“Account” means a Customer Account, as defined in the Customer Terms of Service or a Retailer Account, as defined in the Retailer Terms of Service.
“Customer” means any individual who browses, inquires about or purchases products or services listed our Website or a Retailer Site.
"Westbrook's Flower Shop" means our online point-of-sale platform, floral shop management system and related cloud services.
"Westbrook’s Flower Shop Store Services” means Westbrook’s Account Services in addition to services related to Westbrook Flower Shop’s creation, operation, hosting and marketing of an eCommerce website for a Retailer.
“Personal Data” means information that alone or when in combination with other information may be used to identify, contact, or locate you, such as name, address, email address, IP address, login credentials, profile information, or phone number. Personal Data or PII excludes information that has been aggregated and/or anonymized so that it does not allow a third party to easily identify a specific individual (“non-PII”).
“You” or “you” refers to Retailers or Customers as indicated by context, or, if not specified, to both of these groups.
Information We Collect Automatically
When you use the Services, we automatically collect and store certain information about your computer or mobile device and your activities. This information includes:
- Device Information/Specifications. Technical information about your computer or mobile device (e.g., type of device, web browser or operating system, IP address and internet service provider) to analyze trends, administer the site, prevent fraud, track visitor movement in the aggregate, and gather broad demographic information.
- Length and Extent of Usage. How long you used the Services and which services and features you used.
- Information obtained through web beacons. “Web Beacons” (also known as “clear gifs” and “pixel tags”) are small transparent graphic images that are often used in conjunction with Cookies in order to further personalize the Services for our users and to collect a limited set of information about our visitors including geographical location, length and extent of usage, and whether visitors have registered for any of the Services. We may also use Web Beacons in email communications in order to understand the behavior of our customers, such as whether an email has been opened or acted upon.
Information You Provide Directly to Us
- Retailers. In the course of inquiring about the Services or registering for the Services, you may provide us with some or all of the following information:
- Your first and last name, username, password and email address.
- Your payment information including billing address and credit card information.
- Customers. When you access or use our Website or a Retailer Site, you may be asked to provide Personal Data in the course of purchasing or preparing to purchase flowers or other products offered on those respective sites. Such Personal Data may include some or all of the following:
- First name, last name, email address, photo/profile image, and/or phone number.
- Linked social media accounts such as Facebook, Twitter, Google+ and LinkedIn.
- Your payment information including billing address and credit card information.
How We Use Your Information
- to improve your user experience and help you efficiently access your information and account after you log-in;
- respond to your comments and questions and provide customer service;
- communicate with you about the Services and related offers, promotions, news, upcoming events, and other information we think will be of interest to you;
- monitor and analyze trends, usage and activities;
- ensure the security and integrity of the Services;
- investigate and prevent fraud and other illegal activities; and
- provide, maintain, and improve the Services and our overall business.
- Email Addresses. We use your email address for both “administrative” (e.g., confirming your registration) and, with your consent, “promotional” (e.g., newsletters, new listings, special discounts, event notifications, special third-party offers) purposes. Email messages we send to you may contain code that enables our database to track your usage of the e-mails, including whether the email was opened and what links (if any) were clicked. You may opt-out of receiving promotional emails and other promotional communications from us at any time via the opt-out links provided in such communications, or by e-mailing firstname.lastname@example.org with your specific request. However, we reserve the right to send you certain communications relating to the Services (such as service announcements, security alerts, update notices, or other administrative messages) without affording you the opportunity to opt in or out of receiving such communications.
- Use for Research. In addition to the uses outlined above, by using the Services, you agree to allow us to anonymously use the information from you and your interaction with the Services to continue our research into event patterns and general trends, so that we may continue to improve the Services for users and the general public. This research may be published in our blogs or interviews. However, all of your responses will be kept anonymous, and no Personal Data will be published without your consent.
- Financial information. We may use your financial information or authorized payment method to process payment for any purchases, subscriptions or sales made on the Services, to protect against or identify possible fraudulent transactions, and otherwise as needed to manage our business. We transmit your financial information to our third party payment processors. We do not collect or store your payment information on our own servers.
Sharing Your Information
The information we collect is used to improve the content and the quality of the Services, and without your consent we will not otherwise share your Personal Data to/with any other party(s) for commercial purposes, except to provide the Services, when we have your permission, or under the following circumstances:
- Public Information. Public information is any information you share with a public audience, as well as information in your Public Profile, or content you share on another public forum or on public comments. Public information is available to anyone on or off our Services and can be seen or accessed through online search engines, APIs, and offline media. If you publicly post information on the Services, that information will also be public.
- Service Providers. We may share your information with our third-party service providers that support various aspects of our business operations (e.g., analytics providers, security and technology providers, and payment processors).
- Business Transfers. We may transfer your information to another company in connection with a merger, corporate restructuring, sale of any or all of our assets, or in the event of bankruptcy.
- Aggregate Data. We may combine non-PII we collect with additional non-PII collected from other sources. We also may share aggregated, non-PII with third parties, including advisors, advertisers and investors, for the purpose of conducting general business analysis.
Your Rights and Choices
Where applicable law requires (and subject to any relevant exceptions under law), you may have the right to access, update, change or delete Personal Data.
You can access, update, change or delete your Personal Data either directly in your Account or by contacting us at email@example.com to request the required changes. You can exercise your other rights (including deleting your Account) by contacting us at the same email address.
You can also elect not to receive marketing communications by changing your preferences in your Account or by following the unsubscribe instructions in such communications.
If you remove information that you posted to the Services, copies may remain viewable in cached and archived pages of the Services, or if other users or third parties using any available API have copied or saved that information. In addition, following termination or deactivation of your account, we may retain information (including your profile information) and user content for a commercially reasonable time for backup, archival, and/or audit purposes. If you want any Personal Data permanently deleted, you must request such deletion by contacting us at firstname.lastname@example.org.
Additionally, if we rely on consent for the processing of your Personal Data, you have the right to withdraw it at any time. When you do so, this will not affect the lawfulness of any processing of your data that was completed before your consent withdrawal.
Retailers are responsible for what they do with any Personal Data they collect, directly or through our Services, about their Customers. Retailers are solely responsible for complying with any laws and regulations that apply to the collection and use of Customers’ information, including Personal Data that Retailers collect about Customers from us or by using functionality provided through any of our Services.
THIRD PARTY SITES
The Services may contain links to other websites. If you choose to click on a third party link, you will be directed to that third party’s website. The fact that we link to a website is not an endorsement, authorization or representation of our affiliation with that third party, nor is it an endorsement of their privacy or information security policies or practices. We do not exercise control over third party websites. These other websites may place their own Cookies or other files on your computer, collect data or solicit Personal Data from you. Other websites follow different rules regarding the use or disclosure of the Personal Data you submit to them. We encourage you to read the privacy policies or statements of the other websites you visit.
HOW WE RESPOND TO LEGAL REQUESTS OR PREVENT HARM
We may access, preserve and share your information without notice or consent from you in response to a legal request (like a search warrant, court order or subpoena) if we have a good faith belief that the law requires us to do so. This may include responding to legal requests from jurisdictions outside of the United States where we have a good faith belief that the response is required by law in that jurisdiction, affects users in that jurisdiction, and is consistent with internationally recognized standards. We may also access, preserve and share information when we have a good faith belief it is necessary to: detect, prevent and address fraud and other illegal activity; to protect ourselves, you and others, including as part of investigations; or to prevent death or imminent bodily harm. For example, we may provide information to third-party partners about the reliability of your account to prevent fraud and abuse on and off of the Services. Information we receive about you may be accessed, processed and retained for an extended period of time when it is the subject of a legal request or obligation, governmental investigation, or investigations concerning possible violations of our terms or policies, or otherwise to prevent harm. We also may retain information from accounts disabled for violations of our terms for at least a year to prevent repeat abuse or other violations of our terms.
Only individuals over the age of 18 are eligible to use our Services. However, we pay particular attention to children’s privacy. Our Services are not directed to children under the age of 13 and we do not knowingly collect, maintain or use Personal Data from children under the age of 13. If you learn that your child has provided us with Personal Data, you may alert us at email@example.com. Should we learn that a child under 13 has provided us with Personal Data, we will delete that information from our database and terminate the child’s account.
SECURING YOUR PERSONAL DATA
Unauthorized entry or use, hardware or software failure, the inherent insecurity of the Internet and other factors, may compromise the security of your Personal Data at any time. Nevertheless, we strive to safeguard Personal Data to ensure that information is kept private and secure at all times. We maintain administrative, technical and physical safeguards that are intended to appropriately protect against accidental or unlawful destruction, accidental loss, unauthorized alteration, unauthorized disclosure or access, misuse and any other unlawful form of processing of, the Personal Data in our possession. We employ security measures such as using firewalls to protect against intruders, building redundancies throughout our network (so that if one server goes down, another can cover for it) and testing for and protecting against network vulnerabilities.
The precise periods for which we keep your Personal Data vary depending on the nature of the information and why we need it. Factors we consider in determining these periods include the minimum required retention period prescribed by law or recommended as best practice, the period during which a claim can be made with respect to an agreement or other matter, whether the Personal Data has been aggregated or pseudonymized, and other relevant criteria. For example, the period we keep your email address is connected to how long your Account is active, while the period for which we keep a support message is based on how long has passed since the last submission in the thread.
Because you may use the Services sporadically or come back to us after an Account becomes inactive, we don’t immediately delete your Personal Data when your trial expires or you cancel the Services. Instead, we keep your Personal Data for a reasonable period of time, so it will be there for you if you come back.
USING OUR SERVICES FROM OUTSIDE OF CANADA
Privacy Standards for Data Transfer
We conduct our data transfers in accordance with Chapter V of the European General Data Protection Regulation (the “GDPR”). Specifically, we conduct data transfers subject to the following standards:
- Privacy Shield. We transfer, in accordance with Article 45 of the GDPR, Personal Data to companies that have certified their compliance with the EU-U.S. or Swiss-U.S. Privacy Shield Frameworks (each individually and jointly, the “Privacy Shield”).
- Standard data protection clauses. We may, in accordance with Article 46 of the GDPR, transfer Personal Data to recipients that have entered into a European Commission approved contract for the transfer of personal data outside the European Economic Area.
- Other means. We may, in accordance with Articles 45 and 46 of the GDPR, transfer Personal Data to recipients that offer adequate levels of data protection as evidenced by: (a) location in a country or membership in an organization that the European Commission or other appropriate supervisory authority has confirmed, by decision, offers an adequate level of data protection, (b) certification through an approved certification mechanism pursuant to Article 42 of the GDPR, (c) adherence to binding corporate rules adopted pursuant to Article 47 of the GDPR, or (d) any other mechanism that may demonstrate such adequacy under the GDPR.
HOW TO CONTACT US