This document was last updated on May 23, 2018 in line with new legislation relating to the General Data Protection Regulation, which governs data privacy and its uses within the EU and the EEA.
Orchidya is committed to ensuring that your privacy is protected. We treat it with the highest standards of security and confidentiality and our policy is not to disclose customer information to any third parties for their own marketing purposes. This privacy information has been prepared in accordance with the Data Protection Act (1998) and the General Data Protection Regulation (GDPR, 2018).
WHO WE ARE
Any information you share with Orchidya is controlled by us J S Francis co Ltd, trading as Orchidya, 42 Store Street, Bloomsbury, WC1E 7DB.
Orchidya operates an online flower ordering service which we make available via our website located at www.orchidya.com (the “Service”).
We do not sell, trade or share the personal information we collect from your use of this website.
We collect only information about you that is commensurate with providing our services to you. Your use of this website gives us the right to collect that information.
ESSENTIAL INFORMATION WE COLLECT
We may collect any information that you give us. This can include your name, address, telephone number, email address, and other information, together with data about your use of the website. Other information that may be needed from time to time to process an order or request may also be collected.
We also collect information that is not of a personal nature. For example each time someone visits our website, we may collect the visitor’s IP (Internet Protocol) address and the address of a referring site.
Your internet browser has the in-built facility for storing small files known as cookies (please see below) that hold information which allows a website to recognise your account. Our website takes advantage of this facility to enhance your experience. You have the ability to prevent your computer from accepting cookies but, if you do, some functionality on the website may be impaired.
WHY WE DO THIS
- remember who you are after you log in so that you do not need to authenticate at each click;
- monitor if our website is running with the high performance we are dedicated to providing;
- let you browse between products without having to start back from the home page each click;
- remember if you put something in your shopping cart before you decide to checkout;
- control that your data is processed securely
Data collected is held in accordance with the Data Protection Act in the UK. All reasonable precautions are taken to prevent unauthorised access to this information. This safeguard may require you to provide additional proof of identity if you want information about your account.
ORDER INFORMATION PROVIDED EXPRESSLY BY YOU
If you buy something from our store, we will need specific information about you. To fully process your order and deliver the flowers or products you selected, we need your personal data such as your first and last name, your email address and your delivery and billing address. We also use your contact details and order information to send you communication related to the processing of your order. We will ask you to provide this information on our “checkout page” before letting you finalise your purchase with the payment.
HOW WE PROCESS YOUR INFORMATION
Through WooCommerce, we use other, highly specialised external providers to provide the most competitive services. For example:
– Payment: Our online store is PCI-DSS compliant (a very strict industry standard with requirements for the security of credit card information), but we also use accredited companies to process your credit card information. Our payment providers are Sagepay and First Data.
– Delivery: We integrate with a number of delivery companies and their software to fulfil your orders and allow order tracking and delivery notifications. The companies we use are Brisqq, occasional cycle couriers and Weengs for deliveries outside of London. The only personal data used is your email for notifications and/or a mobile number for contact purposes should the delivery fail. We are required to provide the recipients name and address in order to fulfil the delivery in our fulfilment of the “service”.
– Mailchimp: Your email addresses are used to send out our newsletters to all our customers. Each mailer includes an option to unsubscribe and stop receiving these emails in future. To do so we use a specialist software called Mailchimp.
DISCLOSURE OF INFORMATION
We will never disclose personal information to third parties except when we need to do so in order to carry out the “service” – i.e. when arranging for a courier company to deliver the goods which you have ordered. We may also use information to keep in contact with you and inform you of new products or services.
You have the right and the ability to remove yourself from any mailing list if at any point.
NOTICE TO YOU
OPT-IN AND OPT-OUT PROVISION
When you first visit our online boutique and should you choose to register with us, you will be given the option to opt-out of subscribing to our regular update service which will send you email alerts for new products, events, special offers, and one-off marketing promotions. Such alerts may include marketing information about orchidya.com.
At any time, you retain the right to unsubscribe from any service, communication or update to which you have previously subscribed, if you change your mind. All emails sent to you from Orchidya will contain an easy automated “unsubscribe” link so that you can opt-out of further promotional emails. Alternatively, please contact Orchidya on the details below in order to directly notify us of your wish to unsubscribe.
You can also correct any factual errors in the information or you can request us to remove your details from any list under our control.
HOW LONG DO WE KEEP YOUR INFORMATION
We keep your data as long as you have an account with us. We also keep data for security investigations. Most importantly, we have specific obligations for fraud detection and tax reasons. Therefore, we might need to retain certain data even if you ask to delete it.
LEGAL OBLIGATIONS WHEN HANDLING YOUR DATA
We might need to share your personal information to comply with relevant legal obligations. We are required to provide sales reports to HMRC in order to pay tax on any sales made online. To do this, we need to store information such as turnover. This is only possible by retaining certain elements of information, however directly personal information can and will be omitted.
YOUR RIGHTS IN RESPECT OF YOUR PERSONAL INFORMATION
This section applies to you if you are located in the EEA.
In accordance with applicable privacy law, you have the following rights in respect of your personal data that we hold:
Right of access. You have the right to obtain:
– confirmation of whether, and where, we are processing your personal information;
– information about the categories of personal information that we are processing, the purposes for which we process your personal information, and information as to how we determine applicable retention periods;
– information about the categories of recipients with whom we may share your personal information; – a copy of the personal information we hold about you.
Right of portability. You have the right, in certain circumstances, to receive a copy of the personal information you have provided to us in a structured, commonly used, machine-readable format that supports re-use, or to request the transfer of your personal data to another person.
Right to rectification. You have the right to obtain rectification of any inaccurate or incomplete personal information that we hold about you without undue delay.
Right to erasure. You have the right, in some circumstances, to request us to erase your personal information without undue delay, if the continued processing of that personal information is not justified.
Right to restriction. You have the right, in some circumstances, to require us to limit the purposes for which we process your personal information if the continued processing of the personal information in this way is not justified, such as where the accuracy of the personal information is contested by you, for a period enabling us to verify the accuracy of that personal information.
Right of objection. You have a right to object to processing of your personal information, based on legitimate interests and direct marketing.
If you wish to exercise one of these rights, please contact us using the contact details at the end of this
You also have the right to lodge a complaint to your local data protection authority. Further information about how to contact your local data protection authority is available at http://ec.europa.eu/justice/data-protection/bodies/authorities/index_en.htm.
If you wish to know what personal information we have collected about you, you can contact us at the following address:
Ms. Sophie Li – General Manager
Orchidya, 42, Store Street, Bloomsbury, London WC1E 7DB
Company Registration No: 7614397
VAT Number: 118 4968 83
Or via email to email@example.com
IN THE EVENT YOU WISH TO LODGE A PRIVACY RELATED COMPLAINT
If you have a privacy related complaint, you have the right to lodge a complaint with the supervisory authority, The Information Commissioners Office (ICO) www.ico.org.uk/concerns/