 How we source your personal data
4.1 We obtain your personal data directly from you, by you completing any forms on our website.
5 Sharing Your Personal Data
5.1 Florismart Affiliates
(a) Your personal data may be shared between the Florismart entities listed at section 2.3 on a need-to-know basis.
5.2 Our Vendors and Business Partners
(a) We may also disclose personal data to the following trusted third parties to enable them to provide us or you with the services described, in accordance with contractual provisions that we will put in place between us and each provider, which that are intended to protect any the personal data about you that we transfer to them:
(i) Payment gateway service providers in order to facilitate transactions;
(ii) Marketing agencies and similar service providers, to send promotional and informational materials on our behalf;
(iii) External IT support services to assist us with the functionality and security of our systems; and
(iv) Selected transportation and logistics companies, to enable them to arrange delivery times with and deliver our products to you; and
(v) Our Florismart ambassadors in order to promote the use of our platform; and
(vi) contractors providing functional, operational and management consultancy support to Florismart in order to establish and maintain a commercial relationship with you.
5.3 Company Mergers and Takeovers
We may also use and disclose personal information as authorised by you when you provide that information to us.
(a) In the event Florismart decides to sell or buy any business or assets, we may disclose your personal information to other parties related to the transaction. We will do so only where those parties agree to keep your personal information confidential and secure. If changes to the composition of Florismart or the Florismart group occur, any transfer or subsequent processing of your personal information by third parties will occur in line with the relevant provisions of this Notice.
5.4 Law enforcement or government bodies
(a) We may disclose your personal data as permitted by law in order to investigate, prevent or take action regarding illegal activities, suspected fraud, violation of our intellectual property rights, situations involving potential threats to the physical safety of any person, violation of our Terms and Conditions or other agreements, or as required by law.
(a) We may also use and disclose personal information as authorised by you when you provide information containing your personal data that information to us.
6 Sharing your personal data outside of the EEA.
6.1 We may share your personal information with third party service providers located outside of the EEA that we engage to perform services or functions on our behalf and under our instructions. We may also share your personal information with entities outside of the EEA:
(a) when instructed to do so by you; or
(b) to comply with our legal obligations.
6.2 When transferring your personal data outside the EEA we will ensure that one of only do so using one of the following safeguards is in place with the data recipient:
(a) EU Commission-approved Standard Contractual Clauses;
(b) the transfer is to a non-EEA country which is the subject of an adequacy decision issued by the Commission, including to companies certified under the EU-US Privacy Shield; or
(c) Binding Corporate Rules for Processors.
6.3 You may request a copy of the documentation referenced above EU Standard Contractual Clauses, the Privacy Shield certification or the Binding Corporate Rules for Processors by contacting us using the details in Section 2.
7 How long do we keep your personal data?
We retain personal data only for as long as necessary for the purposes for which the data was collected, except where necessary to meet our legal obligations or in order to establish, exercise or defend potential legal claims.
8 Your rights
8.1 You have the following rights:
a) to obtain access to your personal data – you may request information on how your personal data is handled by us and request a copy of such personal data;
b) to request us to correct or update your personal data if it is inaccurate or out of date;
c) to object to the processing of your personal data for the purposes of our legitimate interests as outlined in Section 3, unless we:
i. demonstrate compelling legitimate grounds which override your right to object, or
ii. the processing is necessary for the establishment, exercise or defence of legal claims;
d) to erase your personal data held by us:
i. which are no longer necessary in relation to the purposes for which they were collected,
ii. to the processing of which you object, or
iii. which may have been unlawfully processed by us;
e) to restrict processing by us, i.e. the processing will be limited to storage only:
i. where you oppose to deletion of your personal data and prefer restriction of processing instead, or
ii. where you object to the processing by us on the basis of its legitimate interests (see Section 8para 7.1(c) above); and
f) to transmit personal data you submitted to us back to you or to another organisation in certain circumstances.
These rights are not absolute and are subject to various conditions under:
- applicable data protection and privacy legislation; and
- the laws and regulations to which we are subject.
8.2 Where processing of your personal data is based on your consent you have the right to withdraw your consent at any time, this will not affect the lawfulness of processing based on your consent prior to withdrawal.
8.3 If you have any general queries or decide at any time to exercise any of your rights Please address any requests to exercise your rights to the physical or email address specified in contact us at the details in paragraph 2.1 above.
9 Automated Decision-Making and Profiling
Your Personal Data will not be used for automated decision-making and/or profiling.
10.1 We strive to process your personal data in accordance with the applicable legal obligations but if you have any complaint(s) in that regard, please address your complaint(s) to the email or physical address in Section 2.
10.2 In addition, you have the right to file a complaint with the relevant data protection supervisory authority.