PRIVACY POLICY (Afterflowers / afterflowers.eu)
Version effective from: 04.03.2026
This Privacy Policy explains how SIA MOSS ART STUDIO (Reg. Nr. 50203512481) (“MOSS ART STUDIO”, “Afterflowers”, “we”, “us”) collects and processes personal data when you use https://afterflowers.eu (the “Website”), place orders, contact us or use our services. We process personal data in accordance with the GDPR and applicable Latvian law.
1. DATA CONTROLLER
Controller: SIA MOSS ART STUDIO
Reg. Nr.: 50203512481
Address: Arhitektu street 22-50, Daugavpils, Latvia
Email (incl. privacy requests): afterflowers.eu@gmail.com
2. WHAT PERSONAL DATA WE COLLECT
We may collect the following categories of personal data:
2.1 Customer data: name, surname, email address, phone number.
2.2 Recipient and delivery data: recipient name, delivery address, phone number, intercom/access instructions, preferred delivery time window, greeting card/message text.
2.3 Order data: Products purchased, price, discounts, delivery fee, order history, communications relating to the Order.
2.4 Payment data: payment method and payment status; payment transaction identifiers. IMPORTANT: we do not store full card data. Card payments are processed by payment providers (e.g., Stripe/banks) under their own terms and policies.
2.5 Communication data: emails/messages you send us, complaint details, photos you provide.
2.6 Technical data: IP address, device and browser information, log data, and cookie identifiers (see Section 9).
3. PURPOSES OF PROCESSING AND LEGAL BASES (GDPR)
We process personal data for these purposes:
3.1 Contract performance (GDPR Art. 6(1)(b)):
- to accept, process and fulfill Orders;
- to arrange delivery and provide customer support.
3.2 Legal obligations (GDPR Art. 6(1)(c)):
- accounting and tax compliance;
- consumer protection and handling statutory claims.
3.3 Legitimate interests (GDPR Art. 6(1)(f)):
- fraud prevention and security of payments and the Website;
- improving services and quality control;
- handling disputes and maintaining evidence of communications.
3.4 Consent (GDPR Art. 6(1)(a)) where applicable:
- marketing communications/newsletters (if used);
- non-essential cookies/marketing cookies where required by law.
You may withdraw consent at any time.
4. WHO WE SHARE DATA WITH
We may share personal data with:
4.1 Couriers/logistics partners to deliver your order (recipient name, address, phone, instructions).
4.2 Payment processors and financial institutions (e.g., Stripe, banks) to process payments.
4.3 IT service providers (hosting, email, website maintenance) who process data on our instructions.
4.4 Accountants, auditors, legal advisors where necessary.
4.5 Authorities or courts where required by law.
We do not sell personal data.
5. INTERNATIONAL TRANSFERS
Some service providers (e.g., IT/payment) may process data outside the EEA. In such cases we rely on appropriate safeguards required by GDPR (e.g., Standard Contractual Clauses) where applicable.
6. DATA RETENTION
We keep data only as long as necessary:
6.1 Orders/invoices/accounting documents: for the period required by Latvian tax and accounting laws.
6.2 Complaints and customer support correspondence: generally up to 2 years after resolution (unless a longer period is needed for legal claims).
6.3 Technical logs: for a limited period necessary for security and troubleshooting.
6.4 Marketing data (if any): until you unsubscribe/withdraw consent.
7. YOUR RIGHTS
Under GDPR, you have the right to:
- access your data;
- rectify inaccurate data;
- request deletion (where applicable);
- restrict processing;
- object to processing based on legitimate interests;
- data portability (in certain cases);
- withdraw consent (where processing is based on consent);
- lodge a complaint with a supervisory authority.
To exercise your rights, contact: afterflowers.eu@gmail.com.
We may request additional information to verify your identity.
8. SECURITY
We use reasonable technical and organizational measures to protect personal data (access controls, secure service providers, limited access). However, no method of transmission or storage is 100% secure.
9. COOKIES
We use cookies and similar technologies:
- necessary cookies for Website functionality;
- analytics cookies (if enabled);
- marketing cookies (if enabled).
You can manage cookies through the cookie banner (if implemented) and your browser settings.
If you want, we can provide a separate Cookie Policy and cookie list (recommended for EU compliance).
10. CHILDREN
The Website is not intended for children under 16. We do not knowingly collect data from children.
11. CHANGES TO THIS PRIVACY POLICY
We may update this Policy by publishing a new version on the Website with a new effective date.
12. CONTACT
SIA MOSS ART STUDIO
Arhitektu street 22-50, Daugavpils, Latvia
Email: afterflowers.eu@gmail.com
Version effective from: 04.03.2026
This Privacy Policy explains how SIA MOSS ART STUDIO (Reg. Nr. 50203512481) (“MOSS ART STUDIO”, “Afterflowers”, “we”, “us”) collects and processes personal data when you use https://afterflowers.eu (the “Website”), place orders, contact us or use our services. We process personal data in accordance with the GDPR and applicable Latvian law.
1. DATA CONTROLLER
Controller: SIA MOSS ART STUDIO
Reg. Nr.: 50203512481
Address: Arhitektu street 22-50, Daugavpils, Latvia
Email (incl. privacy requests): afterflowers.eu@gmail.com
2. WHAT PERSONAL DATA WE COLLECT
We may collect the following categories of personal data:
2.1 Customer data: name, surname, email address, phone number.
2.2 Recipient and delivery data: recipient name, delivery address, phone number, intercom/access instructions, preferred delivery time window, greeting card/message text.
2.3 Order data: Products purchased, price, discounts, delivery fee, order history, communications relating to the Order.
2.4 Payment data: payment method and payment status; payment transaction identifiers. IMPORTANT: we do not store full card data. Card payments are processed by payment providers (e.g., Stripe/banks) under their own terms and policies.
2.5 Communication data: emails/messages you send us, complaint details, photos you provide.
2.6 Technical data: IP address, device and browser information, log data, and cookie identifiers (see Section 9).
3. PURPOSES OF PROCESSING AND LEGAL BASES (GDPR)
We process personal data for these purposes:
3.1 Contract performance (GDPR Art. 6(1)(b)):
- to accept, process and fulfill Orders;
- to arrange delivery and provide customer support.
3.2 Legal obligations (GDPR Art. 6(1)(c)):
- accounting and tax compliance;
- consumer protection and handling statutory claims.
3.3 Legitimate interests (GDPR Art. 6(1)(f)):
- fraud prevention and security of payments and the Website;
- improving services and quality control;
- handling disputes and maintaining evidence of communications.
3.4 Consent (GDPR Art. 6(1)(a)) where applicable:
- marketing communications/newsletters (if used);
- non-essential cookies/marketing cookies where required by law.
You may withdraw consent at any time.
4. WHO WE SHARE DATA WITH
We may share personal data with:
4.1 Couriers/logistics partners to deliver your order (recipient name, address, phone, instructions).
4.2 Payment processors and financial institutions (e.g., Stripe, banks) to process payments.
4.3 IT service providers (hosting, email, website maintenance) who process data on our instructions.
4.4 Accountants, auditors, legal advisors where necessary.
4.5 Authorities or courts where required by law.
We do not sell personal data.
5. INTERNATIONAL TRANSFERS
Some service providers (e.g., IT/payment) may process data outside the EEA. In such cases we rely on appropriate safeguards required by GDPR (e.g., Standard Contractual Clauses) where applicable.
6. DATA RETENTION
We keep data only as long as necessary:
6.1 Orders/invoices/accounting documents: for the period required by Latvian tax and accounting laws.
6.2 Complaints and customer support correspondence: generally up to 2 years after resolution (unless a longer period is needed for legal claims).
6.3 Technical logs: for a limited period necessary for security and troubleshooting.
6.4 Marketing data (if any): until you unsubscribe/withdraw consent.
7. YOUR RIGHTS
Under GDPR, you have the right to:
- access your data;
- rectify inaccurate data;
- request deletion (where applicable);
- restrict processing;
- object to processing based on legitimate interests;
- data portability (in certain cases);
- withdraw consent (where processing is based on consent);
- lodge a complaint with a supervisory authority.
To exercise your rights, contact: afterflowers.eu@gmail.com.
We may request additional information to verify your identity.
8. SECURITY
We use reasonable technical and organizational measures to protect personal data (access controls, secure service providers, limited access). However, no method of transmission or storage is 100% secure.
9. COOKIES
We use cookies and similar technologies:
- necessary cookies for Website functionality;
- analytics cookies (if enabled);
- marketing cookies (if enabled).
You can manage cookies through the cookie banner (if implemented) and your browser settings.
If you want, we can provide a separate Cookie Policy and cookie list (recommended for EU compliance).
10. CHILDREN
The Website is not intended for children under 16. We do not knowingly collect data from children.
11. CHANGES TO THIS PRIVACY POLICY
We may update this Policy by publishing a new version on the Website with a new effective date.
12. CONTACT
SIA MOSS ART STUDIO
Arhitektu street 22-50, Daugavpils, Latvia
Email: afterflowers.eu@gmail.com