Legal information
This document describes the legal details of Flowers Place, the processing of personal data, consent wording and data subject rights when using the website and placing orders.
1. Operator and seller details
| Operator / seller / service provider | Individual entrepreneur “Flowers Place” |
|---|---|
| BIN/IIN | 040601601319 |
| Legal address | Republic of Kazakhstan, Almaty, Zharokov Street 126, office 1 |
| flower.place.00@mail.ru | |
| Phone / messenger | +7 987 216 48 16; Telegram: @manager_flower_place; Instagram: @flowers_place_dubai |
| Website | https://flowers-place.com |
| Payment | Direct transfer to bank cards of Kazakhstan and/or the Russian Federation. Payment details are provided when the order is confirmed. |
In this legal document set, “Operator”, “Seller” and “Service Provider” mean Individual entrepreneur “Flowers Place”, unless the context requires otherwise.
2. General personal data provisions
This policy explains how personal data is processed when using https://flowers-place.com, placing flower, gift and delivery orders, communicating through messengers, submitting claims and requesting refunds.
The policy is drafted with regard to the laws of Kazakhstan on personal data and consumer protection, the laws of the Russian Federation on personal data and consumer protection, and the GDPR where it applies to data of EU/EEA residents.
The Russian version is the governing version. The English version is provided for convenience and does not change the meaning of the Russian terms.
3. Data categories and sources
The Operator may process the following data categories:
- identification and contact data of the customer and recipient: name, phone number, email, delivery address and order notes;
- order data: bouquet or gift composition, price, currency, delivery date and time slot, replacement preferences, card text, packaging or photo report preferences;
- payment data: payment fact, date, amount, currency, masked ID, last card digits or other partial information needed to identify payment; full bank card numbers are not collected or stored by the Operator;
- technical data: IP address, cookies, referrer URL, browser, device, session and log-file data;
- claim materials: photos, videos, situation description and other information submitted for review.
Data may be provided by the user, by the customer about the recipient, or by local shops, florists, couriers and delivery partners regarding order status, delivery and photo confirmation.
4. Purposes, legal bases and processing actions
| Purpose | Legal basis | Actions |
|---|---|---|
| Contract conclusion and performance, order processing, delivery and service communication | Contract, public offer, consent, legitimate interest for security and proof of performance | Collection, recording, organisation, storage, update, use, transfer to partners where necessary, blocking, deletion and destruction |
| Payment, accounting, refunds, claims, tax and bookkeeping duties | Compliance with law and contract performance | Storage of payment and contract data, payment verification, claim response and refund processing when applicable |
| Marketing messages, promotions and news | Separate user consent where required by applicable law | Use of contact details for marketing until consent is withdrawn |
| Website operation, abuse prevention, analytics and user experience improvement | Legitimate interest, technical necessity, cookie consent where required | Processing of technical data, cookies, security logs and statistics |
5. Third-party sharing and cross-border transfers
Personal data is shared with third parties only to the extent required for the relevant purpose: local flower shops, florists, couriers, delivery services, telecom operators, technical contractors, consultants, auditors and public authorities where a lawful basis exists.
For international delivery or website operation, data may be transferred to other countries, including Kazakhstan, the Russian Federation, countries of delivery and, where applicable, EU/EEA countries. For EU/EEA residents, such transfers rely on an applicable legal basis or derogation, including necessity for contract performance or pre-contractual measures requested by the data subject.
If data localization or database storage requirements apply to the Operator in a relevant jurisdiction, the Operator complies with them to the extent required by applicable law.
6. Retention and security
Personal data is retained no longer than necessary for processing purposes, contract performance, claims, tax and accounting, and protection of the rights of the Operator and the user. Marketing data is used until consent is withdrawn or the relevant mailing is stopped.
The Operator applies reasonable organisational and technical security measures: access limitation, confidentiality obligations with partners, HTTPS, access control for working channels, and logging of requests and incidents.
No internet transmission can be fully risk-free. Users should not send through forms or messengers any information that is not required for the order.
7. Data subject rights
A data subject may request access, rectification, blocking, deletion or destruction of data, withdraw consent, restrict processing, object to marketing, and, where the GDPR applies, request data portability and lodge a complaint with a supervisory authority.
Requests should be sent to flower.place.00@mail.ru. The Operator may request information required to identify the requester and prevent disclosure to an unauthorised person.
Withdrawal of consent does not affect processing performed before withdrawal and does not prevent further storage where required by law, contract, claim dispute or protection of parties’ rights.
8. Consent to personal data processing
By placing an order, sending a request or providing data through the website, messenger, phone or email, the user confirms that they have read this policy and consent to processing of personal data for contract conclusion and performance, order delivery, service notifications, claims and refunds.
If the user provides recipient data, the user confirms that they have a lawful basis for doing so and that the recipient has been informed of the transfer of data to the Operator for order delivery.
Separate consent may be requested for marketing messages, analytics/marketing cookies and cross-border transfers where such separate consent is required by applicable law. Consent remains valid until the processing purposes are achieved or until it is withdrawn.
9. Children, updates and legal references
Orders for children are accepted only where the child’s necessary data is provided by a parent, legal representative or another person with a lawful basis. Marketing messages are not intentionally sent to children.
This policy may be updated. A new version applies from publication on the website unless it states otherwise.
Legal references: Kazakhstan Law on Personal Data and their Protection, Kazakhstan Law on Consumer Protection, Kazakhstan e-commerce rules, Russian Federal Law No. 152-FZ on Personal Data, Russian Consumer Protection Law, Russian Government Resolution No. 2463, and the GDPR where applicable.