Flo-culture Privacy Policy
Updated 05 November 2024
Introduction
This Privacy Policy applies when you use our website and/on contact us and/or when there is a Contract (Subscription Plan Agreement and/or Services Contract) between Flo-culture Ltd ("Flo-culture," "we," "us") and the person or entity using our Services ("customer," "you," "your"). This policy governs how we use the information you provide when you get in touch, sign up and use our services.
We are committed to protecting your privacy and will only use the information that we collect about you lawfully.
Definitions
Before you read the data privacy and security statement, we would like to clarify four important concepts to fully understand this statement. These four concepts are: the 'privacy statement', the 'data subject', the 'personal data', and 'processing'.
The 'privacy statement' informs, among other things, what personal data is collected, for what purpose, what is done with it, how long this takes place and what rights the data subject has regarding this process.
The privacy statement is addressed to the person whose personal data will be processed. That person is called the 'data subject'.
'Personal data' is a very broad concept. It concerns information and data about an identified or identifiable person. This means that the information is directly about a person or can be traced back to a person—for example, someone's name, address, telephone number, email address, or IP address.
Every action that can be done with personal data is indicated by the word 'process'. This includes collecting, organizing, storing, updating, modifying, retrieving, using, distributing, combining, blocking, erasing, and destroying the data, as well as any other action concerning the processing of personal data.
Our compliance statement
We will process all personal data fairly and lawfully
We will only process personal data for specified and lawful purposes
We will endeavour to hold relevant and accurate personal data, and where practical, we will keep it up to date.
We will not keep personal data for longer than is necessary
We will keep all personal data secure
We will endeavour to ensure that personal data is only transferred to countries within the European Economic Area (EEAA) with adequate protection.
Data controller contact information
Flo-culture Ltd is the data controller.
Full name of Company: Flo-culture Ltd, a company registered in England and Wales with Company number 10397623
Registered address: Flo-culture, Church Hall, 53 Church Street, East Boldon, NE36 0SD
Contact address: as above or katherine.pearson@flo-culture.com
You can contact Flo-culture with your questions and concerns regarding the procedure and handling of your personal data by us. You can also contact Flo-culture if you want to exercise any of your rights regarding the personal data we process.
Description of the personal information we collect
Organisations that express an interest in our services
We collect personal data about your staff or directors for a number of reasons, including communicating with you and responding to requests for information.
The personal data we collect can include:
Name
Contact details
Records of your communication with us
Organisations that buy from us (services and subscriptions)
In addition to the personal data collected above, we may collect further information about directors to process a merchant account application with a selected payment provider.
The personal data we collect can include:
Name
Contact details
Records of your communication with us
Date of birth
Private address
Copies of identity documents
Note on payment
We do not see, collect or store any sensitive payment data whatsoever when processing a card transaction.
The data required to perform a card transaction will be captured, but all data is encrypted at source and, therefore, not visible to us.
We may record an anonymised payment token that lets us know if you are a repeat user.
We may use this to streamline the process when you use the service in future.
How we use the information you provide
For individuals who proactively engage with us
We will process your data for the following reasons:
To provide our services
To supply you with communications you have requested about our products or services
To provide customer support
To keep a record of your relationship with us
To manage your communication preferences
To monitor and mitigate fraudulent and illegal activities
To comply with applicable laws and regulations and requests from statutory agencies
For individuals who are making a payment
We will process your data for the following reasons:
To ensure that the relevant organisation receives the payment and to provide our services to our customers
To monitor and mitigate fraudulent and illegal activities
Cookies policy
Cookies are small bits of data that websites store on your device to improve your browsing experience and track useful analytics and data.
We use cookies to help us run our site more effectively, provide the best experience for our visitors, and help us learn more about the traffic on our site. We use this information to improve our services and the information we provide.
When someone visits our website and/or AR Digital Tours Platform, we use Google Analytics, a web analytics service, to collect standard internet log information and details of visitor behaviour patterns.
We do this to determine the number of visitors to the various parts of the website/or AR Digital Tours Platform. This information is only processed in a way that does not identify anyone.
We do not make, and do not allow Google to make, any attempt to discover the identities of those visiting our website/or AR Digital Tours Platform.
If we want to collect personally identifiable information through our website/or AR Digital Tours Platform, we will be upfront about this. We will make it clear when we collect personal information and will explain what we intend to do with it.
Our legal basis for processing personal data
We need a lawful basis to collect and use your personal data under the General Data Protection Regulation (GDPR) data protection law.
The law allows for six ways to process personal data (and additional ways for sensitive personal data).
These are:
If the data subject gives explicit consent or the processing is necessary (e.g., payroll payments).
To meet contractual obligations entered into by the data subject, e.g. a subscription plan agreement.
To comply with the data controller’s legal obligations, e.g. if we need to process personal data to comply with a common law or statutory obligation.
To protect the data subject’s vital interests. This basis applies if it’s necessary to process personal data to protect someone’s life. (This applies to any life – not just the data subject’s life.)
For tasks carried out in the public interest or exercise of authority vested in the data controller, e.g. when we must process personal data “for the performance of a task carried out in the public interest” or “in the exercise of official authority”.
For the purposes of legitimate interests pursued by the data controller, e.g. when processing is necessary for the purposes of the legitimate interests pursued by us or by a third party except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child. Numerous interests can be legitimate, including our own, third parties and commercial interests. This may include:
Processing client or employee data
Processing conducted for marketing purposes
Processing that helps prevent fraud
Intra-group transfers of personal data
Processing for IT security purposes
Our legitimate interests
Personal data may be legally collected and used if it is necessary for a legitimate interest of the organisation using the data, as long as that interest is not overridden by the privacy rights of the individual whose data is being used. If you want to change our use of your personal data, please contact us using the details in the “How to contact us” section below.
Sharing information
We do not share, sell or rent your information to third parties for marketing purposes.
We will not otherwise disclose your personal information unless required to do so by a regulatory agency or law or unless we have consent from you.
We may allow our staff, consultants, and/or external providers acting on our behalf to access and use your information for the purposes you have provided us (e.g., to analyse data or process payments).
We ensure your information is treated with the same level of care as if we were handling it directly.
There may be service delivery circumstances when we share your personal data with third parties. Only relevant personal data is shared. In addition, personal data is only shared if this is required based on one or more of the legal grounds mentioned above.
Employees with access to your personal data
Employees of Flo-culture who have access to personal data of data subjects are not allowed to use this data for personal purposes. This includes all actions concerning the personal data of data subjects for personal purposes.
Personal data security
We ensure that appropriate physical, technical and managerial controls are in place to protect your personal details. All information you provide to us is stored on our secure servers. Any payment transactions will be encrypted.
Where we have given you (or where you have chosen) a password that enables you to access certain uses of our services, you are responsible for keeping this password confidential. We ask you not to share a password with anyone.
Please note that the transmission of information via the Internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our website and/or AR Digital Tours Platform; any transmission is at your own risk.
Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.
Duration of personal data storage
We will keep your personal data for no longer than is necessary for the purposes for which it is processed in accordance with our policies or applicable regulations.
Your rights
Every data subject has rights under UK GDPR to guarantee a correct privacy policy. You can contact the controller if you want to exercise one or more of these rights (see How to contact us below). If you seek contact with the controller, the controller is obliged to provide you with a reply within one month. No charge will be made for a data subject’s request for information or action under these rights.
The right to be informed
Every data subject has the right to be provided with clear and concise information about what is done with their personal data.
Right of access by the data subject
Every data subject has the right to access and receive a copy of personal data that this app has processed from you.
Right of rectification
Every data subject has the right to rectify inaccurate personal data that the app has processed about you if this data turns out to be incorrect or incomplete. We will respond to such requests within one month. We will notify any third parties with whom we have processed user data of the data subjects exercise of this right.
Right of erasure (the right to be forgotten)
Every data subject has the right to request that the data subject’s personal data be deleted from our possession. We must delete this data upon your request and within one month. We will notify any third parties with whom we have processed user data of the data subjects exercise of this right.
Right to object
Every data subject has the right to object to the processing of the subject personal data. You must state what your specific reasons are for objecting. If you object to direct marketing, direct marketing will immediately be discontinued.
Right to restrict
Every data subject has the right to restrict the processing of personal data if, for example, the data subject believes the information is inaccurate and is verifying its accuracy. We will notify any third parties with whom we have processed user data of the data subjects exercise of this right.
Right of portability
Every data subject has the right to receive personal data that we have processed from the data subject in a readable form.
If you are unhappy with how we handled your personal data, please get in touch with us using the details below. You are also entitled to make a complaint to the Information Commissioner’s Office at ico.org.uk
Governing Law
This policy and any dispute or claim arising out of it or in connection with it or its subject matter shall be governed by and construed in accordance with the laws of England and Wales, and the parties irrevocably agree that the courts of England have exclusive jurisdiction to settle any dispute or claim arising out of or in connection with this policy or its subject matter.
Privacy policy updates
This privacy statement has been compiled with care. We keep a close eye on developments in the field of privacy law and may periodically update this privacy policy to comply with changes.
At the top of this document, we will always place the date on which the document was last edited so that you can see if this has been updated since your last visit.
How to contact us
Please email katherine.pearson@flo-culture.com to get in touch or write to Katherine Pearson, Flo-culture, Church Hall, 53 Church Street, East Boldon, NE36 0SD.