Policies

These policies apply in conjunction with our Terms and Conditions

 

Contents: Privacy; Cookies; Equal Opportunities Employment; Modern Slavery

 

Privacy: Any ‘content’ you upload to our Website will be considered non-confidential and non-proprietary. Buzz[dot]florist also referred to as Buzz Florist has the right to use, copy, distribute, reproduce, exploit, modify, alter and/or disclose to third parties any such material for any purpose. Wherein any third party is claiming that any material posted or uploaded by you to our Website constitutes a violation of their intellectual property rights or of their right to privacy, we have the right to disclose your identity to them or their legal representative. We may deny you access to the Website at any time in our sole discretion when we believe that your use of the Website is in violation of any of these Terms, any law or the rights of any third party or was not respectful to others. Whilst we shall endeavour to moderate and exercise reasonable control over the ‘content’ of submissions to our website, we will not be responsible, or liable to any third party, for the content or accuracy of any content posted by you or any other user of our site and you hereby agree to be responsible to Buzz[dot]florist for and indemnify us and keep us indemnified against all costs, damages, expenses, losses and liabilities incurred and/or suffered by us as a result of any claim in respect of your use of the Website.

 

Cookies: (See UK Cookie Policy for latest changes that came into effect on 01st January 2021. Where any details in relation to cookies as outlined on this document have been updated, for the avoidance of doubt the UK Cookie Policy shall take precedence but shall otherwise not infer any other changes to nor abrogate the terms of our general Policy as described on this web page.)

 

In regard to data collected specifically by Buzz[dot]florist (as distinct from data collected by third parties which are limited under their own applicable policies), we undertake that we shall never sell, rent, lease, gift nor distribute it to any other entity without your prior consent. Only when obliged by law and authorised through the necessary legal instruments to force compliance to any such requirements, would your data be divulged. Information is collected about you during the checkout process when you process purchases on our store and when using the integrated secured payment gateway to complete your transactions.

 

What personal data we collect and why we collect it: Personal data we collect from users and site visitors may include personal data, such as name, email address, personal account preferences; transactional data, such as purchase information; and technical data, such as information about cookies.

 

We do not collect nor retain sensitive personal data, such as that concerning health. The legal basis for our data collection and retention is based upon UK law and the active consent you the user has given by virtue of your usage and interactions in connection with this website.

 

GDPR targets personal data. Where it comes to website data, we need that data to further optimise our website. Under GDPR (General Data Protection Regulation) rules as updated by the 2018 UK GDPR, we are required to take “adequate” security measures to protect all personal data we store. Our website is secured using SSL/https on all pages including those that deal with ‘sensitive’ information, not just for GDPR but also for SEO reasons. Site security and security certificates are monitored to make sure your data is as safe and secure as is reasonably possible. Personal data is not just created by a User’s interactions with our site. Personal data is also generated from technical processes such as use and submission of contact forms, comments, ‘content’, cookies, analytics, and third-party embeds.

 

By default Buzz[dot]florist website does not collect any personal data about visitors, and only facilitates collection of the data shown on the User Profile screen from registered users for transactional communications processed on Buzz[dot]florist. However some third party provided functions such as secure payment platforms may independently collect limited relevant personal data as part of their anti-fraud and data protection responsibilities, under their own terms and conditions.

 

Comments: Wherever and whenever applicable, when visitors leave comments on the site we collect the data shown in the comments form, and also the visitor’s IP address and browser user agent string to help spam detection. Visitor comments may be checked through an automated spam detection service. The comment itself and its metadata are retained indefinitely. This is so we can recognise any follow-up comments automatically instead of holding them in a moderation queue and permits enabling of automatic approval. When you leave a comment on our site you may opt in to saving your name, email address and website in cookies. These are for your convenience so that you do not have to fill in your details again when you leave another comment. These cookies will last for one year.

 

If you visit our login page, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser. When you log in, we will also set up several cookies to save your login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If you select “Remember Me”, your login will persist for two weeks. If you log out of your account, the login cookies will be removed. Screen option cookies remember the screen resolution and format of the device you used to login, so that the website content should always be displayed to you in the correct and most pleasing format when you return.

 

Wherever and whenever applicable, if you edit or publish an article, an additional cookie will be saved in your browser. This cookie includes no personal data and simply indicates the post ID of the article you just edited. It expires after 1 day. An anonymised string created from your email address (also called a hash) may be provided to the Gravatar service to see if you are using it. The Gravatar service Privacy Policy is available here: https://automattic.com/privacy/. After approval of your comment, your profile picture is visible to the public in the context of your comment.

 

Media: Since digital images usually contain additional data e.g. geolocation, EXIF etc., please note that when/if you upload any media files to Buzz[dot]florist or any other websites, for your own privacy you should avoid uploading any images with embedded location data, (EXIF GPS) included, as such data on websites is usually publicly accessible, meaning other Visitors to the site could download them and may potentially be able to extract any location data contained therein.

 

Contact forms: The Contact Form provided for your convenience on this website by its very design purpose, captures the data that you provide, so that Buzz[dot]florist is able to ascertain who you are (as opposed to potentially being an automated ‘bot’ that may be seeking to gain illegal access to the site for whatever undesirable purposes) and how best to respond to your communication. Some information required on the contact form would be mandatory in order to achieve efficacy in its communication goal, whilst other requested information might only be to facilitate improved communication and as such may only be optional for the Visitor to complete. Contact Form data may be retained for a maximum period of 18 months for your convenience.

 

What we collect and store: While you visit our site, we’ll track:

 

• Products you’ve viewed: we’ll use this to, for example, show you products you’ve recently viewed
• Products you have added to your Shopping Basket
• Location, IP address and browser type: we’ll use this for purposes like estimating taxes and shipping
• Shipping address: we’ll ask you to enter this so we can, for instance, estimate shipping before you place an order, and send you the order!

 

We’ll also use cookies to keep track of basket contents while you’re browsing our site. When you purchase from us, we’ll ask you to provide information including your name, billing address, shipping address, email address, phone number, credit card/payment details and optional account information like username and password. We’ll use this information for purposes, such as, to:

 

• Send you information about your account and order
• Respond to your requests, including refunds and complaints
• Process payments and prevent fraud
• Set up your account for our store
• Comply with any legal obligations we have, such as calculating taxes
• Improve our store offerings
• Send you marketing messages, if you choose to receive them

 

If you create an account, we will store your name, address, email and phone number, which will be used to populate the checkout for future orders. We generally store information about you for as long as we need the information for the purposes for which we collect and use it, and we are not legally required to continue to keep it. For example, we will store order information for up to 10 years for tax and accounting purposes. This includes your name, email address and billing and shipping addresses. We will also store comments or reviews, if you choose to leave them.

 

Who on our team has access: Members of our team have access to the information you provide us. This is limited to both our Administrators and Shop Managers who can access:

 

• Order information like what was purchased, when it was purchased and where it should be sent, and
• Customer information like your name, email address, and billing and shipping information.

 

Only these specified Buzz[dot]florist senior admin team members have access to this information to help fulfil orders, process refunds and support you. Such information we share with third parties who help us provide our orders and store services to you; for example on the commerce section of the website we use the WooCommerce system by Automattic to integrate with your chosen payment providers’ debit/credit card/BACS banking related payment system who use their own vetted and suitably certified personnel as appropriate.

 

We may accept payments through Stripe. When processing payments, some of your data will be passed to Stripe, including information required to process or support the payment, such as the purchase total and billing information. Please see the Stripe Privacy Policy for more details. Furthermore, only necessary limited information is provided for executing postal deliveries of your purchased orders.

 

How long we retain your data: If you leave a comment on our site you may opt in to saving your name, email address and website in cookies. These are for your convenience so that you do not have to fill in your details again when you leave another comment. These cookies will last for one year. If you visit our Login/My Account page, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser. When you log in, we will also set up several cookies to save your login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If you select “Remember Me”, your login will persist for two weeks. If you log out of your account, the login cookies will be removed. If you edit or publish an article, an additional cookie will be saved in your browser. This cookie includes no personal data and simply indicates the post ID of the article you just edited. It expires after 1 day.

 

What rights you have over your data: If you have registered a User account on this site, or have left comments, you can request to receive an exported file of the personal data we hold about you, including any data you have provided to us. You can also request that we erase any personal data we hold about you. This does not include any data we are obliged to keep for administrative, legal, or security purposes.

 

Embedded content from other sites: Always be aware that where articles on this site may include embedded content (e.g. videos, images, articles, etc.), embedded content from other websites behaves in the exact same way as if the visitor has visited the other website. These third party websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracking your interaction with the embedded content if you have an account and are logged in to that website.

 

Analytics: This site may deploy an assortment of different analytics packages from time to time, in order to improve its own performance in delivering User requirements. Whilst doing so may result in this website performing less ably than it might otherwise do for you, Users content with less than an optimum browsing experience may opt out or select an acceptable level of compliance.

 

Most if not all web hosting providers collect some anonymous analytics data. Here is the list of all third-party providers with whom we share site data, including partners, cloud-based services, payment processors, and third party service providers. If you leave a comment, the comment and its metadata are retained indefinitely. This is so we can recognise and may approve any follow-up comments automatically instead of holding them in a moderation queue. For Users that register on our website, we also store the personal information they provide in their User profile. All Users can see, edit, or delete their personal information at any time (except they cannot change their Username). Website administrators can also see and edit that information. If you have registered a User account on this site, or have left comments, you can request to receive an exported file of the personal data we hold about you, including any data you have provided to us. You can also request that we erase any personal data we hold about you. This does not include any data we are obliged to keep for administrative, legal, or security purposes.

 

Where we send your data: European data protection law requires data about European residents which is transferred outside the European Union to be safeguarded to the same standards as if the data was in Europe. These standards are met by both our in-house data storage and recovery systems and by the third party server hosts we employ. Our UK located server hosts fully meet European Union’s General Data Protection Regulation standards and are contractually bound to only collect personal information necessary to deliver those services and handle them carefully and sensibly. European data protection laws, in particular, include specific rules on transferring personal information outside the EEA. Our hosts store or otherwise handle your personal information within the borders of European Economic Area (EEA) and the USA, ensuring that any transfers of your personal information from one country to another comply with the data protection and privacy laws that apply. When transferring personal information outside the EEA to the USA, the standard data protection clauses approved by the European Commission under Article 46.2 of the General Data Protection Regulation (GDPR) are implemented within our UK host’s contract with their US-based group company.

 

How we protect your data: We use Secure Sockets Layer (SSL) software to encrypt the personal and financial information you enter on or through our Site in order to protect its security during transmission to and from our Site. When storing information, we protect its security by encryption and pseudo-anonymisation of critical data. When credit card information and payments are processed by the independent secure payment gateways they make the credit card subject to tokenisation and strong security measures. Physical, electronic and procedural safeguards are maintained in connection with the collection, storage and disclosure of personally identifiable customer information. These security procedures in some cases require proof of identity before disclosing personal information to you. To protect against unauthorised access to your account and information, session management is implemented, login expiration mechanisms and the option of using 2-factor authentication for User Area access. As an additional safety measure, be sure to log out when you finish using your account and your computer. Although all these measures are taken to maintain the safety and security of your personal information, please note that no transmission over the Internet can ever be guaranteed to be 100% secure by anyone. Consequently, please note that we cannot fully guarantee the security of any personal information that you transfer over the Internet to us.

 

How we also protect your non-financial data: In keeping with our mission to ensure your privacy at all times, all email correspondence with us (i.e. all communications to and from our various mailbox addresses at Buzz[dot]florist) that are all hosted on a secure server, employ IMAP and SMTP ports using security encryption (SSL/TLS) to maximise protection against interception.

 

What data breach procedures we have in place: We are in compliance with the GDPR which came into force on 25 May 2018, inasmuch as in the event of a personal data breach, data controllers are required to notify ICO (Information Commissioner’s Office), the appropriate supervisory authority without undue delay and, where feasible, not later than 72 hours after having become aware of it. Data breaches only need to be reported if they pose a risk to the rights and freedoms of natural living persons. This generally refers to the possibility of affected individuals facing economic or social damage (such as discrimination), reputational damage or financial losses. Most data breaches fit into this category, but those that don’t include information that are linked to a specific individual are unlikely to pose a risk.

 

“Breach” doesn’t only refer to cyber attacks. Article 4 of the Regulation defines a personal data breach as any event that results in: the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal transmitted, stored or otherwise processed. Data breaches aren’t always a result of cyber criminals hacking into an organisation’s systems. Breaches are just as likely to occur when an employee:

 

• Accidentally sends personal information to the wrong person;
• Accesses files that aren’t relevant to their job function;
• Shares information with someone outside the organisation;
• Loses a device, such as a laptop, that contains personal information; or
• Fails to secure information online, making it publicly available.

Incidents that render organisations unable to access systems containing personal data are also considered data breaches, such as ransomware attacks or damaged hardware, because the information is no longer accessible.

 

We are a paid up tier 1 organisation registered with ICO. Procedures we have in place to deal with data breaches, either potential or real, include tight restriction of data access to specific relevant senior personnel, secure internal reporting systems and contact mechanisms.

 

Changes to Privacy Policy: We reserve the right to modify this Privacy Policy at any time. If we decide to change our Privacy Policy, we will post the updates to this Privacy Policy here and on any other place we deem appropriate, so that you are aware of what information we collect, how we use it, and under what circumstances, if any, we disclose it. If at any future time our web site provides a service that includes automated decision making in respect to allowing Buyers to apply for credit, or aggregating your data into an advertising profile, we shall note here that it is taking place and include information about how that information is used, what decisions are made with the aggregated data and what rights Users have over decisions made without human intervention.

 

Equal Opportunity Employment: People within and outside our organisation shall be treated by us with dignity and respect regardless of race, nationality, gender, sexual orientation, gender reassignment, disability and/or age. Employment shall be based on merit and any complaints are taken seriously.

 

Modern Slavery: Pursuant to the Modern Slavery, Act 2015 we take the issues of Modern Slavery and Human Trafficking seriously and will develop our approach, reviewing and revising policies and training where necessary in order to ensure that we raise awareness of modern slavery throughout the organisation. Our goods and services are ethically sourced and our procurement procedures promote transparency, equality and compliance with UK & EU law. We apply rigorous measures to ensure that we help drive out any aspects of human trafficking and slavery from our suppliers’ supply chains.