Flower delivery Personal data protection charter

Personal data protection charter

Our commitments regarding protection of your personal data.

Identity of the controller

Universal Flower SASU (simplified joint stock) company, with a share capital of €328,620.00, with Nanterre company registration number B 419 910 641, whose registered office is ‘Carré Champerret’, 24-32 rue Jacques Ibert, 92300 Levallois-Perret

A partnership of trust between Universal Flower and its clients

Universal Flower gives particular care and attention to the protection of its clients’ personal data. Further, we commit to complying with the law n° 78-17 dated 6 January 1978 relating to freedom of information and data, as amended by the European GDPR regulation 2016/679 dated 27 April 2016 relating to the protection of personal data.

By using this website, the Buyer agrees to the collection and use of personal data in the manner described in our current personal data protection charter.

Scope of application

The current personal data protection charter sets out the manner in which Universal Flower handles your personal data whilst you use our website. Our charter also covers the other methods of collection of your personal data, such as when you contact our Customer Services by telephone. Any subcontractor involved in the processing of your order on our website, or other service providers handling your personal data can, in their own general terms and conditions of usage, have their own rules concerning confidentiality which supplement the current charter, in accordance with GDPR regulation.

Collection and purpose of handling personal data

Universal Flower collects the personal data of all Users who browse, view and order on our website, notably by the use of cookies in accordance with French legislation and European regulation currently in force.

When do we collect your personal data?

We collect your personal data when you:

Create an account
Visit our website, which uses cookies
Order products
Contact our Customer Services team using all available methods of communication, such as filling in our contact form or by telephone
Browse our website and view products

What personal data do we collect ?

The Client’s personal data, as set out below, is only kept for the length of time which is strictly necessary for the above mentioned purposes.

Data relevant to your order

The personal data which is strictly required to process your order is marked with an asterix and concerns the following details :

1. your first name and surname,
2. your email address,
3. your landline or mobile number,
4. your message,
5. your bank account details.
Also required are :
6. the address of the recipient, their first name and surname,
7. postal address, phone number.

We also collect personal data when you buy our products. In particular, we collect information relating to the total cost and nature of your purchases, information relating to your orders, your receipts and your client history.

The written message which you have chosen to add to your flower bouquet remains confidential.

How do we use your data ?

All personal data is confidential, and access to data is limited to Universal Flower’s work partners or subcontractors acting on behalf of Universal Flower, who require access to the data in order to carry out services. All those who have access to your data are subject to a strict duty of confidentiality. The address details for the recipient of your bouquet are used for the express purpose of ensuring delivery of your order at the designated time. Universal Flower is bound by a duty of professional confidentiality and will never share personal information with third parties, just as we will not use it for commercial purposes.

In accordance with regulation, we do not collect data which records racial or ethnic background, political opinion, religious or philosophical belief or union membership, personal genetic data, or biometric data used to uniquely identify a person physically, data concerning health or relating to sexuality or the sexual orientation of any person.

These categories of personal data are never collected or handled by Universal Flower.

The collection of personal data is necessary for the following purposes :
Management and maintenance of commercial relations between Universal Flower and the client (in particular processes relevant to ordering, delivery, transactions, payments and billing, complaints, etc.) ;
Personalisation of the website contents, and improvement of the client experience ;
Creation of statistics concerning client demographic and marketing studies ;
Prevention and the fight against fraud during the course of payment when ordering ;
Fulfilling our duties towards our clients - Managing orders and deliveries
In the context of fulfilling our duties towards our clients, we collect and use your personal data to manage our commercial relationship. In particular, we use your personal data to manage your purchases and orders, to deliver your products and offer you services and promotional offers which might interest you. This information helps us to improve your online shopping experience, as set in more detail out below.

Management of client relationship

We use and keep your personal data to keep our client records up to date and to offer you a personalised service.

Communication with you

We collect and keep your personal information in order to communicate with you regarding your orders, billing and complaints to Customer Service.

Legal or regulatory requirement

We may be required to share your personal data in the event that there are legitimate requests made by public authorities, in particular when responding to demands concerning national security, the fight against fraud or under the application of law.

Fraud prevention and the fight against fraud

We also collect data in the context of fraud prevention and the fight against fraud, especially data concerning bank card details. Universal Flower reserves the right to verify personal data disclosed by the client during the process of ordering and to implement all measures deemed necessary to verify that the person whose bank account is debited is in fact the person making the order, in order to prevent any fraudulent payment. Verification can take the form of questions relating to identity and/or address details.

In the absence of any positive confirmation from the client, Universal Flower reserves the right to cancel orders made by the client.

Handling of your personal data

• At Universal Flower, you are in charge of your personal data When you provide your personal data to Universal Flower, you can access, update, modify or delete your information at any time by writing to the following address :

Universal Flower
Département de la protection des données personnelles
24-32 rue Jacques Ibert
92300 Levallois-Perret
France

• Your rights in relation to your personal data
In accordance with the law n° 78-17 dated 6 January 1978 relating to freedom of information and data, as modified by GDPR regulation, you benefit from several rights in relation to the management of your data :
the right to raise concerns regarding our methods of handling your personal data;
the right to access your personal data which we handle ;
the right to amend ;
the right to delete ;
the right to transfer your data ;
the right to limit the handling of your data ;
the right to specify your preferences in relation to the retention, deletion and sharing of your personal data after your death ;
the right to raise a complaint to the CNIL (‘Commission Nat Informatique et Liberté’, or National Commission on Information Technology and Freedom) ;

• How to enforce your rights
by courrier accompanied by a copy of a valid form of identification sent to the following address :

Universal Flower
Département de la protection des données personnelles
24-32 rue Jacques Ibert
92300 Levallois-Perret
France

If you seek clarification on the content of these rights, please contact us at the above mentioned address.
We will aim to respond to your enquiry in a timely manner, and at the latest, within a month of your enquiry.

Transfer of personal data outside of the European Union

The collected data may be handled outside of the European Union. In this case, Universal Flower takes the necessary measures with its subcontractors to guarantee an adequate level of protection of your data, in accordance with the relevant regulatory framework.

If the subcontractors in question do not comply with the Privacy Shield agreement relating to the transfer of data to the United States of America, or are not resident in a country governed by legislation offering adequate levels of protection, they will have firstly signed the standard contractual clauses of the European Commission or will be subject to internal restrictive rules approved by the relevant authorities.

Time period for keeping data

Your personal data is only kept for the time period necessary to achieve the objective for which it was collected in the first place.

Treatment of personal data after death

Universal Flower informs the User that during their lifetime, they can specify their choices in relation to the retention, deletion and sharing of their personal data after their death. These instructions can be general or specific. The User can amend or revoke these instructions at any time by making a request accompanied by a copy of a valid form of identification by courrier to the following address :

Universal Flower
Département de la protection des données personnelles
24-32 rue Jacques Ibert
92300 Levallois-Perret
France

We will aim to respond to your request in a timely manner, and at the latest, within a month of your enquiry.

SMS / MMS

Universal Flower can use the client’s mobile number in order to manage their orders and for commercial promotion purposes. At any time, the client may opt out of this practice, simply and for free by sending a letter by courier accompanied by a copy of a valid form of identification to the following address :

Universal Flower
Département de la protection des données personnelles
24-32 rue Jacques Ibert
92300 Levallois-Perret
France

We will aim to respond to your enquiry in a timely manner, and at the latest, within a month of your enquiry.

Updates to our personal data protection charter

This current charter can be amended from time to time and without warning. Any amendment comes into force from the moment of publication of the updated charter on our current website. We use your personal data according to the terms of the charter in force at the moment you share your personal data. We will inform you of any important changes to our charter. We will seek your consent if necessary, or if there are changes concerning the purpose for which we collect your data. In order to comply with current legislation relating to the protection of personal data, we review this charter annually.

Glossary ‘Anonymisation’ is defined as ‘the process of removing personal identifiers from personal data that may lead to an individual being identified ;

‘Collect’ means the act of collecting data of a personal nature. Collection can take place via the use of questionnaires or online forms ;

'Consent’: your consent means any expression of your free will which is specific, clear and unequivocal by nature, by which you express your agreement to us handling your personal data, by way of a positive declaration or clear positive act ;

‘Personal data’ or ‘data of a personal nature’ means all information relating to an identified or identifiable physical person; a person who can be identified, directly or indirectly, by reference to an identifier, such as a name, a identification number, data concerning their location, online identification, or to specific elements relating to a person’s physicality, physiology, genetics, psychology, cultural or socioeconomic status ;

‘Rights to protection of your personal data’ : means the collective fundamental rights described in European legislation, relating to :

the right to information ;
the right to access ;
the right to amend;
the right to delete or the right to be forgotten ;
the right to transfer your data ;
right to raise concerns regarding our methods of handling your personal data;
the right to limit the handling of your data;
the right to specify your preferences in relation to the retention, deletion and sharing of your personal data after your death ;
the right to raise a complaint to the CNIL (‘Commission Nat Informatique et Liberté’, or National Commission on Information Technology and Freedom) ;

‘Pseudonymisation’ means the technical and organizational security method which replaces identifying data in order to ensure that personal data is not attributed to a physical or identifiable person.

‘Commercial relationship’ means all relationships between Universal Flower and its clients, including those made during the course of purchases of products or services, the use of services post-purchase, participation in online games, product returns, client complaints, participation in client satisfaction surveys or client loyalty scheme;

‘Controller’ means the person or organisation that, alone or jointly, determines the objectives and methods of handling your personal data ;

‘Sub-contractor’ means someone who handles personal data on behalf of the person, corporate structure or organisation who is the Controller of personal data ;

‘Third party’ means any person other than Universal Flower and yourself ;

‘Handling of Personal Data’ means any action(s) taken in respect of your personal data, whatever the kind of online service in question or the process utilized.