Privacy policy.

Burn Valley Flowers
Last updated: 03.12.2025

At Burn Valley Flowers (“we,” “our,” or “us”), we care deeply about your privacy. This policy explains what information we collect, how we use it, and the rights you have under UK data protection law, including the UK GDPR and the Data Protection Act 2018.

By using our website or services, you agree to the practices described here—though we’ve kept things as clear and friendly as possible.

1. Who We Are

Burn Valley Flowers provides floral products and services within the UK.
If you have questions about this policy, you can always reach us at:
Email: burnvalleyflowers@gmail.com

We act as the Data Controller, which means we’re responsible for deciding how your personal data is used.

2. The Information We Collect

2.1 Information You Provide to Us

We may collect personal information when you:

  • Place an order

  • Contact us via email or forms

  • Sign up for updates or newsletters

  • Engage with us through social media

This may include:

  • Name

  • Email address

  • Phone number

  • Delivery addresses

  • Payment details (processed securely by trusted third-party providers)

  • Any message or extra information you choose to share

2.2 Information We Collect Automatically

Like most websites, we collect technical data such as:

  • IP address

  • Browser type and device information

  • Pages you visit

  • How you use the website

  • Cookies and similar technologies

This helps us improve the website and ensure it runs smoothly.

2.3 Cookies

We use cookies to:

  • Make the website function properly

  • Remember your preferences

  • Understand how visitors use the site

You can adjust or disable cookies anytime in your browser settings.

3. How We Use Your Information

We only use your information when we have a lawful basis under UK GDPR. That includes:

  • To fulfil orders: processing payments, arranging delivery, and providing customer support

  • To communicate with you: sending updates, answering questions, and responding to requests

  • To improve our website and services

  • To send marketing emails (only if you’ve agreed to receive them — you can unsubscribe at any time)

  • To meet legal or tax obligations

4. Lawful Bases for Processing

Under UK GDPR, we rely on the following lawful bases:

  • Contract: to process orders and deliver services

  • Consent: for marketing emails or optional cookies

  • Legitimate interests: improving our services and website

  • Legal obligation: keeping records for tax or regulatory purposes

5. Sharing Your Information

We never sell your personal data.

We may share information with:

  • Trusted service providers, such as payment processors, delivery companies, website hosting, and email platforms

  • Professional advisers, like accountants, when legally necessary

  • Authorities, if required by law

All third parties must handle your data securely and lawfully.

6. International Transfers

If a service provider processes data outside the UK, we ensure appropriate safeguards (such as UK-approved Standard Contractual Clauses) are in place to keep your information protected.

7. Data Security

We use technical and organisational measures to keep your information safe. While no online system is 100% secure, we do our best to protect your data from loss, misuse, or unauthorised access.

8. How Long We Keep Your Data

We keep your personal information only as long as necessary, depending on what it’s used for. For example:

  • Order information: typically 6 years for tax and accounting obligations

  • Marketing data: until you withdraw consent

  • Website analytics: as per cookie retention periods

9. Your Rights (UK GDPR)

You have several important rights, including:

  • Access to the data we hold about you

  • Correction if your data is inaccurate

  • Erasure (“the right to be forgotten”)

  • Restriction of processing

  • Objection to certain types of processing

  • Data portability

  • Withdrawal of consent at any time for marketing or optional cookies

To exercise any of these rights, contact us at [your email].

If you’re ever unhappy with how we handle your data, you’re entitled to lodge a complaint with the Information Commissioner’s Office (ICO) at ico.org.uk — though we’d appreciate the chance to help first.

10. Links to Other Websites

Our website may link to other sites. If you click a link, their privacy practices apply—not ours—so we encourage you to check their policies.

11. Children’s Privacy

Our services are not intended for children under 13, and we don’t knowingly collect personal information from children.

12. Updates to This Policy

We may update this Privacy Policy occasionally. Any changes will be posted on this page with a new “Last updated” date.

13. Contact Us

If you have questions about this Privacy Policy or your personal data, please get in touch:

Burn Valley Flowers
Email: burnvalleyflowers@gmail.com