FLOREA actively works to ensure that your privacy is protected when using our services. Therefore, we have a policy that establishes how your personal data should be processed and protected. Please keep yourself updated on any changes to this privacy policy by regularly visiting our website.
This policy applies only to FLOREA’s customers and users of our online services. If you apply for a service at FLOREA, this privacy policy does not apply. The policy for job applicants can be found on the application form for each job ad. At FLOREA, we value your personal privacy and always strive for a high level of data protection. This privacy policy explains what kind of information we collect about you, how this information is used, what measures we have taken to protect your personal data, and how we share it. It also describes what rights you have regarding your personal data and how to exercise them.
It is important that you read and understand the privacy policy and feel confident in our handling of your personal data. If you have any questions, you are always welcome to contact us. You can find our contact information in section 2 below. By using or registering on www.FLO-REA.com, including its related pages such as mobile applications or otherwise interacting with us, you confirm that you understand that we collect, store and process your personal data according to this privacy policy. Using the table of contents below, you can easily navigate to the sections that are of particular interest to you.
Table of contents
- What is personal data and what is meant by processing of personal data?
- Who is responsible for the personal data we collect?
- What personal data do we collect about you as a customer and why?
- From which sources do we collect your personal data?
- Who may we share your personal data with?
- Where do we process your personal data?
- How long do we keep your personal data?
- What rights do you have as a data subject?
- How do we handle personal identification numbers?
- How do we protect your personal data?
- What are cookies and how do we use them?
- What does it mean that the Swedish Data Protection Authority is the supervisory authority?
- Changes to this privacy policy.
1. What is personal data and what is meant by processing of personal data?
1.1 What is personal data?
The term “personal data” refers to any kind of information that can be linked to an identifiable natural person. Examples of personal data include name, personal identification number, location data, online identifiers, and factors that are specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of the natural person.
1.2 What is meant by “processing of personal data” according to applicable regulations?
“Processing” means any operation or set of operations performed on personal data, whether or not by automated means. Examples of processing of personal data include collection, recording, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, blocking, erasure or destruction.
2. Who is responsible for the personal data we collect?
The Swedish company Florea Seeds AB, org. no. 559319-3575 (“FLOREA”), with address Östermalmsgatan 2, 114 24 Stockholm, is the data controller for the personal data that the company processes regarding its customers. If you have any questions regarding your personal data, please contact our customer service by email at kundtjanst@flo-rea.com.
3. What personal data do we collect bout you as a customer and why?
3.1 Management of an order or purchase
In order to manage an order or purchase, we collect the following personal data:
- Name
- Personal identification number
- Contact information (e.g. address, email and phone number)
- Payment history
- Payment information
- Possible credit information from credit reporting agencies
- Purchase information (e.g. which item has been ordered or if the item should be delivered to a different address)
What do we do with the information (processing)?
- Delivery (including notification and contacts related to delivery).
- Identification
- Handling of payment (including analysis of possible payment solutions which may include a check against payment history and obtaining credit information from Klarna).
- Address verification against SPAR.
- Handling of warranty and reclaim cases.
Legal basis
The processing of the above personal data is necessary for us to fulfill our obligations under the purchase agreement with you. If the information is not provided, our obligations cannot be fulfilled and we may have to refuse the purchase.
How long do we keep the information?
Until the purchase has been completed (including delivery and payment) and for 24 months thereafter to handle any claims and warranty matters.
What do we do with the information (processing)?
- Management of bookings and changes and cancellations
- Sending of booking confirmations
- Communication regarding the booking
Legal basis
The processing of the above personal data is necessary for us to fulfill the service agreement. If the information is not provided, our obligations cannot be fulfilled and we may have to refuse the service.
3.2 Fulfillment of FLOREA’s legal obligations
In order to fulfill FLOREA’s legal obligations, we collect the following personal data:
- Name
- Personal identification number
- Contact information (such as address, email and phone number).
- Payment history
- Payment information
- Your correspondence
- Information about the time of purchase, place of purchase, and any defects/complaints.
- User information for Florea Family (members only).
What do we do with the information (processing)?
We are obliged to process the above personal data in order to fulfill FLOREA’s legal obligations under legal requirements, court rulings or official decisions (such as the Accounting Act, the Money Laundering Act or the rules on product liability and product safety). Such official decisions may require the production of communication and information to the public and customers regarding product alarms and product recalls in the event of a defective or hazardous product.
Legal basis
Our processing of the above personal data is necessary for us to fulfill our legal obligations. If the information is not provided, our legal obligation cannot be fulfilled and we may have to refuse the purchase.
How long do we keep the information
Until the purchase has been completed (including delivery and payment) and for 36 months thereafter in the e-commerce platform and for 7 years in the business system in accordance with the Accounting Act (1999:1078).
3.4 Handling of customer service issues
In order to handle customer service issues, we collect the following personal data
- Name
- Contact information (such as address, email and phone number)
- Your correspondence
- Information about the time of purchase, place of purchase, and any defects/complaints
- Technical information about your equipment
- Health data (the collected data is used in these cases as a basis for investigation of the products.)
What do we do the information (processing)?
- Communication and answering any questions to customer service (via phone or in digital channels, including social media)
- Identification
- Investigation of any complaints and support issues (including technical support)
Legal basis
Our processing of the above personal data is necessary to meet our legitimate interest in handling customer service issues. However, storage of your health data is only done to the extent that you have consented to it, or to the extent necessary for the establishment of any legal claims against us.
How long do we keep the information
We keep the information until the customer service issue is resolved and for 90 days thereafter.
3.5 Management and implementation of participation in competitions and events
In order to manage and implement participation in competitions and events, we collect the following personal information:
- Name
- Age
- Contact information (such as address, email och telephone number)
- Information provided in competition events
- Information provided in evaluations of events
What do we do with the information (processing)?
- Communication before and after participation in a competition or event (such as confirmation of registrations, questions or evaluations)
- Identification and age verification
- Selection of winners and communication of any prizes (such as payments or travel bookings)
Legal basis
The processing of the above personal data is necessary to satisfy our legitimate interest in managing your participation in our competitions and events.
How long do we keep the information
During the duration of the competition/event (including any evaluations).
3.6 Evaluation, development and improvement of our services, products and systems for the customer community
In order to evaluate, develop and improve our services, products and systems for the customer community as a whole, we collect the following personal information:
- Age
- Gender
- Place of residence
- Communication and feedback about our services and products
- Purchase and user-generated data (such as click and visit history)
- Technical data related to devices used and their settings (such as language setting, IP address, browser settings, time zone, operating system, screen resolution and platform)
- Information on how you have interacted with us, i.e. how you have used the service, login method, where and how long different pages have been visited, response times, download errors, how you access and leave the service, etc.
What do we do with the information (processing)?
- Customization for our services to become more user-friendly (such as changing the user interface to simplify the flow of information or to highlight functions that are often used or searched for by customers in our digital channels)
- Developing the basis for improving goods and logistics flows (such as being able to forecast purchases, inventory and deliveries)
- Developing the basis for improving our product range and for developing and improving our resource efficiency from an environmental and sustainability perspective (such as by streamlining purchasing and planning of deliveries)
- Developing the basis for planning new and, where applicable, discontinuing stores and warehouses
- Giving our customers the opportunity to influence our product range
- Developing the basis for improving IT systems in order to generally increase security for the company and our visitors/customers
- We analyze the data we collect in order to evaluate, develop and improve our services, products and systems for all our customers and visitors. Based on the data we collect (such as purchase history, age and gender), you are sorted into a customer group (known as a customer segment) for which analyses are then done on an aggregated level using anonymized or pseudonymized data, without any connection to you as an individual. The insights from the analysis are the basis for which products are purchased and how we develop FLOREA, Florea Family and the website.
Legal basis
The processing of the above personal data is necessary to satisfy our legitimate interest in evaluating, developing and improving our services, products and systems.
How long do we store data?
From the day of collection and up to 36 months thereafter.
3.7 Prevention of abuse of a service and prevention, detection, and investigation of crimes
In order to prevent abuse of a service or to prevent, detect, and investigate crimes against the company, we collect the following personal data:
- Personal identification number
- Purchase and user-generated data (such as click and visit history)
- Technical data regarding devices used and their settings (such as language settings, IP address, browser settings, time zone, operating system, screen resolution, and platform)
- Information about how our digital services are used
What do we do with the data (processing)?
- We want to prevent and investigate any fraud or other illegal activities (such as incident reporting in stores).
- Prevention of spam, phishing, harassment, attempts to illegally log in to user accounts, or other actions prohibited by law or our purchase, membership, or service terms.
- Protect and improve our IT environment against attacks and intrusions.
Legal basis
The processing of the above personal data is necessary to fulfill our legal obligations (if any) or to establish, assert, or defend legal claims. The processing is also always carried out to safeguard our legitimate interest in preventing abuse of a service or to prevent, detect, and investigate crimes against the company.
How long do we store data?
From the day of collection up to 36 months thereafter.
4. From which sources do we obtain your personal data?
In addition to the data you provide to us yourself or that we collect from you based on your purchases and how you use our services, we may also collect personal data from someone else (so-called third party). The data we collect from third parties is as follows:
- Address details from public records to ensure that we have the correct address details for you.
- Information about creditworthiness from credit rating agencies, banks or credit reporting companies.
5. Who may we share your personal data with?
6.1 Data Processors
In cases where it is necessary for us to provide our services, we share your personal data with companies that act as data processors on our behalf. A data processor is a company that processes information on our behalf and according to our instructions. We have data processors that assist us with:
- Transportation (logistics companies and freight forwarders)
- Payment solutions (card payment providers, banks, and other payment service providers)
- Marketing (print and distribution, social media, media agencies, or advertising agencies)
- IT services (companies that handle necessary operation, technical support, and maintenance of our IT solutions)
When your personal data is shared with data processors, it is only for purposes that are compatible with the purposes for which we collected the information (e.g. to fulfill our obligations under the purchase agreement or loyalty program membership terms). We control all data processors to ensure that they can provide sufficient guarantees regarding the security and confidentiality of personal data. We have written agreements with all data processors through which they guarantee the security of the processed personal data and commit to following our security requirements and restrictions and requirements regarding the international transfer of personal data.
6.2 Companies that are Independent Data Controllers
We also share your personal data with certain companies that are independent data controllers. Being an independent data controller means that we do not control how the information provided to the company is processed. Independent data controllers with whom we share your personal data include:
- Government agencies (Police, Tax Authority or other authorities) if we are obligated to do so by law or in case of suspicion of a crime. Transfer of personal data to relevant authorities is only made for the purposes described in section 3.3. The transfer of personal data is necessary in these cases for us to fulfill our legal obligations under the law, court order, administrative decision, or similar.
- Companies providing general goods transportation (logistics companies and freight forwarders). Transfer of personal data to such actors is only made for the purposes described in sections 3.1-3.2 and 4.1-4.2. The transfer of personal data is necessary in these cases for us to fulfill our agreements.
- Companies offering payment solutions (card payment companies, banks, and other payment service providers). Transfer of personal data to such actors is only made for the purposes described in sections 3.1-3.2 and 4.1-4.2. The transfer of personal data is necessary in these cases for us to fulfill our agreements.
When your personal data has been transferred from us to a company that is independently responsible for personal data according to the company’s privacy policy and personal data management applies.
7. Where do we process your personal data?
We always strive to process your personal data within the EU/EEA and that all our own IT systems are within the EU/EEA. However, for system support and maintenance, we may need to transfer the information to a country outside the EU/EEA, for example, if we share your personal information with a data processor that is established or stores information in a country outside the EU/EEA, either by itself or through a subcontractor. In these cases, the processor may only access the information relevant to the purpose (e.g. log files).
Regardless of the country where your personal data is processed, we take all reasonable legal, technical, and organizational measures to ensure that the level of protection is the same as within the EU/EEA. In cases where personal data is processed outside the EU/EEA, the level of protection is guaranteed either by a decision from the EU Commission that the country in question ensures an adequate level of protection or by the use of so-called appropriate protection measures. Examples of appropriate protection measures are approved codes of conduct in the recipient country, standard contractual clauses, binding corporate rules, or Privacy Shield. If you want a copy of the protective measures that have been taken or information on where they have been made available, please contact us.
8. How long do we store your personal data?
We never store your personal data longer than necessary for each purpose. For more detailed information on the specific storage periods, see the respective purpose of the collection.
9. What rights do you have as a registered person?
9.1 Right to a register extract
We are always open and transparent about how we process your personal data. If you want a deeper insight into what personal data we process about you, you can request access to the information. The information is provided in the form of a register extract indicating purpose, categories of personal data, categories of recipients, storage periods, information on where the information was collected, and the presence of automated decision-making.
Please note that if we receive a request for access, we may ask for additional information to ensure effective handling of your request and that the information is provided to the right person.
9.2 Right to request rectification
You have the right to request rectification of your personal data if the information is inaccurate. Within the scope of the stated purpose, you also have the right to supplement any incomplete personal data.
Please note that as a member of FLOREA, you can change certain information directly via “My Account”.
9.3 Right to erasure
You may request the erasure of personal data we process about you if:
- The data is no longer necessary for the purposes for which it was collected or processed;
- You object to a balancing of interests we have made based on legitimate interest and your reasons for objection outweigh our legitimate interest;
- You object to processing for direct marketing purposes;
- Personal data is processed unlawfully;
- Personal data must be erased to comply with a legal obligation we are subject to; or
- Personal data has been collected about a child (under 16 years old) for whom you have parental responsibility, and the collection has occurred in connection with the offer of information society services (e.g. social media).
Please note that we may have the right to refuse your request if there are legal obligations that prevent us from immediately deleting certain personal data. These obligations may arise, for example, from accounting and tax legislation, banking and anti-money laundering legislation, as well as consumer protection legislation.
It may also be the case that processing is necessary for us to establish, assert or defend legal claims. If we are prevented from complying with a request for erasure, we will instead block the personal data from being used for purposes other than the purpose that prevents the requested erasure.
9.4 Right to restriction
You have the right to request that our processing of your personal data be restricted. If you dispute that the personal data we process is correct, you can request limited processing during the time we need to verify whether the personal data is correct. If we no longer need the personal data for the established purposes, but you do need it to establish, assert or defend legal claims, you can request limited processing of the data from us. This means that you can request that we do not delete your data.
If you have objected to a balancing of interests of legitimate interest that we have made as a legal basis for a purpose, you can request limited processing during the time we need to verify whether our legitimate interests outweigh your interests in having the data deleted.
If processing has been restricted under any of the situations above, we may only process the data, in addition to storage, to establish, assert or defend legal claims, to protect someone else’s rights, or if you have given your consent.
9.5 Right to object to certain types of processing
In cases where we use a balancing of interests as the legal basis for a purpose of collecting your personal data, you have the right to object to the processing. In order to continue processing your personal data after such an objection, we need to demonstrate a compelling legitimate ground for the processing that outweighs your interests, rights or freedoms. Otherwise, we may only process the data to establish, exercise or defend legal claims.
9.6 Direct marketing (including analyses performed for direct marketing purposes)
You have the right to object to the processing of your personal data for direct marketing purposes. The objection also applies to the analysis of personal data (so-called profiling) performed for direct marketing purposes. Direct marketing includes all types of promotional activities (e.g. by post, email and SMS). Marketing activities where you as a customer have actively chosen to use one of our services or otherwise sought us out to learn more about our services are not considered direct marketing (e.g. product recommendations or other features and offers on My Account and Florea Family).
If you object to direct marketing, we will cease processing your personal data for that purpose, as well as stop all types of direct marketing activities.
Please note that you always have the option to influence which channels we use for mailings and personal offers. For example, you can choose to only receive offers from us via email, but not SMS. In that case, you should not object to the processing of personal data as such, but instead limit our communication channels (by contacting customer service).
9.7 Right to withdraw consent
You have the right to withdraw your consent to the processing of personal data at any time. Such withdrawal may be limited to only part of the processing, for example, the collection of health data.
9.8 Right to data portability
You have the right to receive the personal data that you have provided to us, and that concerns you, in a commonly used electronic format. You have the right to transfer such data to another data controller (so-called data portability). A prerequisite for data portability is that the transfer is technically feasible and can be automated.
10. How do we handle personal identification numbers?
We will only process your social security number when there is a clear justification with regard to the purpose, necessary for secure identification, or if there is another valid reason. We always minimize the use of your social security number to the greatest extent possible by, if sufficient, using your date of birth instead.
11. How do we protect your personal data?
We have taken technical and organizational measures to protect your data from loss, manipulation, and unauthorized access. We continuously adapt our security measures in accordance with progress and development of security systems for e-commerce. To make credit card purchases as secure as possible, all information is transmitted in encrypted form. This means that the information is transferred via a secure connection and your personal data cannot be read by outsiders.
12. What are cookies and how do we use them?
12.1 General Information about cookies
A cookie is a small text file that is saved on your computer or mobile device and retrieved from there during later visits to the relevant website. FLOREA uses cookies to improve and simplify your visit. We do not use cookies to disseminate information to third parties.
There are two types of cookies: permanent and temporary (session cookies). Permanent cookies are saved as files on your computer or mobile device for a maximum of twelve (12) months. Session cookies are saved temporarily and disappear when you close your web browser. We use permanent cookies to save your choice of start page (language and currency). We use session cookies when you visit our product pages, product filtering function, to check if you are logged in, or if you added an item to your shopping cart.
12.2 Third-party cookies
We use third-party cookies to collect statistics in aggregated form in analysis tools such as Google Analytics. The cookies used are both permanent and temporary cookies (session cookies). These permanent cookies are saved as files on your computer or mobile device for a maximum of 24 months.
For the best shopping experience on FLOREA.com, we recommend that you use one of the web browsers Google Chrome, Mozilla Firefox, or Safari.
You can also read about cookies on FLOREA.com here.
12.3 Can you control the use of cookies yourself?
Yes, you can easily delete cookies from your computer or mobile device through your web browser. For instructions on how to manage and delete cookies, go to the “Help” option in your web browser. You can choose to disable cookies or receive a notification every time a new cookie is sent to your computer or mobile device. Please note that if you choose to disable cookies, you will not be able to take advantage of all the features on our website.
You can read more about cookies in general on the Swedish Post and Telecom Authority’s website.
13. What does it mean that the data inspectorate is the supervisory authority?
The Data Inspectorate is responsible for monitoring the application of the legislation, and anyone who believes that a company is handling personal data incorrectly can file a complaint with the Data Inspectorate.
How can you easily contact us with questions about data protection?
Contact our customer service that handles these matters: kundservice@flo-rea.com.
14. Changes to this privacy policy
We may make changes to our privacy policy. The latest version of the privacy policy is always available here on the website. In the event of updates that are essential to our processing of personal data (such as changes to stated purposes or categories of personal data) or updates that are not essential to processing but may be essential to you, you will be informed on FLOREA.com and via email (if you have provided an email address) well in advance of the updates taking effect. When we make information about updates available, we will also explain the meaning of the updates and how they may affect you.
The Privacy Policy was updated: 2022-01-13.