Privacy policy

Privacy statement of My Dutch Flowers


Date: 1 april 2020

Introduction

My Dutch Flowers is part of Royal De Ree Holland B.V., the Netherlands’ leading bulb exporter since 1919. It is very important to My Dutch Flowers that your personal details are protected. We ensure that your personal details are handled in a confidential manner, in accordance with the applicable laws and regulations including the Algemene Verordening Gegevensbescherming [General Data Protection Regulation] or AVG.

This privacy statement applies to the use of our website and the accompanying services provided by My Dutch Flowers. This privacy statement describes which personal details we collect, what this data is used for and under which conditions this data may be shared with which third parties. We also explain how we store your data and protect it from abuse as well as which rights you have with regard to data processing.

Should you have any questions concerning our privacy statement please contact us using the details provided at the end of this privacy statement.

Legal basis

My Dutch Flowers processes personal details on the basis of one or more of the following legal bases:

  • permission from the party involved;
  • the processing is essential to safeguarding the justified interests of My Dutch Flowers;
  • the processing is essential for the performance of a contract with the party involved;
  • the processing is essential to meet My Dutch Flowers’ statutory obligations.

If processing is based on your permission, then you are entitled to withdraw this at any time (though not retroactively). To do so, contact us using the details provided at the end of this privacy statement.

Personal details

The AVG defines a personal detail as all information on the basis of which a person can easily be identified. My Dutch Flowers processes the following personal details for the purposes listed in this privacy statement:

  • Name and address details;
  • Email address;
  • Bank details.

Purposes

My Dutch Flowers collects and processes the abovementioned personal details for predetermined, clearly defined purposes because this is necessary to:

  • complete the order placed and fulfil the contract concluded;
  • update you about the flower bulbs;
  • answer questions about our products and services;
  • invoice you;
  • comply with a court order;
  • conduct targeted marketing.

Provision of Data to Third Parties

My Dutch Flowers will only – if necessary – use third parties to perform its services and activities. If these third parties thereby gain access to your personal details we always implement suitable measures to ensure your details are sufficiently secured and are used solely for the intended purposes. These third parties are all sworn to confidentiality on the basis of agreements concluded with My Dutch Flowers or by means of an oath or statutory obligation.

We use the following third parties with whom we possibly share your personal details to perform our services and activities:

  • Bureau aan Zee B.V.
    Our webshop was built using software developed and also hosted by Bureau Aan Zee B.V. (hereinafter to be referred to as Aan Zee) in Noordwijk, the Netherlands. Personal details you make available to us to enable the performance of our services are shared with this party. Aan Zee has access to your details in order to provide (technical) support. Aan Zee will never use your details for any other purpose. Aan Zee is obliged to implement suitable security measures on the basis of the processing agreement we have concluded with them. These security measures consist of implementing SSL encryption and a strong password policy. Aan Zee uses cookies to collect technical data with regard to your use of the software for analytic purposes. The cookies collect and/or store no personal details.

  • MailChimp

    We correspond with you using MailChimp. The latter will not use your name and email address for its own purposes. At the bottom of every email automatically sent to you through our website there is an ‘unsubscribe’ link. Click the link if you no longer wish to receive our newsletter. MailChimp stores your personal details in a secure manner. MailChimp uses cookies and other internet technologies to provide insight into whether or not an email has been opened and read. MailChimp retains the right to use your details to further improve their service and may share information with third parties in this framework.

  • MultiSafepay

    We use the MultiSafepay platform for (some of) the payments in our webshop. MultiSafepay processes your name and address as well as your payment details such as your bank account or credit card number. MultiSafepay has implemented suitable technical and organisational measures to safeguard your personal details. MultiSafepay retains the right to use your details to further improve their service and may share (anonymised) information with third parties within this framework. All the abovementioned safeguards with regard to the protection of your personal details also apply to those parts of MultiSafepay’s service that it uses third parties for. MultiSafepay does not store your details longer than statutorily permitted.

Retention periods

My Dutch Flowers stores personal details no longer than strictly necessary i.e. we store the details as long as this is necessary for the abovementioned purposes. Furthermore, there may be a justified interest in storing your details for longer or we may have to comply with statutory (retention) obligations.

Confidential handling of personal details

My Dutch Flowers has implemented suitable technical and organisational measures to protect the personal details you have provided from wrongful use.

These measures include:

  • Secure network connections (SSL);
  • Compulsory confidentiality for staff and third parties enforced through the signing of a non-disclosure agreement;
  • Back-ups;
  • Stringent password policy.

Despite My Dutch Flowers’ far reaching efforts it cannot provide an absolute guarantee for the measures that are intended to protect your personal details. If you get the impression that your details are not properly secured or there are indications that privacy may have been compromised, please contact us using the details provided at the end of this document.

Transfer outside Europe

Your personal details will only be stored or processed outside the European Union (EU) and the EEA by My Dutch Flowers or third parties engaged by My Dutch Flowers if this is in accordance with the pertinent legislation for the transfer of your personal details to countries outside the European Union. This means that we will only transfer your personal details outside the European Union if the European Commission decides the third country concerned safeguards a suitable level of protection or offers other safeguards such as an adequacy decision or the use of unmodified standard regulations with regard to data protection that have been approved by the European Commission.

Cookies

Please refer to our cookie policy on our website for all the information on the use of cookies: read information about cookies on this website.

Third Party Websites

This privacy statement does not apply to third party websites connected to this website by links. My Dutch Flowers cannot guarantee that these third parties process your personal details in a reliable or safe manner. My Dutch Flowers therefore recommends reading these websites’ privacy and cookie statements before using them.

Your rights

On the basis of the applicable Dutch and European legislation you – a stakeholder – have certain rights with regard to personal details processed by or on our behalf. Below we explain which rights this concerns and how you can avail yourself of them. In principle we only send transcripts and copies of your personal details to you at the email address we already have on record for you. In the event you wish to receive the data at another email address or, for instance, by post, you will be asked to provide valid identification. We retain files on completed requests. In the event of a right-to-be-forgotten request we administer the anonymised data. All transcripts and copies of data are provided in a machine readable format as used on our systems.

  • Right of inspection

    You have the right to inspect the data we (have) processed pertaining to your person or which could lead back to you. You can make a request to us to this end. You will then receive a response to your request inside 30 days. If your request is approved, we will send you a (copy of an) overview of all the data as well as of the processors of this data, stating the category we have stored this data in, to the email address we have on record for you.

  • Right of rectification

    You have the right to have the data we (have) processed and that pertains to or could lead back to your person modified. You can make a request to us to this end. You will then receive a response to your request inside 30 days. If your request is approved, we will send a confirmation that the data has been modified to the email address we have on record for you.

  • Right to limitation of processing

    You have the right to limit the data we (have) processed that pertains to you or could lead back to you. You can make a request to us to this end. You will then receive a response to your request inside 30 days. If your request is approved, we will send you a confirmation that the data will no longer be processed to the email address we have on record for you, until you lift this limitation.

  • Right to transferability

    You have the right to have the data we (have) processed pertaining to or which could lead back to your person carried out by another party. You can make a request to us to this end. You will then receive a response to your request inside 30 days. If your request is approved, we will send you transcripts or copies of all the data we have processed or had processed by other processors or third parties at our request to the email address we have on record for you. In all probability we will no longer be able to continue our services to you because the safe linking of data files can then no longer be guaranteed.

  • Right to object and other rights

    You have the right to object to the processing of your personal details by My Dutch Flowers should this occur. If you object, we will stop processing these details awaiting the handling of your objection. If your objection is justified, we will make transcripts and/or copies of the details we (have) processed available to you, then permanently stop doing so. Moreover, you have the right to not be subjected to automated, individualised decision making or profiling. We do not process your data in such a way that this right applies. If you are of the opinion that this is nevertheless the case, please contact us.

Complaints

If you have a complaint about the processing of your personal details we will discuss this with you. You also have the right to submit a complaint about the incorrect processing of your personal details to the Autoriteit Persoonsgegevens [Dutch Data Protection Authority] on the basis of privacy legislation. For further information please contact the Autoriteit Persoonsgegevens.

Modification of the privacy statement

We retain the right to modify our privacy statement. However, this page will always display the most recent version. If any new privacy statement has consequences for the way in which we process data pertaining to you, we will inform you as such by email.

Contact details

If you have any questions or requests occasioned by this privacy statement or concerning your personal details, you can contact us at any time using the details provided below.

My Dutch Flowers
Lisserbroekerweg 60
2165 BG Lisserbroek
The Netherlands

Email address: privacy@mydutchflowers.com