ART 1 Definitions
The online platform nellyflowersbox.com belongs to
Nellyflowersbox, e-mail: contact@nellyflowersbox.com, phone: +32491170576, Strada Mănăstirii 21 (com.Vad) sat Vad, Vad, Vad, Cluj ROMANIA and will be hereinafter referred to as PLATFORM
What processing is covered by this Information Notice?
This Information Notice applies to the processing of personal data of:
Our contractual partners such as suppliers, vendors, customers (“Business Partners”);
Visitors and users of our website which can be accessed at nellyflowersbox.com
What information we collect about you
We collect and process personal data about you when you interact with us (for example, information you provide to us by filling in forms on our websites listed in Section 1 above (“Websites”) or by corresponding with us by telephone, email or otherwise). This includes information that you provide when you register to use one of our Websites, when you subscribe to our services, when you enter contests, promotions or surveys organized by Nellyflowersbox and/or its contract partners, and when you report a problem with our Website. The information you provide to us may include your name, address, e-mail address and telephone number.
Each time you visit our Websites, we automatically collect the following data:
technical data, for example this may include the Internet Protocol (IP) address used to connect your computer to the Internet, login information, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform, device type and brand of mobile device; this data may be collected and processed on our behalf through cookies.
Data about your visit, for example this may include full Uniform Resource Locators (URLs), sequence of clicks to, through and from our Websites (including date and time), information or products you have viewed or searched for (including top articles read, top categories accessed, page response times, download errors, duration of visits to certain pages (including average time spent on certain pages, viewing certain content or videos), the average time spent in an application and the number of views from such applications, the average number of items viewed on our Websites, information regarding interaction with pages (such as scrolling, clicks and mouseovers), the methods used to navigate the page, data about Users’ behavior, and any telephone number used to call or any email address used to contact our service department representatives for clients.
In some cases, we obtain your personal data (such as your name, address, e-mail address and telephone number, personal description and photograph, age, date of birth and gender) from third parties, such as business partners, technical, payment and delivery service subcontractors, advertisers, analytics service providers, market research service providers, credit reporting agencies. When you visit and register on one of our online platforms, we may obtain your personal data from a third party social media provider if you voluntarily opt-in to register through that third party social media platform.
How we use personal data and the legal basis for processing
General aspects
We may process your personal data if we need to perform a contract we have entered into with you; if we need to comply with a legal obligation (e.g. accounting); where necessary for our legitimate interests (or those of a third party) and your interests (for example, to detect and prevent fraud or to ensure IT and network security), unless your fundamental rights override those interests; if it is necessary to protect your vital interests (or the vital interests of others); and/or where necessary in the public interest or for official purposes.
We process your personal information for various technical, administrative and operational reasons, such as to ensure that we present content in the most effective way for you and your computer; to improve our Websites, including its functionality; to administer our Websites; for internal operations, including for purposes of troubleshooting, data analysis, testing, research, and statistical and research purposes; for advertising and marketing, including for specific marketing purposes so that we can provide content, including customized content, that may be of greater interest to you; and as part of our efforts to keep our Websites secure.
In some cases, we will process your personal data only with your consent. Thereafter, you will be able to withdraw your consent at any time by sending an e-mail to contact@nellyflowersbox.com. However, withdrawal of consent will not affect the lawfulness of any processing that has taken place prior to the withdrawal of consent.
Where we require personal data in order to comply with legal or contractual obligations, the provision of such personal data by you is mandatory. This means that, if such personal data is not provided, we will not be able to manage contractual relationships or comply with the obligations imposed on us. In all other cases, the provision of personal data is optional and you are under no obligation to provide it.
We may also process your personal data, such as your identification data, contact data and residence address, for the possible exercise of our rights or claims against you in the future. This processing is based on our legitimate interest and is necessary in order to exercise our rights in the event of possible litigation.
Most commonly, we will use your personal information in the following situations:
Business partners:
For the purposes of providing services, delivering goods and making payments under relevant contracts, we may process your personal data, such as identification data, business contact details, bank details and tax identification number, for VAT registered persons. This processing is based on (i) the performance of a contract to which you, as a Business Partner, are a party, (ii) legal obligations imposed on us and (iii) our legitimate interest.
In some cases, we process personal data, such as the names and contact details of employees or contractors of Business Partners for the purpose of communications in connection with the performance of a particular contract with Business Partners. This processing is based on (i) the performance of a contract to which Business Partners is a party, (ii) legal obligations imposed on us and (iii) our legitimate interest.
As a Trading Partner, we may provide you with communications about our new products and services. If you no longer wish to receive these communications, you may opt-out by emailing us at contact@nellyflowersbox.com.
Users and Customers:
For the purposes of providing products, delivering goods and making payments, we may process your personal data, such as identification data, contact data, bank details. This processing is based on the performance of a contract to which Users are party or a legal obligation imposed on us.
We may process personal data so that we can provide you with information about goods or services that we think may be of interest to you. If you are an existing customer, we will only contact you by email, or push notifications via Mobile Apps (as applicable) with information about goods and services similar to those which have been the subject of a previous sale or negotiation with you for sale, unless you have previously opted otherwise.
We will not share your personal data with third parties for marketing purposes without your explicit consent.
We may also use your personal data to measure or understand your preferred product-related content and to provide relevant content to you
We may also process your personal data within and in connection with certain productions or recordings and the public broadcast or communication of such productions or recordings for certain journalistic, artistic and/or literary purposes.
For the avoidance of doubt, the provisions of this Information Notice do not affect copyright and other intellectual property rights in productions and recordings of television and other media productions.
How and to whom we disclose your personal data
We do not sell your personal data to third parties.
Within the Company, only a limited number of staff members, such as those in the Sales, Legal, Marketing and IT departments have access to your personal data on a need-to-know basis. These staff members are subject to confidentiality obligations with respect to personal data. Appropriate technical and organizational measures are taken to protect personal data. Company staff members shall have the right to handle personal data only on the instructions of the Company and, if necessary, in connection with their job responsibilities.
Personal data may be disclosed to governmental authorities and/or law enforcement bodies if required by applicable laws or if necessary for the exercise of our rights, including the Terms of Use, or to protect our legitimate interests (including the legitimate interests of third parties) in accordance with applicable laws.
Your personal data may also be disclosed to third parties, including:
(i) Service providers who provide administrative, professional and technical support to the Company for IT support, security and business resources;
(ii) business partners, suppliers and subcontractors for the performance of all contracts we enter into with you (including subscriptions to our services);
(iii) advertisers and advertising networks that request your information in order to select and serve advertisements relevant to you. We may also use such aggregated information to help advertisers reach the type of audience they are targeting. We may use the personal information we have collected from you to fulfill advertisers’ desires by displaying their advertisements to the targeted audience;
(iv) analytics and search engine service providers that assist us in improving and optimizing our Websites.
Company may also disclose Personal Data to outside consultants (e.g., attorneys, accountants, auditors) as necessary.
In some cases, we may disclose personal data to our Affiliated Companies (including to subsidiaries or our parent holding company and its subsidiaries) on a need-to-know basis, as listed here. We have implemented appropriate safeguards in our relationship with our Affiliates to secure these disclosures of personal data.
We may share personal data with our Affiliated Companies and other third parties in the context of certain types of transactions, including in the context of transactions involving a change of control of the Company, the sale of substantially all of its assets, or business restructurings.
The Company seeks to conduct appropriate due diligence in selecting third party service providers and requires such service providers to maintain appropriate technical and organizational security measures to protect Personal Data and to process Personal Data only as instructed by the Company. Service providers shall be entitled to use subcontractors in providing services to the Company, provided that the subcontractor complies with the same data protection obligations as the service providers.
Storage of your personal data and transfers abroad
Your personal data that we collect is stored in the European Union (“EU”) and the European Economic Area (“EEA”). However, information collected by third parties via cookie files will generally serve traffic from a data center that is closest to where the traffic originates. This means that such information, including advertising traffic, may be handled by servers located in the EEA and may be transferred outside the EEA. For more information, please see the Cookie Policy.
In addition, your personal data may be transferred to and stored at a location outside the EU and the EEA. When your personal data is transferred from your own country to another country, the laws and rules protecting your personal data in the country to which your information is transferred may be different (or may offer less protection) than those in the country where you work.
We intend not to transfer your personal data outside the EEA unless adequate safeguards are in place, including: (i) an adequacy decision issued by the European Commission with respect to the destination country or countries; (ii) a Privacy Shield certification; (iii) appropriate binding corporate rules; (iv) an approved code of conduct, together with binding and enforceable commitments by the data controller or processor in the country outside the EU and EEA; (v) an approved certification mechanism, together with the binding and enforceable commitment of the data controller or processor in a country outside the EU and EEA to apply appropriate safeguards; or (vi) EU standard contractual clauses approved by the European Commission.
You may contact Nellyflowersbox’s Privacy Officer or CME’s Data Protection Officer, whose contact details are provided in the Contact Us list below, to learn more about transfers and the appropriate safeguards we have in place prior to such transfers.
YOUR RIGHTS
You may ask us to confirm whether or not your personal data is being processed by us, to provide you with a copy of your personal data and/or to correct it. In certain circumstances, you have the right to ask us to erase your personal data or, on the basis of the right of portability, to ask us to transfer part of your personal data to you or to other entities. You also have the right to object to certain processing of your personal data (e.g. the use of processing for direct marketing purposes or certain decisions taken solely by automated processing (including profiling). Where we have requested your consent to the processing of your personal data, you have the right to withdraw that consent without any adverse effects on you. Where we process your personal data because we have a legitimate interest in doing so (as explained above), you also have the right to object to such processing.
You also have the right to restrict the processing of your personal data in certain circumstances. Please note that your rights described above may be limited in certain situations and are subject to applicable laws and regulations on the protection of personal data; for example, your right to object to the processing of your personal data may be limited if we can demonstrate compelling legitimate grounds for processing your personal data that override your interests. You will need to prove your identity and provide other details to help us respond to your request. We will not charge a fee for responding to your request unless permitted by law and, if such a fee is charged, it will be reasonable and proportionate to your request.
How long we keep your personal data
We intend to retain your personal data only for as long as necessary, in accordance with our Data Retention Policy, for a period not exceeding the period necessary to fulfill the purposes listed in this Information Notice and/or required by applicable law, in accordance with applicable minimum legal retention periods and/or as necessary to exercise our legitimate rights (and the legitimate rights of others). For example, if you are a Business Partner, we will retain your personal data for the duration of our contractual relationship with you. If we have an ongoing business relationship with you as a Business Partner (for example, where we may use the same personal data in separate contractual relationships with you), we will continue to retain that personal data until the termination of our business relationship and for the minimum retention period required by law, subject to our Data Retention Policy. Please note that we may process any of your anonymized personal data without prior notice to you.
Where we process your personal data on the basis of your consent, such personal data will only be processed for the period set out in your consent, unless you withdraw or limit your consent before the expiry of this period. In such cases, we will cease processing the personal data concerned for the relevant purposes, subject to any legal obligation to process such personal data and/or our need to process such personal data for the purpose of exercising our legitimate rights (including the legitimate rights of others).
Data security
We store your data on our servers and on servers hosted by third parties (including third party cloud-based services). We use appropriate technical and organizational measures designed to protect your personal data and prevent unauthorized access. We have entered into contractual relationships with third parties that provide hosting services and these contracts include obligations regarding the organizational and technical security of personal data. All payment transactions will be encrypted (e.g. using the TLS protocol). You are responsible for maintaining the confidentiality of all means of authentication (e.g. passwords) used by you to access parts of our Websites.
Cookie files and social widgets
Our Websites use cookie files to distinguish you from other Users of our Websites. This helps us to give you a good experience when you browse our Websites and also allows us to improve our Websites. This processing is based on your consent expressed on our Websites or through your browser settings. For detailed information about the cookies we use, how long we use them for and the purposes for which we use them, please see our Cookie Policy.
Links to other websites
A Website of ours may provide links to websites that the Company does not control. Once you click on a third party link, you will be directed to the third party website. If you visit any of these linked websites, you should review their privacy policies. We are not responsible for the policies and practices of other companies. Our company does not control and does not assume any responsibility or liability for the content, privacy policies and notices, or practices of third party websites or services.
Extended GDPR
INFORMATION
ON THE PROCESSING OF PERSONAL DATA
Updated: October 2023
WHO ARE WE AND WHAT IS THE SUBJECT OF THIS POLICY?
Nellyflowersbox.com, Nellyflowersbox, e-mail: contact@nellyflowersbox.com, telephone: +32491170576, Strada Mănăstirii 21 (com.Vad) sat Vad, Vad, Vad, Cluj ROMANIA (hereinafter referred to as “the Company”).
The purpose of this policy is to inform you about the personal data processing activities carried out by the Company and applies to all processing carried out by us, including the interaction with our website: www.nellyflowersbox.com
Our Society is constantly concerned with ensuring a full experience both culinary and selling goods and providing services to our Customers. Thus, we make every effort to provide our Customers with both quality products and services as well as post-sale information and guidance, namely: newsletters, invitations to events, campaigns and special offers – on both our products and activities and those of our partners (collectively referred to as “Newsletter”).
WHAT KIND OF PERSONAL DATA DO WE PROCESS?
We collect and process only that personal data about you that is necessary for us to be able to provide you with the highest quality shopping experience with respect to our products and services and the use of our website. Thus, the personal data we process may include by way of example:
data to identify you: name, surname, user name;
contact data: physical address, telephone number, e-mail address;
data for the valid conclusion of contracts and issue of tax invoices: identity card data, series, number, CNP, date of issue;
data that you make available to us when creating a user account on our website, registering, updating data or unsubscribing from the Newsletter, as well as when registering and participating in events organized or supported by us;
data received or collected in connection with visits to our restaurants or events organized by us and/or our partners: this may include video recordings of the activities carried out and access to these locations;
bank account and other financial information for the performance of the contractual relationship, if applicable;
technical data, including your IP address: information about your access to our website, our online shop, applications developed by us or access to newsletters, materials and communications that we send to your user account, by telephone or e-mail;
other data that you may make available to us.
In the event that you wish to join our team and thus be hired by us, we will process those data necessary in the hiring process, namely identification data (full name, gender, date of birth), contact data (telephone number, correspondence address and e-mail address), as well as any other data that you bring to our attention through application forms and CV or that you provide us with by submitting or transmitting in physical format to our office and/or electronically by e-mail.
HOW DO WE COLLECT YOUR PERSONAL DATA?
The Company collects in physical and electronic format only those personal data that you voluntarily provide us with, as well as information available from public sources, as follows: a. when purchasing products and services from us or in discussions prior to their purchase; b. through our website, when registering for your user/customer account; c. by registering to receive our Newsletter; d. when you contact us by e-mail, if you express interest in our goods and services or if you express interest in being employed or contracted by our company or in collaborating with us; e. when we meet at an event and for example exchange business cards; f. when accessing other information available on a registration basis.
We remind you that you are entirely free to provide us with this personal data. However, in their absence, the performance of contractual relations will not be possible.
WHAT IS THE PURPOSE FOR WHICH WE PROCESS YOUR PERSONAL DATA AND WHAT ARE THE LEGAL GROUNDS FOR SUCH PROCESSING?
For any processing of your personal data, the Company will inform you of the purpose for which the processing is carried out, by way of example as follows:
Your purchase of goods and services: we process all personal data that you provide us with, as well as any other data that are necessary for the sale of products and services contracted, in compliance with the provisions of the Terms and Conditions of the Company and the provisions of the laws in force regarding the processing of personal data and the purchase of goods and services, as well as for other activities and actions derived from the conclusion and execution of the contract.
Communications and Newsletters: If you are already our customer/purchaser or if you have contacted us for professional purposes, we process your personal data on the basis of our legitimate interest to send you specific communications, newsletters, of interest to you and also including invitations to our events and those of our partners.
If you wish to subscribe to our Newsletter, at the time of your subscription (through our website or by another form of direct request) we will ask for your consent to the processing of your personal data in order to provide you with the services you have requested to subscribe to
Organization of events for promotional, training or professional purposes: These may include video recordings of activities and access to the respective locations;
Hiring: To the extent that we have open positions and a person expresses an interest in joining our team, we collect the information necessary for the hiring process to assess your suitability for the position. The processing of personal data in the employment process is done by law, i.e. for the purpose of executing a contract with you, and this processing is the pre-contractual phase.
We are constantly interested in making the recruitment process more efficient, which is why, based on our legitimate interest, we will keep a record of the persons who participated in the assessment processes and the reasons why their application was rejected.
At times when we announce vacancies, you may apply for a place on our team by submitting your application: by e-mail, by submitting it in physical format to our office or by using the dedicated section of our website at that time.
In case of submitting your application by using the dedicated section of our website, we will need and request the following personal data from you: name and full identification data, mailing address and e-mail address, telephone number and CV. This personal data is required and we will use it in the recruitment process for the purposes of: a. conducting and administering the recruitment process; b. assessing whether you have the right professional profile for our team; c. contacting you regarding your application; d. contacting you in the future regarding other opportunities or positions that may become available that may be of interest to you; e. keeping a record of our previous recruitment sessions you have attended and the reasons why your application was rejected.
Any processing of your data for the aforementioned purposes is based on one of the following grounds: 1. e. concerning the prevention and combating of money laundering and the need to know your customers), to the extent that the conditions for their applicability are met – in this respect, your contact data and your National Identity Number, the serial number and the number of your Identity Card or passport of shareholders/associates will be processed; 3.Consent, in relation to the sending of newsletters or invitations to our events – to the processing of your identification and contact data.
WHAT ARE YOUR RIGHTS REGARDING THE PROCESSING OF PERSONAL DATA?
We remind you that as a data subject you have the following rights regarding the processing of your personal data:
Access to the personal data concerning you that the Company processes.
To obtain rectification of those inaccurate personal data by contacting the Company and/or updating them through your user/customer account.
Obtaining the restriction of the processing of your personal data when: you contest the accuracy of your personal data that we process; the processing of your personal data is unlawful we do not need your personal data for the purpose for which we are processing it, but you request that we keep it for the establishment, exercise or defense of a legal claim, or d. you object to the processing of your personal data, as long as we verify the existence of our legitimate interest in processing your personal data.
Portability of your personal data, by requesting the Company to transmit, either to you or to another data controller, a copy of your personal data provided to us that we process;
Obtaining erasure of your personal data where one of the following grounds applies: the data is no longer necessary for the purposes for which it was collected or processed you withdraw your consent on the basis of which the processing is taking place and there is no other legal basis or legitimate grounds for the processing; c. the personal data has been processed unlawfully; d. the personal data must be erased in order to comply with a legal obligation incumbent on the Company under the law;
If you have any concerns or questions about your rights and the processing of your personal data or if you wish to make any request or exercise any of your rights in relation to the processing of your personal data, please contact us at our offices or using the contact methods at the end of this notice.
We assure you that we will analyze each question and each request and we will communicate to you the answers and the measures taken in this respect as quickly as possible, but no later than one month from the moment of registration of your request. If we need more information from you or if we encounter difficulties in dealing with your request, we will inform you of this without delay.
If you consider that we have not dealt with all your requests or if you are dissatisfied with the answers we have given you, you can complain to the ANSPDCP or you can apply to the competent courts.
HOW LONG DO WE KEEP YOUR PERSONAL DATA?
If you have opted to receive communications by Newsletter, we will store your data to provide you with this service for 2 years after your last interaction with the communications. After this 2-year period has elapsed, we will ask for your consent again so that you can continue to benefit from the Newsletter if you so wish.
In any case and at any time, if you decide that you no longer wish to benefit from our Newsletter and you withdraw your consent, we will no longer process your personal data for this purpose.
The personal data that we collect in the recruitment process and use for the purpose of streamlining and keeping track of previous recruitment sessions is stored for a period of 10 years from the time you have applied for a position with the Company.
As a general rule, we will delete your personal data when it is no longer necessary for the purposes for which it was collected or when you withdraw your consent in situations where the processing of your data is based on consent. Exceptions to this rule are cases where processing of personal data is necessary on the basis of legal provisions or if we are entitled to continue processing. Also, your personal data may be kept by us for a longer period than indicated above, only in those situations where immediate deletion would require the overwriting of our back-up and disaster recovery systems.
WHAT HAPPENS TO PERSONAL DATA IN RELATION TO OTHER PEOPLE?
As a rule, the Company does not disclose or transfer your personal data to third parties. By way of exception to this rule, in situations where disclosure or transfer is necessary or if we are required by law, we will inform you as soon as possible of this fact, unless the applicable law prohibits or prevents us from making such an informing.
If we disclose or transfer your personal data to third parties, we will do so in compliance with the applicable legal provisions and with the adoption of measures for their protection, integrity and security.
For the processing of your personal data we may use authorized persons, (by way of example: providers and suppliers of: IT services, database or contact management, accounting, event organizers, etc.). The Company will enter into contracts with all these authorized persons that regulate the personal data processing regime and ensure that they assume the legal obligations of personal data processing and provide an adequate level of protection and security of personal data and comply fully with the applicable legal provisions.
HOW DO WE SECURE PERSONAL DATA?
All personal data processed by the Company is protected against threats through appropriate electronic and physical security measures and IT infrastructure as well as internal personnel and access management procedures that ensure the discovery, notification and documentation of any possible breaches of personal data security.
In the unlikely event of a breach of the security of your personal data, in the event that we discover such a breach with a risk to your rights and freedoms, we will notify the National Supervisory Authority for Personal Data Processing (hereinafter referred to as ANSPDCP), and we will inform you of this situation.
UPDATING THIS INFORMATION:
We recommend that you periodically visit this section because as we modify this Notice, we will publish a new updated version on this website, which will replace this one.
If your questions have not been answered in this document or if you have any other concerns about your personal data and/or the way we process it, please contact us using any of the methods below
- e-mail address: (contact@nellyflowersbox.com)
- telephone: (+32491170576)