1) WHO WE ARE
This website is operated by VP Flowers Limited. VP Flowers Limited is referred to in this Privacy Notice as “us” or “we” and you can contact us using the details set out in paragraph  below. In this policy we describe the types of personal data which we collect and the uses which we make of it. For legal purposes VP Flowers Limited is the controller of your personal data.
2) WHAT IS PERSONAL DATA?
Personal data includes all information held in electronic form or manually in a structured filing system relating to a living individual who can be identified from that data (or from that data and other information in our possession) and includes personal contact information and images, such as from CCTV.
3) WHAT PERSONAL DATA DO WE HOLD?
We hold personal data which you, or someone who is ordering services from us or sending one of our products to you, provide to us – for example, by completing the contact form on our website. This personal data includes:
· contact numbers;
· contact emails;
· recipient names;
· recipient addresses;
· recipient emails;
· recipient telephone number;
· CCTV images from our premises;
· billing addresses; and
· payment card name only (no payment card numbers are stored).
4) INFORMATION WE MAY COLLECT FROM YOU
We may collect and process the following data about you:
Information you give us
· by filling in forms on our website when subscribing to our blog posts or purchasing flowers on the website
· the information you may give us may include your name, email address, postal address, telephone number and credit card information.
Information we collect about you on the www.vpflowers.ie website
· technical information, including the Internet protocol (IP) address used to connect your computer to the Internet, your login information, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform;
· information about your visit, including the full Uniform Resource Locators (URL) clickstream to, through and from our site (including date and time); products you viewed or searched for; page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), and methods used to browse away from the page and any phone number used to call our customer service number.
5) PURPOSES FOR WHICH PERSONAL DATA IS USED
We use your personal data for the following purposes:
· to provide our products and services to you;
· to maintain a record of your previous orders;
· to provide marketing communications;
· to maintain our internal records of transactions;
· for the detection and prevention of crime;
· for fraud prevention; and
· for other routine business purposes.
6) LEGITIMATE INTERESTS FOR THE USE OF YOUR DATA
We use your personal data, as permitted by the General Data Protection Regulation, where necessary for the following legitimate business interests:
· the operation of a floral services business;
· the promotion and marketing of our business;
· the protection of our business from fraud; and
· the delivery of items which have been ordered from us.
7) DISCLOSURE OF PERSONAL DATA TO THIRD PARTIES
Where you have asked us to do so, we will provide your identifying information to a recipient of a product which you have ordered from us for that recipient.
Where a fraudulent transaction has occurred, we may disclose billing addresses and a name as it appears on a payment card to a credit card company upon request.
8) RETENTION OF PERSONAL DATA
Personal data will be retained as long as required:
· for the purposes set out in paragraph 4 above; and/or
· as required by the General Data Protection Regulation or other applicable law or regulation.
Personal data which relates to non-active customers is deleted after two years from the date of last order.
9) ACCESS AND CONTROL OF PERSONAL DATA
In certain circumstances, you have the following key rights under data protection laws:
· access to your personal data;
· rectification of your personal data;
· restricting the use of your personal data;
· erasure of your personal data; and/or
· objecting to the processing of your personal data.
The circumstances in which you may take any of the above actions are set out in the General Data Protection Regulation.
You also have the right to lodge a complaint with a supervisory authority and, where we request your consent to process your personal data, to withdraw consent at any time by contacting us using the details set out under 'terms and conditions' section.
11) CHANGES TO THIS POLICY