Privacy Policy for Wren Bloom

Wren Bloom is committed to protecting the privacy and security of the personal data we collect from our customers and website visitors. This Privacy Policy outlines how Wren Bloom ("we", "our", "us") collects, uses, discloses, and protects your information when you interact with our online platform, purchase our floral products or services, attend our workshops, or engage with us in any other way. We operate in accordance with the UK General Data Protection Regulation (UK GDPR) and other applicable data protection laws.

1. Information We Collect

We collect various types of information in connection with the services we provide, which include bespoke floral arrangements, event floristry, wedding flowers, corporate floral services, flower subscriptions, plant sales, and gardening workshops.

• Personal Identification Information: This includes your name, billing address, shipping address, email address, phone number, and payment information (e.g., credit/debit card details, processed securely by third-party payment gateways). We collect this when you make a purchase, subscribe to our services, or register for an account.
• Recipient Information: If you send flowers or gifts to others, we collect their name, address, and contact details to facilitate delivery. We assume you have obtained their consent to provide their personal information to us.
• Order and Transaction Details: Information related to your purchases, subscriptions, workshop bookings, and arrangements made through our platform.
• Communication Information: Records of your correspondence with us via email or other communication channels, including feedback and inquiries.
• Technical Data: When you visit our online platform, we automatically collect data about your device, browsing actions, and patterns. This includes IP address, browser type and version, time zone setting, operating system and platform, and other technology on the devices you use to access our site.
• Usage Data: Information about how you use our website, products, and services.

2. How We Use Your Information

We use your personal data for various purposes, based on different legal bases:

• To Provide Services and Fulfil Orders: To process and deliver your floral arrangements, plants, complete flower subscriptions, manage event and wedding floristry, handle corporate floral services, and facilitate workshop bookings. This is necessary for the performance of a contract with you.
• To Process Payments: To securely process transactions for your purchases. This is necessary for the performance of a contract.
• To Communicate With You: To respond to your inquiries, provide customer support, send order confirmations, delivery updates, and important service announcements. This is necessary for the performance of a contract or our legitimate interests.
• For Marketing and Promotional Purposes: With your consent, to send you newsletters, special offers, and information about new products, services, or workshops that may be of interest to you. You can opt out at any time.
• To Improve Our Website and Services: To understand how our services are used, conduct data analysis, research, and for statistical purposes, helping us to enhance user experience, product offerings, and website functionality. This is based on our legitimate interests.
• For Security and Fraud Prevention: To protect our online platform, customers, and business from fraudulent activities and to ensure the security of our systems. This is based on our legitimate interests and legal obligations.
• To Comply with Legal Obligations: To meet any applicable legal or regulatory requirements.

3. Disclosure of Your Information

We may share your personal data with the following categories of third parties:

• Service Providers: Third-party companies that perform services on our behalf, such as payment processing, delivery services, website hosting, data analysis, email delivery, and marketing assistance. These service providers are obligated to protect your information and may only use it for the purposes for which it was provided.
• Legal and Regulatory Bodies: When required by law, court order, or governmental authority, or to protect our rights, property, or safety, and the rights, property, or safety of others.
• Business Transfers: In the event of a merger, acquisition, or sale of all or a portion of our assets, your personal data may be transferred as part of that transaction.

We do not sell, rent, or trade your personal data to third parties for their marketing purposes.

4. International Data Transfers

Some of our third-party service providers may be located outside the United Kingdom or the European Economic Area (EEA). Whenever we transfer your personal data out of the UK/EEA, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:

• Transferring to countries deemed to provide an adequate level of protection for personal data by the UK or European Commission.
• Using specific contracts approved by the UK Information Commissioner's Office (ICO) or the European Commission, which give personal data the same protection it has in the UK/EEA.

5. Data Security

We have implemented appropriate technical and organisational security measures to protect your personal data from accidental loss, unauthorised access, use, alteration, or disclosure. These measures include data encryption, firewalls, and secure server environments. While we strive to protect your personal data, no method of transmission over the internet or electronic storage is 100% secure.

6. Data Retention

We will retain your personal data only for as long as necessary to fulfil the purposes for which we collected it, including for the purposes of satisfying any legal, accounting, or reporting requirements. To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.

7. Your Rights

Under UK GDPR, you have the following rights concerning your personal data:

• The right to be informed: About how your personal data is collected and used.
• The right of access: To request a copy of the information we hold about you.
• The right to rectification: To correct inaccurate or incomplete personal data.
• The right to erasure ("the right to be forgotten"): To request the deletion of your personal data in certain circumstances.
• The right to restrict processing: To request that we limit the way we use your personal data.
• The right to data portability: To request your personal data in a structured, commonly used, and machine-readable format.
• The right to object: To the processing of your personal data for direct marketing purposes or where our processing is based on legitimate interests.
• Rights in relation to automated decision making and profiling: To not be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you.

To exercise any of these rights, please contact us using the details provided below. We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights).

8. Third-Party Links

Our online platform may contain links to third-party websites, plug-ins, and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our website, we encourage you to read the privacy notice of every website you visit.

9. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or for other operational, legal, or regulatory reasons. We will notify you of any significant changes by posting the new Privacy Policy on our website and updating the "last updated" date. We encourage you to review this Privacy Policy periodically.

10. Contact Us

If you have any questions or concerns about this Privacy Policy or our data practices, please contact us at:

Wren Bloom
14 Kingfisher Mews,
Suite 3A,
Bristol, BS1 4AN,
UK

You also have the right to make a complaint at any time to the Information Commissioner's Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk). We would, however, appreciate the chance to deal with your concerns before you approach the ICO, so please contact us in the first instance.