Geyser Petals | Sustainable Geothermal Floristry in Bristol, UK

Privacy Policy for Geyser Petals

Geyser Petals is committed to protecting the privacy and security of the personal data we collect from users of our online platform. This Privacy Policy outlines how we collect, use, disclose, and protect information obtained through our services, in compliance with the General Data Protection Regulation (GDPR) and other applicable data protection laws.

1. Information We Collect

We collect various types of information to provide and improve our services, which include cultivation of heat-tolerant floral varieties, bespoke floral arrangements, greenhouse design, sustainable flower sourcing, educational workshops, and landscape design.

1.1 Personal Data You Provide Voluntarily

Identity and Contact Data: When you enquire about our services, place an order, sign up for workshops, or subscribe to our newsletters, we may collect your name, email address, postal address, and telephone number.
Transaction Data: If you make purchases through our site, we collect details about payments to and from you and other details of products and services you have purchased from us. Payment card details are processed by secure third-party payment processors and are not stored by us.
Correspondence Data: Information you provide when communicating with us via email, phone, or contact forms, including feedback and survey responses.

1.2 Automatically Collected Data

Technical Data: Includes internet protocol (IP) address, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, and other technology on the devices you use to access our online platform.
Usage Data: Information about how you use our online platform, products, and services, such as pages viewed, services searched for, page response times, download errors, length of visits to certain pages, page interaction information (e.g., scrolling, clicks, and mouse-overs).

2. How We Use Your Information

We use the collected data for the following purposes and on the following legal bases:

To Provide and Manage Services: (Legal Basis: Performance of a contract) To process your orders for floral arrangements, manage workshop registrations, facilitate greenhouse design consultations, and deliver other services you request.
To Communicate with You: (Legal Basis: Legitimate interests, consent) To respond to your inquiries, send service updates, and provide information about our products, services, and upcoming events, where you have consented or where there is a legitimate interest to do so.
For Marketing Purposes: (Legal Basis: Consent) To send you promotional materials about our new floral varieties, sustainable practices, and educational opportunities, only if you have explicitly opted in to receive such communications.
Website Improvement and Analytics: (Legal Basis: Legitimate interests) To understand how our online platform is used, improve user experience, and ensure our content is presented effectively for you and your device.
Security and Fraud Prevention: (Legal Basis: Legitimate interests, legal obligation) To maintain the security of our online platform and prevent fraudulent activities.
Compliance with Legal Obligations: (Legal Basis: Legal obligation) To comply with applicable laws, regulations, and legal processes.

3. Sharing Your Information

We do not sell your personal data. We may share your information with:

Service Providers: Third-party vendors and service providers who perform services on our behalf, such as payment processing, website hosting, data analysis, email delivery, and customer service. These providers are obligated to protect your data and only use it for the purposes for which we disclose it to them.
Legal and Regulatory Authorities: When required by law or in response to valid requests by public authorities (e.g., a court or government agency).

4. International Data Transfers

As Geyser Petals operates solely within the UK, we primarily process and store your personal data within the European Economic Area (EEA). If any of our service providers are located outside the EEA, we ensure that appropriate safeguards are in place to protect your data in accordance with GDPR, such as standard contractual clauses or reliance on adequacy decisions.

5. Data Retention

We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected, including for the purposes of satisfying any legal, accounting, or reporting requirements. To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.

6. Your Data Protection Rights (GDPR)

Under GDPR, you have the following rights regarding your personal data:

The Right to Access: You have the right to request copies of your personal data.
The Right to Rectification: You have the right to request that we correct any information you believe is inaccurate or complete information you believe is incomplete.
The Right to Erasure: You have the right to request that we erase your personal data, under certain conditions.
The Right to Restrict Processing: You have the right to request that we restrict the processing of your personal data, under certain conditions.
The Right to Object to Processing: You have the right to object to our processing of your personal data, under certain conditions.
The Right to Data Portability: You have the right to request that we transfer the data that we have collected to another organization, or directly to you, under certain conditions.
The Right to Withdraw Consent: Where we rely on your consent to process your personal data, you have the right to withdraw that consent at any time.

To exercise any of these rights, please contact us using the details provided below.

7. Security Measures

We implement appropriate technical and organisational measures to protect your personal data from accidental loss, unauthorised access, use, alteration, or disclosure. We regularly review our security procedures to ensure they remain effective and proportionate to the risks involved.

8. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or for other operational, legal, or regulatory reasons. We will notify you of any significant changes by posting the new Privacy Policy on this page. We encourage you to review this Privacy Policy periodically for any updates.

9. Contact Us

If you have any questions or concerns about this Privacy Policy or our data practices, or if you wish to exercise your data protection rights, please contact us at:

Geyser Petals

14 Geothermal Way,

Clifton Street,

Suite 3B,

Bristol, England, BS8 4GY, UK

We will respond to your request in accordance with applicable data protection laws. You also have the right to lodge a complaint with the Information Commissioner's Office (ICO), the UK supervisory authority for data protection issues.