(Last modified: 06/05/2019)
Bosonis Flowers (referred to as "we", "us", "our" or "Company") is committed to the users of the website (referred to as "users", "visitors", "customers", "you", "your") to protect their personal data and to process their personal information (referred to as "personal information", "personal data", "e.g." "personal data", "personal information", "personal data" or "personal data") in a transparent manner.
"Personal data" means any information relating to an identified or identifiable natural person. Personal information means information relating to you that identifies or can be identified, including, for example, your name, email address, physical address, social security number, IP address (only when we have collected it in combination with direct identifying information) or information that you have submitted by contacting us.
The personal data we collect and process depends on the purpose of your visit and the services or products you have purchased or agreed to receive from us.
This privacy statement:
sets out how the Company collects, processes and shares your personal information and informs you of your rights under local laws for the protection of personal information and the European Union's General Data Protection Regulation (GDPR).
is addressed to natural persons who are simple visitors to the Company's website, existing or potential customers of the Company or authorized representatives of existing or potential customers of the Company.
2.1. Who we are
Bosonis Flowers is a company registered in Greece for the purpose of providing products and services. The elements of the company are:
Distinctive Title: Bosonis Flowers
Name: Georgios Harmantas
Address: 1 Irini Avenue, Pefki, P.C. 15121
2.2. What personal information we process and where we collect it from
We collect personal information about our current and prospective customers through our website. We never collect personal information, through other means or using a third party agent.
In accordance with local tax laws and European Union VAT and invoicing directives, we collect the following personal information: your name, your telephone number, your email address, your physical address, your company name and tax information (if applicable), your IP address, your country, the User Agent string of the browser you used when you registered. This information is used to generate the legal invoice after successful payment of your purchase and to prove your country of origin if required under the European Union VAT directives.
The IP address is collected temporarily each time you access our website and is present in the web server logs, security software logs and contact forms. This information is used to ensure the security of our website and to prevent abuse. IP address information is not directly identifying information, but if stored in conjunction with the user account, it may be an indirect identifier.
Contact form/offer information
Any information you provide by voluntarily submitting a contact form or form to receive an offer. We use this information to respond to your requests.
2.3. Personal information of minors
We do not allow minors (people under the age of 13) to use our website. Any account found in violation of this term will be terminated without refund and all information relating to that user account will be deleted.
2.4. If you are legally obliged to provide us with your personal information
Providing your billing information is legally required under the European Union's tax regulation and its incorporation into local tax laws. It is illegal for us to allow you to make a purchase without issuing an invoice requiring this information. For the same reason, information not printed on the invoice (IP address, country based on IP address and User Agent string) is also required to prove your country of origin for the application of the correct VAT rate.
Your IP address in the context of security and abuse prevention is specifically exempted from the requirement of your consent according to the GDPR of the European Union. We are legally obliged to ensure the security of your personal information through any appropriate technical means and which includes collecting your IP address in this context.
Any other personal information volunteered by you so that we can provide our services to you. You are not legally obliged to provide it, but only if you do so will we be able to serve you and provide you with the agreed services. Simply put, unless you tell us what the problem is and provide us with the means to understand it, there is nothing we can do to help you.
2.5. Who are the recipients of your personal information
Depending on your actions on our websites, your personal information may be transferred to some of our partners and subcontractors listed below. These providers and suppliers are under contract with Bosonis Flowers whereby they are required to maintain the confidentiality and protection of your personal data in accordance with local data protection laws and the GDPR.
The recipients of your personal information are as follows.
We receive the billing information to fulfil our obligations to the tax laws. We also receive the voluntary information of the contact and offer forms in order to serve you.
It provides statistical data for our website. Only anonymous information is sent to Google. It is not clear whether Google should be mentioned as a data processor. The only way to resolve the ambiguity is to list Google here, but clearly state that, to the best of our knowledge and technical ability, we do not send personal information.
It provides information about the Bosonis Flowers Facebook account and statistical data between this account and our website. Only anonymous information is sent to Facebook and this information may be combined with information you have already provided to Facebook through your own account. It is not clear whether Facebook should be mentioned as a data processor through our own fault. The only way to resolve the ambiguity is to list Facebook here, but clearly state that, to the best of our knowledge and technical ability, we do not send personal information.
2.6. Transfer of your personal data to a third country or international organisation
Your personal information may be transferred to third countries (countries outside the European Union) in certain circumstances, such as payments made through a payment processing company outside the EU, or the provision of support to you by our third country partners, or whenever required by law or if you have expressly consented. All Processors are required to comply with European Union data protection rules and provide appropriate assurances regarding the handling of your personal information in accordance with Article 46 of the GDPR.
2.7. Automated decision-making
Generally, in establishing and conducting a business relationship with you, we do not use automated decision making. The only automated actions are the following:
Applying the correct VAT rate. This is legal, necessary and based on your country of origin. Your personal details (your IP address and country are used and kept in your profile).
2.8. How long we keep your personal information
We retain your personal information for as long as we have a business relationship with you, as evidenced by actions you take on our website or physical actions between you and Bosonis Flowers.
We are legally required to retain your billing information, both for security and organizational reasons and due to the oversight of our tax auditors, for a period of up to ten (10) years after your purchase.
After twelve (12) months from the termination of our business relationship (termination may be explicitly stated or automatically implied from the date of your last login to our website or last physical communication/contact with Bosonis Flowers, whichever is the latest), the following measures will be taken:
Your invoices and billing information will be removed from our website (we will retain physical copies as explained above). An alias, unidentifiable record of your purchase will be kept for statistical purposes.
The user account will be deleted.
Any personal information stored on the website (e.g. contact forms/offer forms) will be deleted.
We may retain your personal information longer than the stated for practical, technical or legal reasons. For example, your personal information may be stored longer than indicated in encrypted backups.
2.9. Your rights for your personal data
You have the following rights in relation to the personal identification information we hold about you:
Access or know the personal information we hold about you. This allows you, for example, to obtain a copy of the personal data we hold on your behalf and confirm that we are processing it lawfully.
Request the correction of your personal information. This allows you to correct incomplete, inaccurate or outdated information that we hold on your behalf. Please note that correction of billing information is only possible when purchasing a service or product and only applies to newly issued invoices. This is a legal requirement.
Request the deletion of your personal information ("right to be forgotten"). This allows you to request that we delete your personal information when there is no real reason for us to process it.
Stop processing your personal data ("right to object") because there is something specific about your situation that makes you want to object to the processing. If you object, we will no longer process your personal data unless we can demonstrate compelling legal grounds for processing that is contrary to your interests, rights and freedoms. Note that this is largely inapplicable to our business relationship, as processing by us is either done on a legal basis or with your explicit consent or is exempt from GDPR protections (e.g. keeping an IP log for security purposes).
You have the right to object where we process your personal information for direct marketing purposes. This also includes profiling, insofar as it is used for direct marketing.
Request the restriction of the processing of your personal data. You are allowed to ask us to restrict the processing of your personal information in specific circumstances such as when:
the personal data is inaccurate,
the personal data has been used unlawfully but you do not wish to have it deleted,
the personal data is no longer necessary, but you want us to keep it for use in possible legal claims,
you have asked us to stop using your personal information but you are waiting for us to confirm whether we have legitimate reasons to use it.
Request a copy of your personal information in a structured, commonly used format, so that you can share this information with other organisations and companies. You can also request that we transfer the file directly to another organisation of your choice. This is also known as a "data transfer right".
Withdraw your consent to the processing of your personal information at any time. Please note that withdrawing your consent at any time does not invalidate the lawfulness of the processing based on your consent before it is withdrawn or withdrawn by you.
To exercise any of the above rights, please use the "Request for personal data" form below. Alternatively, or if you have any questions about our use of your personal information, you can contact us via the contact form.
In accordance with the law, we will respond to your requests promptly and within 30 working days. If you have not received a response from us for more than three weeks (21 days), please try again to contact us by alternative means. It is likely that your request never reached us. Please note that we reserve the right to direct you to our website tools and/or Privacy Notice if your concern is directly addressed by them. In accordance with the law, we reserve the right not to respond to your requests if they are too frequent or abuse the provisions of the law.
2.10. Changes to this Privacy Statement
We may periodically amend this privacy statement.
When this happens, we will change the date at the top of the page. We do not have the technical means to notify our customers of any changes. We recommend that you review this statement periodically so that you are always informed about how we process and protect your personal information.
Our website uses small text files, known as cookies, to improve your experience and work better.
An HTTP cookie (also called a web cookie, internet cookie, browser cookie or simply cookie) is a small piece of data sent from a website and stored on the user's computer by the user's browser while the user is browsing.
The main purpose of a cookie is to identify users and possibly prepare customized web pages for them.