This Privacy Policy describes in detail the practices of Vlaxyronez ("we", "us", "our") regarding the collection, use, storage, disclosure and retention of personal data when you use our website at vlaxyronez.world, place orders for bouquets, flower arrangements, wedding flowers or flower subscriptions, subscribe to our newsletter, or otherwise interact with our floristry and bouquet design services. We are committed to protecting your privacy and handling your data in accordance with applicable data protection laws in the United Kingdom, including the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. This policy applies to all visitors to our website, customers who purchase our products or services, and anyone who communicates with us in connection with our business.
1. Who We Are
Vlaxyronez is a floristry and bouquet design business operating from 158 Long Ln, London SE1 4BS, United Kingdom. We provide fresh flowers, hand-tied bouquets, seasonal arrangements, luxury bouquets, wedding and event flowers, and flower subscription services to customers primarily in London and surrounding areas. For the purposes of data protection law, we act as the data controller in respect of the personal data we process in connection with our website and services. This means we determine the purposes and means of the processing of your personal data. Where we use third party service providers (such as payment processors or delivery companies) to process data on our behalf, we remain responsible for that processing and ensure appropriate contracts are in place.
2. Personal Data We Collect
We may collect and process the following categories of personal data in connection with our flower shop services. The exact data we collect depends on how you interact with us (e.g. browsing only, placing an order, subscribing to flowers, or contacting us).
2.1 Identity and Contact Data
This includes your full name, title, email address, telephone number, postal address and delivery address. When you order a bouquet or arrangement for delivery to a gift recipient, we may also collect the recipient's name, address and any delivery instructions (e.g. leave with a neighbour, safe place) you provide. We collect this data when you place an order, create an account (if applicable), fill in our contact form, subscribe to our flower subscription service, or communicate with us by email or phone.
2.2 Transaction and Financial Data
This includes details of the bouquets, arrangements and flower subscriptions you have ordered, the dates and frequency of delivery, payment information (such as card type and last four digits; full card details are processed by our payment service providers and not stored by us), transaction history, and any delivery instructions or special requests. We may also retain records of invoices, refunds and correspondence relating to payments or disputes.
2.3 Technical and Usage Data
When you use our website, we may automatically collect technical data such as your IP address, browser type and version, time zone setting, device type and operating system, and unique device identifiers. We may also collect information about how you use our site, including the pages you visit, the time and date of your visit, the time spent on pages, click streams, and the referring website address. This data may be collected through cookies and similar technologies as described in our Cookies Policy.
2.4 Communications and Preferences Data
This includes records of your correspondence with us (e.g. emails, contact form submissions, phone calls) when you ask about orders, subscriptions, custom arrangements, wedding flowers or general enquiries. We may also record your preferences, such as preferred flower types, colours, delivery frequency (for subscriptions), fragrance preferences, and any special requests or accessibility requirements you share with us in relation to bouquets or events.
2.5 Marketing and Consent Data
Where you have opted in to receive marketing from us, we may record your consent and your preferences regarding the types of communications you wish to receive (e.g. email only, seasonal offers, subscription reminders). We may also record when you unsubscribe or withdraw consent so that we can honour your choices.
3. How We Use Your Personal Data
We use your personal data only where we have a lawful basis to do so. The main purposes for which we use your data are set out below, with an indication of the typical lawful basis (contract, consent, legitimate interest or legal obligation) that applies. We will use your personal data for the following purposes:
3.1 Order Fulfilment and Delivery
To process and fulfil orders for bouquets, flower arrangements, wedding flowers and other products; to arrange delivery to you or to a recipient you specify; to communicate with you or the recipient about delivery times and any access or safety instructions; and to handle any issues that arise in connection with an order (e.g. failed delivery, quality concern). Lawful basis: performance of a contract with you; legitimate interests (efficient operation of our business).
3.2 Flower Subscription Management
To set up and manage your flower subscription; to take payments in accordance with your chosen frequency (e.g. weekly or fortnightly); to send you reminders or confirmations before each delivery; to arrange recurring deliveries of fresh flowers to your chosen address; and to process any pause, cancellation or change of address. Lawful basis: performance of a contract; legitimate interests.
3.3 Customer Service and Enquiries
To respond to your enquiries, complaints or requests for information; to provide support in relation to our products and services; and to follow up on any feedback you give us. Lawful basis: performance of a contract (where the enquiry relates to an order); legitimate interests (responding to general enquiries and improving customer relations).
3.4 Marketing Communications
To send you marketing communications about new bouquets, seasonal arrangements, subscription offers and other news from Vlaxyronez, where you have opted in or where we are permitted to do so by law (e.g. soft opt-in for existing customers). You can unsubscribe at any time. Lawful basis: consent; or legitimate interests where the law allows (e.g. similar products to past purchases).
3.5 Website and Service Improvement
To analyse how visitors use our website (e.g. which pages are most viewed, how users navigate the site, whether they complete the contact form or abandon the process); to improve our website, product range and services; and to ensure our website and systems operate securely and effectively. Where we use analytics, we aim to use anonymised or aggregated data where possible. Lawful basis: legitimate interests (improving our services and user experience).
3.6 Legal and Regulatory Compliance
To comply with legal and regulatory obligations, including record-keeping for tax, accounting and consumer law purposes; to respond to requests from regulators or law enforcement where required by law; and to establish, exercise or defend legal claims (e.g. in the event of a dispute). Lawful basis: legal obligation; legitimate interests (protecting our business and rights).
4. Lawful Basis for Processing
Under the UK GDPR we must have a lawful basis for each processing activity. We rely on the following:
- Performance of a contract: Where processing is necessary to perform our contract with you (e.g. to supply bouquets or subscription flowers, to deliver to your chosen address, to process payments). Without this data we would not be able to fulfil your order or subscription.
- Consent: Where you have given clear consent for a specific purpose (e.g. marketing emails, optional cookies). You can withdraw consent at any time by contacting us or using the unsubscribe link in emails. Withdrawal does not affect the lawfulness of processing before withdrawal.
- Legitimate interests: Where processing is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests. Our legitimate interests include: operating and improving our floristry business; providing good customer service; preventing fraud and ensuring security; and communicating with you about your orders and subscriptions. We carry out a balance of interests assessment where we rely on this basis.
- Legal obligation: Where processing is necessary to comply with a legal obligation (e.g. retaining records for tax, responding to a court order).
If you have questions about the lawful basis for a specific type of processing, please contact us using the details below.
5. Sharing Your Personal Data
We do not sell your personal data to third parties. We may share your personal data only in the following circumstances and only to the extent necessary:
5.1 Delivery Partners and Couriers
We share your name, delivery address, contact telephone number and any delivery instructions with our delivery partners and couriers so that they can deliver your bouquets and flower arrangements to you or your chosen recipient. These partners are contractually required to use the data only for the purpose of fulfilling the delivery and to protect it in line with data protection law.
5.2 Payment Processors
When you pay by card or other electronic means, your payment details are processed by our accredited payment service providers. We may share with them your name, email, order value and transaction reference as necessary to process the payment and prevent fraud. We do not store your full card details on our systems.
5.3 Professional Advisers
We may share your data with our lawyers, accountants, insurers or other professional advisers where necessary for the provision of their services to us (e.g. in the context of a legal dispute, audit or insurance claim). Such sharing is limited to what is necessary and is subject to obligations of confidentiality.
5.4 Regulators and Law Enforcement
We may disclose your personal data to regulators (e.g. the Information Commissioner's Office), law enforcement agencies or other public authorities when required by law, or when we reasonably believe that disclosure is necessary to protect our rights, your safety or the safety of others, or to detect or prevent fraud or other crime.
5.5 Business Transfers
If we sell, merge or transfer any part of our business or assets, we may share your personal data with the prospective buyer or successor, subject to confidentiality and in accordance with applicable law. You will be informed of any such change and of any choices you may have regarding your data.
6. Data Retention
We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected, including to satisfy legal, accounting, tax or reporting requirements. Our retention practices are as follows:
6.1 Order and Subscription Records
We retain details of your orders, subscriptions, payments and delivery records for at least seven years from the end of the financial year in which the transaction occurred. This is to comply with UK tax and accounting obligations and to deal with any disputes or legal claims that may arise.
6.2 Contact and Enquiry Data
If you contact us via the contact form or email without placing an order, we typically retain your message and our response for up to three years, unless you become a customer (in which case the data may be retained as part of your customer record) or we have a legal obligation to retain it for longer.
6.3 Marketing Data
If you have opted in to marketing, we retain your contact details and consent record until you unsubscribe or withdraw consent. We also retain a record that you have unsubscribed so that we do not contact you again for marketing unless you opt in afresh.
6.4 Technical and Cookie Data
Retention of technical and cookie-related data depends on the type of cookie or technology used. Details are set out in our Cookies Policy. Session cookies are deleted when you close your browser; persistent cookies are retained for the period specified in that policy.
6.5 After the Retention Period
When we no longer need your personal data, we will securely delete or anonymise it so that it can no longer be associated with you. Anonymised data may be retained for statistical or analytical purposes indefinitely.
7. Your Rights Under UK Data Protection Law
Under the UK GDPR and the Data Protection Act 2018 you have the following rights in relation to your personal data. These rights are not absolute and may be subject to conditions or exceptions in law.
7.1 Right of Access
You have the right to obtain confirmation as to whether we process your personal data and, where that is the case, to access that data and receive certain information about the processing (e.g. purposes, categories of data, recipients, retention periods). You may request a copy of your data. We will respond within one month, extendable by a further two months where necessary. No fee is usually charged, but we may charge a reasonable fee for manifestly unfounded or excessive requests.
7.2 Right to Rectification
You have the right to have inaccurate personal data corrected and, taking into account the purposes of the processing, to have incomplete personal data completed. If you believe we hold incorrect information about you (e.g. wrong address or name), please contact us and we will update our records.
7.3 Right to Erasure
You have the right to request the erasure of your personal data in certain circumstances, for example where the data is no longer necessary for the purposes for which it was collected, where you withdraw consent (and there is no other lawful basis), or where the data has been unlawfully processed. This right is not absolute; we may need to retain some data to comply with legal obligations or to establish, exercise or defend legal claims (e.g. order records for tax purposes).
7.4 Right to Restrict Processing
You have the right to request that we restrict the processing of your personal data in certain situations (e.g. where you contest the accuracy of the data, where the processing is unlawful but you prefer restriction to erasure, or where we no longer need the data but you need it for the establishment, exercise or defence of legal claims). Where processing is restricted, we will store the data but not use it except with your consent or for legal claims.
7.5 Right to Data Portability
Where we process your data by automated means and the processing is based on your consent or on the performance of a contract with you, you have the right to receive the personal data you have provided to us in a structured, commonly used and machine-readable format, and to transmit that data to another controller where technically feasible.
7.6 Right to Object
You have the right to object to processing based on legitimate interests, including profiling. You also have the right to object at any time to processing of your data for direct marketing. If you object, we will stop processing for that purpose unless we can demonstrate compelling legitimate grounds that override your interests, or the processing is for the establishment, exercise or defence of legal claims.
7.7 Rights Related to Automated Decision-Making
We do not currently make decisions based solely on automated processing (including profiling) that produce legal effects concerning you or similarly significantly affect you. If we did, you would have the right to obtain human intervention, to express your point of view and to contest the decision. We will inform you if our practices change in this regard.
7.8 Withdrawal of Consent
Where we rely on your consent for processing, you have the right to withdraw that consent at any time. Withdrawal does not affect the lawfulness of processing based on consent before its withdrawal. You can withdraw consent by contacting us or, for marketing emails, by using the unsubscribe link in each email.
7.9 Right to Lodge a Complaint
You have the right to lodge a complaint with a supervisory authority. In the United Kingdom, the supervisory authority is the Information Commissioner's Office (ICO). You can contact the ICO at: Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF; website ico.org.uk; telephone 0303 123 1113. We would encourage you to contact us first so that we can try to resolve your concerns.
7.10 How to Exercise Your Rights
To exercise any of the above rights, please contact us using the contact details set out in section 12 below. We will respond within one month of receipt of your request, unless the request is complex or we have received many requests from you, in which case we may extend by a further two months and will inform you of the extension. We may need to verify your identity before processing your request to ensure we do not disclose your data to someone else.
8. Security of Your Personal Data
We implement appropriate technical and organisational measures to protect your personal data against unauthorised or unlawful processing, accidental loss, destruction or damage. These measures include:
- Restricting access to personal data to those employees, contractors and agents who need it for the purposes described in this policy; they are subject to confidentiality obligations.
- Using secure methods for the transmission and storage of data (e.g. encryption where appropriate, secure payment pages and accredited payment providers that comply with industry standards such as PCI DSS where applicable).
- Storing order and customer data on secure servers and ensuring that devices used to access the data are protected (e.g. by passwords and, where appropriate, two-factor authentication).
- Having procedures in place to deal with any suspected personal data breach; we will notify you and the ICO of a breach where we are required to do so by law.
No method of transmission over the internet or method of electronic storage is completely secure. While we strive to protect your personal data, we cannot guarantee its absolute security. You are responsible for keeping any passwords or account details confidential and for notifying us promptly if you suspect unauthorised access to your data.
9. International Transfers of Personal Data
Your personal data is generally processed within the United Kingdom and the European Economic Area (EEA). If we ever need to transfer your personal data to countries outside the UK or EEA (for example, if we use a service provider that stores data overseas), we will ensure that one of the following safeguards is in place:
- An adequacy decision by the UK government or the European Commission confirming that the country provides an adequate level of data protection; or
- Standard contractual clauses (or equivalent mechanisms) approved by the UK or EU authorities, which impose obligations on the recipient to protect your data; or
- Such other mechanism as is permitted under UK data protection law.
You may request a copy of the safeguards we use in relation to any such transfer by contacting us.
10. Children's Privacy
Our website and services are not directed at children under the age of 16. We do not knowingly collect personal data from children under 16. If you are a parent or guardian and believe that your child has provided us with personal data without your consent, please contact us and we will take steps to delete that information.
11. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, in the data we collect or how we use it, in legal or regulatory requirements, or in the nature of our floristry services. The updated version will be posted on this page with a revised "last updated" or effective date. We encourage you to review this policy periodically. Where changes are material (e.g. a change in the purposes of processing or in the lawful basis), we may notify you by email or by a prominent notice on our website. Your continued use of our website or services after the effective date of the changes constitutes your acceptance of the updated policy where permitted by law. If you do not agree, you should stop using our services and contact us regarding your data.
12. Contact Us
If you have any questions about this Privacy Policy or our handling of your personal data, or if you wish to exercise any of your data protection rights, please contact us:
Vlaxyronez, 158 Long Ln, London SE1 4BS, United Kingdom. Telephone: +442074071666. You can also use the contact form on our website at vlaxyronez.ddd. We will respond to your request without undue delay and in any event within one month (or within three months if the request is complex), as required by UK data protection law. If you are not satisfied with our response, you have the right to lodge a complaint with the Information Commissioner's Office as described in section 7.9 above.