Privacy Policy

Last updated: 16 November 2025

1. Who We Are

This Privacy Policy explains how we collect and use your personal data when you visit our website, place an order with us, or otherwise interact with La Fleuriste.

Data Controller:
Andrew Armstrong T/A La Fleuriste
Ballyconnell
Co. Cavan
H14 DV24
Ireland

Telephone: +353 49 952 7961
Email: thefloristcavan@gmail.com

2. Personal Data We Collect

We collect and process the following categories of personal data:

2.1 Information you provide directly

Identity details such as your name.
Contact details such as billing and delivery address, email address and phone number.
Order details, including products ordered, delivery instructions and card messages.
Payment-related information (card type, transaction details) - processed securely by our payment provider.
Any information you include when you contact us by phone, email or contact form.

2.2 Information we collect automatically

When you use our website, we may automatically collect:

IP address and general location (country/region).
Device, browser and operating system information.
Usage data such as pages viewed, time spent on pages and clicks.
Cookie identifiers and similar technologies (see the Cookies section below).

2.3 Information we receive from third parties

In some cases we may receive information from third parties such as payment providers, couriers or online platforms we use to run our website and process orders. This will usually be limited to information required to complete your order, prevent fraud or resolve issues.

3. Legal Bases for Processing Personal Data

We process your personal data in accordance with the EU General Data Protection Regulation (GDPR) and the Data Protection Act 2018 (Ireland). The lawful bases we rely on are:

3.1 Performance of a Contract (Article 6(1)(b) GDPR)

We process your personal data when it is necessary to:

process and fulfil your order,
take payment,
arrange delivery,
contact you about your order,
provide customer service.

If you do not provide this information, we cannot complete your purchase.

3.2 Consent (Article 6(1)(a) GDPR)

We rely on your consent for:

sending marketing emails or promotional offers,
using optional cookies (e.g. analytics, performance or marketing cookies).

You can withdraw your consent at any time by clicking "unsubscribe" in our emails or by contacting us using the details above. Withdrawing consent will not affect the lawfulness of processing based on consent before its withdrawal.

3.3 Legitimate Interests (Article 6(1)(f) GDPR)

We may process certain personal data when it is necessary for our legitimate business interests, such as:

maintaining the security and functionality of our website,
responding to general enquiries and customer feedback,
preventing fraud or misuse of our services,
improving our products and services,
keeping basic records of past transactions for business purposes.

When we rely on legitimate interests, we balance our interests against your rights and freedoms and only process personal data where our interests do not override your fundamental rights.

3.4 Compliance with a Legal Obligation (Article 6(1)(c) GDPR)

We process data when necessary to comply with the law, including:

tax and accounting requirements,
consumer protection regulations,
responding to lawful requests from authorities or regulators.

We are required to keep certain transaction records for set legal periods.

3.5 Processing by Payment Providers

When you make a payment, your payment information is processed by our payment service provider Dojo. They act as an independent data controller and process your personal data in line with their own legal bases and obligations. You can view the Dojo Privacy Policy here: https://dojo.tech/legal/privacy/ .

4. How We Use Your Personal Data

We use your personal data for the following purposes:

To process, confirm and deliver your orders.
To communicate with you about your order, including delivery updates and queries.
To respond to your questions, requests and complaints.
To send you marketing communications where you have opted in.
To operate, maintain and improve our website and services.
To protect the security of our systems and prevent fraud.
To comply with our legal and regulatory obligations.

5. Cookies and Similar Technologies

Our website uses cookies and similar technologies to provide and improve our services, to keep track of the contents of your shopping cart and, where you consent, to analyse how our website is used.

We use the following types of cookies:

Strictly necessary cookies - required for the website to function and to complete your order.
Preference cookies - to remember your choices (such as delivery options or language).
Analytics cookies (subject to your consent) - to understand how visitors use our site and help us improve it.
Marketing cookies (subject to your consent) - where used, these help us show relevant offers.

Where required by law, non-essential cookies will only be set with your consent, which you can manage via our cookie banner or browser settings. For more detailed information about the cookies we use, please contact us.

6. Who We Share Your Personal Data With

We do not sell your personal data. We may share your personal data with trusted third parties where necessary for the purposes set out in this Privacy Policy, including:

Payment service providers (currently Dojo) to process your payments securely.
Website hosting and IT support providers who help us operate our website.
Email and communication service providers (e.g. our email host).
Delivery and courier companies to deliver your orders.
Professional advisers (such as accountants) where necessary for our business and legal compliance.
Law enforcement or regulatory bodies where required by law or to protect our legal rights.

Where we use service providers who process personal data on our behalf, we ensure there is a written contract in place requiring them to keep your information secure and only use it in accordance with our instructions and data protection law.

7. International Data Transfers

Some of our service providers may be located outside the European Economic Area (EEA) or may store data on servers outside the EEA. Where this is the case, and the destination country has not been recognised as providing an adequate level of data protection, we implement appropriate safeguards such as:

Standard Contractual Clauses approved by the European Commission; and/or
Other appropriate safeguards permitted under data protection law.

You can contact us if you would like more information about the safeguards we use for international data transfers.

8. How Long We Keep Your Personal Data

We keep your personal data only for as long as is necessary for the purposes set out in this Privacy Policy and to meet our legal obligations. For example:

Order and transaction records: typically up to 6 years for tax and accounting purposes.
Customer service correspondence: typically up to 12 months after the matter is resolved, unless needed longer for legal reasons.
Marketing contact details: until you withdraw your consent or unsubscribe.
Cookie data: retained in line with our Cookie Policy and cookie settings.

We may retain certain information for longer where necessary to establish, exercise or defend legal claims.

9. How We Protect Your Personal Data

We take appropriate technical and organisational measures to protect your personal data against accidental or unlawful destruction, loss, alteration, unauthorised disclosure or access. These measures include:

Secure hosting of our website and systems.
Limiting access to personal data to staff and service providers who need it.
Using secure payment processing via reputable third-party providers.
Regular monitoring of our systems for vulnerabilities.

While we do our best to protect your personal data, no system can be guaranteed 100% secure. You also play a role in keeping your data safe by keeping any passwords or access details confidential.

10. Your Rights Under Data Protection Law

Under data protection law, you have the following rights in relation to your personal data (subject to certain conditions and exceptions):

Right of access - to obtain a copy of your personal data and information about how we process it.
Right to rectification - to have inaccurate or incomplete data corrected.
Right to erasure - to have your personal data deleted in certain circumstances.
Right to restrict processing - to limit how we use your data in certain situations.
Right to data portability - to receive your data in a structured, commonly used and machine-readable format and/or to have it transmitted to another controller, where technically feasible.
Right to object - to object to our processing of your data where we rely on legitimate interests or for direct marketing.
Right to withdraw consent - where we rely on consent, you can withdraw it at any time.

To exercise any of these rights, please contact us using the details in the "Who We Are" section. We may need to verify your identity before responding to your request.

11. Right to Complain to a Supervisory Authority

If you are unhappy with how we have used your personal data, you also have the right to lodge a complaint with the Data Protection Commission (DPC) in Ireland or another supervisory authority in the EU/EEA where you live or work.

Data Protection Commission
6 Pembroke Row
Dublin 2
D02 X963
Ireland
Website: https://www.dataprotection.ie
Email: info@dataprotection.ie

12. Children's Data

Our services are intended for adults. We do not knowingly collect personal data from children under the age of 16. If you believe that a child under 16 has provided us with personal data, please contact us and we will delete the information as soon as reasonably possible.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements or for other operational reasons. When we make significant changes, we will take appropriate steps to inform you (for example, by posting a notice on our website). The date at the top of this page shows when this Privacy Policy was last updated.