1. General Provisions.

1.1. This Privacy Policy describes how plant nursery management (hereinafter also referred to as the “Data Controller”) collects, processes and stores personal data that AlexFlowers receives from its customers and individuals who visit the Website. referred to as “Data Subject” or “You”).

1.2. Personal data is any information relating to an identified or identifiable individual. Processing is any activity related to personal data, such as obtaining, recording, changing, using, viewing, deleting or destroying it.

1.3. The data controller complies with the principles of data processing stipulated by law and can confirm that personal data is processed in accordance with applicable law.

  1. Collection, processing and storage of personal data.

2.1. Personal information is collected, processed and stored by the Data Controller primarily through the online store website and email.

2.2. By visiting and using the services provided at the online store, you agree that any information provided will be used and managed in accordance with the purposes set forth in the Privacy Policy.

2.3. The data subject is responsible for the correctness, accuracy and completeness of the personal data provided. Intentional misrepresentation is considered a violation of our Privacy Policy. The data subject must immediately notify the Data Controller of any changes to the personal data provided.

2.4. The Data Controller is not liable for losses caused to the Data Subject or third parties if they arise from false personal data.

  1. Processing of personal data of clients.

3.1. The Data Controller can process the following personal data:

3.1.1. First name and last name
3.1.2. Contact information (e-mail address and/or phone number)
3.1.4. Transaction data (purchased goods, delivery address, price, payment information, etc.).
3.1.5. Any other information provided to us during the purchase of services and products offered by the site, or by contacting us.

3.2. In addition to the above, the Data Controller has the right to check the accuracy of submitted data using public registers.

3.3. The legal basis for processing personal data is Article 6(1) (a), (b), (c) and (f) of the General Data Protection Regulation:

(a) the data subject has consented to the processing of his or her personal data for one or more specific purposes;

(b) the processing is necessary for the performance of a contract to which the data subject is a party or for taking action at the request of the data subject prior to the conclusion of the contract;

(c) the processing is necessary to comply with a legal obligation to which the comptroller is subject;

(f) the processing is necessary to protect the legitimate interests of the controller or a third party, unless the interests of the data subject or the fundamental rights and freedoms that require protection of the personal data outweigh such interests, in particular if the subject is a child.

3.4. The Data Controller shall store and process the Data Subject’s personal data for as long as at least one of the following criteria exists:

3.4.1. Personal information is necessary for the purposes for which it was obtained;
3.4.2. Whereas, in accordance with the procedures specified in external regulations, the Data Controller and/or Data Subject may exercise their legitimate interests, such as filing objections or filing or pursuing legal action;
3.4.3. As long as there is a legal obligation to keep data, such as under the Accounting Act;
3.4.4. As long as the Data Subject’s consent to the relevant processing of personal data is valid, unless there is no other legal basis for processing personal data.

Upon termination of the circumstances mentioned in this paragraph, the subject’s personal data shall also be retained and all relevant personal data shall be permanently deleted from the computer systems, and electronic and/or paper documents containing the relevant personal data or those documents shall be anonymous. .

3.5. In order to fulfill its obligations to you, the Data Controller is entitled to transfer your personal data to cooperation partners, data processors who carry out the necessary data processing on our behalf, such as accountants, courier services, etc. The Data Controller is the controller of personal data.
Upon request, we can share your personal information with government and law enforcement agencies to protect your legitimate interests, if necessary, by drafting, filing and defending lawsuits.

3.6. When processing and storing personal data, the Data Controller shall apply organizational and technical measures to ensure protection of personal data against accidental or unlawful destruction, alteration, disclosure and any other unlawful processing.

  1. Rights of the data subject

4.1. According to the General Data Protection Regulation and the laws of the Republic of Latvia, you have the right:
4.1.1. Get access to your personal data, receive information about its processing, and request a copy of your personal data in electronic format and the right to transfer this data to another controller (data portability);
4.1.2. Request correction of incorrect, inaccurate or incomplete personal information;
4.1.3. Delete your personal data (“be forgotten”) unless you are required by law to keep the data;
4.1.4. Withdraw your prior consent to the processing of personal data;
4.1.5. Restrict processing of your data – the right to request that we temporarily stop processing all your personal data;
4.1.6. Contact the State Data Inspectorate.
You can request to exercise your rights by emailing info@alexflowers.lv.