Privacy and Cookies Policy of www.bloomflowers.pl
DEFINITIONS
- Personal Data Controller / Website Controller / Controller – Tetra Plus Sp. z o.o. with its registered office in Warsaw, ul. Hoża 86/410, 00-682 Warsaw, Poland, registered in the National Court Register under the number KRS 0000744921, tax identification number: 5213837167, REGON: 381015070, share capital: 5,000.00 PLN.
- Personal Data – any information relating to an identified or identifiable natural person.
- Website / Service – a website located at the internet domain www.bloomflowers.pl.
- User – a natural person with full legal capacity, a natural person conducting business activity, a legal person or an organizational unit without legal personality, who uses the services provided in the Bloomflowers Service.
- Services – services provided by the Website Controller to the Users of the Service by electronic means within the meaning of the provisions of the Act of 18 July 2002 on the provision of electronic services (Journal of Laws No. 144, item 1204, as amended).
- Act on the provision of electronic services – Act of 18 July 2002 on the provision of electronic services (Journal of Laws No. 144, item 1204, as amended).
- Carrier – a professional entity engaged in the transport and delivery of goods, performing services in its own name and on its own behalf in accordance with the Carrier’s service regulations it uses.
GENERAL INFORMATION
This document sets out the rules of the Privacy Policy in the www.bloomflowers.pl website. The Website Controller is Tetra Plus Sp. z o.o. with its registered office in Warsaw, ul. Hoża 86/410, 00-682 Warsaw, Poland, registered in the National Court Register under the number KRS 0000744921, tax identification number: 5213837167, REGON: 381015070, share capital: 5,000.00 PLN. The Website Controller is also the Personal Data Controller.
Personal data collected by the Website Controller is processed in accordance with the provisions of Regulation (EU) 679/2016 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (OJ EU L 119, p. 1, hereinafter referred to as GDPR).
The Personal Data Controller makes special efforts to protect the privacy and information provided to him concerning users of the www.bloomflowers.pl website. The Controller carefully selects and applies appropriate technical and intellectual measures, including of a programming and organizational nature, ensuring the protection of processed data, in particular by securing data against their disclosure to unauthorized persons, disclosure, loss and destruction, unauthorized modification, as well as against their processing in violation of applicable law.
The Personal Data Controller does not intend to deliberately collect data concerning children under 16 years of age.
PERSONAL DATA
PURPOSES AND LEGAL BASIS FOR PROCESSING PERSONAL DATA
The Personal Data Administrator processes your personal data for the following purposes and scope:
- in order to provide the services available on the Website, i.e.. to browse the website of the Website; to execute an order; to issue a sales document, to keep in the documentation (electronic or paper) of the performance of contracts, accounting and tax; to use for profiling (we write about profiling later in this information); to use for marketing activities, such as sending you our commercial information; to use for various loyalty programs related to the use of our services; to use for compilation, analysis and statistics for our internal needs, in particular reporting, marketing research, planning the development of sales of goods and services, development work in information systems, creation of statistical models
- in order to collect and analyze statistics on the use of particular functionalities available on the Website, data provided in the order form, to facilitate the use of the Website and to ensure the IT security of the Website, we process personal data concerning your activity on the Website and the amount of time spent on each subpage of the Website, your search history, location, IP address, device ID/cookies, data concerning your Internet browser and operating system. The provision of certain data is a condition for the use of particular Services and functionalities.
- for the purpose of establishing, investigating, and defending against claims in legal proceedings and before other enforcement authorities, we may process your personal data provided at the time of ordering the Services and other data necessary to prove the existence of a claim or which arises from a legal requirement, court order or other legal procedure;
- in order to process complaints, complaints and requests and to respond to Users’ inquiries, we process the personal data you provide in complaints, complaints and requests or in order to respond to inquiries in another form and certain personal data provided by you, as well as the data regarding the Services provided by us that are the cause of the complaint, complaint or request and the data contained in the documents attached to the complaints, complaints and requests;
- for the purpose of sending by e-mail a promotional newsletter concerning the novelties, promotions and offers of the Service (data provided in the consent to receive the newsletter, expressed in the Service);
- for marketing our Services and the services of our partners, including remarketing, we process data about your activity on the Website including activity that is recorded and stored via cookies, in particular activity history, services ordered, search history, clicks on the Website, history and your activity related to our communication with you. In the case of remarketing, we use your activity data to reach you with our marketing communications outside the Website and we use third-party providers for this purpose. These services involve displaying our messages on websites other than the Website. Please see the Cookie records for details;
- for market research and opinion polling by us or our partners, i.e. information about the services, your data provided when using the services, and your email address. The data collected through market and opinion research is not used by us for advertising purposes. Exact instructions are given in the information about the respective survey or where you enter your data.
CATEGORIES OF PERSONAL DATA CONCERNED
The controller processes the following categories of relevant personal data:
- contact data;
- data concerning activity on the Website;
- data regarding orders on the Website;
- data on complaints of complaints and requests;
- data on marketing services.
VOLUNTARINESS OF PROVIDING PERSONAL DATA
Your provision of the required personal data is voluntary and is a condition for the provision of services by the Personal Data Administrator through the Website.
DURATION OF DATA PROCESSING
Personal data will be processed for the period necessary for the execution of orders, services, marketing activities and other services performed for you. Personal data will be deleted in the following cases:
- when the data subject requests deletion or withdraws the consent given;
- when the data subject does not take action for more than 8 years (inactive contact);
- after being informed that the stored data is outdated or inaccurate.
Some data in the following areas: e-mail address, first and last name, may be stored for a further 3 years for evidential purposes, processing of complaints, claims, and claims related to the services provided by the www.bloomflowers.pl website. The data will not be used for marketing purposes.
We store your data for a period of time corresponding to the life cycle of the cookies stored on your devices or until they are deleted from your device by you.
Your personal data regarding your preferences, behaviors, and choice of marketing content may be used as a basis for automated decisions to determine sales opportunities for the Website
RECIPIENTS OF PERSONAL DATA
We transfer your personal data to the following categories of recipients:
Carriers – these entities independently determine the purposes and means of processing this data without being subject to our instructions in this regard. The Carrier, after obtaining the Users’ personal data from the Administrator, is obliged to fulfill all obligations to them under the RODO,
To state authorities, e.g. the Prosecutor’s Office, the Police, GIODO, and the President of the OCCP, if they request it from us,
Providers of services we use in running the Website, e.g. for order processing, marketing activities, and maintenance of the Website.
RIGHTS OF THE DATA SUBJECT
Under the RODO, you have the right to:
- request access to your personal data;
- request rectification of your personal data;
- request the deletion of your personal data;
- request the restriction of the processing of your personal data;
- to object to the processing of your personal data;
- request for the portability of personal data.
The personal data controller shall, without undue delay – and in any case within one month of receipt of the request – provide you with information on the actions taken with regard to your request. If necessary, the one-month period may be extended by another two months due to the complexity of the request or the number of requests.
In any case, the Data Controller will inform you of such an extension within one month of receipt of the request, stating the reasons for the delay.
THE RIGHT OF ACCESS (ARTICLE 15 RODO) TO PERSONAL DATA
You have the right to obtain from the Data Controller information on whether your personal data is being processed.
If the Administrator processes your personal data you have the right to:
- access your personal data;
- obtain information about the purposes of the processing, the categories of personal data processed, the recipients or categories of recipients of such data, the intended period of storage of your data or the criteria for determining that period, your rights under the RODO, and the right to lodge a complaint with a supervisory authority, the source of such data, automated decision-making, including profiling, and the safeguards applied in connection with the transfer of such data outside the European Union;
- obtain a copy of your personal data.
If you wish to request access to your personal data, submit your request to: [email protected].
THE RIGHT TO RECTIFICATION (ARTICLE 16 OF THE RODO) OF YOUR PERSONAL DATA
If your personal data is inaccurate, you have the right to request that the Administrator promptly rectify your personal data.
You also have the right to request that the Administrator complete your personal data.
If you wish to request rectification of your personal data or supplementation, please submit your request to: [email protected].
THE RIGHT TO ERASURE (ARTICLE 17 OF THE RODO) OF PERSONAL DATA, THE SO-CALLED. “RIGHT TO BE FORGOTTEN”
You have the right to request the Data Controller to delete your personal data when:
- your personal data are no longer necessary for the purposes for which they were collected or otherwise processed;
- you have withdrawn specific consent, to the extent that your personal data was processed based on your consent;
- your personal data was processed unlawfully;
- you have objected to the processing of your personal data for direct marketing purposes, including profiling, to the extent that the processing of your personal data is related to direct marketing;
- you have objected to the processing of your personal data in connection with processing necessary for the performance of a task carried out in the public interest or processing necessary for the purposes of legitimate interests pursued by the Personal Data Controller or a third party.
Despite your request for erasure, the Personal Data Controller may continue to process your data for the purpose of establishing, asserting, or defending claims of which you will be informed.
If you wish to request the deletion of your personal data, please submit your request to: [email protected].
THE RIGHT TO REQUEST (ARTICLE 18 OF THE RODO) TO RESTRICT THE PROCESSING OF YOUR PERSONAL DATA
You have the right to request a restriction of the processing of your personal data when:
- you question the accuracy of your personal data – the Personal Data Controller will restrict the processing of your personal data for a period of time that allows you to verify the accuracy of the data;
- when the processing of your data is unlawful, and instead of deleting your personal data, you request that the processing of your personal data be restricted;
- your personal data is no longer needed for the purposes of the processing, but it is needed to establish, assert or defend your claims;
- when you have objected to the processing of your personal data – until it is determined whether the legitimate interests on the part of the Personal Data Controller override the grounds stated in your objection.
If you wish to request a restriction of the processing of your personal data, please submit your request to: [email protected].
THE RIGHT TO REQUEST (ARTICLE 20 RODO) THE PORTABILITY OF YOUR PERSONAL DATA
You have the right to receive your personal data from the Controller in a structured, commonly used machine-readable format and send it to another controller.
You may also request that it is the Personal Data Controller who will send your personal data directly to another controller (if technically possible).
If you wish to request the transfer of your personal data, submit your request to: [email protected].
THE RIGHT TO OBJECT (ARTICLE 21 RODO) TO THE PROCESSING OF PERSONAL DATA
You have the right to object at any time to the processing of your personal data, including profiling, in connection with:
- processing necessary for the performance of a task carried out in the public interest or processing necessary for the purposes of legitimate interests pursued by the Personal Data Controller or a third party;
- processing for direct marketing purposes.
If you wish to object to the processing of your personal data, please submit your request to: [email protected].
RIGHT TO WITHDRAW CONSENT
You may withdraw the consent you have given for the processing of your personal data at any time.
Withdrawal of consent to process your personal data does not affect the lawfulness of processing performed on the basis of your consent before its withdrawal.
If you wish to withdraw your consent to the processing of your personal data, please submit your request to: [email protected].
COMPLAINT TO THE SUPERVISORY AUTHORITY
If you believe that the processing of your personal data violates the RODO you have the right to lodge a complaint with a supervisory authority, in particular in the member state of your habitual residence, your place of work, or the place where the alleged violation was committed.
In Poland, the supervisory authority under RODO is the General Inspector for Personal Data Protection (GIODO).
COOKIE FILES
GENERAL INFORMATION
When you browse the Website’s pages, cookies, hereinafter referred to as Cookies, are used, i.e. small text information that is stored on your terminal device in connection with the use of the Website. Their use is aimed at the proper operation of the Website’s pages.
These cookies allow us to identify the software used by you and customize the Website individually to your needs.
Cookies usually contain the name of the domain from which they originate, the time they are stored on your device, and the assigned value.
SECURITY
The Cookies we use are safe for your devices. In particular, it is not possible for viruses or other unwanted software or malware to enter your devices through Cookies.
TYPES OF COOKIES
We use two types of Cookies:
- Session cookies: they are stored on your device and remain there until the session of the respective browser ends. The stored information is then permanently deleted from the memory of your device. The mechanism of session cookies does not allow us to collect any personal data or any confidential information from your device.
- Persistent cookies: they are stored on your device and remain there until they are deleted. Ending the session of a given browser or switching off the device does not delete them from your device. The mechanism of permanent cookies does not allow any personal data or confidential information to be collected from your device.
OBJECTIVES
We also use the Cookies of third parties for the following purposes:
to create statistics – to help us understand how Users use the Website, which enables us to improve its structure and content through Google, Meta, LinkedIn, etc. tools.
To learn about the use of Cookies, we recommend reading the privacy policies of the above-mentioned companies.
Cookies may be used by advertising networks, in particular Google’s network, Meta to display ads tailored to your preferences. For this purpose, information about how you navigate the web or when you use the website may be stored.
To view and edit information about your preferences collected by the Google advertising network, you can use the tool provided at the link https://www.google.com/ads/preferences/.
Through your browser settings or through the configuration of the service, you can independently and at any time change the settings for Cookies, specifying the conditions under which Cookies are stored and accessed by your device. You can change these settings so as to block the automatic handling of Cookies in the settings of your web browser or inform about their placement on your device each time. Detailed information on the possibility and methods of using Cookies is available in the settings of your software (web browser).