GDPR Privacy Policy

We at ECOMGIFTING INC consider your privacy critically important. This policy describes how your personal information is collected, used and shared when you visit or purchase from flowersgifting.com.

This policy applies where we act as a Data Controller under GDPR — meaning we determine the purposes and means of processing your personal data. We are committed to protecting your information in a safe, secure and responsible manner.

Where cookies are not strictly necessary for our services, we will request your consent on your first visit. Our website includes privacy controls allowing you to limit direct marketing communications and the publication of your information.

All personal information including name, address and payment data is encrypted using industry-standard 256-bit SSL and cannot be read in transit over the internet.

Usage Data: IP address, browser type/version, OS, referral source, page views, navigation paths and session length. Legal basis: Legitimate interests (monitoring and improving our website).

Account Data: Name, email, billing address, contact number. Legal basis: Performance of a contract.

Personal & Profile Data: Name, address, phone, email, gender, date of birth. Legal basis: Performance of a contract / Legitimate interests.

Enquiry Data: Enquiries submitted regarding goods/services. Legal basis: Legitimate interests (offering relevant products).

Transaction Data: Name, contact details and transaction details. Card data is transmitted via 256-bit SSL encryption directly to our payment gateway — we never see or store your full card number. Legal basis: Performance of a contract.

Notification Data: Email address for newsletters and notifications. Legal basis: Consent.

Correspondence Data: Communications sent to us, retained for responding and record-keeping. Legal basis: Legitimate interests.

Please do not supply another person's personal data unless prompted to do so (e.g. gift recipient details).

We may disclose your data to our business partners (vendors, florists and delivering outlets) solely to complete your order. These partners are contractually bound to process data only as directed by us.

We share transaction data with our payment services providers only as strictly necessary for processing payments and handling refund queries.

We may also disclose data where required by applicable law or legal process, to protect the vital interests of any person, or to establish, exercise or defend legal claims.

We will never sell your personal data to third parties for their own marketing purposes.

Your personal data may be transferred to countries outside the European Economic Area (EEA). All such transfers are conducted in compliance with GDPR using standard contractual clauses approved by the European Commission. A copy of the applicable clauses can be obtained from eugdpr.org.

You acknowledge that data submitted via our website may be accessible globally via the internet. We take all reasonable technical and organisational measures to protect your data during transit and at rest.

Personal data is retained only as long as necessary for the purpose for which it was collected. We retain order and transaction data for a minimum of 90 days. Where retention periods cannot be specified in advance (e.g. for legal claims), we determine them on a case-by-case basis. We may retain data longer where required by legal obligation. Data will be securely deleted or anonymised when no longer required.

We may update this policy from time to time by publishing a revised version on our website. We will notify you of significant changes by email. Please review this page periodically. Your continued use of our services after any change constitutes acceptance of the updated policy.

Under GDPR you have the following rights. Some rights are complex — consult your national data protection authority for full details:

• Right to Access: Confirm whether we process your data and obtain a copy, including purpose, categories and recipients.
• Right to Rectification: Correct any inaccurate or incomplete data without undue delay.
• Right to Erasure ("Right to be Forgotten"): Request deletion where data is no longer necessary, consent is withdrawn, or processing is unlawful. Subject to legal exclusions.
• Right to Restrict Processing: Limit processing where accuracy is contested, processing is unlawful, or data is needed for legal claims.
• Right to Object: Object to processing for direct marketing (including newsletters and feedback emails) at any time — we will stop immediately.
• Right to Lodge a Complaint: Lodge a complaint with your national supervisory authority in your EU member state of habitual residence.
• Right to Withdraw Consent: Withdraw consent at any time without affecting the lawfulness of past processing.

To exercise any right, email ecomgifting@flowersgifting.com. We will respond within 30 days as required under GDPR.

A cookie is a small file sent by a web server to your browser. Persistent cookies remain until their expiry date; session cookies expire when you close your browser. Cookies do not typically contain personally identifying information in isolation.

We use cookies for: Authentication · Session status · Personalisation · Security · Advertising · Analytics · Cookie consent tracking

Third-party cookies: Google Analytics (website analytics) and Google AdSense / Adroll (remarketing). See Google's privacy policy at google.com/policies/privacy.

Managing cookies: You may block or delete cookies via your browser settings. Note that blocking all cookies may impair certain website functionality.

• Chrome · Firefox · Opera
• Internet Explorer · Safari · Edge