1. Introduction
Welcome to Greznoties. This Privacy Policy explains how Greznoties (referred to as 'the Company', 'we', 'us', or 'our') collects, uses, and protects your personal data in compliance with:
- EU General Data Protection Regulation (GDPR)
- Latvijas Republikas Privātuma likums
- Latvian Consumer Rights legislation
By contacting Greznoties to order floral arrangements or pre-owned floristry items, you agree to this policy.
2. Information Collected
As a floristry business, Greznoties only processes data essential for creating and delivering your orders:
- Contact Details: Full name, email address, phone number (for order communications)
- Order Specifications: Delivery address, preferred delivery time, floral design requests
- Payment Information: Only if processed offline (e.g., bank transfers for custom orders)
- Technical Data: IP address (in server logs for security), browser type (for compatibility fixes)
The Company currently does NOT use: Cookies, Analytics tools, or Automated decision-making systems.
3. Legal Bases for Processing (GDPR Article 6)
| Purpose | Legal Basis | Example |
|---|---|---|
| Order fulfillment | Contractual necessity | Using your address to deliver a wedding bouquet |
| Tax compliance | Legal obligation (Latvian law) | Retaining invoice data for 7 years |
| Customer service | Legitimate interest | Following up about perishable delivery issues |
4. How Your Information Is Used
All data processing relates directly to floristry services:
- Designing and creating bespoke floral arrangements per your specifications
- Coordinating deliveries with Latvian courier services (DPD, Omniva, etc.)
- Sending order confirmations via email/SMS (transactional only)
- Processing returns/exchanges for non-perishable floristry tools
- Complying with Latvian tax and accounting requirements
5. Data Security Measures
Greznoties implements appropriate protections:
Technical:
- Encrypted email communications (TLS)
- Password-protected devices with regular updates
- Secure erasure of digital records after retention periods
Physical:
- Printed order details stored in locked cabinets
- Immediate shredding of unnecessary paper records
- Secure disposal of packaging with address labels
While all reasonable precautions are taken, please note that no method of electronic transmission is 100% secure.
6. Children's Data
The Company does not knowingly collect data from individuals under 16 (Latvia's GDPR implementation age). If you believe a child has provided data without parental consent, contact Greznoties immediately.
7. Your Rights Under GDPR
As a Latvian resident, you have:
| Right | Description |
|---|---|
| Right of Access | Request a copy of all data held about you by the Company (free once annually) |
| Right to Rectification | Correct inaccurate details (e.g., misspelled name in invoice) |
| Right to Erasure | Delete non-essential data (excluding tax records) |
| Right to Restrict Processing | Limit how your data is used in specific circumstances |
| Right to Data Portability | Receive your order history in machine-readable format |
| Right to Complain | Lodge complaints with Datu valsts inspekcija |
To exercise these rights, email with 'GDPR Request' and allow 30 days for response.
8. Data Retention Periods
Data is retained only as necessary:
- Active customer records – 3 years from last order (For repeat order convenience)
- Financial/tax documents – 7 years (Latvian commercial law requirement)
- Customer service communications – 2 years (Warranty claims on floristry tools)
9. Policy Updates
The Company will:
- Post changes on this page with updated date
- Notify active customers via email about material changes
- Archive previous versions upon request
This policy is effective May 24, 2025.
Last Updated: May 24, 2025