Personal data is all information about your identity, for example your name, your e-mail address, your postal address. However, communication data such as telephone and fax numbers and even the IP address of the end device through which you have accessed this website are also considered personal data.
Flowers Same Day
55A Brook Street, Carlisle, Cumbria
Phone: 01228 524220
Every time you use the internet, you leave behind traces in the form of personal data, whereby a distinction must be made between two ways in which this data is transmitted. On the one hand, due to the technology used when using the internet, personal data is automatically transmitted as protocol data, such as the IP address. However, a clear personal reference can only be established with disproportionate effort.
The other way of data transmission is the voluntary transfer of personal data by you as a user. For example, if you request information from us via the Internet, we need at least your valid e-mail address to answer. If you want us to send you something by post, you will have to provide us with your name and postal address. We will delete the data collected in this context after it is no longer necessary to store it or restrict its processing if there are legal obligations to retain it.
In the context of the services offered via the website, we collect personal data. When collecting data, the input fields which we need to provide a service are usually marked as required. If you provide us with additional data, this is done voluntarily.
All personal data provided will be stored, processed, and used in accordance with the laws on data protection and data security applicable in the UK, as well as on the basis of other legal requirements and regulations.
In addition to the purely informative use of our website, we offer various services that you can use if you are interested. For this purpose, you would generally have to provide further personal data, which we use to provide the respective service and for which the data processing principles listed here apply.
In order to answer your enquiries, process your order or provide you with access to special information or offers, it may be necessary to transfer data within Flowers Same Day. All data transfers are carried out in compliance with the relevant legal regulations.
In order to carry out some business processes, Flowers Same Day also uses external service providers within the framework of commissioned data processing, for example forwarding companies, IT service providers for hosting our web sites, call centres for handling complaints within the framework of contract processing or for file and paper destruction. When selecting and commissioning external service providers, Flowers Same Day takes strict care to ensure that the data protection requirements are met and that the requirements, instructions, and guidelines of Flowers Same Day to which the service providers are bound are strictly adhered to. Furthermore, we may pass on your personal data to third parties if we offer promotions, competitions, contracts, or similar services together with partners. You will receive more detailed information when you provide your personal data.
All employees working for us are obliged to maintain data secrecy and confidentiality. Your personal data will not be passed on to third parties outside of Flowers Same Day. It goes without saying that we will not pass on, sell or otherwise market extracts of your personal data.
With your consent, we will also use the personal data you provide to us (e.g., surname, first name, address, e-mail address) for marketing purposes or for market and opinion research.
If you have given such consent to the processing of your data, you can revoke this consent at any time. Such a revocation does not affect the lawfulness of the processing of your personal data carried out on the basis of the consent until the revocation.
It is technically impossible to prevent the temporary storage of the IP address or the domain name or the name of the Internet service provider of the computers accessing our Internet pages.
In the case of merely informative use of the website, i.e., if you do not register or otherwise transmit information to us, we only collect the personal data that your browser transmits to our server. If you wish to view our website, we collect the following data, which is technically necessary for us to display our website to you and to ensure its stability and security:
This information is not personalised but is evaluated automatically. These statistical evaluations provide Flowers Same Day with information about usage and acceptance. This information is used to improve the attractiveness, content, and functionality of the web sites..
In addition to the data mentioned above, cookies are stored on your computer when you use our website. Cookies are small files that are stored on the hard disk of your end device and in which information is stored that is directly related to a visited website. For this purpose, the web server on which the website you are visiting is stored sends a request to the internet browser on your end device to save information temporarily or permanently as a file (cookie). The web server itself, the external PC, has no direct access to your hard disk, it can neither read data from your hard disk nor write data to it. Cookies do not pose any danger to your end device.
If you wish to place an order in our web shop, it is necessary for the conclusion of the contract that you provide your personal data, which we require for the processing of your order. Mandatory data required for the processing of contracts are marked separately, other data are voluntary. We process the data you provide to process your order. For this purpose, we may pass on your payment data to our house bank. The legal basis for this is Art. 6 para. 1 p. 1 lit. b GDPR.
If you create a customer account, your data will be stored revocably as a service for future purchases. The legal basis for this is Art. 6 para. 1 lit. b GDPR. You can always delete all other data, including your user account, in the customer area. Your data will only be stored for as long as you have an account in our web shop. However, due to commercial and tax law requirements, we are obliged to store your address, payment, and order data for a period of six years. After deleting your account, your data will therefore only be used to comply with legal obligations.
We may also process the data you provide to inform you about other interesting products from our portfolio or to send you e-mails with technical information. The legal basis is Art. 6 para. 1 sentence 1 lit. f) GDPR. Our legitimate interest in collecting data follows from the fact that we need the data for the purpose of optimising our offers.
To prevent unauthorised access by third parties to your personal data, in particular financial data, the order process is encrypted using TLS technology.
If you contact us and send us general enquiries or place an order on the phone, the contact details you provide, will be stored, and used by us to fulfil the purpose associated with the transmission, e.g., to process your enquiry or in the event of follow-up questions.
The basis for this storage and use of your personal data is your consent, which you give us separately before sending your request. Insofar as you provide us with your personal data for the purpose of responding to your questions. Without this information, we cannot process your request.
You have the right to revoke your consent to the data processing described above at any time with effect for the future. In this case, we will no longer process your data. Your personal data will be deleted even without your revocation in any case if we have processed your request or if the storage is inadmissible for other legal reasons.
Payment data is collected during the ordering process. For orders on our site, you have the possibility to choose between different payment methods PayPal or Credit Card. For each of the payment methods, our payment processor (PayPal or Trust Payments, as applicable) stores personal data on behalf of Flowers Same Day. The legal basis for the data processing is Art. 6 para. 1 b) GDPR, as the processing of the data is necessary for the performance of the contract.
On this website, anonymised data is collected and stored using technologies provided by Zendesk, for the purpose of web analytics and to operate the live chat system used to respond to live support requests. Usage profiles can be created from this anonymised data under a pseudonym. Insofar as the information collected in this way has a personal reference, the processing is carried out in accordance with our legitimate interest in effective customer service and the statistical analysis of user behaviour for optimisation purposes.
The duration of the storage of your personal data can generally be found in the respective bullet point in this Policy. In addition, we would like to point out that your personal data in the context of your application (cover letter, curriculum vitae, references) will be stored until you terminate your contract or revoke your consent in order to provide you with further job opportunities or projects.
If you are a customer of ours, mandatory legal requirements, in particular archiving obligations, may result in a duty to retain data that goes beyond the respective contractual relationship and the processing of the contract. For example, due to existing commercial and tax law requirements, we are obliged to retain or store certain of your data for a period of up to ten years. In these cases, we will block your personal data so that it can only be used for archiving purposes.
Unless otherwise stated above, we do not disclose personal data to companies, organisations, or persons outside our company, except in one of the following circumstances:
a) data sharing with affiliated companies in the context of joint data maintenance.
Flowers Same Day stores and processes your data collected from you in the course of using our website services (candidate application; customer enquiry; the contact form) and visiting our website in a IT system that can only be accessed by Flowers Same Day Employees based on a strict need to know basis.
b) With your consent
As far as already described in detail above, but in individual cases also beyond that, we pass on personal data to companies, organisations, or persons outside our company if we have received your consent for this (Art. 6 para. 1 sentence 1 lit. a, if applicable in conjunction with Art. 9 para. 2 lit. a GDPR).
c) processing by other bodies
d) for legal reasons
We will disclose personal data to companies, organisations or persons outside our company if we can reasonably assume that access to this data or its use, storage or disclosure is necessary, in particular, to comply with applicable laws, regulations or legal procedures or to comply with an enforceable official order; the legal basis in this respect is Art. 6 para. 1 sentence 1 lit. c, if applicable, in conjunction with Art. 9 para. 2 lit. c, if applicable. Art. 9 para. 2 lit. b GDPR.
Flowers Same Day has a company profile on the rating portal Trustpilot. In order to constantly improve our service and, in individual cases, to be able to offer a solution to the customer's concern, it is possible to rate Flowers Same Day via the portal without us being able to influence this in any way or explicitly inviting the customers to do so.
The Flowers Same Day website provides a link to the Flowers Same Day company profile, which can be used to rate Flowers Same Day.
In order to submit a rating or record customer feedback, it is necessary to create/open a user profile on Trustpilot. In addition to Flowers Same Day, ratings can then also be entered for any company on the Trustpilot rating portal.
If a rating is submitted on the Flowers Same Day company profile on Trustpilot, a user profile is automatically created on Trustpilot after the personal data (name and email address for verification) has been entered. This is accompanied by agreement to the data protection provisions and terms and conditions of Trustpilot.
You have the following rights regarding the use of your data. You can assert these rights against us as the responsible party. You are welcome to contact our data protection officer directly.
a) Right to information
You have the right to receive information from us at any time and free of charge about the personal data stored about you and a copy of this information. Furthermore, you have the right to obtain the following information:
Furthermore, you have the right to be informed whether personal data has been transferred to a third country or to an international organisation. If this is the case, you also have the right to obtain information about the appropriate safeguards in connection with the transfer.
If you would like to make use of this right to information, you can contact our data protection officer or another member of our staff at any time.
Your right to information is essentially based on Article 15 of the GDPR.
b) Right to rectification of incorrect and completion of incomplete data
You have the right to demand the immediate correction of incorrect personal data concerning you. Furthermore, you have the right to request the completion of incomplete personal data - also by means of a supplementary declaration - taking into account the purposes of the processing.
If you wish to exercise this right of rectification, you can contact our data protection officer or another member of our staff at any time.
Your right to correct incorrect data and supplement incomplete data is based on Art. 16 of the GDPR.
Your right to information is essentially based on Art. 15 GDPR.
c) Right to data deletion (right to be forgotten)
You have the right to request that we erase the personal data concerning you without delay, provided that one of the following reasons applies and to the extent that the processing is not necessary:
The personal data was collected or otherwise processed for such purposes for which you are no longer necessary.
You withdraw your consent on which the processing was based pursuant to Art. 6(1)(a) GDPR or Art. 9(2)(a) GDPR and there is no other legal basis for the processing.
You object to the processing pursuant to Article 21(1) GDPR and there are no overriding legitimate grounds for the processing, or you object to the processing pursuant to Article 21(2) GDPR.
The personal data has been processed unlawfully. We are obliged to erase your personal data in order to comply with a legal obligation. The personal data was collected in relation to information society services offered pursuant to Article 8(1) of the GDPR.
If one of the above reasons applies and you wish to arrange for the deletion of personal data stored by us, you can contact our data protection officer or another member of our staff at any time. Our staff will ensure that the request for deletion is complied with immediately.
Your right to data deletion is based on Art. 17 of the GDPR.
d) Right to restriction of processing
You have the right to demand that we restrict processing if one of the following conditions is met:
The accuracy of the personal data is disputed by you for a period of time that enables us to verify the accuracy of the personal data.
The processing is unlawful, and you refuse to erase the personal data and instead request the restriction of the use of the personal data.
We no longer need the personal data for the purposes of processing, but you need it to assert, exercise or defend legal claims.
You have objected to the processing pursuant to Article 21 (1) of the GDPR and it is not yet clear whether the legitimate reasons of our company outweigh your rights.
If one of the above-mentioned conditions is met and you would like to request the restriction of personal data stored by us, you can contact our data protection officer or another member of our staff at any time. Our data protection officer or another employee will arrange the restriction of the processing.
Your right to restriction of processing is based on Article 18 of the GDPR.
e) Right to data portability
You have the right to receive the personal data concerning you, which has been provided to us by you, in a structured, common and machine-readable format. This includes the right to transfer this data to another controller without hindrance from us, provided that (i) the processing is based on consent pursuant to Article 6(1)(a) of the GDPR or Article 9(2)(a) of the GDPR or on a contract pursuant to Article 6(1)(b) of the GDPR and (ii) the processing is carried out by automated means, unless the processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in us.
Furthermore, when exercising your right to data portability, you have the right to obtain that the personal data be transferred directly from one controller to another controller, insofar as this is technically feasible and insofar as this does not adversely affect the rights and freedoms of other individuals (Article 20(1) of the GDPR).
Your right to data portability in this respect is based on Art. 20 GDPR.
f) Right to object
You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you which is carried out on the basis of Article 6(1)(e) or (f) of the GDPR. This also applies to profiling based on these provisions.
We shall no longer process the personal data in the event of the objection, unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves the assertion, exercise, or defence of legal claims.
If we process personal data for the purpose of direct marketing, you have the right to object at any time to the processing of personal data for the purpose of such marketing. This also applies to profiling, insofar as it is connected with such direct advertising. If you object to us processing for the purposes of direct advertising, we will no longer process the personal data for these purposes.
In addition, you have the right to object on grounds relating to your particular situation to the processing of personal data concerning you which is carried out by us for scientific or historical research purposes or for statistical purposes pursuant to Article 89(1) of the GDPR, unless such processing is necessary for the performance of a task carried out in the public interest.
To exercise your right to object, you can contact our data protection officer or another member of our staff directly. You are also free to exercise your right to object in connection with the use of information society services, notwithstanding Directive 2002/58/EC, by means of automated procedures using technical specifications.
Your right to object is based on Article 21 of the GDPR.
g) Automated decisions in individual cases including profilingYou have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you, unless the decision is necessary for the conclusion or performance of a contract between you and us, or is permitted by Union or Member State law to which we are subject, and that law contains adequate measures to safeguard your rights and freedoms and legitimate interests, or is made with your explicit consent.
Where the decision is necessary for the conclusion or performance of a contract between you and us, or is made with your explicit consent, we will take reasonable steps to safeguard your rights and freedoms and legitimate interests, including at least the right to obtain the intervention of a person from our company, to express your point of view and to contest the decision.
If you wish to exercise rights relating to automated decisions, you can contact our staff at any time.
These rights are based on Article 22 of the GDPR.
h) Right to withdraw consent under data protection law
You have the right to withdraw your consent to the processing of personal data in whole or in part at any time.
The revocation of consent does not affect the lawfulness of the processing carried out on the basis of the consent until the revocation.
Your right to revoke consent granted under data protection law is based on Article 7 (3) of the GDPR.
i) Right to complain to the supervisory authority
You have the right to lodge a complaint with the supervisory authority. This right is based on Art. 56 (2) GDPR.
Our web site uses Google Analytics to design and improve the web site according to your needs. Google Analytics uses so-called cookies, which are stored on your terminal device, and which enable an analysis of your use of the website. The information generated by the cookie is usually transferred to a Google server in the USA and stored there. We use the extension of IP anonymisation (so-called IP masking) on this website, i.e., your IP address is shortened beforehand by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there.
On behalf of the operator of this website, Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity, and providing other services relating to website activity and internet usage to the website operator.
The legal basis for the data processing is Art. 6 para. 1 lit. f) GDPR.
Google's services also include reports on the effectiveness of our advertising measures (including across devices), on the demographics and interests of our users, as well as functions for the cross-device delivery of online advertising if you are the owner of a Google account and have consented to the personalisation of advertising ("Ads Personalisation"). In this case, the legal basis for data processing is your consent to Google (Art. 6 para. 1 lit. a) GDPR).
You can object to the collection or analysis of your data by Google Analytics by downloading and installing the browser plugin available at the following link: https://tools.google.com/dlpage/gaoptout.
The data sent by us and linked to cookies, user IDs (e.g., user ID) or advertising IDs are automatically deleted after 14 months.
We use Google Tag Manager, a web analytics service provided by Google, Inc. ("Google"). This service allows website tags to be managed via an interface. The Google Tag Manager only implements tags. No cookies are set, and no personal data is collected. The Google Tag Manager triggers other tags that may collect data. The Google Tag Manager does not access this data.
If a deactivation has been made at domain or cookie level, it remains in place for all tracking tags, insofar as these are implemented with the Google Tag Manager. More information on the Google Tag Manager can be found at the following link: http://www.google.com/tagmanager/use-policy.html
This service transmits data to the USA. The transmission takes place exclusively on the basis of your consent in accordance with Art. 49 Para. 1 lit. a GDPR. You give your consent by selecting the appropriate option in the consent management tool, which is displayed when you access our site. You can view and adjust your data protection settings here at any time.
Flowers Same Day takes technical and organisational measures to protect your personal data against accidental or intentional manipulation, falsification, loss, destruction, or access by unauthorised persons. These measures are continuously adapted, improved, or extended in line with technological developments. Access to your personal data is limited to the employees required to fulfil the purpose.
Our staff is available to answer questions regarding the processing of your personal data, requests for information, suggestions, for exercising your rights and for complaints. If you have any questions or suggestions on the subject of data protection, please send an email directly to us.