Privacy Statement Floriworld
FloriWorld is a theme park about flowers and plants. To make your visit a personal experience
we process personal data about you as our visitor.
We obviously handle your data with the utmost care. It is, after all,
your privacy. Below, you will find information on what we do with your data.
This privacy statement applies to FloriWorld BV and Dutch Experience Group Aalsmeer BV.
In this privacy statement, these parties are referred to collectively as: FloriWorld.
Latest update: January 2020
How does FloriWorld handle your personal data?
We limit the processing of your data to a minimum. When you visit FloriWorld, you yourself determine which data you share with us. You experience a spectacular, entertaining and educational journey of discovery through the world of flowers and plants. You become aware of the way in which flowers and plants contribute to your health and welfare. You can specify your preferences and these will be reflected in a show that takes your preferences into account. You may choose to do so in your own name, but you may do so anonymously, too. If you do not specify any preferences, then the show will still be spectacular, but obviously without taking your preferences into account and, therefore, not personalised. We handle your personal data with the utmost care. In principle, your data is not shared with third parties; only if it is essential to service provision, or if we are under legal obligation to do so. Moreover, we do our utmost to protect your data.
What are personal data?
Personal data are all data that can be traced to a natural, living person. Examples include name, address, email, preference for certain flowers and plants, but also photographs, for example, if you have your picture taken during the visit to the experience.
Which personal data does FloriWorld process?
On certain occasions, FloriWorld processes your data:
When you visit our website and you ask us to share our newsletter with you;
If you make an online purchase on our website for one or more admission tickets for your visit;
If you visit our experience and choose to submit personal data to make your visit personalised;
If you make a purchase at our shop or online. To receive our newsletter, we ask for your name and email address. To purchase tickets, we ask your name, gender, country of residence, language preference, email address, date and time of your visit and whether you wish to receive our newsletter. We also record the number of tickets you purchase. During your visit to FloriWorld, we ask your name, language preference, date of birth, preferences regarding flowers and plants, country of residence, email address, selfie, whether you wish to receive our newsletter and the photographs, which you can have made in front of a green screen during the visit. If you purchase something in our shop and would like us to send it to your home address, we will ask for your name and address details, as well as your email address.
What is the legal basis for data processing?
When you visit us, you enter into a contract with us. We carry out that contract. This is the basis of processing. This is the case when you purchase tickets and when you visit our experience, and if you purchase something that you would like delivered to your home. If you wish to receive a newsletter, then this occurs on the basis of your consent. Our website or experience does not intend to collect data about (website) visitors younger than 16 years of age. Unless a parent or guardian have given consent to do so. However, FloriWorld cannot establish whether a visitor is older than 16. We therefore advise parents to monitor and supervise the online activities of their children in order to prevent data about children being collected without parental consent. If you feel that we have collected personal data without such consent, please contact us at privacy@localhost and we will delete the relevant information. In the case that someone below the age of 16 visits our experience, we assume that they have been given consent to participate. We do not engage in (online) marketing activities for people below the age of 16.
How long do we store your data?
Personal data is not stored for longer than is strictly necessary to achieve the purposes for which they were processed. All data that we process are deleted as soon as possible upon completion of the service (four weeks after your visit). If you purchase a ticket using your credit card, then we will store your data for up to one year after your purchase. In some cases, we are under legal obligation to store your data for a longer period of time, in which case we will do so. If you have subscribed to our newsletter, we will process your data until you indicate that you no longer wish to receive the newsletter. To unsubscribe to the newsletter, please use the ‘Unsubscribe’ link at the bottom of the newsletter. In the case of job applicants, we destroy your data four weeks after the recruitment process is ceased or concluded, unless you have given us consent that your data may be kept on file. In that case, we will keep your data for a maximum of one year.
Who has access to your personal data?
Only authorised FloriWorld employees have access to your personal data and only in so far as access is necessary to perform work-related duties. We share personal data with third parties only if it is necessary to do so for technical reasons (because we do not have the relevant technology at our disposal,
for instance) or as a result of a legal obligation. Examples include payment processing, sharing address data with a delivery service so that products ordered can be sent to your address, as well as a specialist party that ensures that your admission ticket is delivered to your mailbox. In order to ensure than these companies adhere to the rules, we have entered into a contract with them. Your personal data are processed and stored in the European Union.
FloriWorld places cookies on this website. Cookies are small, simple text files that are placed for statistical purposes. We do so anonymously, which means that we do not receive any personal data from you. If you purchase a ticket online, so-called session cookies are placed with which we can avoid you
having to enter the same data several times during a transaction. Session cookies are deleted as soon as the session is concluded.
We have appropriate and reasonable security measures in place to protect your personal data from unauthorised access, manipulation, publication, loss and improper usage. In order to guarantee a level of security appropriate to the risks, we have taken technical and organisational measures
such as security measures with respect to access to our systems.
What rights do you have with respect to your personal data?
You have a number of rights, as we shall explain (please be aware that we will need to verify your identity should you choose to exercise any of these rights):
Right to information and access: you can ask us to disclose which personal data about you we possess and
Right to rectification: do you think that we have data about you that is incorrect? Let us
know and we will correct it.
Right to be forgotten: You can request that we delete personal data about you that we store
and process. We will do so, unless we are under legal obligation to
store it. In that case, we will inform you of such obligation.
Right to restriction: do you feel that we are using your personal data unlawfully, then
you can request that we cease such use of your personal data until
the matter has been investigated.
Right to objection (protest): you can object to the use or storage of your personal
data. In such cases, we will do what we can to cease using your data or delete it. Is the data use
related to marketing? In such cases, we will cease using your data as soon as possible.
In addition, you also have a right to:
Revoke consent at any time: to receive the newsletter, for instance.
Lodge a complaint with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens (AP)): Do you feel that our actions
are unlawful? Please let us know by sending an email
to privacy@localhost. You may also wish to lodge a complaint with the Dutch Data Protection Authority
(Autoriteit Persoonsgegevens) (https://autoriteitpersoonsgegevens.nl/nl/zelf-doen/gebruik-uw-privacyrechten/klacht-melden-bij-de-ap.