PRIVACY POLICY Welcome to Lucy’s Flowers Privacy Policy, last updated on May 22, 2019 What does this Privacy Policy Cover? Lucy’s Flowers respects your privacy and is committed to protecting your Personal Data. We want to be transparent with you about how we collect and use your Personal Data.. This Privacy Policy is designed to describe: • Who we are and how to contact us. • Marketing communications preferences. • What Personal Data we collect. • How we use your Personal Data and why. • What happens when you do not provide necessary Personal Data? • Personal Data from Third Party Sources. • How we use cookies and other tracking or profiling technologies. • Who we share your Personal Data with. • How we keep your Personal Data secure. • How long we store your Personal Data. • Our policy on children. • Third party links. The Privacy Policy is intended to meet our duties of Transparency under the “General Data Protection Regulation” or “GDPR”. We will post any modifications or changes to this Privacy Policy on this page, unless we specifically notify you otherwise. Who we are and how to contact us Who we are. Lucy’s Flowers, is an American limited company trading under the name Lucy’s Flowers, is the Controller of your Personal Data (referred to in this Privacy Policy as either Lucy’s Flowers”, “we”, “us” or “our”). Our address is: 592 Johnson Ave Brooklyn NY 11237 How to contact us. You can contact us directly with any privacy-related queries or complaints by emailing us on

Requesting Access, correction, erasure or change of use of your personal data.

If you wish to make any requests regarding, access, correction, erasure or change of use to your personal data, please contact us at 
In general we will not charge you a fee in order to access your Personal Data, however, if you request is clearly repetitive, unfounded or excessive, we reserve the right refuse your request.

What do you need to provide?

In order to securely share data, or information relating to your data, we will need to confirm your identity, prior to sharing this information. As such, we may need to request specific information and/or contact you to ask for information in relation to your request in order to accelerate your process.

How long will it take? We will endeavour to respond to all legitimate requests within one month. In the event that a request is particularly complex, or require multiple sets of data it may take longer. Complaints To file a complaint regarding this privacy policy, please contact us at {{Florist Email}} We will reply to your complaint as soon as we can. Marketing communications preferences. At any time you can request us to stop sending you marketing messages by clicking the unsubscribe link in any email and/or emailing us at Opting out of these messages will not apply to communications related to the provision of services, including, but not limited to, information about orders made on the {{florist website}} website, the management of your account, your use of the site and updates to the privacy policy or terms and conditions. What do we collect. Common ways you provide us with information / data: We will collect a range of data when you use the services on our site or sign up to our mailing list. Common ways you provide us with data include:

  • Searching for products
  • Placing an order
  • Submitting a Review
  • Configuring your device’s privacy settings
  • Communicating with us by phone, e-mail or otherwise In the process of undertaking the above actions, you might supply us with
  • Your name, billing address and phone number
  • Your payment details
  • Delivery details, including name, address and phone number
  • Account settings
  • Contents of reviews and communications with us We do not collect any “Special Categories of Personal Data” about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data). Nor do we collect any information about criminal convictions and offences.

How we use your Personal Data and why. We will only use your Personal Data for the purposes for which we collected it as listed below, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If we need to use your Personal Data for an unrelated purpose, we will update this Privacy Policy and we will explain the legal basis which allows us to do so. What “legal criteria” must be met in order to process your personal data? We only use your personal data when they meet one or more of the following legal criteria: • Processing data is required in order to fulfil our contractual obligations to you. • Compliance of legal or regulatory obligations • The processing of data meets fulfils our legitimate interests and your interests and fundamental rights are not impeded by the processing of the data

How do we use your Personal Data?

What happens when you do not provide necessary Personal Data? Where you fail to provide Personal Data that we need to process based on Contractual Necessity or for the purposes of Compliance with Law, we may not be able to perform the contract we have or are trying to enter into with you (for example, we may not be able to open your account, we may have to close your account, we may not be able to procure the fulfilment of your order or process a return etc).

Personal Data from Third Party Sources In addition to the Personal Data collected directly from you as part of your use of the website, we also collect certain of your Personal Data from third party sources. These sources are broken down in the table below, together with a description of whether they are publicly available or not. Third party data source Publicly available? Category(ies) or other types of personal data received Social Media sites Yes Social Media Data Analytics Providers No Behavioural Data and Technical Data Advertising technology providers No Behavioural Data and Technical Data

How we use cookies & other tracking or profiling technologies.

We use cookies, pixels, and other technologies (collectively, “cookies”) to recognise your browser or device, learn more about your interests, and provide you with essential features and services and for additional purposes, including: • Recognising you when you sign-in to use our services. This allows us to provide you with product recommendations, display personalised content, recognise you, and provide other customised features and services. • Keeping track of your specified preferences. • Keeping track of items stored in your shopping basket. • Conducting research and diagnostics to improve {{Florist Trading Name}}’s content, products, and services. • Preventing fraudulent activity. • Improving security. • Delivering content, including ads, relevant to your interests on {{Florist Trading Name}} sites and third-party sites, including search history. • Reporting. This allows us to measure and analyse the performance of our services.

The cookies {{Florist Trading Name}} uses allow some of the essential features on the website to function correctly, including placing of orders and searching for bouquets. Approved third parties may also set cookies when you interact with Lucy’s Flowers services. Third parties include search engines, analytics providers, social media networks, and advertising companies. Third parties use cookies in the process of delivering content, including ads relevant to your interests, to measure the effectiveness of their ads, and to perform services on behalf of Lucy’s Flowers. Who we share your Personal Data with. The table below describes who we share your Personal Data with, what we share and why we share it. We may share your Personal Data with other Controllers (i.e., people who can use the relevant data for their own purposes), as well as Processors (i.e., people who use the relevant data only on our behalf and under our instruction). Recipients Why we share it Management software providers (as our Processors) So that we can effectively manage and fulfil your order we need to give your order information to our management software provider. Advertising technology providers (as independent Controllers) Advertising technology and analytics providers collect this Personal Data via this Site so that they can make sure that you see the most relevant content based on how you browse the Site and other pages on the internet. Our payment processors (as independent Controllers) We engage third parties to process your payments for products purchased via the Site. Our delivery management platforms (as our Processors) These third parties prepare the labelling, packaging information and courier services that we get our boutiques to use to send you your orders Our other Service Providers (as our Processor) We engage certain other third parties to provide elements of the {{Florist Name}} services or to improve your experience on the Site. Here are a few examples of the types of things these third parties might be engaged to help us with:

  • Providing customer support services.

    • Helping confirm your delivery address.

      • Helping us send out marketing messages. Our Hosting Provider (as our Processor) We outsource the hosting of the Site. This means that all categories of Personal Data that we process will be held and stored on the servers of our hosted service provider HM Revenue & Customs, regulators and other authorities (as independent Controllers) Authorities may require reporting of processing activities in certain circumstances. Partners in corporate transactions (as independent Controllers) We may disclose Personal Data to third parties to whom we may choose to sell, transfer, or merge all or any parts of our business or our assets. If we undergo a change like this to our business, then the new owners may use your Personal Data in the same way as set out in this Privacy Policy.

Data transfers We share your Personal Data with certain external third parties who are based outside the European Economic Area (“Europe”). Any processing of your Personal Data by these parties will involve an export of your Personal Data outside of Europe. We endeavour to ensure that people to whom we provide Personal Data hold it subject to appropriate safeguards and controls. Whenever we transfer your Personal Data out of Europe, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented: • We may transfer your Personal Data to countries that have been deemed to provide an adequate level of protection for Personal Data by the European Commission. • Where we use service providers outside Europe, we may use specific contracts approved by the European Commission, which give Personal Data the same protection it has in Europe. • Where we use service providers based in the U.S., we may transfer data to them if they are part of the Privacy Shield which requires them to provide similar protection to Personal Data shared between Europe and the U.S. How we keep your Personal Data secure. We have put in place appropriate security measures to prevent your Personal Data from being accidentally lost, used or accessed in an unauthorized way, altered or disclosed. We limit access to your Personal Data to those employees and other staff who have a business need to have such access. All such people are subject to a contractual duty of confidentiality. We have put in place procedures to deal with any actual or suspected Personal Data breach. In the event of any such breach, we have systems in place to work with applicable regulators. In addition, in certain circumstances (e.g., where we are legally required to do so) we may notify you of breaches affecting your Personal Data. How long we store your Personal Data. We are committed to only keeping your Personal Data for so long as we reasonably need to use it for the purposes set out above. This general rule applies unless a longer retention period is required by law (for example for regulatory purposes). In respect of the Personal Data we process to provide you with the services, we will only keep this Personal Data for so long as you have an open account on the Site. When you close your account, we will delete or irreversibly anonymise your Personal Data within thirty (30) days. As noted above: • in respect of any Personal Data we process based on our, or a third party’s, legitimate interests, you have the right to object to processing of your Personal Data for this purpose at any time; and • you also have a general right to request erasure of your Personal Data where there is no good reason for us continuing to process it. If you want to exercise either of these rights, please contact us at Please note that this data retention framework does not apply to Aggregated Data, which we may store for a longer period of time. Our policy on children. This Site is not intended for children below 16 and we do not knowingly collect data relating to such children. Third party links. This Site may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share your Personal Data. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our Site, we encourage you to read the privacy policy of every site you visit.