Fiorentino Luxury Floral Services (Data Controller Abraham Avanoglou, P.O.B.: 133850390) processes personal data of its suppliers.
This policy sets out the principles applied by the Company in the processing of such data (categories, legal basis, purpose, protection measures, rights, etc.) and aims to inform the subjects-suppliers about the processing. It is posted on our website (https://fiorentino.gr) and may be changed/updated from time to time. You will be informed of all significant changes and the version in force will be posted on the website each time.
We assure you that all information relating to you is processed only for the legitimate purpose of collection and is protected by high security systems.
What categories of data we collect
We process the following categories of personal data of our suppliers (and their employees as the case may be): name, surname, registered office address, fixed telephone number, mobile telephone number, e-mail address (email), ID number, VAT number, Tax Identification Number, bank accounts, tax and insurance information, financial data, basic identification data of legal representatives of legal entities.
PERSONAL DATA
A prerequisite for the start of the transaction between us is the disclosure of some of your personal data. In the course of placing an order, you will be asked for your full name, the address to which you want the products sold to be sent, your landline telephone number (or any other telephone number you wish to use for your convenience), your e-mail address, etc. All of the above are recorded in a database and are used solely for the proper promotion and execution of your order.
Our company, strictly following the principles of personal data protection provided by the relevant laws and international conventions, will not make any improper use without your prior consent. In no way will the personal data and information you entrust to us be disclosed, published, sold or exchanged.
SUMMARY
1. PROCESSING CONTROLLER: We are the “Company” and process your personal data as a controller.
2. PURPOSE OF USE OF YOUR DATA: We will use your data (collected electronically or in person) to manage your user registration, to manage purchases of services from you, to answer your questions and, if you wish, for you to send personalised communications.
3. LEGAL BASIS OF USE OF YOUR DATA. The main reason is that we need to process it for the performance of the contract you enter into with us when you register and when you receive any of our services or features, however there are other reasons that allow us to use it, such as, among others, our interest in answering your questions or the consent you give us to send you our newsletter.
4. Who we share your data with. We share your data with service providers who help or support us, who may be third party partners with whom we have a contract and who are located within the European Union.
5. YOUR RIGHTS. In some cases, you also have other rights, for example, to object to our use of your data or the right to the portability of your data, as we explain in detail below.
We invite you to read the full Privacy Policy below to fully understand how we use your personal data and the rights you have regarding it.
Who is responsible for processing your data?
The data controller is Avanoglou Avraam, the legal representative of the company based in Thessaloniki, at 82 Mitropoleos Street, Postal Code: 54622, Thessaloniki Municipality and Region.
Purpose of using your data:
Depending on the purpose for which we process your data from time to time, as explained above, we need to process one or more of your data, which generally will be, as appropriate, the following:
- Your identity information (for example, your name, surname, language, and country from which you interact with us, contact details, etc.)
- Financial information and transaction details (for example, your payment or card details, etc.)
- Connection, geographical location, and internet browsing data (if, for example, you contact us from your mobile phone)
- Commercial information (for example, if you have subscribed to our newsletter)
- Information about your preferences
Purpose of processing your personal data:
We process your personal data for the purpose of forming, executing, operating, and terminating the contract between us and generally managing our contractual relationship, as well as for our Company’s compliance with its legal obligations (Income Tax Code, etc.), and to establish legal claims or defend against claims in courts, authorities, etc. Specifically, we process your data for order fulfillment, billing, and quality control of services/products.
Legal Bases for Processing:
The legal bases for processing are, as the case may be: (a) The legitimate interest we pursue (operation of our company), (b) Our compliance with legal obligations, (c) The execution (formation, operation, termination) of the contract between us, (d) Your consent.
To whom we disclose your personal data:
The Company does not disclose your personal data to third-party recipients but only processes it through authorized personnel under strict confidentiality. Exceptionally, your personal data may be disclosed: (a) To public authorities for the Company’s compliance with its legal obligations, (b) To third parties providing services to the Company, such as lawyers/law firms (in case of extrajudicial or judicial actions regarding contract formation and legal claims of or against the Company), financial advisors-accountants, etc. These persons, who act as processors on behalf of our Company, are bound by guarantees of absolute compliance with the applicable legislation (European and National) on personal data, and (c) Before the courts for exercising and defending the Company’s rights.
Processing Principles and Protection:
Our Company, indicatively and not restrictively:
- Processes only the personal data necessary for the above purposes and only for these purposes,
- Takes appropriate technical and organizational measures for the security of personal data (ensuring confidentiality, integrity, and availability) from design and by default,
- Has and implements procedures and systems for the confidentiality of personal data processing and their protection from accidental or unlawful destruction, accidental loss, alteration, unauthorized disclosure or access, and any other form of unlawful processing (e.g., use of tools for access controls and data loss prevention),
- Has informed data subjects (consumers and employees) in accordance with Regulation (EU) 2016/679 (GDPR),
- Adheres to the principle of data minimization,
- Takes care of the exercise and satisfaction of data subject rights,
- Has prepared documents, policies, and procedures that demonstrate its compliance with the principle of accountability (privacy policy, cookies policy, recording the type, categories, and flows of personal data, compiling processing records, etc.) as referred to in the General Data Protection Regulation,
- Has established a team for personal data protection,
- Conducts training and awareness-raising for employees regarding personal data protection,
- Amends its contracts with processors acting on its behalf, in accordance with Article 28 of the GDPR, to ensure their absolute compliance.
How long we keep your personal data:
We retain your personal data for the required by law period during which the competent authorities have the right to audit our Company. When processing your personal data is no longer necessary, your data will be destroyed securely and demonstrably.
Your rights and how to exercise them:
You have the following rights: (a) To know what personal data we hold and process, their origin, the purposes of processing, and the retention period (right of access), (b) To request the correction or supplementation of your personal data to be complete and accurate (right to rectification). You must provide any necessary document proving the need for correction or supplementation, (c) To request the restriction of processing of your data (right to restrict processing), (d) To object to or oppose any further processing of your personal data we hold (right to object), (e) To request the transfer of your personal data we hold to any other controller of your choice (right to data portability), (f) To request the deletion of your personal data from our records (right to be forgotten).
Regarding the exercise of the above rights, please note the following: The Company reserves the right to refuse your request for restriction of processing or deletion of your personal data or your objection to processing if processing or retaining the data is necessary for establishing, exercising, or defending legal claims or fulfilling its obligations.
The exercise of the right to data portability does not imply the deletion of your data from our records, which is subject to the terms of the previous paragraph and the conditions of the Regulation.
(g) To file a complaint with the Data Protection Authority (www.dpa.gr) if you believe your rights are violated in any way (right to complain to the Authority).
For any additional information and to exercise the above rights, please contact us in writing at Fiorentino LFS Headquarters: 37 Michael Psellou Street, 542 49, (Near N.M. Georgiadi) or via email at [email protected]. As a rule, your request will be satisfied within one month of receipt. Information, any communication, and all actions taken under Articles 15 to 22 and 34 GDPR are provided free of charge.
The Company will make every effort to respond to your request(s) within thirty (30) days from the submission of the relevant request. This period may be extended by sixty (60) additional days if necessary, considering the complexity of the request and the number of requests, after informing you promptly.
Please note that this policy may change periodically. Changes will be displayed here.
