This page describes the information we collect, what we do with it, who we may share it with and why, and your choices and rights concerning information you have given us. The only information that we collect from clients is that which is necessary to provide services, to deliver flowers or gifts ordered by our customers and that needed to process payments. The only people that we share this information with are our payment providers and delivery companies. We adhere to GDPR regulations.
What information do we collect?
As a service provider we hold and process individuals’ data. The data we hold varies depending on the service we have been engaged to provide. We generally require names, address, contact numbers, emails, recipient names, delivery address, credit card details (Note: this list is not exhaustive). We only collect, use and share the data that
- is necessary to fulfil our Terms and Conditions (contractual obligation);
- is consistent with your consent, which you may revoke at any time;
- is necessary to comply with our legal obligations;
- is necessary for our (or others’) legitimate interests, including our interests in providing an innovative, personalized, safe, and profitable service to our clients, unless those interests are overridden by your interests or fundamental rights and freedoms that require protection of personal data.
How do we use collected information?
- To create orders & arrange despatch and delivery;
- To receive payment for orders we process;
- To contact you for administration reasons related to the order.
How do we protect data?
Costello Flowers protects all personal data under its care. Security measures are taken to prevent unauthorised access to or disclosure of any personal data held by us.
Who do we share this information with and why?
Your information is only shared where necessary to carry out services to you or to comply with regulations. Any third parties who are given access to your data in the course of providing services on our behalf are subject to contractual obligations to ensure they comply with EU data protection legislation. Credit Card data is processed by Stripe Payments and Paypal, both of whom are fully compliant with the Payment Card Industry Security Standards & GDPR.
If you do not want your browser to accept cookies you can turn off this functionality in Settings but this may prevent this website or other websites from functioning properly.
Data transfer and processing
Any data we collect is not transferred outside the EU.
The main categories of Data Processors are:
- Database Management Systems providers
- IT Services providers
- Delivery Companies
- Credit Card Processing Companies
Data retention and deletion
We will not retain data longer than is necessary to fulfil the purposes for which it was collected or as required by regulations. This includes data you provided and data generated or inferred from your use of our services. Data may be kept for up to 7 years after the completion of our services due to the legal requirements.
We may update this policy from time to time. Any changes will be noted on this page.
What are your rights?
You have the right to access, rectify, port and erase your data. You also have the right to object to and restrict certain processing of your data. The rights apply in limited circumstances as provided for by the GDPR.
Our data controller can be contacted by post or email:
Data Protection Officer
1 Northumberland Ave, Dún Laoghaire, Dublin, A96 E9W6
By email – with subject address as ‘Data protection Officer’
You also have the right to lodge a complaint with Costello Flowers’ lead supervisory authority, the Irish Data Protection Commissioner, or your local supervisory authority.