Privacy Policy

Windmills Florist wants to assure you that your privacy is very important to us and that we take the confidentiality and security of your personal data very seriously. The following Privacy Policy (together with our Terms and Conditions) sets out the basis on which any personal data we collect from you, or that you provide to us, will be processed. We will only use the information that we collect about you lawfully (in accordance with the Data Protection Act 2018 and the General Data Protection Regulation (GDPR) (EU) 2016/679 which is a regulation in EU law on data protection and privacy for all individuals within the European Union. Please view information on the Data Protection Act 2018 and GDPR EU 2016/679 on the above links.

WHO WE ARE
We are Windmills Florist Woodbridge, Suffolk (VAT No: 815753617) who provide flowers, arrangements and gifts, including a local delivery service. These can be ordered directly from our shop at 3A Cumberland Street, Woodbridge, Suffolk, IP12 4AH or online from our website at www.windmillsflorist.co.uk. Contact us either by direct mail at the above address, by email on info@windmillsflorist.co.uk or by telephone on 01394 384109.

WHAT PERSONAL DATA WE COLLECT
We collect information about you during the checkout process on our store and while you visit our site, we’ll track:

  • Products you’ve viewed: we’ll use this to, for example, show you products you’ve recently viewed
  • Location, IP address and browser type: we’ll use this for purposes like estimating taxes and shipping
  • Shipping address: we’ll ask you to enter this so we can, for instance, estimate shipping before you place an order, and send you the order!

We’ll also use cookies to keep track of cart contents while you’re browsing our site – Please see our COOKIE POLICY below.

When you purchase from us, may ask you to provide information including:

  • Your name
  • Billing address
  • Shipping address
  • Email address
  • Phone number
  • Credit card/payment details

If you create a user account on our website you may also provide information (such as username and password) and we may use this information for purposes such as, to:

  • Send you information about your account and order
  • Respond to your requests, including refunds and complaints
  • Process payments and prevent fraud
  • Set up your account for our store
  • Comply with any legal obligations we have, such as calculating taxes
  • Improve our store offerings
  • Send you marketing messages (if you choose to receive them)

PLEASE NOTE: If you create an account, we will store your name, address, email and phone number, which will be used to populate the checkout for future orders. We advise that you keep your password private and avoid using the same password for other online accounts. We recommend regularly changing your password, which you can do within your account.

PROTECTION OF PERSONAL DATA
Windmills Florist takes all measures reasonably necessary to protect against the unauthorised access, use, alteration or destruction of your personal information. We are committed to protecting and respecting your privacy rights, and to ensuring that your personal data is safe and secure. We only disclose personal information when required to do so by law, or when we believe in good faith that disclosure is reasonably necessary to protect the property or rights of Windmills Florist, third parties or the public at large.

PAYMENTS
We accept payments through PayPal and other third party payment processors. When processing payments, some of your data will be passed to these, including information required to process or support the payment, such as the purchase total and billing information. Please see the PAYPAL PRIVACY POLICY for more details.

WHO HAS ACCESS TO YOUR PERSONAL DATA
Members of our team have access to the information you provide us – for example website administrators, shop managers and staff can access:

  • Order information such as what was purchased, when it was purchased and where it should be sent
  • Customer information like your name, email address and billing/shipping information.
  • Our team members only have access to this information to help fulfil orders, process refunds and support you throughout the process.

HOW LONG DO WE STORE YOUR PERSONAL DATA
We generally store information about you for as long as we need the information for the purposes for which we collect and use it, and we are not legally required to continue to keep it. For example, we will store order information for 7 years for tax and accounting purposes which includes your name, email address and billing and shipping addresses.

For users that register on our website we also store the personal information they provide in their user profile. All users can see, edit, or delete their personal information at any time (except they cannot change their username). Website administrators can also see and edit that information. In order to update your personal data, please contact us or visit your ‘My Account’ if you have subscribed to our website.

RIGHTS OVER YOUR PERSONAL DATA
We fully respect that your personal data is owned by you and that you have certain rights in that respect. Our aim is to respect your rights but please understand that we may have certain obligations to maintain personal data records despite your requests to exercise your rights, such as for legal and accounting purposes.

You may opt out of marketing communications or change your preferences with respect to marketing communications by unsubscribing from emails using the unsubscribe link found in all marketing emails.

COOKIE POLICY
A cookie is a string of information that a website stores on a visitor’s computer, and that the visitor’s browser provides to the website each time the visitor returns. Windmills Florist uses cookies to help identify and track visitors, their usage of the website, and their website access preferences. You are not required to accept cookies in order to make a purchase. For example, you may place an order by telephone to our shop in Woodbridge on 01394 384109. However, by making a purchase through our website, you agree to our Cookie Policy.

For those who do not wish to have cookies placed on their computers, they may opt out when visiting the website for the first time or set their browsers to refuse cookies before using the website. Certain features of the website may not function properly without the aid of cookies so, if you choose to disable or decline them, your use of the website may be limited or not possible.

User Accounts
If you have an account and you log in to this site, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser. When you log in, we will also set up several cookies to save your login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If you select “Remember Me”, your login will persist for two weeks. If you log out of your account, the login cookies will be removed.

PERSONAL DATA BREACH
A personal data breach means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data. This includes breaches that are the result of both accidental and deliberate causes. It also means that a breach is more than just about losing personal data. Personal data breaches can include:

  • Access by an unauthorised third party
  • Deliberate or accidental action (or inaction) by a controller or processor
  • Sending personal data to an incorrect recipient
  • Computing devices containing personal data being lost or stolen
  • Alteration of personal data without permission
  • Loss of availability of personal data

RESPONDING TO A PERSONAL DATA BREACH
If a personal data breach occurs, we need to establish the likelihood and severity of the resulting risk to people’s rights and freedoms. If it’s likely that there will be a risk then we must notify the ICO but if it’s unlikely then we don’t have to report it. However, if we decide not to report the personal data breach, we must justify this decision and document it.

We must report a notifiable breach to the ICO without undue delay, but not later than 72 hours after becoming aware of it and must give the reasons for any delay. For more information please see the ICO pages on reporting a personal data breach here: REPORTING A DATA BREACH

PRIVACY POLICY UPDATES
We may amend this privacy policy from time to time and if we make any substantial changes we will notify you by email or an announcement on this website. We aim to keep this privacy policy up to date and we recommend that you review it periodically – at the very least we recommend reviewing this policy (including our terms and conditions) with each new purchase.