Privacy Policy

Privacy Policy

🇬🇧 Privacy Policy (GDPR Compliant)

Data Controller
The Data Controller is BM Flor, with registered office at [insert address], contactable at the following email address: [insert contact email].

Categories of Personal Data Processed
We may collect and process the following categories of personal data:

  • Data voluntarily provided by the user (e.g., name, email address, website, comments content);

  • Technical navigation data (e.g., IP address, browser user agent);

  • Data contained in uploaded media files, which may include embedded location metadata (EXIF GPS).

Purpose and Legal Basis for Processing
Personal data are processed for the following purposes:

  • Managing and publishing comments on the website (Art. 6(1)(b) GDPR – performance of a contract);

  • Preventing fraudulent activity or spam through automated detection systems (Art. 6(1)(f) GDPR – legitimate interest);

  • Managing cookies and browsing preferences (Art. 6(1)(a) GDPR – consent);

  • Providing services requested via contact forms (Art. 6(1)(b) GDPR – performance of a contract).

Cookies
This website uses technical and functional cookies and, with your consent, may use profiling and third-party cookies. For further information, please refer to our [Cookie Policy].

Embedded Content from Third-Party Websites
Articles on this site may include embedded content (e.g., videos, images, articles). Such content behaves in the exact same way as if the visitor had visited the third-party website, which may collect data, use cookies, and track interactions in accordance with its own privacy policy.

Data Retention

  • Comments and related metadata are stored indefinitely, unless deletion is requested by the data subject;

  • Data provided by registered users are retained until the account is deleted;

  • Cookie and session data are stored for the duration specified in our [Cookie Policy].

Data Subject Rights
In accordance with Articles 15–22 of the GDPR, you have the right to:

  • Access your personal data;

  • Request rectification or erasure of your data;

  • Restrict or object to the processing of your data;

  • Receive the data you have provided in a structured, commonly used, and machine-readable format (data portability);

  • Withdraw your consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal;

  • Lodge a complaint with the competent Data Protection Authority.

Data Recipients
Your data may be shared with technical service providers (e.g., hosting providers, anti-spam systems such as Akismet/Gravatar) exclusively for the purposes outlined above.

Transfers of Data Outside the EEA
Where personal data are transferred outside the European Economic Area, appropriate safeguards will be implemented in accordance with Articles 44 et seq. of the GDPR.

Back to top

Subscribe to our Newsletter