Privacy Policy for Petal Loom

Petal Loom (referred to as "we," "our," or "us") is committed to protecting the privacy and security of your personal information. This Privacy Policy describes how we collect, use, and process your personal data when you use our online platform to showcase and sell bespoke silk flower creations, including bespoke artificial flower arrangements, silk floral sculpture, textile flower design, and custom fabric dyeing for floral projects.

1. Information We Collect

We collect information to provide and improve our services to you. This includes:

• Personal Identification Information: When you make a purchase, request a bespoke creation, or contact us, we may collect your name, postal address, email address, and telephone number. This information is essential for processing orders and communicating with you regarding your custom designs.
• Payment Information: While we do not directly store credit card details on our servers, we process payments through secure third-party payment processors. We may collect transaction details related to your purchases on our site.
• Correspondence: Records of any communications you have with us, including inquiries about our silk flower creations or design projects.
• Usage Data: Information about how you access and use our online platform, such as your IP address, browser type, operating system, referring URLs, pages viewed, and the dates/times of your visits. This helps us understand user behaviour and improve our site's functionality and user experience.
• Customer Preferences: Details about your preferences for silk flower arrangements, colours, materials, or specific design requests to help us create bespoke items tailored to your needs.

2. How We Use Your Information

We use the collected information for various purposes:

• To process and fulfil your orders for bespoke silk flower arrangements, custom fabric dyeing, and other services.
• To communicate with you about your orders, inquiries, custom design requests, and provide customer support.
• To personalise your experience on our site and present offers or products tailored to your interests in silk floral creations.
• To improve our online platform, optimise user experience, and develop new features for displaying and selling our products.
• For internal record-keeping, billing, account management, and analytical purposes.
• To comply with legal obligations and facilitate fraud prevention.

3. Legal Basis for Processing Personal Data (GDPR)

We process your personal data based on the following legal grounds:

• Performance of a Contract: Processing is necessary for the performance of a contract to which you are party (e.g., fulfilling your order for a bespoke silk flower arrangement) or in order to take steps at your request prior to entering into a contract.
• Legitimate Interests: Processing is necessary for our legitimate interests or those of a third party, provided those interests are not overridden by your fundamental rights and freedoms (e.g., improving our services, preventing fraud, direct marketing where permissible).
• Legal Obligation: Processing is necessary for compliance with a legal obligation to which we are subject (e.g., tax and accounting requirements).
• Consent: Where required by law, we will obtain your explicit consent for specific processing activities (e.g., for certain types of marketing communications). You have the right to withdraw your consent at any time.

4. Sharing Your Information

We do not sell your personal data to third parties. We may share your information with:

• Service Providers: Reputable third-party service providers who assist us in operating our online platform, conducting our business (e.g., payment processors, shipping companies, website analytics providers). These providers are contractually bound to protect your data and only use it for the purposes for which it was disclosed.
• Legal Requirements: If required to do so by law or in response to valid requests by public authorities (e.g., a court or government agency).
• Business Transfers: In connection with, or during negotiations of, any merger, sale of company assets, financing, or acquisition of all or a portion of our business by another company.

5. Data Security

We implement appropriate technical and organisational measures to protect your personal data from unauthorised access, alteration, disclosure, or destruction. We regularly review our security procedures to ensure they remain robust and effective.

6. Data Retention

We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected, including for the purposes of satisfying any legal, accounting, or reporting requirements. When we no longer need to retain your personal data, we will securely delete or anonymise it.

7. Your Rights Under GDPR

In accordance with the General Data Protection Regulation (GDPR), you have the following rights regarding your personal data:

• The Right to Be Informed: To know how your data is being used.
• The Right of Access: To request a copy of the personal data we hold about you.
• The Right to Rectification: To request that we correct any inaccurate or incomplete personal data.
• The Right to Erasure ( "Right to Be Forgotten"): To request that we delete your personal data under certain circumstances.
• The Right to Restrict Processing: To request that we limit the way we use your personal data.
• The Right to Data Portability: To request that we transfer your personal data to another organisation or directly to you, in a structured, commonly used and machine-readable format.
• The Right to Object: To object to our processing of your personal data under certain conditions, including for direct marketing.
• Rights in Relation to Automated Decision Making and Profiling: To safeguards against the risk that a decision made solely by automated means without any human involvement could have a significant negative impact on you.

To exercise any of these rights, please contact us using the details provided below.

8. International Data Transfers

As we primarily operate within the UK, your personal data will mainly be processed within the European Economic Area (EEA). However, some of our third-party service providers may process data outside the EEA. In such cases, we ensure that appropriate safeguards are in place to protect your privacy rights as required by GDPR and other applicable data protection laws. This may include using standard contractual clauses approved by the European Commission or ensuring the third party is certified under an approved data transfer mechanism.

9. Cookies and Tracking Technologies

Our online platform may use cookies and similar tracking technologies to enhance your browsing experience, analyse site usage, and support our marketing efforts. You can control cookie preferences through your browser settings. For more detailed information, please refer to our separate Cookie Policy (if applicable).

10. Links to Other Websites

Our site may contain links to other websites. We are not responsible for the privacy practices or the content of these third-party sites. We encourage you to read the privacy policies of any linked websites you visit.

11. Changes to This Privacy Policy

We may update our Privacy Policy from time to time. Any changes will be posted on this page, and the "last updated" date at the top of the policy will be revised. We encourage you to review this Privacy Policy periodically for any updates.

12. Contact Us

If you have any questions or concerns about this Privacy Policy or our data practices, please contact us:

Petal Loom

Rusheyhill Road,

Lisburn, BT29 4JE, UK

13. Complaints

If you believe that we have not responded to your concerns or handled your personal data in accordance with the law, you have the right to lodge a complaint with the Information Commissioner's Office (ICO), the UK supervisory authority for data protection issues.