Data Protection Policy and Privacy Notice
is for people whose personal data we hold and use;
applies to all personal data held by us or by third parties on our behalf;
has been produced with clarity in mind.
We (Florinz App ) are a ‘Data Controller’ under the General Data Protection Regulation (GDPR) and the Data Protection Act 2018 (DPA). This means that if we collect and use your personal data we must comply with the requirements set out in the GDPR and DPA.
This policy also serves as a privacy notice under the GDPR.
If you are using your own Data to refer a friend
If you are using your own Data to make a survey in this application
If you use the Florinz App that works in Restaurants, coffee shops, retail shops, etc…
1. Our commitment to data protection
We recognize that your privacy is important and that we have a responsibility to you when handling your personal data.
We only use your personal data to perform our role as an application That enables our customers from Restaurants, coffee shops, and retail shops to reward their clients based on these services. Our clients are using Florinz app to get their customer data in order to reward them and send them their gift codes.
We take appropriate steps and put adequate technical measures in place to protect your personal data against misuse.
We will never provide your personal data to third parties for their marketing purposes.
If we plan to make substantial changes to the way we use personal data or the personal data we collect, we will inform you of the possible ways
We will ensure your personal data is used according to the principles set out in the GDPR and the Saudi Arabia Rules and Conditions.
2. Why we use personal data and the legal basis for the processing
We are a loyalty & referral software selling this software for our clients from different sectors to enable them to provide a survey for their clients and based on their surveys their rewards will be sent to their mobile phone number as an SMS code. The same with Referral software our clients refer their friends and based on this they get An sms with the winning code.
We also use personal data to:
Allow our customers from Coffeeshops, Restaurants, and retail to target their angry and happy clients with their offers to let them get back again to buy from the store as well.
3. How we use your personal data
How we use your data will depend on your relationship with us.
If you are making an Evaluation of the shop you are visiting :
Once the client makes a survey, then the customer will get a code to get the gift
Once the client’s review is bad the client will get sms to apologize for the bad services
Once the client makes the survey, then he approves receiving advertisement sms
Once the client is interested in a product, then the client will get sms campaign based on the client’s interest
If you are referring a friend
The client will promise to provide the right number once referring a friend and the client MUST KNOW THE FRIENDS you referred to . the referred person will get an sms from his/her friend recommending to visit the shop he/she recommends.
If you are a member of the public:
maintaining contact with you, managing and developing our relationship with you;
responding to your inquiries and providing you with relevant information or services;
investigating concerns raised by you about any of our services, employees or partners;
obtaining further information in respect of any inquiry or complaint made by you.
If you use the Florinz software
We will not contact you unless you specifically agree to be contacted at the time you submit your information Upon the Evaluation and Referral process.
Where you have opted-in to future communications, we will, on each subsequent communication, offer you an easily executable ‘opt-out’ option, which will allow you to remove yourself from any future mailings.
4. Sharing your personal data
We will never provide your personal data to third parties for their marketing purposes.
It may be necessary for us to share information with others as part of the discharge of our functions – for instance, if you make a complaint about a service, we will need to provide that complaint to our quality partner to check with you about your complaint and to ensure your satisfaction.
We may share information with other agencies and regulators in order to protect the public.
5. Data protection principles
The GDPR requires us to ensure that any personal data we hold is:
processed lawfully, fairly, and in a transparent manner in relation to individuals;
collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes;
adequate, relevant, and limited to what is necessary for relation to the purposes for which they are processed;
accurate and, where necessary, kept up to date, having regard to the purposes for which they are processed, and erased or rectified without delay;
kept in a form that permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed;
processed in an appropriately secure manner that protects against unauthorized or unlawful processing and against accidental loss, destruction, or damage, using appropriate technical or organizational measures.
6. Your information rights
The GDPR provides you with the following general information rights:
the right to be informed upon your request;
the right of access upon your request;
the right to rectification upon your request;
the right to erasure upon your request;
the right to restrict processing upon your request;
the right to data portability upon your request;
the right to object upon your request;
rights in relation to automated decision-making and profiling.
Some of these rights do not apply or may be limited where we use your data to help us undertake a task in the exercise of our official authority or in the public interest. We explain below our general position in relation to these rights.
If you seek to exercise the rights below, we may need to ask you to confirm your identity in order to protect your data from unauthorized disclosure.
Your right to be informed
We will be transparent about our use of your personal data upon your request.
We will inform you of the reasons why we use your data and our legal basis for using your data upon your request.
We will provide you with specific information when we collect your data if you apply for a referral or survey action.
Your right to access
You can request to receive a copy of the personal information we hold about you. This is called a subject access request and is free of charge.
If your request is manifestly unfounded or excessive, particularly because it is repetitive, we can refuse to respond. We will always advise you if we take this decision.
Your right to rectification
You can request that we correct your personal data if you believe the data we hold is inaccurate.
Your request can be made orally or in writing.
Your right to erasure
This right is also known as ‘the right to be forgotten’.
The right to erasure does not apply if your data is used to help us undertake a task carried out in the exercise of our official authority or in the public interest. We therefore ordinarily are not required to comply with erasure requests.
Your right to restrict processing
If you raise a concern about our processing of your data, you can restrict the way that we use your data while we consider your concern.
You will need to explain your reason for wanting the restriction. This may be because you believe it is inaccurate and have requested that we rectify this.
If our processing of your data is restricted, we can still store your data, but we cannot use it.
Restrictions on our processing will normally only be temporary, while we consider your request for rectification or your concern about our processing.
Your right to data portability
This right allows consumers to easily switch between service providers by obtaining their personal data in an easily re-useable format.
This right only applies when data processing is carried out by automated means. As we do not process your personal data in this way, this right does not apply to the data we hold.
Your right to object
If you do not want us to process your data any more, you can request that we stop.
You will need to explain to us your reason for wanting the processing to stop.
We are required by law to undertake certain tasks in the public interest. If processing your data is needed to perform these tasks it is likely that we will be unable to agree to stop processing your data.
We may also refuse to stop processing your data if we can demonstrate that our reasons for processing your data are more compelling than your reasons for wanting us to stop.
If we do refuse to stop, we will explain our reasons to you.
Your rights in relation to automated decision making and profiling
You have a right to stop your personal data being used to make decisions about you without human involvement.
We do not use your data to carry out any profiling or automated decision-making.
If you choose to exercise any of your rights, we will endeavour to respond substantively to your request promptly and within 3 calendar month.
If your request is particularly complex or large, we may extend this timeframe by up to a further 5 months. We will inform you as soon as possible if we need to extend our response time.
7. Contact us
You can contact our designated Data Protection Officer regarding this policy or your information rights using the contact details below;
You can contact us to discuss any concerns you have about our processing of your personal data.
Email: [email protected]
Explanation of key terms
A data controller determines the purposes and means of processing personal data. The florinz app is a data controller.
A data processor is responsible for processing personal data on behalf of a data controller. A data processor must act on the clear instructions of data controller and must not use the data for any other purpose.
Data Protection Act 2018 (DPA)
The DPA supplements the GDPR in the UK and sets out UK-specific requirements not covered by the GDPR.
Data Protection Officer
A Data Protection Officer is the lead person for data protection within an organization. They have specialist knowledge and act as a source of advice on data protection issues.
An individual who is the subject of personal data. If the data is yours, you are the data subject.
General Data Protection Regulation (GDPR)
The GDPR is the European Union (EU) legal framework for the collection and processing of personal data (personal information about individuals)
Any information relating to an individual who can be directly or indirectly identified from that data or from that data when combined with other data.
Almost anything done to personal data is regarded as processing. This includes, recording, organizing, storing, transmitting, sharing, amending or destroying data.
Special Category Personal Data
Special category data is personal data which the GDPR says is more sensitive, and so needs more protection.