Privacy Policy
Read our legal bits below.
We use cookies - sadly, not the incredible edible kind! You can refuse all or some
cookies. If you disable or refuse cookies, please note that some parts of this Site
may become inaccessible or not function properly.
Here We Flo Ltd Privacy Policy
Last updated on [15/8/23].
Here We Flo Ltd (referred to in this Privacy Policy as either “Here We Flo”, “We”,
“Us” or “Our”) respects your privacy and is committed to protecting your Personal Information. This Privacy Policy describes how your Personal Information is collected, used, and shared when you visit or make a purchase from hereweflo.co (the “Site”). This Privacy Policy is intended to meet our duties of transparency. The protection of your Personal Information and the protection of your personal and financial information is our top priority. That is why we process your information exclusively on the basis of the applicable legislation, including the GDPR and the Data Protection Act for our European customers.
WHO WE ARE AND HOW TO CONTACT US
Here We Flo Ltd, a company incorporated and registered in England with company number 10474281 and whose registered office is at 9 Perseverance Works, Kingsland Road, London, United Kingdom, E2 8DD, is the Controller of your Personal Information. You can contact us directly with any privacy-related queries or complaints on our support email: hiya@hereweflo.co.
MARKETING COMMUNICATIONS PREFERENCES
You can ask us to stop sending you marketing messages at any time by following
the “unsubscribe” links on any marketing message sent to you by Here We Flo
and/or contacting us any time at hiya@hereweflo.co, although please note that
opting out will not apply to product related communications.
PERSONAL INFORMATION WE COLLECT
When you visit the Site, we automatically collect certain information about your
device, including information about your web browser, IP address, time zone, and
some of the cookies that are installed on your device. Additionally, as you browse
the Site, we collect information about the individual web pages or products that you view, what websites or search terms referred you to the Site, your marketing and communication preferences and information about how you interact with the Site. If you have a profile on our Site, we automatically collect profile data, such as your username and password, preferences, feedback and survey responses. We refer to this automatically-collected information as “Device Information.”
We collect Device Information using the following technologies:
-“Cookies” are data files that are placed on your device or computer and often include an anonymous unique identifier. For more information about cookies, and
how to disable cookies, visit http://www.allaboutcookies.org.
- “Log files” track actions occurring on the Site, and collect data including your IP address, browser type, Internet service provider, referring/exit pages, and date/timestamps.
- “Web beacons,” “tags,” and “pixels” are electronic files used to record information about how you browse the Site. Additionally when you make a purchase or attempt to make a purchase through the Site, we collect certain information from you, including your name, billing address, shipping address, payment information (including credit card numbers, Apple Pay, PayPal), purchases or orders made by you, your interests, email address, and phone number. We refer to this information as “Order Information.”
When we talk about “Personal Information” in this Privacy Policy, we are talking both about Device Information and Order Information. We also collect, use and share aggregated data such as statistical or demographic data for any purpose. Aggregated data could be derived from your Personal Information but is not considered personal data in law as this data will not directly or indirectly reveal your identity. For example, we may aggregate personal data to understand and improve our Site. If we combine or connect aggregated data with your Personal Information so that it can directly or indirectly identify you, we treat the combined data as Personal Information which will be used in accordance with this Privacy Policy. We can also collect certain of your Personal Information from third party sources such as software providers and analytics providers.
HOW WE USE YOUR PERSONAL INFORMATION
We use the Order Information that we collect generally to fulfill any orders placed
through the Site (including processing your payment information, arranging for
shipping, and providing you with invoices and/or order confirmations). Additionally, we use this Order Information to:
Communicate with you;
screen our orders for potential risk or fraud; and
when in line with the preferences you have shared with us, provide you with
information or advertising relating to our products. We use the Device Information that we collect to help us screen for potential risk and fraud (in particular, your IP address), and more generally to improve and optimize our Site (for example, by generating analytics about how our customers browse and interact with the Site, and to assess the success of our marketing and advertising campaigns).
What is our legal basis for processing your Personal Information?
Most commonly, we will rely on the one of the following legal bases:
Where we need to perform a contract we are about to enter into or have
entered into with you (“Contractual Necessity”).
Where it is necessary for our legitimate interests and your interests and
fundamental rights do not override those interests (“Legitimate Interests”).
Where we need to comply with a legal or regulatory obligation (“Compliance
with Law”). We have set out below the uses we make of your Personal Information and the legal bases we rely on in respect of such uses.
A. Providing use of the Site and Placing and receiving Orders
This processing is necessary to:
be able to fulfil orders placed through the Site;
provide customer support; and
provide access to the Site and its functionality We carry out this processing on the following legal bases:
Contractual Necessity; and
Legitimate Interests in processing Personal Information for the purposes of
performing agreements made with you (including purchasing products) and
for the operation and for the functioning of the Site.
B. Aggregate data creation
We may create, use and share aggregated data for any purpose. We carry out this processing on the following legal bases:
Legitimate Interests: we have a legitimate interest in creating aggregated data
to use and share for our own business purposes.
C. Compliance, fraud prevention and safety
We use your Personal Information as we believe necessary or appropriate to:
enforce the terms and conditions that govern the use of our Site;
protect our rights, privacy, safety or property, and/or that of you or others;
protect, investigate and deter against fraudulent, harmful, unauthorised,
unethical or illegal activity.
We carry out this processing on the following legal bases:
Compliance with Law – this will be the case where we have to carry out any of
these processing activities in order to comply with a legal or regulatory
obligation.
Legitimate Interests – it is in our legitimate interests to be able to take
appropriate steps to ensure that our Site is legally compliant, free of fraud and
safe for you and us to use.
D. Troubleshooting
To track technical issues that might be occurring on our Site.
We carry out this processing on the following legal bases:
Legitimate Interests – it is in the legitimate interests that we are able to
monitor and ensure the proper operation of our Site.
E. Marketing
We use this information to prepare, personlise and send you electronic marketing
communications relating to products on our Site that we think you might be
interested in.
We carry out this processing on the following legal bases:
Consent – if you have subscribed to our mailing list, you have provided
consent to us sending you marketing communications. You have the right
to opt-out of such marketing at any time.
Legitimate Interest – if you provided your email address in the course of
signing up to our Site or purchasing any products, we may send you
marketing communications about similar products unless you have opted-
out of receiving them. We do this on the basis that it is in our legitimate
interests to do so. You have the right to opt-out of such marketing at any
time.
Legitimate Interest – we have a legitimate interest in collecting and using
information about your engagement with our marketing emails (e.g.,
whether you open and/or forward those emails) to make sure that the
products and offers that we inform you of are relevant to you.
F. Insights
We record a small percentage of users’ interactions when using our Site to identify issues with the user journeys to ensure the quality of service.
We carry out this processing on the following legal bases:
Legitimate Interests. It is in our legitimate interests that we are able to monitor
certain user journeys to ensure that we can develop and improve the features
and functionalities of our Site.
WHAT HAPPENS IF YOU DO NOT PROVIDE THE NECESSARY PERSONAL INFORMATION
Where you fail to provide Personal Information that we need to process based on
Contractual Necessity or for the purposes of Compliance with Law, we may not be able to perform the contract we have or are trying to enter into with you (for example, we may not be able to open your account, we may have to close your account, we may not be able to procure the fulfilment of your order or process a return etc).
SHARING YOUR PERSONAL INFORMATION
We share your Personal Information with third parties to help us use your Personal Information, as described above. For example, we use Shopify to power our online store (you can read more about how Shopify uses your Personal Information here: https://www.shopify.com/legal/privacy). We also use Google Analytics to help us understand how our customers use the Site (you can read more about how Google uses your Personal Information here: https://www.google.com/intl/en/policies/privacy). You can also opt-out of Google Analytics here: https://tools.google.com/dlpage/gaoptout.
We outsource the hosting of our Service. This means that all categories of Personal Information that we process will be held and stored on the servers of our hosted service provider within the UK or EEA. We may disclose Personal Information to third parties to whom we may choose to sell, transfer, or merge all or any parts of our business or our assets. If we undergo a change like this to our business, then the new owners may use your Personal Information in the same way as set out in this Privacy Policy. We share your Personal Information within the Here We Flo organisation which is international in nature as well as external service providers which may be situated in jurisdictions outside of yours. This will involve transferring your Personal Information outside of your country. Many of our external third parties are based in various different countries so their processing of your Personal Information will involve a transfer of data outside of your country. Finally, we may also share your Personal Information to comply with applicable laws and regulations, to respond to a subpoena, search warrant or other lawful request for information we receive, or to otherwise protect our rights.
We require all third parties to respect the security of your Personal Information and to treat it in accordance with the law. We do not allow our third-party service
providers to use your Personal Information for their own purposes and only permit them to process your Personal Information for specified purposes and in accordance with our instructions.
BEHAVIOURAL ADVERTISING
As described above, we use your Personal Information to provide you with targeted advertisements or marketing communications we believe may be of interest to you. For more information about how targeted advertising works, you can visit the Network Advertising Initiative’s (“NAI”) educational page at
http://www.networkadvertising.org/understanding-online-advertising/how-does-it- work. You can opt out of targeted advertising by visiting:
FACEBOOK - https://www.facebook.com/settings/?tab=ads GOOGLE - https://www.google.com/settings/ads/anonymous BING - https://advertise.bingads.microsoft.com/en- us/resources/policies/personalized-ads Additionally, you can opt out of some of these services by visiting the Digital
Advertising Alliance’s opt-out portal at: http://optout.aboutads.info/.
THIRD-PARTY LINKS
This site may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites or applications and are not responsible for their privacy statements. When you leave our Site, we encourage you to read the privacy policy of every website or application you visit.
DO NOT TRACK
Please note that we do not alter our Site’s data collection and use practices when we see a Do Not Track signal from your browser.
YOUR RIGHTS
If you are a European resident, under certain circumstances you have the right to
access Personal Information we hold about you (commonly known as a “data subject access request”) and to ask that your Personal Information be corrected, updated, or deleted. You also have the right to request the restriction or suspension of processing of your Personal Information if you (1) want us to establish the data’s accuracy (2) where our use of the data is unlawful but you do not want us to delete it (3) where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims and/or (4) you have objected to you use of your data but we need to verify whether we have overrising legitimate grounds to use it. Additionally, you have the right to request the transfer of your Personal Information,
although note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you. You can withdraw consent at any time where we are relying on consent to process your Personal Information. Note that this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain products to you. We will advise you if this is the case at the time you withdraw your consent. If you want to exercise any of the rights described above, please contact us at hiya@hereweflo.co. Although we typically don’t, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive, or we may simply refuse to comply with your request in these circumstances. We may need to request specific information from you to help us confirm your identity and ensure your right to access your Personal Information or to exercise any of your other rights. We try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.
CHILDREN UNDER 16 YEARS OLD
If you are under 13 in the UK or USA or under 16 anywhere else in the world, your legal guardian will need to act on your behalf in allowing Here We Flo to collect,
store and share your Personal Information in accordance with this Privacy Policy.
HOW WE KEEP YOUR DATA SECURE
The data we collect from you shall be stored within the UK or the EEA. Here We Flo has implemented a range of technical and organisational measures for protection of your Personal Information against loss or other forms of unlawful processing. Your Personal Information is accessible only to those persons who need access in order to perform their work in connection with the functioning of our Site. They will only process your Personal Information on our instructions and they are subject to a duty of confidentiality. We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
DATA RETENTION
We will only retain your Personal Information for as long as reasonably necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements. We may retain your Personal Information for a longer period in the event of a complaint or if we
reasonably believe there is a prospect of litigation in respect to our relationship with you. To determine the appropriate retention period for Personal Information, we consider the amount, nature and sensitivity of the Personal Information, the potential risk of harm from unauthorised use or disclosure of your Personal information, the purposes for which we process your Personal Information and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting or other requirements. When you place an order through the Site, we will maintain your Order Information for our records unless and until you ask us to delete this information.
CHANGE OF PURPOSE
We may update this Privacy Policy from time to time in order to reflect, for example, changes to our practices or for other operational, legal or regulatory reasons. We will only use your Personal Information for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If you wish to get an explanation as to how the processing for the new purpose is compatible with the original purpose, please contact us. If we need to use your Personal Information for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so. Please note that we may process your Personal Information without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.