INTO THE BLOOMS PRIVACY STATEMENT

At Into the Blooms we are committed to protecting and respecting your privacy. This Policy explains when and why we collect personal information about people who visit our website, how we use it, the conditions under which we may disclose it to others and how we keep it secure.

We may change this Policy from time to time so please check this page occasionally to ensure that you’re happy with any changes.

Any questions regarding this Policy and our privacy practices should be sent by email to [email protected]

HOW DO WE COLLECT INFORMATION FROM YOU?

• We may request sign up to our email newsletters via our website
• We collect your details via enquiry forms on our website
• We collect details of names, addresses and telephone numbers when we request information that will allow us to deliver our products to you.
• Payment processing is handled by a secure third party service so we do not collect any credit or debit card details.
• We collect details of your IP address when you view our website, we do this via cookies. See our cookie policy page.

WHAT TYPE OF INFORMATION IS COLLECTED FROM YOU?
The personal information we collect from you might include your name, email address , postcode and IP address (collected via cookies), and information about which pages on our website you have accessed and when.

HOW IS YOUR INFORMATION USED?
To enable us to carry out deliveries
With your permission it may be used for marketing purposes
We will hold your personal information on our systems for as long as is necessary for the relevant activity.

WHO HAS ACCESS TO YOUR INFORMATION?

We will not sell or rent your information to third parties.
We will not share your information with third parties for marketing purposes.

Service providers acting on our behalf
Any services or contractors we employ that have access to data (IP addresses, email addresses) are bound by a contract that requires them to keep the information secure and not to use it for their own direct marketing purposes.

COOKIES
Our website uses cookies* which keep a browser record of which IP addresses are accessing the site for the following reasons:

Analytics
We use Google analytics to see how many people have accessed our website and what pages they have spent time reading. It also tells us whether people are visiting our site as a result of search engine traffic or through links from other websites or marketing emails. Google analytics relies only on IP addresses to collect this information. You can read the Google data protection policy here.

Functionality
Our site is built in WordPress which requires the collection of IP information for anyone with access to update the site.

Any transaction which involves a user of our website providing information on a form in which a thank you notice appears involves the use of cookies.

It is possible to disable cookies via your browser but it may affect the functionality of our site.

Any data from information provided by cookies is only shared with the third parties listed above.

HOW CAN YOU ACCESS OR UPDATE YOUR INFORMATION?
The accuracy of your information is important to us. If you wish to know what if any data we hold on you please email us at: [email protected]

LINKS TO OTHER WEBSITES
Our website may contain links to other websites run by other organisations. This privacy policy applies only to our website‚ so we encourage you to read the privacy statements on the other websites you visit. We cannot be responsible for the privacy policies and practices of other sites even if you access them using links from our website.

In addition, if you linked to our website from a third party site, we cannot be responsible for the privacy policies and practices of the owners and operators of that third party site and recommend that you check the policy of that third party site.

DATA BREACHES
We have policies in place to help prevent data breaches.

Malicious Activities
We take measures to avoid loss of data as a result of malicious activities, which include:

Hacking incidents / Illegal access to databases containing personal data
Theft of computing devices (portable or otherwise), data storage devices, or paper records containing personal data
Failure of cloud computing cloud storage security / authentication / authorisation systems.

Reporting Breaches
Under the GDPR we are legally obliged to notify the Supervisory Authority within 72 hours of the data breach (Article 33). Individuals have to be notified if adverse impact is determined (Article 34).
We do not have to notify the data subjects if anonymised data is breached. Specifically, the notice to data subjects is not required if the data controller has implemented pseudonymisation techniques like encryption along with adequate technical and organizational protection measures to the personal data affected by the data breach (Article 34).

Cookies

Please see our cookie policy page here.