Privacy Policy
This document was last updated on May 23, 2018 in line with new legislation relating to the General Data Protection Regulation, which governs data privacy and its uses within the EU and the EEA.
Orchidya is committed to ensuring that your privacy is protected. We treat it with the highest standards of security and confidentiality and our policy is not to disclose customer information to any third parties for their own marketing purposes. This privacy information has been prepared in accordance with the Data Protection Act (1998) and the General Data Protection Regulation (GDPR, 2018).
WHO WE ARE
Any information you share with Orchidya is controlled by us J S Francis co Ltd, trading as Orchidya, 42 Store Street, Bloomsbury, WC1E 7DB.
Orchidya operates an online flower ordering service which we make available via our website located at www.orchidya.com (the “Service”).
For the purposes of EU data protection laws (“Data Protection Legislation”), in respect of the information to which this Privacy Policy relates, we are deemed the data controller (i.e. the entity which is responsible for, and controls the processing of, your personal data).
INTRODUCTION
All our products and services are made available subject to the terms set out in this statement of this Privacy Policy. By using our services or buying goods from us you agree to the use of the data that we collect in accordance with this Privacy Policy.
We do not sell, trade or share the personal information we collect from your use of this website.
We collect only information about you that is commensurate with providing our services to you. Your use of this website gives us the right to collect that information.
ESSENTIAL INFORMATION WE COLLECT
We may collect any information that you give us. This can include your name, address, telephone number, email address, and other information, together with data about your use of the website. Other information that may be needed from time to time to process an order or request may also be collected.
We also collect information that is not of a personal nature. For example each time someone visits our website, we may collect the visitor’s IP (Internet Protocol) address and the address of a referring site.
Your internet browser has the in-built facility for storing small files known as cookies (please see below) that hold information which allows a website to recognise your account. Our website takes advantage of this facility to enhance your experience. You have the ability to prevent your computer from accepting cookies but, if you do, some functionality on the website may be impaired.
Data relating to credit card payments is processed by Sagepay on a secure website linked to ours. They have their own policies in place (Cookies, Professional Conduct, Accessibility Policy, Privacy Policy, Terms of Use, Merchant Terms & Conditions and Security Policy) which may be viewed here: https://www.sagepay.co.uk/policies
WHY WE DO THIS
- remember who you are after you log in so that you do not need to authenticate at each click;
- monitor if our website is running with the high performance we are dedicated to providing;
- let you browse between products without having to start back from the home page each click;
- remember if you put something in your shopping cart before you decide to checkout;
- control that your data is processed securely
We term this information “essential information” and we collect it through the use of cookies. Cookies are small text files that most websites use. A website places cookies in the web browser and then reads the information collected through the cookies every time the user performs an action. Without enabling this mechanism and this kind of cookies (first-party cookies), we could not provide you with the smooth experience that you expect while you are navigating.
Data collected is held in accordance with the Data Protection Act in the UK. All reasonable precautions are taken to prevent unauthorised access to this information. This safeguard may require you to provide additional proof of identity if you want information about your account.
ORDER INFORMATION PROVIDED EXPRESSLY BY YOU
If you buy something from our store, we will need specific information about you. To fully process your order and deliver the flowers or products you selected, we need your personal data such as your first and last name, your email address and your delivery and billing address. We also use your contact details and order information to send you communication related to the processing of your order. We will ask you to provide this information on our “checkout page” before letting you finalise your purchase with the payment.
HOW WE PROCESS YOUR INFORMATION
We use an external provider to run our store, WooCommerce. WooCommerce is based in the US whose own privacy policy can be viewed here https://woocommerce.com/privacy-policy/
Through WooCommerce, we use other, highly specialised external providers to provide the most competitive services. For example:
– Payment: Our online store is PCI-DSS compliant (a very strict industry standard with requirements for the security of credit card information), but we also use accredited companies to process your credit card information. Our payment providers are Sagepay and First Data.
– Delivery: We integrate with a number of delivery companies and their software to fulfil your orders and allow order tracking and delivery notifications. The companies we use are Brisqq, occasional cycle couriers and Weengs for deliveries outside of London. The only personal data used is your email for notifications and/or a mobile number for contact purposes should the delivery fail. We are required to provide the recipients name and address in order to fulfil the delivery in our fulfilment of the “service”.
– Mailchimp: Your email addresses are used to send out our newsletters to all our customers. Each mailer includes an option to unsubscribe and stop receiving these emails in future. To do so we use a specialist software called Mailchimp.
DISCLOSURE OF INFORMATION
We will never disclose personal information to third parties except when we need to do so in order to carry out the “service” – i.e. when arranging for a courier company to deliver the goods which you have ordered. We may also use information to keep in contact with you and inform you of new products or services.
Details including your name, address, telephone number and email which you have provided us will be shared with our courier partner Brisqq. These details will be shared purely to assist in providing the highest quality of delivery service and will not be used by this third party for any other reasons. Brisqq has their own privacy policy which may be reviewed here: https://brisqq.com/privacy
You have the right and the ability to remove yourself from any mailing list if at any point.
POLICY CHANGES
We reserve the right to change this policy statement at any time. The updated policy statement will be available on our website so it is advisable that periodically you review the statement when visiting our website. When we change this Privacy Policy in a material way, we will update the “last updated” date at the start of this Privacy Policy. Changes to this Privacy Policy are effective when they are posted on this page.
NOTICE TO YOU
If we need to provide you with information about something, whether for legal, marketing or other business related purposes, we will select what we believe is the best way to get in contact with you. We will usually do this through email or by placing a notice on our Service. The fact that we may send notices to you will not stop you from being able to opt out of certain types of contact as described in this Privacy Policy.
OPT-IN AND OPT-OUT PROVISION
When you first visit our online boutique and should you choose to register with us, you will be given the option to opt-out of subscribing to our regular update service which will send you email alerts for new products, events, special offers, and one-off marketing promotions. Such alerts may include marketing information about orchidya.com.
At any time, you retain the right to unsubscribe from any service, communication or update to which you have previously subscribed, if you change your mind. All emails sent to you from Orchidya will contain an easy automated “unsubscribe” link so that you can opt-out of further promotional emails. Alternatively, please contact Orchidya on the details below in order to directly notify us of your wish to unsubscribe.
THIRD PARTIES
This Privacy Policy does not apply to websites maintained by other companies or organisations to which we link and orchidya.com is not responsible for any personal information you might submit to third parties via our website. Please ensure that you read the Privacy Policy of such other companies or organisations before submitting your details.
You can also correct any factual errors in the information or you can request us to remove your details from any list under our control.
HOW LONG DO WE KEEP YOUR INFORMATION
We keep your data as long as you have an account with us. We also keep data for security investigations. Most importantly, we have specific obligations for fraud detection and tax reasons. Therefore, we might need to retain certain data even if you ask to delete it.
LEGAL OBLIGATIONS WHEN HANDLING YOUR DATA
We might need to share your personal information to comply with relevant legal obligations. We are required to provide sales reports to HMRC in order to pay tax on any sales made online. To do this, we need to store information such as turnover. This is only possible by retaining certain elements of information, however directly personal information can and will be omitted.
YOUR RIGHTS IN RESPECT OF YOUR PERSONAL INFORMATION
This section applies to you if you are located in the EEA.
In accordance with applicable privacy law, you have the following rights in respect of your personal data that we hold:
Right of access. You have the right to obtain:
– confirmation of whether, and where, we are processing your personal information;
– information about the categories of personal information that we are processing, the purposes for which we process your personal information, and information as to how we determine applicable retention periods;
– information about the categories of recipients with whom we may share your personal information; – a copy of the personal information we hold about you.
Right of portability. You have the right, in certain circumstances, to receive a copy of the personal information you have provided to us in a structured, commonly used, machine-readable format that supports re-use, or to request the transfer of your personal data to another person.
Right to rectification. You have the right to obtain rectification of any inaccurate or incomplete personal information that we hold about you without undue delay.
Right to erasure. You have the right, in some circumstances, to request us to erase your personal information without undue delay, if the continued processing of that personal information is not justified.
Right to restriction. You have the right, in some circumstances, to require us to limit the purposes for which we process your personal information if the continued processing of the personal information in this way is not justified, such as where the accuracy of the personal information is contested by you, for a period enabling us to verify the accuracy of that personal information.
Right of objection. You have a right to object to processing of your personal information, based on legitimate interests and direct marketing.
If you wish to exercise one of these rights, please contact us using the contact details at the end of this
Privacy Policy.
You also have the right to lodge a complaint to your local data protection authority. Further information about how to contact your local data protection authority is available at http://ec.europa.eu/justice/data-protection/bodies/authorities/index_en.htm.
CONTACTING US
If you wish to know what personal information we have collected about you, you can contact us at the following address:
Ms. Sophie Li – General Manager
Orchidya, 42, Store Street, Bloomsbury, London WC1E 7DB
Company Registration No: 7614397
VAT Number: 118 4968 83
Or via email to info@orchidya.com
By visiting www.orchidya.com you are accepting and consenting to the practices described in this Privacy Policy and the Terms and Conditions.
IN THE EVENT YOU WISH TO LODGE A PRIVACY RELATED COMPLAINT
If you have a privacy related complaint, you have the right to lodge a complaint with the supervisory authority, The Information Commissioners Office (ICO) www.ico.org.uk/concerns/
POLICY UPDATES
If we update our Privacy Policy to reflect a change or improvement of our service or a new legal obligation, we will publish the new version on our website, and we will make it clear on our homepage (www.orchidya.com) so it will be visible as you enter our online store.