Privacy Policy

Last updated: October 2025

This Privacy Policy describes how Florist Touch Ltd (“Florist Touch”, “we”, “us”, “our”) collects, uses, and protects personal data in connection with our website and platform services (the “Service”). By using the Service, you agree to this Privacy Policy.

Company Information

Florist Touch Ltd
Company number: 12456022
Registered office: 3rd Floor Suite, 207 Regent Street, London, England, W1B 3HH
Website: floristtouch.co.uk

How We Operate (Controller/Processor Roles)

  • We are Controller of: your account profile and billing data, Service analytics, communications with you, and our own business records.
  • We are Processor of: your florist shop data and your customers’ data that you store or process via the platform (e.g., orders, delivery details, customer contact info). We process this only on your documented instructions in accordance with our Terms.
  • Independent Resellers: Where you engage an independent Reseller (artworker/developer) directly, they act as your own processor or sub-processor for their services. Florist Touch does not supervise or control how they process data for you.
  • Payments / Client Money: Florist Touch does not hold client funds or operate a client money account. Payments between a florist and a Reseller are handled directly between those parties or their chosen payment provider.

Interpretation and Definitions

  • Account — a unique account created to access the Service.
  • Personal Data — information about an identified or identifiable person.
  • Usage Data — technical data collected automatically, such as IP, device, pages viewed, and session metadata.
  • Cookies — small files placed on your device to store preferences.
  • UK GDPR — the UK General Data Protection Regulation and the Data Protection Act 2018.

Data We Collect

Account & Contact Data (Controller)

  • Name, email address, phone number, business/postal address
  • Billing details and transaction history (we do not store full card numbers)
  • Support queries and communications

Shop & Customer Data (Processor)

When you use the platform for your florist business, you may upload or generate:

  • Your customers’ names, addresses, emails, phone numbers
  • Order and delivery details, notes and preferences
  • Product, pricing and inventory information
  • Marketing preferences (e.g., newsletter opt-ins)

Usage Data (Controller)

We collect Usage Data automatically to maintain and improve the Service (e.g., IP address, browser type/version, device type, pages visited, time stamps, referrers).

Cookies

We use Cookies and similar technologies to keep you logged in, remember preferences, measure performance, and support security. You can manage Cookies via your browser settings. Some features may not function without essential Cookies.

  • Essential (authentication, security, preferences)
  • Analytics (Service performance and improvements)
  • Marketing (only with consent where required)

How We Use Personal Data

  • Provide, maintain and improve the Service
  • Authenticate users and secure the platform
  • Respond to enquiries and provide customer support
  • Manage billing and account administration
  • Send operational notices and platform updates
  • Send marketing communications where permitted (see “Marketing & PECR”)
  • Comply with legal obligations and enforce our Terms

Lawful Bases (UK GDPR)

  • Contract (providing the Service you request)
  • Legitimate interests (operating, improving, and securing the Service; communicating important updates; B2B marketing consistent with expectations and rights)
  • Consent (non-essential Cookies; certain marketing)
  • Legal obligation (tax, accounting, and regulatory compliance)

Marketing & PECR

We may send B2B marketing to corporate subscribers based on legitimate interests. For individual subscribers, we rely on consent or the “soft opt-in” where permitted (existing customer relationship for similar products/services). You can opt out any time via the email footer or by contacting us.

Data Sharing

We share Personal Data only as necessary and subject to appropriate safeguards:

  • Service providers (hosting, email delivery, backup, analytics, support tools) acting as our sub-processors under written contracts
  • Independent Resellers engaged by you directly to assist with onboarding/support (they act under your control, not ours)
  • Payment providers you choose to integrate (e.g., Stripe, WorldPay) — you contract with them directly; we do not store full card data
  • Professional advisers and insurers (where necessary)
  • Authorities or third parties where required by law or to enforce our rights
  • Business transfers (e.g., merger, acquisition), subject to continuity safeguards

Sub-Processor List & Changes

We maintain a current list of our sub-processors in this Policy. We will post material changes here. If you reasonably object on data-protection grounds within 14 days of notice, we will discuss in good faith; if unresolved, you may terminate the affected Service without penalty.

Current categories of sub-processors (may include one or more vendors in each category):

  • Cloud hosting and infrastructure providers
  • Email delivery and notifications providers
  • Backup and monitoring providers
  • Security and anti-abuse providers
  • Customer support and ticketing tools
  • Analytics and performance tools

International Transfers

Where Personal Data is transferred outside the UK/EEA, we use appropriate safeguards such as the UK International Data Transfer Agreement (IDTA), the UK Addendum to the EU Standard Contractual Clauses, or other adequacy mechanisms then in force.

Retention

We retain Personal Data for as long as necessary for the purposes described above:

  • Account & billing data: generally for the life of the account plus up to 7 years (accounting/tax).
  • Shop & customer data (Processor): retained according to your instructions and settings; deleted/returned after termination (subject to lawful retention for backups/logs).
  • Usage/analytics data: typically shorter periods unless needed for security or legal purposes.

Security

We implement appropriate technical and organisational measures (including encryption in transit, access controls, and backups) to protect Personal Data. No system is 100% secure, but we work to prevent, detect, and respond to incidents promptly.

Breach Notification

If we become aware of a Personal Data Breach affecting data we process as Processor, we will notify you without undue delay and provide information to support your own regulatory notifications where required.

Your Rights (UK GDPR)

Subject to conditions and exemptions, you have the right to:

  • Access your Personal Data
  • Rectify inaccurate data
  • Erase data in certain circumstances
  • Restrict or object to processing (including marketing)
  • Data portability for data you provided to us
  • Withdraw consent at any time (where processing is based on consent)

To exercise these rights, contact us via our contact page. If your request concerns data we process as Processor on behalf of a florist, we may redirect you to that florist (the Controller) to handle your request.

You also have the right to lodge a complaint with the UK Information Commissioner’s Office at ico.org.uk.

Eligibility & Children’s Privacy

  • Our Service is B2B and intended for adults aged 18 and over.
  • We do not knowingly collect Personal Data from children under 13. If you believe a child has provided us data, please contact us so we can delete it.

Third-Party Links & Payment Providers

The website may contain links to other sites. Their privacy practices are their own—please review their policies. If you connect payment providers (e.g., Stripe, WorldPay), their processing of payer data is governed by their terms and privacy policies; we do not store full card numbers.

Facebook Application Privacy

If you use Facebook-connected features, we may receive limited profile data (e.g., name, email, public profile) to enable functionality. We do not sell this information. For any Facebook-related queries, please contact us via our contact page.

Changes to This Policy

We may update this Policy from time to time. We will post changes here with an updated effective date. Material changes will be notified where appropriate. Continued use of the Service after changes takes effect constitutes acceptance.

Contact Us

If you have questions about this Policy or our data practices, please contact us at:

floristtouch.co.uk/contact

Effective date: October 2025

Get Started

Site Map

Contact

Info

Florist Touch - All rights reserved -

Privacy Policy

Terms and Conditions

Some setup, onboarding, and customer support services may be provided by independent Florist Touch resellers operating under license. Florist Touch Ltd remains responsible for the platform’s hosting, maintenance, and core technical support.