Privacy and Personal Data Protection Policy - GDPR

WHO ARE WE?

We are GREEN-E CONCEPT S.R.L.
VAT number: RO14742549
Registered number in the Trade Register: J40/5704/2002
Our legal representative is the administrator:
BUHNA VIACESLAV
Tel: +40 742 033 977
Email: viaceslav.buhna@famousroses.eu

(hereinafter referred to as FAMOUS ROSES)

The new European Union law on the protection of personal data, GDPR (“General Data Protection Regulation”) entered into force on May 25, 2016, but will begin to produce its effects starting from May 25, 2018. This law represents the biggest change in the field of personal data protection in the last 20 years and has objectives that go far beyond the simple protection of private space.

The protection of your personal data is important to us, therefore, we pay particular attention to protecting the privacy of visitors who access the website www.famousroses.eu, in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (hereinafter referred to as “GDPR”).

Please pay special attention to reading the following Policy (hereinafter referred to as “DPP”) to understand how your information (“personal data”) will be treated.

The DPP explains the online practices of FAMOUS ROSES, regarding the application of the provisions of the GDPR, as well as the rights you benefit from regarding the way your information is used through the FAMOUS ROSES website.

The processing of personal data carried out by FAMOUS ROSES will always be carried out in accordance with the provisions of the GDPR, as well as with the regulations on the protection of personal data, specific to each country in which FAMOUS ROSES operates.

Through the DPP, FAMOUS ROSES wishes to inform visitors about the nature of the personal data we collect and process, as well as the purposes of the processing. In addition, visitors to the website are informed through the DPP about the rights they benefit from.

WHAT IS PERSONAL DATA?

"Personal data" means any information or data that can identify you directly (e.g. your name) or indirectly (e.g. through pseudonymous data, such as a unique identification number). This means that personal data includes things like your email address, home address, mobile phone number, username, profile photos, personal preferences and shopping habits, user-generated content, financial information and information regarding your financial situation. This could also include unique numerical identifiers, such as your computer's IP address or your mobile device's MAC address, as well as cookies.

WHAT IS PERSONAL DATA PROCESSING?

“Processing” means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

PERSONAL DATA CONTROLLER

The personal data controller (hereinafter referred to as the “controller”) is GREEN-E CONCEPT S.R.L.

DATA PROTECTION OFFICER (DPO)

FAMOUS ROSES, as the controller, has appointed Mr. Viaceslav BUHNA, as the Data Protection Officer (hereinafter referred to as the “DPO”), with the obligation to verify compliance with the GDPR provisions in data processing operations carried out by the controller and to represent the controller in relations with data subjects and the Supervisory Authority.

Data subjects have the possibility to address the DPO directly at any time regarding any issues related to this DPO, using the contact details below:

DPO Name: Viaceslav BUHNA
DPO Email: info@famousroses.eu
DPO Tel.: 0751 269 077
DPO Mailing Address:

GREEN-E CONCEPT S.R.L.
Str. Lotrioara No.5, Sector 3
BUCURESTI, ROMANIA
Postal code: 032163

WHAT DATA WE PROCESS

www.famousroses.eu. will collect information or data that allows the identification of natural persons (name, address, telephone number, e-mail address). These are necessary to be able to collect the payment value of orders from the processors and to deliver the ordered products to you. Also, www.famousroses.eu will collect the IP address as traffic data.

PRINCIPLES REGARDING DATA PROCESSING

FAMOUS ROSES undertakes to comply with the principles of personal data protection (hereinafter referred to as the "Principles") provided for by the GDPR, in order to ensure that all data are:

Processed fairly, legally and transparently;
Collected for specified, explicit and legitimate purposes;
Adequate, relevant and limited in relation to the purposes for which they are processed;
Correct and up-to-date;
Kept in a form which does not permit identification of data subjects for longer than is necessary in relation to the purpose of the processing;
Processed in accordance with the rights of the data subject, in a manner which ensures adequate security of the processing, so that the data are intact, confidential and available.

GROUNDS AND PURPOSES OF PROCESSING PERSONAL DATA

For the purpose of concluding and executing contracts - According to art. 6 para. 1 lit. b) of the GDPR, personal data may be processed for the purpose of concluding or executing the contract. In order to be able to offer you our products, it is necessary to process personal data belonging to you.

For the purpose of fulfilling legal obligations - According to art. 6 para. 1 lit. c) of the GDPR, personal data may be processed for the purpose of fulfilling legal obligations. We request a series of personal data, including, in certain situations, the personal identification number, in order to fulfill our obligations imposed by the tax authorities in connection with invoicing and reporting to the tax authorities.

For marketing purposes - According to art. 6 para. 1 lit. a) of the GDPR, personal data may be processed if the data subject has given consent to the processing of his or her personal data for one or more specific purposes.

NESWSLETTER

If you have subscribed to the FAMOUS ROSES Newsletter section, your personal data will be used for the sole purpose of sending you marketing content information about FAMOUS ROSES products and services, about offers and/or promotions, news, future campaigns, invitations to various events held by FAMOUS ROSES in a certain period.

Your personal data will be deleted immediately when you cancel your subscription to the FAMOUS ROSES Newsletter section.

You can unsubscribe at any time via the link attached to the Newsletter received or by a written request addressed to the FAMOUS ROSES Data Protection Officer.

FAMOUS ROSES reserves the right to select the persons to whom it will send newsletters and/or alerts, as well as the right to remove from its database any Member or Client who has previously expressed consent to receive newsletters and/or alerts, without any subsequent commitment from FAMOUS ROSES, or any prior notification thereof.

CONTACT FORM PROCESSING

FAMOUS ROSES will use the information you provide in the appropriate contact section on the site exclusively for the purpose of processing your request.

By providing any personal data through the website www.famousroses.eu, you understand and agree that your data will be processed in accordance with the provisions of the FAMOUS ROSES DPP.

Please note that in order to process your requests submitted in the contact section of the site, we may, in certain circumstances, be obliged to disclose your data to partners with whom FAMOUS ROSES collaborates and/or to other third party service providers of FAMOUS ROSES.

However, FAMOUS ROSES has adopted appropriate technical and organizational measures to ensure the security of data transfer, as well as the processing in accordance with the GDPR requirements of your data by the aforementioned entities.

Your personal data may be transmitted to other third parties only with your express consent, except in cases where there is a legal obligation for FAMOUS ROSES to do so.

FAMOUS ROSES undertakes not to process the personal data provided for a purpose other than that for which it was transmitted, except in cases where there is your express consent to use it for other purposes.

How we collect and use your personal information

To provide the Services, we collect personal information about you from a variety of sources, as set out below. The information we collect and use varies depending on how you interact with us.

In addition to the specific uses outlined below, we may use the information we collect about you to communicate with you, to provide or improve or enhance the Services, to comply with any applicable legal obligations, to enforce applicable terms and conditions, and to protect or defend the Services, our rights, and the rights of our users or others.

What Personal Information We Collect

The types of personal information we obtain about you depend on how you interact with our Site and how you use our Services. When we use the term “personal information,” we mean information that identifies, relates to, describes, or can be associated with you. The following sections describe the specific categories and types of personal information we collect.

Information We Collect Directly from You

Information you provide to us directly through our Services may include:

Contact details, including your name, address, phone number, and email.
Order information, including your name, billing address, shipping address, payment confirmation, email address, and phone number.
Account information, including your username, password, security questions, and other information used for account security purposes.
Purchase information, including items you view, add to cart, items saved to your account, such as loyalty points, reviews, recommendations, or gift cards, or purchases.
Loyalty points/product reviews/recommendations/gift cards saved
Customer support information, including information you choose to include in communications with us, for example, when you send a message through the Services.

Some features of the Services may require you to provide us with certain information about yourself directly. You may choose not to provide this information, but doing so may prevent you from using or accessing these features.

Information We Collect About Your Usage

We may also automatically collect certain information about your interaction with the Services (“Usage Data”). To do this, we may use cookies, pixels, and similar technologies (“Cookies”). Usage Data may include information about how you access and use our Site and your account, including device information, browser information, information about your network connection, your IP address, and other information about your interaction with the Services.

Information We Obtain from Third Parties

Finally, we may obtain information about you from third parties, including vendors and service providers who may collect information on our behalf, such as:

Companies that support our Site and Services, such as Shopify.
Our payment processors, who collect payment information (e.g., bank account information, credit or debit card information, billing address) to process your payment to fulfill your orders and provide you with the products or services you have requested, in order to perform our contract with you.
When you visit our Site, open or click on emails we send you, or interact with our services or advertisements, we or third parties we work with may automatically collect certain information using online tracking technologies, such as pixels, web beacons, software development kits, third-party libraries, and cookies.

Any information we obtain from third parties will be treated in accordance with this Privacy Policy. Please also see the Third-Party Websites and Links section below.

How We Use Your Personal Information
Providing Products and Services. We use your personal information to provide you with the Services for the purpose of performing our contract with you, including to process your payments, fulfill your orders, send you notifications related to your account, purchases, returns, exchanges or other transactions, to create, maintain and otherwise manage your account, arrange for shipping, facilitate any returns and exchanges and other features and functionality related to your account.

Marketing and Advertising. We may use your personal information for marketing and promotional purposes, such as to send you marketing, advertising and promotional communications by email, text message or postal mail and to display advertisements for products or services to you. This may include using your personal information to better personalize the Services and advertising on our Site and other websites. If you are a resident of the EEA, the legal basis for these data processing activities is our legitimate interest in selling our products, in accordance with Art. 6 (1) (f) GDPR.

Security and fraud prevention. We use your personal information to detect, investigate or take action regarding possible fraudulent, illegal or malicious activities. If you choose to use the Services and register for an account, you are responsible for keeping your account credentials safe. We strongly recommend that you do not share your username, password or other access details with anyone else. If you believe that your account has been compromised, please contact us immediately. If you are a resident of the EEA, the legal basis for these data processing activities is our legitimate interest in keeping our website safe for you and other customers, in accordance with Art. 6 (1) (f) GDPR.

Communicating with you and improving the Services. We use your personal information to provide you with customer support and to improve our Services. This is in our legitimate interest to be responsive to you, to provide you with efficient services and to maintain our business relationship with you in accordance with Art. 6 (1) (f) GDPR.

Cookies

Like many websites, we use cookies on our Site. For specific information about the cookies we use in connection with our online store on the Shopify platform, please see https://www.shopify.com/legal/cookies. We use cookies to power and improve our Site and Services (including to remember your actions and preferences), to perform analytics, and to better understand user interaction with the Services (in our legitimate interest in administering, improving, and optimizing the Services). We may also allow third parties and service providers to use cookies on our Site to better tailor the services, products, and advertising on our Site and other websites.

Most browsers automatically accept cookies by default, but you can choose to set your browser to remove or reject cookies through browser controls. Please note that removing or blocking Cookies may negatively impact your user experience and may cause some of the Services, including certain general features and functionality, to function improperly or become unavailable. In addition, blocking Cookies may not completely prevent how we share information with third parties, such as our advertising partners.

How We Disclose Personal Information

In certain situations, we may disclose your personal information to third parties for contract performance, legitimate purposes, and other reasons covered by this Privacy Policy. Such situations may include:

• With vendors or other third parties who perform services on our behalf (e.g., IT management, payment processing, data analytics, customer support, cloud storage, fulfillment, and shipping)
  
• With business and marketing partners to provide services and deliver advertising to you. Our business and marketing partners use your information in accordance with their own privacy notices.
  
• When you instruct, request, or otherwise agree to disclose certain information to third parties, such as to ship products to you or through the use of social media widgets or login integrations, with your consent.
  
• With our affiliates or otherwise within our corporate group, in our legitimate interests to run a successful business.
  
• In connection with a business transaction, such as a merger or bankruptcy proceeding, to comply with any applicable legal obligations (including to respond to subpoenas, search warrants, and similar requests), to enforce any applicable terms, and to protect or defend the Services, our rights, and the rights of our users or others.

We disclose the following categories of personal information and sensitive personal information about users for the purposes set out above in “How We Collect and Use Your Personal Information” and “How We Disclose Personal Information”:

We do not use or disclose sensitive personal information without your consent or for the purpose of inferring characteristics about you.

With your consent, we share personal information for the purpose of engaging in advertising and marketing activities as follows.

Third-Party Websites and Links

Our site may provide links to websites or other online platforms operated by third parties. If you follow links to sites that are not affiliated with or controlled by us, you should review their privacy and security policies and other terms and conditions. We do not guarantee and are not responsible for the privacy or security of such sites, including the accuracy, completeness, or reliability of the information found on such sites. Information you provide in public or semi-public locations, including information you share on third-party social media platforms, may also be viewed by other users of the Services and/or users of such third-party platforms, without limitation as to their use by us or by a third party. Our inclusion of such links does not, in itself, imply any endorsement of the content on such platforms or their owners or operators, except as disclosed in the Services.

DATA STORAGE PERIOD

FAMOUS ROSES may retain the processed data for different periods of time, deemed reasonable, in accordance with the purposes indicated above. We retain your data only for the period necessary to achieve the purpose for which we hold the data, to satisfy your needs or to fulfill our obligations imposed by law.

In order to know how long your data can be retained, we use the following criteria:

1. When you purchase products and services, we retain your personal data for the duration of our contractual relationship;
   
2. If you participate in a promotional offer, we retain your personal data for the duration of the promotional offer;
   
3. If you contact us with a question, we retain your personal data for the period necessary to process your questions, but no longer than 5 years from the last correspondence sent;
   
4. If you create an account, we retain your personal data until you request us to delete it or after a period of inactivity (without active interaction with our brands) defined in accordance with local regulations and guidelines. In this regard, we note that the data processed for this purpose will be deleted 5 years after the last interaction with the account user (such as logging into your account);
   
5. If you have provided your consent for marketing, we retain your personal data until you unsubscribe or request us to delete it or after a period of inactivity (without active interaction with our brands) defined in accordance with local regulations and guidelines. In this regard, we note that the data stored in our databases for the purpose of direct marketing communications are deleted from the records of these databases 5 years after the last interaction with you;
   
6. If cookies are stored on your computer, we keep them for as long as necessary to achieve their purposes (for example, for the duration of a session for shopping cart cookies or session ID cookies) and for a period defined in accordance with local regulations and guidelines. In this regard, we note that data processed through cookies used to provide online behavioral advertising, to personalize our services for you and to enable the sharing of our content on social media sites (sharing buttons intended to display the site), will be kept for a maximum period of 5 years from their collection, based on your consent.

RIGHTS OF DATA SUBJECTS

In accordance with the GDPR, you have a number of rights with regard to the personal data that FAMOUS ROSES processes:

1. Right of access to processed data - You have the right to access the personal data we hold. The first provision of information will be made without charging any fee. If you still need copies of the information already provided, we may charge a reasonable fee taking into account the administrative costs of providing the information. Manifestly unfounded, excessive or repeated requests may not receive a response.
   
2. Right to rectification of data - You have the right to request that your Data be rectified if it is inaccurate or outdated and/or to complete it if it is incomplete. If you have an account, it may be easier to correct your own data via the "My Account" function.
   
3. Right to erasure (“right to be forgotten”) - In some cases, you have the right to obtain the erasure or destruction of your Data. This is not an absolute right, as we may sometimes be forced to retain your Data for legal or regulatory reasons.
   
4. Right to restriction of processing - You have the right to request the restriction of the processing of your Data. This means that the processing of your Data is limited so that we can retain the Data but not use or process it. This right applies in specific circumstances set out in the General Data Protection Regulation, namely:

- the accuracy of the Data is contested by the data subject (i.e. you), for a period enabling the controller (i.e. FAMOUS ROSES) to verify the accuracy of the Data;

- the processing is unlawful and the data subject (i.e. you) opposes the erasure of the Data and requests the restriction of their use;

- the controller (i.e. FAMOUS ROSES) no longer needs the Data for the purposes of processing, but they are required by the data subject (i.e. you) for the establishment, exercise or defence of legal claims;

- the data subject (i.e. you) has objected to the processing on the grounds of legitimate grounds of the controller (in this case FAMOUS ROSES) based on the verification whether the legitimate grounds of the controller (FAMOUS ROSES) override those of the data subject (i.e. you).

5. Right to data portability - You have the right to move, copy or transfer the data you are interested in from our database to another. This only applies to data that you have provided, when the processing is based on your consent or on the basis of a contract and is implemented by automated means.

6. Right to object - You can object at any time to the processing of your data when such processing is based on a legitimate interest.

7. Right to withdraw consent at any time - You can withdraw your consent to the processing of your data when such processing is based on consent. The withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.

8. Right to lodge a complaint with the competent supervisory authority - You have the right to lodge a complaint with the data protection authority of your country of residence or domicile to challenge the data protection practices offered by FAMOUS ROSES.

9. Right to object to the processing of your data for direct marketing purposes - You can unsubscribe or opt out of our direct marketing communication at any time. It is easiest to do this by clicking on the "unsubscribe" link in any email or communication we send you.

10. Right to object to the processing of your data by us when we carry out actions in the public interest or in our own legitimate interests or those of a third party - You can object at any time to the processing of your data when such processing is based on a legitimate interest.

11. Right to disable Cookies- you have the right to disable cookies. Internet browser settings are usually programmed by default to accept cookies, but you can easily adjust them by changing your browser settings. Many cookies are used to enhance the usability or functionality of websites/applications; therefore, disabling cookies may prevent you from using certain parts of our websites or applications, as detailed in the relevant Cookie table. If you wish to restrict or block all cookies set by our websites/applications (which may prevent you from using certain parts of the website) or any other websites/applications, you can do so through your browser settings. The Help function in your browser will tell you how. For more information, see the following links: http://www.aboutcookies.org/;

You can exercise any of these rights with regard to the personal data that FAMOUS ROSES processes by addressing a simple request to the FAMOUS ROSES DPO. In such a situation, we may very well request proof of your identity.

LEGAL REQUESTS

We access, preserve, and provide your information to regulators, law enforcement, or other entities:

1. In response to a legal request, when we believe in good faith that the law requires us to do so. We may also respond to legal requests when we believe in good faith that responding is required by the laws of that jurisdiction to affect users in that jurisdiction and is consistent with internationally recognized standards.
2. When we believe in good faith that it is necessary to: detect, prevent, and respond to fraud, unauthorized use of any of our materials, violations of our terms or policies, or other harmful or illegal activity; to protect us (including our rights, property, or materials), you, and others, including in the course of regulatory investigations or inquiries; or to prevent death or imminent bodily harm. For example, where relevant, we provide information to and receive information from third-party partners about the reliability of your account to prevent fraud, abuse and other harmful activities on and off our materials.

The information we receive about you may be accessed and stored for a longer period of time when it is subject to a legal request or legal obligation, a government investigation, or investigations into possible violations of our terms or policies, or in other cases to prevent harm.

RELATIONSHIPS WITH OTHER OPERATORS

Depending on the context, we may find ourselves in a situation of absolute necessity to provide information at a higher level, both globally, internally or externally, to our partners and those with whom we transfer data in compliance with the aforementioned Regulation, by virtue of ensuring the provision of the most professional services possible. Information controlled by FAMOUS ROSES may be transferred, transmitted or stored and processed in the EU or in countries other than the country in which you reside, for the purposes described in this policy. These data transfers are necessary to be able to provide services at the highest level, as well as to continue to provide you with our materials at the best professional level. We use standard contractual clauses approved by the European Commission and rely on adequacy decisions issued by the European Commission with respect to certain countries, as applicable, with respect to data transfers from the EEA to the United States and to other countries.

SECURITY OF PROCESSING

FAMOUS ROSES has adopted technical and organizational data processing measures, updated in accordance with the requirements of the GDPR, in order to protect your personal data against any actions of unauthorized access, improper use or disclosure, unauthorized modification, destruction or accidental loss. All employees and collaborators of FAMOUS ROSES, as well as any third parties acting in the name and on behalf of FAMOUS ROSES are obliged to respect the confidentiality of your information and the requirements of the GDPR, in accordance with the provisions of this Policy.

DISCLAIMER

The website www.famousroses.eu may contain links to other sites and/or other web pages that are not the property of FAMOUS ROSES. FAMOUS ROSES assumes no responsibility for the content of these sites and, therefore, cannot be held liable for the content, advertising, goods, services, software, information or other materials available on or through these sites. FAMOUS ROSES will not be liable for the loss of personal data, any negative effects on the personal data of visitors or other moral and/or property damage caused by access to these sites.

UPDATING THE POLICY FOR PROTECTION AND PROCESSING OF PERSONAL DATA

Please note that this Policy may be subject to periodic changes in content, by updating the website www.famousroses.eu.

How will we notify you of changes to this Policy?

We will send you a notice before making any changes to this Policy and will provide you with the opportunity to consult the revised DPP before choosing to continue using our materials.

Please do not continue to use the website www.famousroses.eu if you do not agree to such changes. We also recommend that you check this page for any updates.

The terms of the DPP are interpreted in accordance with applicable law.

DATA PROTECTION
Your bank or credit card information is the most sensitive information you provide. To protect your privacy, we do not store or retain your card information on our website. Credit card processing is done on a highly secure server owned by Stripe.com

Payment for online transactions is done on a highly secure server, using the most advanced Secure Socket Layer (SSL) encryption technology.

CONTACT

If you have any questions or concerns about how we treat and use your personal data or would like to exercise any of your rights, please contact us by accessing the contact details of our DPO.