Wildflower Favours Ltd is committed to respecting and protecting the privacy of anyone using our site and the confidentiality of any information that you provide us with. We are compliant with applicable data protection legislation and can also demonstrate PCI compliance.
The purpose of this privacy notice is to set out how we collect and process any personal data that we may obtain from you and inform you of your legal rights in relation to your personal data.
It is important that you read this privacy notice so that you are fully aware of how and why we use your personal data.
What Personal Data we collect
We collect the following information when you register with or order from us:
Our website also collects IP addresses.
Please see “How we use your Personal Data” below for the purposes for why we collect this data, and the lawful bases for that processing.
If you fail to provide the personal data that we request, whether it is required under the terms of a contract that we have with you or it is required to be collected by law, we may not be able to perform the contract we have entered or are trying to enter into with you. This includes a contract to provide you with the goods that you have ordered. In this situation, we may have to cancel a good that you have ordered but we will notify you at the time if this is the case.
It is important that the personal data we hold about you is accurate and kept up to date. Please keep us informed if your personal data changes during your relationship with us.
We do not collect any special categories of personal data about you. This includes details about your race or ethnicity, religious or philosophical beliefs, sexual orientation, sex life, political opinions, trade union membership, information about your health and genetic and biometric data. We also do not collect any information about criminal offences or convictions.
Our website is not intended for children and we do not knowingly collect the personal data of children.
Wildflower Favours Limited is the controller and is responsible for your personal data (collectively referred to as “we”, “us” or “our” in this privacy notice).
For any questions that you may have in relation to this privacy notice, your legal rights or how to exercise those legal rights, please contact the following:
Name: Teresa Sinclair
Email address: firstname.lastname@example.org
Telephone number: 01227 733 487
Postal address: Eggarton Cottages, Eggarton Lane, Godmersham, Kent, CT4 7DY
The UK’s supervisory authority for data protection is the Information Commissioner’s Office (ICO) and you have a right to make a complaint to them at any time about data protection issues. We would, however, appreciate the chance to deal with your concerns before you approach the ICO and kindly ask that you contact us in the first instance.
How we collect your Personal Data
We use different methods to collect data from and about you including through:
- Direct interactions – You may give us your personal data by filling in website forms or by corresponding with us by post, phone, email or otherwise. This includes personal data you provide when you:
- apply for our products;
- create an account on our website;
- subscribe to our service or publications;
- request marketing to be sent to you; or
- give us some feedback.
- Automated technologies or interactions – As you interact with our website, we may automatically collect Technical Data about your equipment, browsing actions and patterns. We collect this personal data by using cookies, and other similar technologies. Please contact us at email@example.com for further details.
- Third parties or publicly available sources – We may receive personal data about you from various third parties as set out below:
- Technical Data from the following parties:
- analytics providers such as Google based outside the EU;
- advertising networks such as Google AdWords based outside the EU; and
- search information providers such as Internet Explorer, Bing, Google and Safari based outside the EU.
How we use your Personal Data
We will only use your personal data when allowed to by the law. The most common circumstances in which we will use your data is as follows:
- Where we need to perform the contract we are about to enter into or have entered into with you.
- Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests.
- Where we need to comply with a legal or regulatory obligation.
These are the lawful bases on which we will process your personal data. How these lawful bases are applied to our relationship can be found in the following table:
|Purpose/Activity||Lawful basis for processing including basis of legitimate interest|
|To register you as a new customer|
|Performance of a contract with you|
|To process and deliver your order including:|
(a) Manage payments, fees and charges
(b) Collect and recover money owed to us
(c) delivering your order via third party couriers
|(a) Performance of a contract with you|
(b) Necessary for our legitimate interests (to recover debts due to us)
|To manage our relationship with you which will include:|
|(a) Performance of a contract with you|
(b) Necessary to comply with a legal obligation
|To administer and protect our business and this website (including troubleshooting, testing, system maintenance, support, reporting and hosting of data)||(a) Necessary for our legitimate interests (for running our business, provision of administration and IT services, network security, to prevent fraud|
(b) Necessary to comply with a legal obligation
|To use data analytics to improve our website, products, customer relationships and experiences||Necessary for our legitimate interests (to define types of customers for our products, to keep our website updated and relevant, to develop our business and to inform our marketing strategy)|
If the recipient of your order is someone other than yourself, their information will also be gathered and retained to enable us to fulfil your order.
If we need to use your personal data for a purpose unrelated to those in the above table, we will notify you and will explain the legal basis which allows us to do so.
Integration of the Trusted Shops Trustbadge
We have integrated the Trusted Shops Trustbadge on this website in order to display the reviews collected using the Trusted Shops system.
This serves the protection of our legitimate interests in the optimal marketing of our offer according to art. 6 (1) 1 lit f GDPR that are overriding in the process of balancing of interests. The Trustbadge and the advertised trust badge services are offered by Trusted Shops GmbH, Subbelrather Str. 15C, 50823 Cologne, Germany.
With every use of the Trustbadge, the web server automatically saves a so-called server log file which contains e.g. your IP address, the date and time of the request, the volume of data transferred and the requesting provider (access data), and documents the request. Those access data are not analysed and are automatically overwritten no later than seven days after the end of your website visit.
Other personal data are transferred to Trusted Shops only if you decide to use or have already registered to use Trusted Shops products after placing an order. In such a case, the contract concluded between you and Trusted Shops applies.
What do we do with the information
The information we collect is needed in order for us to process your order and contact you with any issues regarding it. This includes information collected via telephone (such as when you place an order), orders placed online and enquiries sent via our online contact form or email. It also pertains to providing quotes and sending invoices and answering enquiries.
We never sell your information to third parties.
We do not transfer your personal data outside of the European Economic Area.
We do not send out newsletters or marketing information, therefore we will only contact you with matters relating to your order.
We may have to share your personal data with the third parties set out below for the purposes set out in the table above:
- Manufacturers/suppliers of certain goods ordered from us, particularly if a large order is placed and/or the goods are to be delivered directly to you.
- Couriers in order to deliver the goods ordered to you if required.
- Service providers acting as processors based in the United Kingdom who provide IT and system administration services.
- Professional advisers including lawyers, bankers, auditors and insurers based in the United Kingdom.
- HM Revenue & Customers, regulators and other authorities based in the United Kingdom who require reporting of processing activities in certain circumstances.
Third Party Web Links
This website may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our website, we encourage you to read the privacy notice of every website you visit.
For further information on these third party web links, please contact us at firstname.lastname@example.org.
We have appropriate organisational and technical security measures in place to prevent your personal data from being accidentally lost, used, altered, disclosed or accessed in an unauthorised way. We also limit access to your personal data to those who have a business need to know, such as our employees. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.
We also have procedures in place to deal with any suspected personal data breach and will notify you and the ICO where we are legally required to do so.
We are legally bound to have procedures in place to ensure the security of your financial details. We are assessed quarterly by Securitymetrics to ensure we are still PCI compliant and we have a system in place whereby our computer is scanned monthly for any vulnerabilities.
Our website is compliant with SSL technology and 128-bit encryption.
Payments made online are processed via Paypal (if you opt for that payment method) or WorldPay (if you pay by card), using secure encryption. Paypal and Worldpay are our payment processors. When you are ready to make your order payment you will be transferred to Worldpay or Paypal to provide the financial information. We do not see or have access to any of this information. We do not control these third-parties and are not responsible for their privacy statements. When you leave our website, we encourage you to read the privacy notice of every website you visit.
If you make a payment over the phone, we will log in to Worldpay and enter all your personal details and financial information directly on their secure website. We will not keep any of your payment information and will only keep your personal data which is necessary for us to fulfil your order.
Payment details on your bank statement will show as Wildflower Favours Ltd.
How long we use your Personal Data
We only retain your personal data for as long as is necessary for us to fulfil the purposes for which we collected that data. This includes satisfying any legal, accounting, regulatory or reporting requirements.
By law we have to keep basic information about our customers for six years after they cease being our customers for tax purposes or to assist with responding to a legal claim made against us.
In certain circumstances you can ask us to delete your personal data. For further information on this right, and your other legal rights in relation to your personal data, please see “Your Legal Rights” below.
Your Legal Rights
Right of Access
You have the right to have a copy of all the information we have on you. This is otherwise known as a data subject access request. Please email email@example.com to request this and we will try to respond within 30 days. Please note that we may extend this deadline by up to a further two months if your request is complex or is one of a number of requests received by you. In such circumstances we will explain why the extension is necessary.
Please note that we will not charge you a fee to exercise this right (or any of the other legal rights), except where your request is clearly unfounded, repetitive or excessive. In such situations we would either charge a reasonable fee or refuse to comply with your request.
If you make a subject access request, we may need to request specific information from you to help us confirm your identity. We may also contact you to ask for further information in relation to your request to help speed up our response.
Right to Rectification
If you believe any information we hold about you is incorrect or incomplete, you have the right to have this corrected. Please email firstname.lastname@example.org as soon as possible to advise of the error and we will take steps to make amendments. Please note that we may need to verify the accuracy of the new data that you provide to us.
Right of Erasure
Under Article 17 of the GDPR individuals have the right to have personal data erased in certain circumstances. This is also known as the ‘right to be forgotten’. For further information on how to exercise your right to be forgotten, please email us at email@example.com. This right does not extend to legal information we are obliged to hold for tax and other purposes.
Right to Object to Processing
Where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing as you feel it impacts on your fundamental rights and freedoms, you can do so. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedoms.
Right to Request Restriction of Processing
This enables you to ask us to suspend the processing of your personal data in the following scenarios: (a) if you want us to establish the data’s accuracy; (b) where our use of the data is unlawful but you do not want us to erase it; (c) where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims; or (d) you have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it.
Right to Data Portability
This right enables you to transfer your personal data either to you or a third party. If requested, we will provide to you, or a third party you have chosen, your personal data in a structured, commonly used, machine-readable format. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.
Cookies are small text files placed on your computer hard drive by websites that you visit. They save and retrieve pieces of information about your visit – for example, how you entered the site, how you navigated through it and what information was of interest to you. Cookies also keep track of the contents of your shopping cart. This means that when you revisit a website it can give you tailored options based on the information it stored about your last visit. This information is in an anonymous form.
For more information about the cookies we use, please contact us on firstname.lastname@example.org.