Privacy Policy
This Privacy Notice is issued on behalf of Freddie’s Flowers Limited, a company incorporated in England & Wales with company number 09192551 and registered office 23-34 Ingate Place, London, England, SW8 3NS.
Throughout this document, when we mention “Freddie’s Flowers”, “we”, “us” or “our” in this Privacy Notice, we are referring to Freddie’s Flowers Limited.
This Privacy Notice explains clearly how we collect, process, store and share your personal data in line with our legal obligations under the UK GDPR, UK Data Protection Act 2018 and EU GDPR (referred to in this notice collectively a GDPR). If you have any questions about this notice, or the way in which we process your personal data, please do not hesitate to contact us using the details in the ‘How to contact us’ section.
1. Responsibility for your data
Freddie’s Flowers Limited owns and operates the website freddiesflowers.com as well as any other associated services. For the purposes of the UK GDPR, we are a Data Controller and are registered with the Information Commissioner’s Office registration number ZB139464.
2. Types of personal data we collect about you
Personal data means any information about an individual from which that person can be identified. We may collect, use, store and transfer different kinds of personal data about you which we have grouped together as shown below. There may be other types of personal data collected, as detailed in section 4 along with the purposes for which we use your personal data.
- Identity Data includes title, first name, last name, any previous names, date of birth username or similar identifier and, if applicable, business name and job title.
- Contact Data includes billing address, delivery address, email address and telephone numbers and, if applicable, business address, email address and telephone numbers.
- Financial Data includes payment card details, direct debit details and email address associated with any PayPal transactions.
- Transaction Data includes details about payments to and from you and other details of products and services you have purchased from us including items purchased and gift recipient delivery address and gift messages.
- Technical Data includes internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, device ID and other technology on the devices you use to access this website.
- Profile Data includes your username and password, purchases or orders made by you, your interests, preferences, saved dates, feedback and survey responses.
- Usage Data includes information about how you arrive at, interact with and use our website, products and services.
- Marketing and Communications Data includes your preferences in receiving marketing from us and our third parties and your communication preferences.
We also collect, use and share aggregated data such as statistical or demographic data which is not personal data as it does not directly (or indirectly) reveal your identity. For example, we may aggregate individuals' Usage Data to calculate the percentage of users accessing a specific website feature in order to analyse general trends in how users are interacting with our website to help improve the website and our service offering.
3. Our lawful basis for processing
UK General Data Protection Regulation (GDPR) requires us to identify a lawful basis for using your data. Our lawful basis will normally be one of the following:
- Performance of contract
- Consent
- Legitimate interest. Where we rely on legitimate interest we conduct an assessment to make sure that you and/or others are not materially impacted by using your data in this way and that we are only using the minimum amount needed.
- Legal compliance
4. Ways in which we use your data
The below table outlines the various ways we use your data and relevant lawful bases.
Purpose | Types of Data and how it is used | Lawful basis |
---|---|---|
Provide services This includes things like:
|
Identity Data, Contact Data, Financial Data and Transaction Data |
Performance of contract to fulfil the terms of our agreements with our customers |
Gift recipient | Identity Data and Contact Data. We collect and store this data for a gift recipient to fulfil and troubleshoot queries relating to the gift order. We may also use the details for commercial analysis. |
Legitimate interests to fulfil the gift order and monitor and improve our services. |
Process payments To process your payments, orders and refunds. |
Financial Data and Transaction Data. |
Performance of contract to fulfil the terms of our agreements with our customers. |
When you contact customer service |
Identity Data, Contact Data and/or a combination of other data types identified in Section 2 of this Privacy Policy as necessary to respond to your enquiry. We work with third party tools to help us handle and analyse customer queries. When contacting via phone, we utilise call recording, which means we will process any information contained within the recording. |
Performance of contract to fulfil the terms of our agreements with our customers and to respond to your enquiry. Legitimate interests to monitor and improve our services, and for training purposes. |
Supplier, contractors, and canvasser data |
Identity Data and Contact Data Finance Data and Transaction Data If you provide services to us as a supplier, contractor or as one of our support staff at events, we will only process your data for the purposes of maintaining records about your services and to settle any invoices. |
Performance of contract to fulfil the terms of our agreements with our customers. |
Recruitment | If you apply for a job, we will process any information that is supplied to us for the purposes of assessing whether you are an appropriate candidate. The data processed will depend on the individual CV/application submitted to us but will usually include:
If your application is unsuccessful, we will only keep the information you have provided for as long as it is lawful for to do so, but if we wish to keep it for longer then we will seek your consent to do so. |
Performance of contract to consider you for a position Legitimate Interest |
Reward our customers | We use your Identity Data and Contact Data to enable you to participate in a Freddie’s Flowers prize draw or competition. | Consent to use your data in this way. You can opt-out at any time by contacting our Customer Service team. |
Survey our customers |
We may use your Identity Data and Contact Data to ask you for feedback via a survey to make our service as best as it can be for you. Alternatively, we may ask you to provide a review via a review website such as TrustPilot |
We rely on legitimate interests to contact you about your order, cancellation or experience |
Automatic application of coupon codes | If you click through one of our website links we may automatically append a coupon code in order to fulfil the offer presented to you. This may persist up to 60 days, through the use of cookies |
Legitimate interest Essential cookie to ensure you are getting the coupon/discount that was offered to you, which you can find out more about by reading our Cookies Policy. There is no personal data collected or processed by the cookie as part of this. |
Improve our online customer experience | We use Technical Data, Usage Data, Transactional Data, Profile Data and Marketing & Communications Data about your visit to our website (e.g. what pages you visit, how you navigate the website, what you click on) to experiment, test, troubleshoot and conduct data analysis to provide you with the best possible customer experience. | Legitimate interests to ensure our platforms are operating as expected, to efficiently present our content to you and to keep our platforms safe. Consent to use analytics cookies, which you can find out more about by reading our Cookies Policy. |
Contact you regarding your subscription/order by phone | During the course of or after cancellation of a subscription / order we may use Identity Data and Contact Data to call you to follow up, via phone, on your experience with us and let you know about any products or promotions that might be available to you. | Legitimate interests to contact you about your order, cancellation or experience, unless you have asked us not to contact you You can opt out of calls by contacting our Customer Service team |
Marketing Communications via email, SMS, online & social advertising, notifications/app pushes, across our website/app and postal advertising |
When you have opted in to Marketing Communications (e.g. when you become a customer), we use your Identity Data, Contact Data, Transaction Data, Profile Data and Technical Data where appropriate to:
|
We will usually rely on legitimate interest to support our marketing activities to our customers, unless they have opted-out. Where we require your consent for marketing activities, this will be obtained beforehand. You can opt-out at any time by contacting our Customer Service team. |
Marketing Communications via postal advertising |
We may use your Identity Data and Contact Data to contact you via post either directly or via third party providers to:
|
We will usually rely on legitimate interest to support our postal marketing activities to our customers, unless they have opted-out. Where we require your consent for marketing activities, this will be obtained beforehand. You can opt-out at any time by contacting our Customer Service team. |
Marketing Communications from Brand Partners | Where you have specifically opted in to Marketing Communications for Brand Partners we will share your Identity Data, transactional and Contact Data), so that the brand can contact you directly via email, post, online marketing or other forms of advertising to send you, for example, a free gift/sample or other promotional material. |
Consent to use your data in this way through Brand Partner Marketing Communication opt-in Note: this is a separate opt in to Marketing Communications from Freddie's Flowers. You can opt-out at any time by contacting our Customer Service team. |
Personalised Marketing Communications via online & social advertising based on your website visit | When opted-in to marketing cookies, we will pass back pseudonymised Identity Data and Contact Data in combination with Transaction Data to provide you with more relevant ads, or even exclude you from seeing ads where you have already purchased. | Consent to use marketing cookies, which you can find out more about by reading our Cookies Policy. |
Look-a-like modelling & customer profiling | If you are a customer, we may use your pseudonymised Identity Data and Contact Data in combination with Transaction Data to exclude you from our marketing, for profiling and to generate “look-a-like” audiences through our verified advertising partners (including, but not limited to Google, Meta, Rokt). This allows us to target our advertising to other individuals who appear to have similar shared interests or similar demographics to our existing customers, based on the advertising partner's own data. |
Legitimate interest to support our marketing activities and the efficiency of these activities. Under these use cases your data will never be used to target or personalise advertisements to you directly or by the advertising partner in any other way without your consent. You can object to this by contacting our Customer Service team. |
Referral Marketing | If you are a customer we may use your Identity Data, Contact Data, Usage Data, Profile Data and Transaction Data to reward you (the referrer) and/or the referee for the referral, facilitated by third party software. | Legitimate interests to support our referral marketing activity |
Brand Ambassador Program | We may use Identity Data, Contact Data, Financial Data, Transaction Data, Technical Data, Profile Data, Usage Data and Marketing and Communications Data to work with 3rd party technology providers in order to facilitate our Brand Ambassador program. This involves the ability to reward ambassadors for their promotion of Freddie’s Flowers (e.g. commission payments, credits etc.), as well as analytics of your activity (content on social media, referrals). |
Legitimate interests to support our referral marketing activity Contract if you sign up to our Brand Ambassador Program |
Marketing Analytics | If you are a customer, we may use your pseudonymised Identity Data, Contact Data and Transaction Data to track if you have made a purchase on our website through our verified advertising partners (including, but not limited to Google's enhanced conversions, or Meta’s conversion API, server-to-server tracking). This allows us to know, for example, if an interaction or view from one of our ads has resulted in a purchase which helps us to improve our marketing efficiency. |
Legitimate interests to support our marketing activities and be efficient about how to conduct our marketing activities. Under these use cases your data will never be used to target or personalise advertisements to you directly or by the advertising partner in any other way without your consent. You can object to this by contacting our Customer Service team. |
Commission Payout for affiliate partners |
In order to payout commission for any affiliate driven sales (for example but not limited to voucher code websites, bloggers, news websites and more) we will pass back basic Transactional Data, including Order ID when a purchase is made on our website. |
Legitimate Interest Essential cookie to ensure our commission-based affiliate partners are paid fairly for sales that they drive from their links as per our contracts with them. |
Fulfilment of Cashback & Loyalty Points from Third Parties |
If you have come through an affiliate link where you are meant to be rewarded for your purchase (for example, but not limited to cashback, loyalty point) we will pass back Transactional Data, including order ID in order to fulfil the reward. |
Legitimate Interest Essential cookie to ensure our commission-based affiliate partners are paid fairly for sales that they drive from their links as per our contracts with them. |
Customer Analytics |
We use Identity Data, Contact Data and Transaction Data and other appropriate data sources as described in Section 2 of this Privacy Policy, utilising analytical tools (such as, but not limited to, Looker) for analytical purposes to improve our services and marketing. This is purely for use by Freddie's Flowers and no data will be shared with third parties as part of this use case. |
Legitimate interests to support our business services and marketing activities You can object to this by contacting our customer service team here. |
Meet our legal obligations and prevent fraud |
We use your Contact Data and Transaction Data to:
|
Legal obligation |
Keep your account secure and prevent fraud |
We use your Contact Data and Transaction Data to:
|
Legal obligation |
Pseudonymisation (as referred to in the table above) is a method we use to help protect your personal data. It means we replace your personal details with codes or fake names, so the data can’t be linked back to you unless someone has extra, secure information that we keep separate.
(Legally, this means processing personal data in such a manner that it can no longer be attributed to a specific person without additional information, which is kept separately and protected by technical and organisational measures.)
5.Retention of personal data
5.1 Unless stated elsewhere in this document or in our terms of service we only store the data necessary to provide the services we provide to you. We will keep this data for as long as it is lawful for us to do so (this may be for as long as you are a customer or because of a legal obligation to retain the information, whichever is the longest). This will usually be no more than six years from the date of your last order/delivery or interaction with us. This means that we may retain your data longer than you might expect, but we will actively purge out of date or no longer needed data from our systems and not retain any personal data for longer than it is lawful for us to do so.
5.2 When choosing how long we hold on to your personal data, we consider the following:
- the amount, nature, and sensitivity of the personal data;
- the potential risk of harm from unauthorised use or disclosure of your personal data;
- the purpose for which we process your personal data;
- whether we can achieve those purposes through other means;
- applicable legal requirements
6. Who do we share your data with?
6.1 Third-party service providers. We work with various third-party cloud-based services to operate our business and deliver our services to you. These include, but are not limited to, (i) e-commerce platform providers, (ii) delivery services, (iii) IT providers responsible for hosting, managing, and maintaining our data, (iv) website hosting services, (v) content delivery networks, and (vi) companies assisting with communication, monitoring, testing, or improving our website or applications, (vii) banks and payment services providers, (viii) credit reference agencies, (ix) fraud prevention agencies
Whenever we engage a third-party service provider, we only share the minimum amount of information necessary for them to perform their services and meet our operational needs. We conduct due diligence on these providers to ensure compliance with data protection laws, maintain appropriate security measures, and uphold proper data protection standards. We require all third parties to respect the security of your personal data and to treat it in accordance with the law.
6.2 Professional consultants. We may need to share your personal data with professional advisors such as legal counsel, bankers, auditors, and insurers who offer legal, financial, accounting, or insurance-related services. Whenever feasible, we will anonymize your data before sharing it with these parties.
6.3 International data transfers. Your data may be transferred to, stored, and processed in locations outside the UK and the EEA if our suppliers operate from these regions. Any such transfers will be conducted in compliance with applicable data protection laws. We will ensure that appropriate safeguards are in place to protect your information, including the use of adequacy regulations, International Data Transfer Agreements or Standard Contractual Clauses.
7. What are your data protection rights?
Under data protection laws, you have rights that allow you to request access, correction, or deletion of your personal data. You also have the right to opt out of marketing communications. Below is a detailed overview of your rights:
7.1 Correcting or updating your data: You can update or modify your personal and contact details by logging into your account and accessing the "Account Details" section.
7.2 Accessing your data: You have the right to inquire about the personal data we hold about you, how we process it, and to request a free copy, which we will provide within one calendar month.
7.3 Requesting data deletion: In certain situations, you can ask us to delete all personal data we hold about you. However, there may be legal grounds that require us to retain some of your information, in which case we will provide an explanation.
7.4 Opting out of marketing communications: You can modify your marketing preferences by updating the settings in the "Account Details" section of our website, using the unsubscribe links in emails or text messages, or by reaching out to us directly.
7.5 Withdrawing consent: If you have previously given us consent to process your personal data, you may revoke it at any time.
7.6 Objecting to data processing: If we process your personal data based on "legitimate interests" and you do not agree with our use, you have the right to object. However, if we have a compelling justification to continue processing your data, we may do so. Otherwise, we will cease processing.
7.7 Restricting data processing: In some cases, you may request that we limit or suspend the use of your personal data. This right is not absolute and applies only under certain circumstances.
7.8 Data portability: You have the right to request a machine-readable copy of the data you have provided to us, including related service logs where applicable.
8. How to contact us.
If you wish to exercise any of these rights, or if you have a complaint about the way we process your personal data, please contact Customer Services via freddie@freddiesflowers.com. You can also contact our Data Protection Officer via privacy@freddiesflowers.com.
You also have a right to complain to the Information Commissioner's Office (ICO) in their capacity as the statutory body that oversees data protection compliance in the UK.
9. Changes to this policy.
We may change this policy from time to time or as required by law. The most current version will always be available online at: https://www.freddiesflowers.com/privacy-policy. Should we make any substantive changes to the policy we will contact you directly to explain those changes, or as required by law.