As much as we love cookies we love privacy much more. The price to pay? It involves a bit of mental labour …
Cookies are snippets of data stored on your computer, which might e.g. control how long an item is stored in your shopping basket or help to track your movements through a website. These examples are functional on the one hand, do something useful, while they can also gather business intelligence for the website owner. Some tracking cookies on the other hand may record things beyond an individual website and benefit other’s businesses as well as the website owner.
Imposing our wonderful natural flowers on unsuspecting customers involves the use of partnerships with social
media advertising giants and stats gathering companies, so inevitably twitter, instagram and wordpress.com are involved, along with a handful of others. They all add to the payload of and variety of cookies you may see on your journey, if you go looking, but limited on our website to wordpress.com. You should check each of these company’s policies carefully. As far as we understand it these cookies will track your use anonymously. Mainly in order to help us promote flowers and gather basic statistics about your use of our website. There is a trade off – they get some of that data too, but since we use their services the relationship is mutually supportive one and wordpress don’t seem to be mired in the scandalous practices that the big 3 indulge in. Data is the new oil, they say.
No personal information needs to be gathered by us as part of the process of you browsing our lovely pics, but if you are a customer of wordpress.com, twitter.com or instagram.com and even if you have recently logged out of their websites, your usage could theoretically be tracked. We obviously will need to know who you are if you wish to transact commercially (so “contract” is the basis for us storing that data), and if you follow us on social advertising platforms or email us we might be able to work out who you are, in a few clicks.
In practice it would take significant resources (such as that available only to the security services and police, and obviously the social advertising companies themselves) to extract such personal information from our site and then only in combination with other data. Funnily, the social advertising companies are often reluctant to give the security services and government access, while being cavalier about giving some others like dubious app developers, political analytics co.s and to advertisers – so-called “businesses access”. Funny old world.
If your privacy is as important to you as it is for us, then you don’t want unaccountable foreign corporates amassing mountains of seemingly irrelevant information about you.
You can take steps, so take a few moments & just do it.
We recommend first curtailing what these organisations collect about you. In your browser ensure Do Not track settings are enabled. The next step is as easy as logging into each social account – from the computer – not your phone, and batten down the privacy options. Basically what they can and cannot collect and store about you (ok the logging in bit is only easy if you have the password handy). Next try using a variety of services like Disconnect Me and Ad Block, or any of the tools /browsers that delete or kill off lingering third party cookies (logging out of facebook doesn’t stop the evil, moreover there are few options in Instagram).
For a degree of further anonymity you can also browse the internet through a VPN or use your browser in incognito aka private mode, which reduces the risk of potentially personally identifiable information leaking out or being gathered, or at least obfuscating the information. If all this subterfuge sounds way too extreme, we are in an age whereby buying something as trivial as an aspirin online leaves not just a lingering bitter taste but a sinister trail of your life, which then becomes a tradable commodity enriching the few. In extremis we recommend stopping using social advertising companies altogether and while you are it, give up the internet too.
Alas, if you have read all this, you are probably itching to see our wonderfully scented cookies. To see your cookies from a given website, in most browsers, like Chrome, Firefox and Safari, just click on the wee padlock and you’ll see them in all their variety and diversity. There should be a half a dozen or so, which compares with an immoderate number at ebay (52), amazon (32) and john lewis (72) – crikey what do they all do?
Moving on to your data. If you contact us via email, we’ll store that information on our own web server and database, which we use best efforts to keep safe and secure (ssl protection, clever firewall rules, our factotum on the job and more, strict rules on access). We’ll keep personal and business separate. Our web and mail server provider is cutely named Mythic Beasts, who are UK based. Technically they could access such data, but in practice it would be unlawful unless we asked them to take a look (e.g. to troubleshoot a problem) or the police served them with a warrant (which seems highly unlikely). But right now the server itself is located in the UK
(lost) in a server farm somewhere in the Netherlands, which we feel is quite apposite (it is flower central). We’ll no doubt onshore it before too long, when sea levels rise and the UK drifts away into the north Atlantic so we can all eat our own cod again. 😉
More importantly these data will not be added willy nilly to some mailing list (we don’t have one right now) and won’t be unless you give us specific consent (at which point you’ll get a chance to opt in). If you do consent to be added to a mailing list, you will have the option to subsequently opt-out easily. Opt-out may mean we will retain details for some time longer, in order to ensure you don’t get accidentally opted in again. We won’t use social login and share our address book with anyone and everyone (the convenience of using facebook to login to a service is not cost free either). We sporadically use cloud based services to exchange and to store mainly images and other documents. But we won’t dump your potentially personally identifiable information on a public server or share it with anyone, except for the purposes of undertaking a legal business transaction (e.g. a regular payment to us – we live in hope). We take data and security seriously, with reasonable efforts to backup and secure everything, and a sensible process to investigate potential data breaches. Disks are wiped before being recycled and we have a factotum working on information security 24/7, often while he sleeps.
For account holders, for the popup shop, here is our data retention policy.
While you visit our shop, we’ll track:
- Products you’ve viewed: we’ll use this to, for example, show you products you’ve recently viewed
- Location, IP address and browser type: we’ll use this for purposes like estimating taxes and shipping
- Shipping address: we’ll ask you to enter this so we can, for instance, estimate shipping before you place an order, and send you the order!
When you purchase from us, we’ll ask you to provide information including your name, billing address, shipping address, email address, phone number, credit card/payment details and optional account information like username and password. We’ll use this information for purposes, such as, to:
- Send you information about your account and order
- Respond to your requests, including refunds and complaints
- Process payments and prevent fraud
- Set up your account for our store
- Comply with any legal obligations we have, such as calculating taxes
- Improve our store offerings
- Send you marketing messages, if you choose to receive them
If you create an account, we will store your name, address, email and phone number, which will be used to populate the checkout for future orders.
We generally store information about you for as long as we need the information for the purposes for which we collect and use it, and we are not legally required to continue to keep it. For example, we will store order information for XXX years for tax and accounting purposes. This includes your name, email address and billing and shipping addresses.
We will also store comments or reviews, if enabled / you choose to leave them.
If you contact us by phone that information will be stored and backed up in a number of places, including the phone’s contacts list, which will sync across various backend systems and be backed up. We have good security in place (strong passwords) to make sure we don’t inadvertently share your deets with unscrupulous actors, or leave the door open so that anyone can help themselves. We regret that some of the apps we use may automatically add contacts to a service. Whatsapp may enable contacts with individuals based on a previous telephone contact, but which one perhaps didn’t exactly consent to. Feel free block if you object strongly to such intrusion, for we don’t care much for the way Whatsapp insinuates itself either.
Pop us an email firstname.lastname@example.org if you want to a copy of the data we hold on you, or wish to make a correction/complain.
 Harmful cookies are hard to define, but they sneakily track your use of the internet, perhaps to gather information about your consumer preferences or political inclinations. Typically social advertising giants and other services that aid and abet these sharing sites gather vast amounts of data, which could be regarded as completely trivial. Why would me liking Hello Kitty be of interest to anyone, you ask? Turns out to be rather invaluable in selling political advertising and influencing behaviour either with nudges or by reinforcing prejudices and fears.
Some cookies, such as those used by price comparison websites and referral marketers (affiliate shopping and rewards based websites) help to track purchases and give rewards to the customer that clicks thru, which while not strictly harmful, could be construed as misleading were the user not aware referring website gets an undisclosed financial commission and benefit. This is common place in offline transactions too, that commissions (and therefore conflicts of interest) are not clearly disclosed.