Privacy Policy for Tidal Florals

At Tidal Florals, we are committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy outlines how we collect, use, disclose, and protect your data when you interact with our services, including fresh flower arrangements, bespoke wedding florals, corporate event decorations, plant rental services, and floral workshops. We adhere to the principles of the General Data Protection Regulation (GDPR) and other applicable data protection laws.

1. Information We Collect

We collect various types of information to provide and improve our services:

1.1 Personal Data You Provide Directly

• Contact Information: Such as your name, email address, phone number, and delivery address, essential for order fulfillment and communication.
• Payment Information: Including credit/debit card details, processed securely by third-party payment processors. We do not store full payment card details on our servers.
• Order Details: Information related to your purchases, including product preferences, bespoke requests, and event specifics.
• Correspondence: Records of communications with us, including inquiries, feedback, and support requests.
• Workshop Registrations: Information provided when signing up for our floral workshops.

1.2 Automatically Collected Data

When you visit our online platform, we may automatically collect certain information:

• Usage Data: Information about how you interact with our site, including pages visited, time spent on pages, and click paths.
• Technical Data: Your IP address, browser type and version, operating system, and other device identifiers.
• Cookies and Similar Technologies: We use cookies to enhance your browsing experience, remember your preferences, and analyze site traffic. You can manage your cookie preferences through your browser settings.

2. How We Use Your Information

We use your personal data for the following purposes:

• To Provide and Manage Services: Fulfilling your orders for fresh flower arrangements, bespoke wedding florals, corporate event decorations; managing plant rental services; and facilitating attendance at floral workshops.
• Communication: Sending order confirmations, delivery updates, responses to inquiries, and information about our services.
• Personalization: Tailoring our offerings and communications to your preferences based on your previous interactions and interests.
• Marketing: With your consent, sending promotional materials, newsletters, and special offers related to our floristry and event decor services. You can opt-out at any time.
• Service Improvement: Analyzing usage patterns to enhance our website, products, and service delivery, ensuring sustainable sourcing practices are reflected in our operations.
• Legal Compliance: Meeting our legal and regulatory obligations.

3. Legal Basis for Processing (GDPR)

We only process your personal data when we have a valid legal basis to do so, which includes:

• Performance of a Contract: When processing is necessary to fulfill a contract with you, such as fulfilling an order or providing event decor services.
• Legitimate Interests: When processing is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests, such as improving our services or preventing fraud.
• Consent: Where you have given explicit consent for specific processing activities, such as receiving marketing communications. You have the right to withdraw your consent at any time.
• Legal Obligation: When processing is necessary for compliance with a legal obligation to which we are subject.

4. Sharing Your Information

We may share your information with:

• Service Providers: Third parties who assist us in operating our business, such as payment processors, delivery services, IT support, and marketing platforms. These providers are obligated to protect your data and only use it for the purposes we specify.
• Legal and Regulatory Authorities: When required by law or to protect our rights, property, or safety, or the rights, property, or safety of others.
• Business Transfers: In the event of a merger, acquisition, or sale of all or a portion of our assets, your data may be transferred as part of that transaction.

We ensure that any third parties with whom we share your data uphold appropriate data protection and security standards.

5. International Data Transfers

As a UK-based company, your data will primarily be processed within the UK and European Economic Area (EEA). If we ever need to transfer your personal data outside the UK or EEA, we will ensure that appropriate safeguards are in place, such as standard contractual clauses or reliance on adequacy decisions, to guarantee your data receives a similar level of protection.

6. Data Security

We implement robust technical and organizational measures to protect your personal data from unauthorized access, disclosure, alteration, and destruction. These measures include encryption, access controls, regular security audits, and staff training on data protection.

7. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected, including for the purposes of satisfying any legal, accounting, or reporting requirements. This period will vary depending on the nature of the data and the services provided.

8. Your Data Protection Rights (GDPR)

Under GDPR, you have the following rights regarding your personal data:

• Right to Access: You have the right to request copies of your personal data.
• Right to Rectification: You have the right to request that we correct any information you believe is inaccurate or complete information you believe is incomplete.
• Right to Erasure ('Right to be Forgotten'): You have the right to request that we erase your personal data under certain conditions.
• Right to Restrict Processing: You have the right to request that we restrict the processing of your personal data under certain conditions.
• Right to Object to Processing: You have the right to object to our processing of your personal data under certain conditions.
• Right to Data Portability: You have the right to request that we transfer the data that we have collected to another organization, or directly to you, under certain conditions.
• Right to Lodge a Complaint: You have the right to lodge a complaint with the Information Commissioner's Office (ICO) in the UK if you believe your data protection rights have been violated.

To exercise any of these rights, please contact us using the details provided below.

9. Third-Party Links

Our online platform may contain links to other websites not operated by us. We are not responsible for the privacy practices or content of these third-party sites. We encourage you to review the privacy policies of any third-party sites you visit.

10. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. We will notify you of any significant changes by posting the new policy on our website and updating the "last updated" date. We encourage you to review this policy periodically.

11. Contact Us

If you have any questions or concerns about this Privacy Policy or our data practices, please contact us: