Privacy Policy - GDPR
Privacy Policy
We Care About Your Personal Data
As LF FLORA MEXICO S. de R.L. de C.V. (“LolaFlora”), we prepared this Privacy Policy (“Policy”) to inform you about how we handle your personal data as a data controller. This Policy sets out the different ways you interact with us and the types of personal data that we collect and the reasons why we use your personal data. This policy also explains why and whom we will share personal data and the rights/choices you have.
At LolaFlora, we are trying to do our best to serve our customers and sellers to make their LolaFlora experience better. Taking good care of the personal data you share is a hugely important part of this. We want you to be sure and confident that your data is safe and secure with us.
Before informing you in detail, we would like to briefly explain which values we act on while we protect your personal data.
|
One of our fundamental values is transparency. We consider it our duty to inform you with full transparency how we process your data and for what purposes we use it. If there is a change in this policy, we guarantee that you will be informed first. |
|
We are aware of that your personal data only belongs to you. In this regard, we act carefully and responsive to determine which personal data of yours is to be processed by us. Before we provide our services to you, we try to limit the information we collect to only what we really need. We delete, anonymize, or destruct your personal data when we no longer need them unless there is a legal obligation for the retention of the personal data. |
|
While our information technology team is developing new projects to provide you with a better experience, they put privacy first and ensure that all the necessary measures have been taken to protect your personal data. |
|
We want you to rely on us that your personal data is in good hands. If there is no legal obligation to force us to share your personal data, or if we do not have a different legal basis for sharing your personal data, we ask for your consent to share your personal data. In order to ensure the safety of your personal data, we sign the necessary privacy agreements with third parties when we needed to share your personal data with them. |
What Personal Data Do We Collect and How Do We Use It?
Below we have included a table explaining in which processes, for which purposes and legal grounds your personal data is processed:
Processes & Processing Purposes |
Categories of Personal Data |
Legal Basis for Processing* |
To register you as a customer When you decided to register our website or LolaFlora Mobile App, we collect some information from you to create your account. When you register once, you may create your own shopping list, save your address and payment information, and manage your LolaFlora account. |
|
|
To provide a seller environment on LolaFlora At LolaFlora, we aim to grow together with our sellers and to provide better quality service to our customers and sellers. When you want to sell on LolaFlora, we ask you to send us some of your seller and personal information via the online form. We process this information in order to establish our business relationship with you, to register you as a seller in our systems, to create system authorizations, and to contact you. |
|
|
To prevent fraud We want to ensure that our customers shop in a safe environment, in accordance with the laws. That is why we conduct anti-fraud checks. In this way, we want to prevent financial and/or reputational damage as a result of fraud. Fraud prevention is therefore not only in our interest but also in yours.
Because every customer has a customer account, fraud often involves a customer account. Based on our own research, we determine whether fraud has occurred. As part of this research, we carefully examine the payment and purchase details. If there is indeed a scam (suspected), we can cancel the order.
With our anti-fraud checks, we try to find fake orders and detect transactions made with stolen credit cards. At the same time, we are trying to prevent the repeated use of campaign codes. For all these transactions, we examine login information, purchase history and order details on the site. |
|
|
To provide our products and services We use your personal data to make our products and services available to you. If you decide to order any of our products, we complete the purchase, process your payment and finally deliver your order to you. In order to do all this, we need to use your purchase, payment, identity and contact information. We share your personal data with our couriers to deliver your orders to you. Couriers need your address, name, and order details to deliver your order to the address you specified. We should state that we do not share information such as the content of your order with our couriers and we limit the information we share with them. |
|
|
To collect comments and feedbacks At LolaFlora, we collect your personal data when you send us your review of a product or answer a satisfaction survey. We do this to improve our business processes and your shopping experience based on your feedback. We may use the part of the form where you indicate your satisfaction and the information contained in this form -without revealing your identity-to publish it on the LolaFlora website. |
|
|
To manage our relationship and to contact with you We use your personal information to contact you. This may be related to a product or a service update, to solve an issue you have raised with us, to take your request, question, complaint, or to ask for your feedback. For example, we process your personal information regarding your feedbacks when you contact the Customer Support Line or via satisfaction surveys. Also, you can reach us anytime via LolaFlora Assistant. With the help of our live chat box, we easily take your request and complaints and find a proper solution to your problems by reaching out to your order details. |
|
|
To improve your shopping experience We try to understand and analyze how you use our website and Mobile App. This could include providing you with interesting, relevant content, or making navigation to our sites and mobile apps easier. This also includes improving the content and appearance of the LolaFlora Website or LolaFlora Mobile App and making sure that content is presented in the most effective manner for you as well. In order to do that, we observe how you interact with the LolaFlora, which products you bought, and are interested in. We use cookies and similar technologies to track and analyze your behavior/transactions. For detailed information about our use of cookies: Cookie Policy. Also, your satisfaction with the product you purchased is important to us. In order to ensure and maintain this, we analyze your product-specific evaluations by considering the product category and the seller of the product. While conducting this analysis, we do not use any other data regarding your order detail, including your identity and contact information. |
|
|
For direct marketing and advertising We use your personal information to introduce our new products to you, to inform you about our campaigns or to send you offers and suggestions. We use your contact information to inform you about all of this. If you give your consent, you may receive an e-mail, call, SMS-message, or push notification from LolaFlora unless you objected to receiving them. If you want to stop us to communicate with you for marketing purposes, you can withdraw your consent at any time. When communicating with you about campaigns and offers, we care that these communications are unique to you. We also aim to provide you with a personalized experience so that we can recommend the most suitable products for you. For this, we use the personal data you provide to us for personalized marketing activities including profiling. Where your personal data is processed for direct marketing purposes, you have the right to object at any time to the processing of personal data concerning you for such marketing, which includes profiling to the extent that it is related to such direct marketing. If you object to processing for direct marketing purposes, your personal data will no longer be processed for such purposes. When you review a product and stop buying, we focus on the reason behind that. If there is a problem in the way we present the product to you, we try to solve it. To resolve this issue, we may also need to obtain detailed information about your preferences. When you come across the product again, we try to contact you through different channels to see if you can review it again and if any changes happened to your preferences. We may also show you some advertisements on LolaFlora and other websites. This is based on your previous visits to our websites and third-party websites. These are tools that help us display these ads based on your browsing, searching, and purchasing behavior, cookies, your IP address, and the advertising number linked to the device you use to browse. We only use this information if you gave us your consent to the placing of cookies. Please see our Cookie Policy to understand how we manage cookies to serve you better. |
|
|
To deliver someone else's order/gift to you When someone else wants to buy a product on your behalf (for example as a gift), they write down your address as the delivery address. In this case, we obtain your information from someone else. We use your identity and address information shared with us to deliver the product -which is ordered on your behalf to your address. |
|
|
To manage the data in your account We store your name, delivery address(es), telephone number and, e-mail address in your personal account. If you choose to save your credit card information, you can use the same credit card immediately without having to re-enter all the information in your next order. However, we should point out that even if you save your credit card, we cannot see or store all of your credit card information. There is a third-party payment agency we work with to store your credit card. This agency is authorized by the relevant legislation (Please see With Whom Do We Share Your Personal Data? section to see how we share your personal data). You can always delete the credit card registered in your account. In your account, we store your purchase history, including your purchases, subscriptions, and delivery option information. |
|
|
For security and defence of the legal claims We are obligated to fulfil our legal obligations in cases where authorized institutions or organizations make a request from us or when we are expected to notify these institutions (for example, sharing your personal data when a public institution requests a transaction that is suspected of an illegal transaction). We may also use your personal data in order to protect our rights and our customers in a possible lawsuit or dispute. |
|
|
* We cannot process your personal data if we do not have a legal basis to do so. If we collect and process any personal data without a legal basis, that means we are not compliant with applicable data protection laws including General Data Protection Law (“GDPR”). Where we rely on consent as the legal basis to process your personal data, you may withdraw your consent at any time.
How Long Do We Use Your Personal Data?
We keep your personal data for the purposes set out in this Policy and in accordance with the applicable laws including GDPR. We only process your personal data for as long as we need it. In cases where we do not have a legal obligation, we delete, anonymize, or destroy your personal data.
We understand that your personal data only belongs to you, and when we receive a request from you to destroy your personal data, if there is no legal obligation to which we are legally bound, we fulfill your request as soon as possible.
How We Store and Protect Your Personal Data?
We are aware that it is our responsibility to ensure the security of your personal data that you share with us. To ensure the security of your personal data, we provide the most appropriate security measures in accordance with the nature of your personal data. We constantly check, test and develop the security systems to protect your personal data. Here are some of the measures we taken:
- We only give access authorization to the personnel that needs to see your personal data in order to perform her/his work,
- We use encryption methods, if possible, when sharing your personal data with third parties,
- We carry out penetration tests to reveal risks, threats, and vulnerabilities in our information systems,
- We enforce a “need to know” policy, for access to any data or systems,
With Whom Do We Share Your Personal Data?
As a principle, we do not share your personal data with third parties without a legal basis. However, we may share your data in case of legal obligations or any other legal basis. For instance, in case of the need to provide information to authorized institutions and organizations arises, your personal data will be shared with authorized institutions and organizations. This is a sharing that is necessary in order to fulfil our legal obligations. Even if your data is shared with a public institution, we take the necessary measures to ensure the security of your data.
We are part of a group of companies that share various operations and business processes. In some cases, we may share your personal data with any member of our group in order to fulfill our contractual obligations to you, or because it is in our legitimate interests to do so. By sharing your personal data with our group companies, we aim to grow our work and services together (i.e. LolaFlora.com).
As a rule, your personal data will be processed within the European Economic Area (EEA). Exceptionally, personal data may be processed by our group companies located in countries outside the EEA. If there is no comparable data protection standard in such a country, we ensure that data protection is adequately guaranteed by other measures.
We work with carefully selected service providers that carry out certain functions on our behalf. These service providers include companies that help us with technology infrastructures, storing, combining, and analyzing data, processing payments, providing us with legal or other professional services as well as delivering orders. These service providers can be exemplified as Segment and Adjust which we get storage services for our data in the cloud environment, Braze to build dynamic customer interactions. We only share personal data that enable our service providers just to provide their services. These service providers may not use your personal data for their own purposes.
We work with sellers to prepare and deliver your order to you. For this reason, we share your order details with them to let them prepare your order. We also share your identity and contact information to courier companies we have contracted with. They help us to deliver your order to your address. As we mentioned, we may need to share your personal data with payment institutions to take your payments. We do not store your card details and we cannot take any payment action with your credit card information.
Considering the benefit of both our company and you, we carry out some analysis on your data. These analyses are generally aimed at increasing the quality of the service and products we provide to you. That is why we work with different third-party companies to provide these services. We only share limited data (such as a product you like, your user behavior etc.) with them as necessary for various analyses to be carried out.
While we are sharing your personal data, we comply with all the rules set out in the applicable laws and take all necessary measures to keep your data safe.
Your Rights
You have several rights under applicable data protection laws. We try to make it easy for you to take control of your personal data and exercise your legal rights. Your rights under GDPR are as below:
- Right to Access à You have the right to know how your personal data has been collected and processed, what data exists in our systems, and for what purposes it has been processed. This information may be accompanied by a copy of the requested data.
- Right to Correction (Rectification) à You have the right to request a correction on incorrect or incomplete personal data of yours.
- Right to Erasure (Right to Be Forgotten) à You have the right to have your personal data permanently deleted. But this is not an absolute right to require all personal data to be deleted. We will consider each erasure request in accordance with the requirements of applicable laws.
- Right to Restriction of Processing à You have the right to block or suppress your personal data being processed.
- Right to Data Portability à You have the right to move, copy, or transfer personal data from one data controller to another, in a safe and secure way, in a commonly used and machine-readable format.
- Right to Object to Processing à You have the right to object to being subject to processing your data based upon the lawful basis of legitimate interest. You also have the right to stop your personal data from being included in direct marketing databases.
- Right to Not Be Subject to Automated Decision Making à You have the right not to be subject to a decision which is based on automated processing where the decision will produce a legal effect or a similarly significant effect on you.
You also have the right to complain to a Data Protection Authority about our use and collection of your personal data. For more information, please contact the relevant Data Protection Authority in your country. For example, if you are a Dutch citizen, you can apply to Dutch Data Protection Authority for your complaints.
How To Exercise Your Rights?
If you have any questions about how we collect, store, and use personal data or if you want to exercise your rights, please contact us.
- You can directly contact our Data Protection Officer via e-mail to [email protected] and write Data Subject Access Request (DSAR) as subject matter.
- You can send your written request by post: Kingsfordweg 151, 1043 GR Amsterdam, Netherlands.
LolaFlora operates in more than one country. Our lead data protection supervise Authority in EU is Dutch Data Protection Authority.