Below is a description of what personal data and for what purpose are processed in connection with the purchase of Iris Flowers services, including: bouquets, flower subscriptions and greening.
1. Personal data administrator
The administrator of your personal data is: PARKENTERTEINMENT sp. z o. o., with its registered office in Warsaw at ul. Grzybowska 45, KRS: 0000896219, hereinafter: Iris Flowers and also the Administrator. Contact with the Administrator is possible by e-mail: ik@parkiris.io
2. Personal data processed, purposes and basis of processing, your rights
Iris Flowers only uses personal data that you provide:
a. directly – if you order our services for yourself and b. directly – if you place an order for another person.
Personal data are processed by Iris Flowers in accordance with applicable legal provisions, in particular in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) – hereinafter referred to as "GDPR".
Using Iris Flowers services, including making purchases, is voluntary. Similarly, providing personal data by the user of the services is voluntary, subject to two exceptions:
a. concluding agreements with Iris Flowers – failure to provide, in the cases and to the extent indicated on the Iris Flowers website and in the Regulations and this privacy policy, personal data necessary to conclude and perform the Sales Agreement or the agreement for the provision of Electronic Services with Iris Flowers results in the impossibility of concluding this agreement. Providing personal data is in such a case a contractual requirement and if the data subject wants to conclude a given agreement with Iris Flowers, they are obliged to provide the required data. Each time, the scope of data required to conclude the agreement is indicated in advance on the Iris Flowers website and in the Regulations.
b. statutory obligations of Iris Flowers – the provision of personal data is a statutory requirement resulting from generally applicable legal provisions imposing on Iris Flowers the obligation to process personal data (e.g. processing data for the purpose of keeping tax or accounting books) and failure to provide them will prevent Iris Flowers from fulfilling these obligations.
3. We process the following data:
a. name and address of sender and recipient; phone number of sender and recipient; billing address; email address; payment information; IP address for the purpose of fulfilling the order;
b. name, surname, telephone number, email – in order to respond to the contact form;
c. image – in the case of visits to our studio (monitoring).
4. The above data are processed for the following purposes:
a. to deliver your order: we use the above data to process your order. In some cases, we may also share data with companies we work with to deliver your order;
b. for the purposes of fulfilling the order;
c. to respond to the contact form;
d. for the purposes of fulfilling the legal obligations of Iris Flowers, including the determination, pursuit or defense of claims that may be raised by the Administrator or that may be raised against the Administrator;
e. for marketing purposes: if you consent to this, you may receive notifications about any news from Iris Flowers via e-mail or via social media, as well as SMS information;
f. for the purposes of ensuring the safety of the Administrator’s employees, collaborators and clients, protecting its property and keeping confidential information, the disclosure of which could expose the Administrator to damage (video monitoring).
5. The basis for the processing of personal data is the contract you conclude with Iris Flowers
1. in the case of marketing and cookies – your consent, as well as the legitimate legal interest of Iris Flowers consisting in the processing of data necessary to fulfill your order, which does not violate your rights and freedoms or the rights and freedoms of other persons,
2. in the case of monitoring – the legal basis is the legitimate interest of Iris Flowers in ensuring the security of the studio, ensuring the safety of the Administrator’s employees and collaborators, clients, protecting its property and maintaining the confidentiality of information, the disclosure of which could expose the Administrator to damage.
6. Your rights
You have the right to send a request to review, edit, delete or transfer your personal data. For example, you can check if your data is correct. If you want to know what information you have provided to us or want to limit its use - you can ask us and manage it. If you have any questions about this privacy policy, contact: ik@parkiris.io.
In addition, as we process your data based on our legitimate interest, you have the right to object to the processing of your data due to your particular situation.
You also have the right to withdraw consent if it was granted, for example, for marketing purposes. To exercise the above rights, contact: ik@parkiris.io
You also have the right to lodge a complaint with the supervisory authority responsible for the protection of personal data, i.e. the President of the Personal Data Protection Office: https://uodo.gov.pl/489/id_art/2246
7. Processing principles and security
Iris Flowers takes special care to protect the interests of persons whose personal data it processes, and in particular is responsible and ensures that the data it collects are:
a. processed lawfully;
b. collected for specified, lawful purposes and not further processed in a manner incompatible with those purposes;
c. factually correct and adequate in relation to the purposes for which they are processed;
d. stored in a form which allows identification of the persons concerned, no longer than is necessary to achieve the purpose of processing
and
e. processed in a way that ensures appropriate security of personal data, including protection against unauthorised or unlawful processing and accidental loss, destruction or damage, using appropriate technical or organisational measures.
Taking into account the nature, scope, context and purposes of processing and the risk of varying likelihood and severity of the rights and freedoms of natural persons, Iris Flowers implements appropriate technical and organisational measures to ensure that processing is carried out in accordance with this Regulation and to be able to demonstrate this. These measures are reviewed and updated as necessary. Iris Flowers implements technical measures to prevent unauthorised access and modification of personal data transmitted electronically.
8. Retention periods
We will keep your personal data for as long as necessary to fulfil your order. We will then keep it for our own use for a maximum of two years. After this period, your personal data will be deleted, unless we have a legal obligation to keep it. Why? Legal regulations require Iris Flowers to keep payment information for seven years. Monitoring data is kept for one month.
9. External entities and international transfers
For the proper execution of your order, Iris Flowers must use the services of external entities (such as a software provider, courier or payment processor).
Iris Flowers only uses the services of processors who provide sufficient guarantees for the implementation of appropriate technical and organizational measures so that the processing meets the requirements of the GDPR Regulation and protects the rights of data subjects.
Data is not transferred by Iris Flowers in every case and not to all recipients or categories of recipients indicated in the privacy policy. Data is transferred only when it is necessary to achieve a given purpose of personal data processing and only to the extent necessary to achieve it. For example, if the Customer uses personal collection, their data will not be transferred to a carrier cooperating with the Administrator.
9.1. Personal data may be transferred to the following recipients or categories of recipients:
a. carriers / forwarders / courier brokers – in the event that the service is delivered by post or courier, Iris Flowers makes the collected personal data of the Customer available to the selected carrier, forwarder or intermediary carrying out shipments on behalf of the Administrator to the extent necessary to provide the service;
b. entities handling electronic payments or payment cards – in the case of electronic payments or payment cards, the Administrator makes the collected personal data of the Customer available to the selected entity handling the above payments in the Online Store at the request of the Administrator to the extent necessary to handle the payment made by the Customer. Iris Flowers uses the services of Stripe, with which it has concluded a data processing agreement and Standard Contract Clauses,
c. service providers supplying the Administrator with technical, IT and organizational solutions that enable the Administrator to conduct business activities, including the Online Store and the Electronic Services provided via it (in particular, computer software providers, e-mail and hosting providers, and software providers for managing the company and providing technical support to the Administrator). The Administrator makes the collected personal data available to a selected provider acting on its behalf only in the case and to the extent necessary to achieve a given purpose of data processing in accordance with this privacy policy.
d. providers of accounting, legal and advisory services providing the Controller with accounting, legal or advisory support (in particular an accounting office, law firm or debt collection company). The Controller makes the collected personal data available to a selected provider acting on its behalf only in the case and to the extent necessary to achieve a given purpose of data processing in accordance with this privacy policy.
9.2. All international transfers are made in accordance with Chapter V of the GDPR.
10. Cookies
Iris Flowers uses cookies to optimize it and ensure safe shopping. Cookies are small text information in the form of text files, sent by the server and saved on the side of the person visiting the Administrator's website (e.g. on the hard drive of a computer, laptop, or on the smartphone's memory card - depending on what device the visitor to our online store uses). Detailed information on cookies, as well as the history of their creation can be found here: http://pl.wikipedia.org/wiki/Ciasteczko.
The Administrator may process data contained in cookies when visitors use the Online Store website for the following purposes:
a. identifying customers as logged in to the online store and showing that they are logged in;
b. remembering products added to the shopping cart for the purpose of placing an order;
c. remembering data from completed Order Forms, surveys or login data to the Online Store;
d. adapting the content of the online store website to the customer’s individual preferences (e.g. regarding colours, font size, page layout) and optimising its use;
e. keeping anonymous statistics showing how the online store website is used;
f. remarketing, i.e. research into the behaviour of visitors to the online store through anonymous analysis of their activities (e.g. repeated visits to specific pages, keywords, etc.) in order to create their profile and provide them with advertisements tailored to their expected interests, also when they visit other websites in the advertising network of Google Inc. and Meta Platforms, Inc;
g. most web browsers available on the market accept cookies by default. Everyone has the option to specify the terms of use of cookies using their own web browser settings. This means that you can, for example, partially limit (e.g. temporarily) or completely disable the option of saving cookies. In the latter case, however, this may affect some functionalities of the online store (for example, it may be impossible to proceed through the Order path via the Order Form due to the Products not being remembered in the basket during subsequent steps of placing the Order);
h. the settings of the web browser regarding cookies are important from the point of view of consent to the use of cookies by our Online Store. In accordance with the regulations, such consent may also be expressed through the settings of the web browser. In the absence of such consent, the settings of the web browser regarding cookies should be changed accordingly;
i. detailed information on changing cookie settings and deleting them yourself in the most popular web browsers is available in the help section of the web browser and on the following pages (just click on the link):
in Chrome
in Firefox
in Internet Explorer
in Opera browser
in Safari
in Microsoft Edge
j. The Administrator may use Google Analytics and Universal Analytics services provided by Google Inc. (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA) in the Online Store. These services help the Administrator analyze traffic in the Online Store. The collected data is processed within the above services in an anonymous manner (these are so-called operational data that prevent the identification of a person) to generate statistics helpful in the administration of the Online Store. These data are aggregate and anonymous, i.e. they do not contain identifying features (personal data) of persons visiting the website of the online store;
k. it is possible for a given person to easily block the sharing of information about their activity on the Online Store website with Google Analytics. For this purpose, you can install a browser add-on provided by Google Inc. available here: https://tools.google.com/dlpage/gaoptout?hl=pl
l. The Administrator may use the Facebook Pixel service in the Online Store, provided by Meta Platforms, Inc. (4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland). This service helps the Administrator measure the effectiveness of advertisements and find out what actions visitors to the online store take, as well as display tailored advertisements to these people. Detailed information about the operation of Facebook Pixel can be found at the following Internet address: https://www.facebook.com/business/help/742478679120153?helpref=page_content.
m. You can manage the operation of Facebook Pixel through the advertising settings in your Facebook.com account: https://www.facebook.com/ads/preferences/?entry_product=ad_settings_screen.
11. Third Party Websites
Our website may contain links to other websites. We have no control over these sites and cannot guarantee that these companies treat data as securely as we do. We recommend that you review their privacy policies before using them.
12. Changes to the privacy policy
In order to inform you about the use of personal data in the best possible way, this policy may be updated - we recommend that you read it regularly. We make every effort to ensure that our users feel safe and their data is guarded by the best technical security. Dear User - you can rest assured.