Flo-culture Privacy Policy

Updated 05 November 2024

Introduction

This Privacy Policy applies when you use our website and/on contact us and/or when there is a Contract (Subscription Plan Agreement and/or Services Contract) between Flo-culture Ltd ("Flo-culture," "we," "us") and the person or entity using our Services ("customer," "you," "your"). This policy governs how we use the information you provide when you get in touch, sign up and use our services.

We are committed to protecting your privacy and will only use the information that we collect about you lawfully.

Definitions

Before you read the data privacy and security statement, we would like to clarify four important concepts to fully understand this statement. These four concepts are: the 'privacy statement', the 'data subject', the 'personal data', and 'processing'.

The 'privacy statement' informs, among other things, what personal data is collected, for what purpose, what is done with it, how long this takes place and what rights the data subject has regarding this process.

The privacy statement is addressed to the person whose personal data will be processed. That person is called the 'data subject'.

'Personal data' is a very broad concept. It concerns information and data about an identified or identifiable person. This means that the information is directly about a person or can be traced back to a person—for example, someone's name, address, telephone number, email address, or IP address.

Every action that can be done with personal data is indicated by the word 'process'. This includes collecting, organizing, storing, updating, modifying, retrieving, using, distributing, combining, blocking, erasing, and destroying the data, as well as any other action concerning the processing of personal data.

Our compliance statement

We will process all personal data fairly and lawfully

We will only process personal data for specified and lawful purposes

We will endeavour to hold relevant and accurate personal data, and where practical, we will keep it up to date.

We will not keep personal data for longer than is necessary

We will keep all personal data secure

We will endeavour to ensure that personal data is only transferred to countries within the European Economic Area (EEAA) with adequate protection.

Data controller contact information

Flo-culture Ltd is the data controller.

Full name of Company: Flo-culture Ltd, a company registered in England and Wales with Company number 10397623

Registered address: Flo-culture, Church Hall, 53 Church Street, East Boldon, NE36 0SD

Contact address: as above or katherine.pearson@flo-culture.com

You can contact Flo-culture with your questions and concerns regarding the procedure and handling of your personal data by us. You can also contact Flo-culture if you want to exercise any of your rights regarding the personal data we process.

Description of the personal information we collect

Organisations that express an interest in our services

We collect personal data about your staff or directors for a number of reasons, including communicating with you and responding to requests for information.

The personal data we collect can include:

  • Name

  • Contact details

  • Records of your communication with us

Organisations that buy from us (services and subscriptions)

In addition to the personal data collected above, we may collect further information about directors to process a merchant account application with a selected payment provider.

The personal data we collect can include:

  • Name

  • Contact details

  • Records of your communication with us

  • Date of birth

  • Private address

  • Copies of identity documents

Note on payment

We do not see, collect or store any sensitive payment data whatsoever when processing a card transaction.

The data required to perform a card transaction will be captured, but all data is encrypted at source and, therefore, not visible to us.

We may record an anonymised payment token that lets us know if you are a repeat user.

We may use this to streamline the process when you use the service in future.

How we use the information you provide

For individuals who proactively engage with us

We will process your data for the following reasons:

  • To provide our services

  • To supply you with communications you have requested about our products or services

  • To provide customer support

  • To keep a record of your relationship with us

  • To manage your communication preferences

  • To monitor and mitigate fraudulent and illegal activities

  • To comply with applicable laws and regulations and requests from statutory agencies

For individuals who are making a payment

We will process your data for the following reasons:

  • To ensure that the relevant organisation receives the payment and to provide our services to our customers

  • To monitor and mitigate fraudulent and illegal activities

Cookies policy

Cookies are small bits of data that websites store on your device to improve your browsing experience and track useful analytics and data.

We use cookies to help us run our site more effectively, provide the best experience for our visitors, and help us learn more about the traffic on our site. We use this information to improve our services and the information we provide.

When someone visits our website and/or AR Digital Tours Platform, we use Google Analytics, a web analytics service, to collect standard internet log information and details of visitor behaviour patterns.

We do this to determine the number of visitors to the various parts of the website/or AR Digital Tours Platform. This information is only processed in a way that does not identify anyone.

We do not make, and do not allow Google to make, any attempt to discover the identities of those visiting our website/or AR Digital Tours Platform.

If we want to collect personally identifiable information through our website/or AR Digital Tours Platform, we will be upfront about this. We will make it clear when we collect personal information and will explain what we intend to do with it.

Our legal basis for processing personal data

We need a lawful basis to collect and use your personal data under the General Data Protection Regulation (GDPR) data protection law.

The law allows for six ways to process personal data (and additional ways for sensitive personal data).

These are:

  1. If the data subject gives explicit consent or the processing is necessary (e.g., payroll payments).

  2. To meet contractual obligations entered into by the data subject, e.g. a subscription plan agreement.

  3. To comply with the data controller’s legal obligations, e.g. if we need to process personal data to comply with a common law or statutory obligation.

  4. To protect the data subject’s vital interests. This basis applies if it’s necessary to process personal data to protect someone’s life. (This applies to any life – not just the data subject’s life.)

  5. For tasks carried out in the public interest or exercise of authority vested in the data controller, e.g. when we must process personal data “for the performance of a task carried out in the public interest” or “in the exercise of official authority”.

  6. For the purposes of legitimate interests pursued by the data controller, e.g. when processing is necessary for the purposes of the legitimate interests pursued by us or by a third party except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child. Numerous interests can be legitimate, including our own, third parties and commercial interests. This may include:

  • Processing client or employee data

  • Processing conducted for marketing purposes

  • Processing that helps prevent fraud

  • Intra-group transfers of personal data

  • Processing for IT security purposes

  • Our legitimate interests

Personal data may be legally collected and used if it is necessary for a legitimate interest of the organisation using the data, as long as that interest is not overridden by the privacy rights of the individual whose data is being used. If you want to change our use of your personal data, please contact us using the details in the “How to contact us” section below.

Sharing information

We do not share, sell or rent your information to third parties for marketing purposes.

We will not otherwise disclose your personal information unless required to do so by a regulatory agency or law or unless we have consent from you.

We may allow our staff, consultants, and/or external providers acting on our behalf to access and use your information for the purposes you have provided us (e.g., to analyse data or process payments).

We ensure your information is treated with the same level of care as if we were handling it directly.

There may be service delivery circumstances when we share your personal data with third parties. Only relevant personal data is shared. In addition, personal data is only shared if this is required based on one or more of the legal grounds mentioned above.

Employees with access to your personal data

Employees of Flo-culture who have access to personal data of data subjects are not allowed to use this data for personal purposes. This includes all actions concerning the personal data of data subjects for personal purposes.

Personal data security

We ensure that appropriate physical, technical and managerial controls are in place to protect your personal details. All information you provide to us is stored on our secure servers. Any payment transactions will be encrypted.

Where we have given you (or where you have chosen) a password that enables you to access certain uses of our services, you are responsible for keeping this password confidential. We ask you not to share a password with anyone.

Please note that the transmission of information via the Internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our website and/or AR Digital Tours Platform; any transmission is at your own risk.

Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.

Duration of personal data storage

We will keep your personal data for no longer than is necessary for the purposes for which it is processed in accordance with our policies or applicable regulations.

Your rights

Every data subject has rights under UK GDPR to guarantee a correct privacy policy. You can contact the controller if you want to exercise one or more of these rights (see How to contact us below). If you seek contact with the controller, the controller is obliged to provide you with a reply within one month. No charge will be made for a data subject’s request for information or action under these rights.

The right to be informed

Every data subject has the right to be provided with clear and concise information about what is done with their personal data.

Right of access by the data subject

Every data subject has the right to access and receive a copy of personal data that this app has processed from you.

Right of rectification

Every data subject has the right to rectify inaccurate personal data that the app has processed about you if this data turns out to be incorrect or incomplete. We will respond to such requests within one month. We will notify any third parties with whom we have processed user data of the data subjects exercise of this right.

Right of erasure (the right to be forgotten)

Every data subject has the right to request that the data subject’s personal data be deleted from our possession. We must delete this data upon your request and within one month. We will notify any third parties with whom we have processed user data of the data subjects exercise of this right.

Right to object

Every data subject has the right to object to the processing of the subject personal data. You must state what your specific reasons are for objecting. If you object to direct marketing, direct marketing will immediately be discontinued.

Right to restrict

Every data subject has the right to restrict the processing of personal data if, for example, the data subject believes the information is inaccurate and is verifying its accuracy. We will notify any third parties with whom we have processed user data of the data subjects exercise of this right.

Right of portability

Every data subject has the right to receive personal data that we have processed from the data subject in a readable form.

If you are unhappy with how we handled your personal data, please get in touch with us using the details below. You are also entitled to make a complaint to the Information Commissioner’s Office at ico.org.uk

Governing Law

This policy and any dispute or claim arising out of it or in connection with it or its subject matter shall be governed by and construed in accordance with the laws of England and Wales, and the parties irrevocably agree that the courts of England have exclusive jurisdiction to settle any dispute or claim arising out of or in connection with this policy or its subject matter.

Privacy policy updates

This privacy statement has been compiled with care. We keep a close eye on developments in the field of privacy law and may periodically update this privacy policy to comply with changes.

At the top of this document, we will always place the date on which the document was last edited so that you can see if this has been updated since your last visit.

How to contact us

Please email katherine.pearson@flo-culture.com to get in touch or write to Katherine Pearson, Flo-culture, Church Hall, 53 Church Street, East Boldon, NE36 0SD.