Chaucer's Rose

Chaucer's Rose Privacy Policy

At Chaucer's Rose, we are committed to protecting the privacy and security of the personal data we collect from our clients and website visitors. This Privacy Policy outlines how we collect, use, disclose, and protect your information when you interact with our bespoke floral design and event styling services, our online platform, or participate in our workshops and subscription services.

1. Information We Collect

We collect information that helps us provide our services and improve your experience. This includes:

• Personal Identification Information: Your name, email address, postal address, phone number, and payment information (e.g., credit card details) when you make a purchase, book a consultation, subscribe to our services, or register for a workshop.
• Event-Specific Information: Details about your event, such as date, venue, theme, specific floral preferences, guest count, and any other information relevant to creating bespoke designs for weddings, corporate events, or other occasions.
• Communication Data: Records of your correspondence with us via email, phone, or contact forms on our online platform.
• Website Usage Data: Information about how you interact with our online platform, including IP address, browser type, operating system, referring URLs, pages viewed, and the dates/times of your visits. This helps us understand user behavior and improve our site.
• Marketing Preferences: Your choices regarding receiving marketing communications from us.

2. How We Use Your Information

We use the collected information for various purposes, primarily to provide and improve our services:

• Service Provision: To design, arrange, and deliver custom floral arrangements, provide event decoration and styling, manage wedding floristry services, and fulfill flower subscription orders.
• Communication: To respond to your inquiries, provide customer support, send service-related notifications (e.g., order confirmations, delivery updates), and inform you about workshop details.
• Personalization: To tailor our services and communications to your specific preferences and needs, ensuring a bespoke experience.
• Marketing: With your consent, to send you promotional materials about new services, special offers, workshops, and news from Chaucer's Rose that we believe may be of interest to you. You can opt-out at any time.
• Website Improvement: To analyze trends, administer our online platform, track user movements, and gather demographic information to improve user experience and functionality.
• Billing and Payments: To process transactions and manage billing for our services.
• Legal Compliance: To comply with applicable laws, regulations, and legal processes.

3. Legal Basis for Processing Personal Data

We process your personal data under the following legal bases:

• Contractual Necessity: Processing is necessary for the performance of a contract with you or to take steps at your request before entering into a contract (e.g., fulfilling floral orders, providing event styling).
• Legitimate Interests: Processing is necessary for our legitimate interests or those of a third party, where these interests are not overridden by your fundamental rights and freedoms (e.g., improving our services, preventing fraud, direct marketing where permitted).
• Consent: Where you have given explicit consent for us to process your personal data for a specific purpose (e.g., subscribing to marketing newsletters). You have the right to withdraw your consent at any time.
• Legal Obligation: Processing is necessary for compliance with a legal obligation to which we are subject (e.g., tax and accounting requirements).

4. Sharing Your Information

We do not sell, rent, or trade your personal data to third parties. We may share your information with:

• Service Providers: Trusted third-party companies who perform services on our behalf, such as payment processing, website hosting, email delivery, analytics, and logistics partners for floral deliveries. These providers are obligated to protect your information and use it only for the purposes for which it was shared.
• Legal and Regulatory Authorities: When required by law or in response to valid legal requests, such as subpoenas, court orders, or government investigations.
• Business Transfers: In connection with a merger, acquisition, or sale of all or a portion of our assets, your data may be transferred to the acquiring entity.

5. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected, including for the purposes of satisfying any legal, accounting, or reporting requirements. To determine the appropriate retention period, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorized use or disclosure of your personal data, the purposes for which we process your personal data, and whether we can achieve those purposes through other means, and the applicable legal requirements.

6. Your Data Protection Rights (GDPR)

Under the General Data Protection Regulation (GDPR), you have certain rights regarding your personal data:

• Right to Access: You have the right to request copies of your personal data.
• Right to Rectification: You have the right to request that we correct any information you believe is inaccurate or complete information you believe is incomplete.
• Right to Erasure: You have the right to request that we erase your personal data, under certain conditions.
• Right to Restrict Processing: You have the right to request that we restrict the processing of your personal data, under certain conditions.
• Right to Object to Processing: You have the right to object to our processing of your personal data, under certain conditions.
• Right to Data Portability: You have the right to request that we transfer the data that we have collected to another organization, or directly to you, under certain conditions.

To exercise any of these rights, please contact us using the details provided below. We will respond to your request within one month.

7. Security Measures

We implement appropriate technical and organizational measures to protect your personal data from unauthorized access, disclosure, alteration, and destruction. This includes using secure servers, encrypting data during transmission, and regularly reviewing our security practices.

8. Third-Party Links

Our online platform may contain links to other websites not operated by us. We are not responsible for the privacy practices or content of these third-party sites. We encourage you to review the privacy policies of any website you visit.

9. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or for other operational, legal, or regulatory reasons. We will notify you of any significant changes by posting the new policy on our online platform and updating the "last updated" date.

10. Contact Us

If you have any questions or concerns about this Privacy Policy or our data practices, please contact us at:

If you believe that we have not responded to your privacy concerns adequately, you have the right to lodge a complaint with the Information Commissioner's Office (ICO), the UK supervisory authority for data protection issues.