Last Updated: June 5, 2020
“Account” means a Customer Account, as defined in the Customer Terms of Service or a Retailer Account, as defined in the Retailer Terms of Service.
“Customer” means any individual who browses, inquires about or purchases products or services listed our Website or a Retailer Site.
“Lovingly Account Services” means our online point-of-sale platform, floral shop management system and related cloud services.
“Lovingly Store Services” means Lovingly Account Services in addition to services related to Lovingly’s creation, operation, hosting and marketing of an eCommerce website for a Retailer.
“Personal Data” means information that alone or when in combination with other information may be used to identify, contact, or locate you, such as name, address, email address, IP address, login credentials, profile information, or phone number. Personal Data or PII excludes information that has been aggregated and/or anonymized so that it does not allow a third party to easily identify a specific individual (“non-PII”).
“You” or “you” refers to Retailers or Customers as indicated by context, or, if not specified, to both of these groups.
When you use the Services, we automatically collect and store certain information about your computer or mobile device and your activities. This information includes:
The information we collect is used to improve the content and the quality of the Services, and without your consent we will not otherwise share your Personal Data to/with any other party(s) for commercial purposes, except to provide the Services, when we have your permission, or under the following circumstances:
Where applicable law requires (and subject to any relevant exceptions under law), you may have the right to access, update, change or delete Personal Data.
You can access, update, change or delete your Personal Data either directly in your Account or by contacting us at firstname.lastname@example.org request the required changes. You can exercise your other rights (including deleting your Account) by contacting us at the same email address or at email@example.com.
You can also elect not to receive marketing communications by changing your preferences in your Account or by following the unsubscribe instructions in such communications.
If you remove information that you posted to the Services, copies may remain viewable in cached and archived pages of the Services, or if other users or third parties using any available API have copied or saved that information. In addition, following termination or deactivation of your account, we may retain information (including your profile information) and user content for a commercially reasonable time for backup, archival, and/or audit purposes. If you want any Personal Data permanently deleted, you must request such deletion by contacting us at firstname.lastname@example.org.
Additionally, if we rely on consent for the processing of your Personal Data, you have the right to withdraw it at any time. When you do so, this will not affect the lawfulness of any processing of your data that was completed before your consent withdrawal.
If you are a Customer who has purchased flowers or other products from a Retailer, that Retailer may have Personal Data about you. You must contact that Retailer to exercise your rights with respect to any information they hold about you.
Retailers are responsible for what they do with any Personal Data they collect, directly or through our Services, about their Customers. Retailers are solely responsible for complying with any laws and regulations that apply to the collection and use of Customers’ information, including Personal Data that Retailers collect about Customers from us or by using functionality provided through any of our Services.
Lovingly is not liable for any Retailer’s relationship with their Customers or for such Retailer’s collection and use of a Customer’s Personal Data (even if you collect it from us directly or using functionality provided through our Services). We cannot provide Retailers with any legal advice regarding collection of Personal Data.
The Services may contain links to other websites. If you choose to click on a third party link, you will be directed to that third party’s website. The fact that we link to a website is not an endorsement, authorization or representation of our affiliation with that third party, nor is it an endorsement of their privacy or information security policies or practices. We do not exercise control over third party websites. These other websites may place their own Cookies or other files on your computer, collect data or solicit Personal Data from you. Other websites follow different rules regarding the use or disclosure of the Personal Data you submit to them. We encourage you to read the privacy policies or statements of the other websites you visit.
We may access, preserve and share your information without notice or consent from you in response to a legal request (like a search warrant, court order or subpoena) if we have a good faith belief that the law requires us to do so. This may include responding to legal requests from jurisdictions outside of the United States where we have a good faith belief that the response is required by law in that jurisdiction, affects users in that jurisdiction, and is consistent with internationally recognized standards. We may also access, preserve and share information when we have a good faith belief it is necessary to: detect, prevent and address fraud and other illegal activity; to protect ourselves, you and others, including as part of investigations; or to prevent death or imminent bodily harm. For example, we may provide information to third-party partners about the reliability of your account to prevent fraud and abuse on and off of our the Services. Information we receive about you may be accessed, processed and retained for an extended period of time when it is the subject of a legal request or obligation, governmental investigation, or investigations concerning possible violations of our terms or policies, or otherwise to prevent harm. We also may retain information from accounts disabled for violations of our terms for at least a year to prevent repeat abuse or other violations of our terms.
Only individuals over the age of 18 are eligible to use our Services. However, we pay particular attention to children’s privacy. Our Services are not directed to children under the age of 13 and we do not knowingly collect, maintain or use Personal Data from children under the age of 13. If you learn that your child has provided us with Personal Data, you may alert us at email@example.com. Should we learn that a child under 13 has provided us with Personal Data, we will delete that information from our database and terminate the child’s account.
Unauthorized entry or use, hardware or software failure, the inherent insecurity of the Internet and other factors, may compromise the security of your Personal Data at any time. Nevertheless, we strive to safeguard Personal Data to ensure that information is kept private and secure at all times. We maintain administrative, technical and physical safeguards that are intended to appropriately protect against accidental or unlawful destruction, accidental loss, unauthorized alteration, unauthorized disclosure or access, misuse and any other unlawful form of processing of, the Personal Data in our possession. We employ security measures such as using firewalls to protect against intruders, building redundancies throughout our network (so that if one server goes down, another can cover for it) and testing for and protecting against network vulnerabilities.
The precise periods for which we keep your Personal Data vary depending on the nature of the information and why we need it. Factors we consider in determining these periods include the minimum required retention period prescribed by law or recommended as best practice, the period during which a claim can be made with respect to an agreement or other matter, whether the Personal Data has been aggregated or pseudonymized, and other relevant criteria. For example, the period we keep your email address is connected to how long your Account is active, while the period for which we keep a support message is based on how long has passed since the last submission in the thread.
Because you may use the Services sporadically or come back to us after an Account becomes inactive, we don’t immediately delete your Personal Data when your trial expires or you cancel the Services. Instead, we keep your Personal Data for a reasonable period of time, so it will be there for you if you come back.
We conduct our data transfers in accordance with Chapter V of the European General Data Protection Regulation (the “GDPR”). Specifically, we conduct data transfers subject to the following standards:
In compliance with the Privacy Shield Principles, Lovingly commits to resolve complaints about our collection or use of your personal information. EU individuals with inquiries or complaints regarding our Privacy Shield policy should first contact Lovingly at:
Attn: Privacy Officer
1906 Route 52, Suite D,
Hopewell Junction, NY, 12533
Lovingly has further committed to refer unresolved Privacy Shield complaints to the International Center for Dispute Resolution – American Arbitration Association (“ICDR-AAA”), an alternative dispute resolution provider located in the United States. If you do not receive timely acknowledgment of your complaint from us, or if we have not addressed your complaint to your satisfaction, please visit http://go.adr.org/privacyshield.html for more information or to file a complaint. The services of the ICDR-AAA are provided at no cost to you.
Enforcement and Verification. For purposes of enforcing compliance with the Privacy Shield, Lovingly is subject to the investigatory and enforcement authority of the US Federal Trade Commission. For more information about the Privacy Shield, see the US Department of Commerce’s Privacy Shield website located at: https://www.privacyshield.gov. To review Lovingly’s representation on the Privacy Shield list, see the US Department of Commerce’s Privacy Shield self-certification list located at: https://www.privacyshield.gov/list.
Binding Arbitration. You may have the option to select binding arbitration for the resolution of your complaint under certain circumstances, provided you have taken the following steps: (1) raised your compliant directly with Lovingly and provided us the opportunity to resolve the issue; (2) made use of the independent dispute resolution mechanism identified [above]; and (3) raised the issue through the relevant data protection authority and allowed the US Department of Commerce an opportunity to resolve the complaint at no cost to you. For more information on binding arbitration, see US Department of Commerce’s Privacy Shield Framework: Annex I (Binding Arbitration) located at: https://www.privacyshield.gov/article?id=ANNEX-I-introduction.