As much as we love cookies we love privacy much more. The price to pay? It involves a bit of mental labour …

We use cookies on this website, like most database driven websites, to control and to sweeten a few few things, but you can block and delete those cookies, by manually deleting them after your browser session or always visiting the website incognito.  We’ve set a nice long cookie reminder acceptance. You won’t get pestered again for a full 30 days.

Cookies are snippets of data stored on your computer, which might e.g. control how long an item is stored in your shopping basket or help to track your movements through a website. These examples are functional on the one hand, do something useful, while they can also gather business intelligence for the website owner.

Some tracking cookies on the other hand may record things beyond an individual website and benefit other’s businesses as well as the website owner. These would include Twitter and Youtube.

Anyway, you should not be surprised that our website uses cookies to do a few things behind the scenes if you are a registered user. As a customer or a potential customer, thankfully no harmful [1] cookies should be involved, but do read on as there are caveats.

Imposing our wonderful natural flowers on unsuspecting customers involves the use of partnerships with social media advertising giants and stats gathering companies, so inevitably twitter, instagram and are involved, along with a handful of others. They all add to the payload of and variety of cookies you may see on your journey, if you go looking, but limited on our website to via jetpack tools and the aforementioned. You should check each of these company’s policies very carefully. As far as we understand it these cookies will track your use anonymously, well so they say.

No personal information needs to be gathered by us as part of the process of you browsing lovely pics, but if you are a customer of, or and even if you have recently logged out of their websites, your usage could theoretically be tracked. We obviously will need to know who you are if you wish to transact commercially (so “contract” is the basis for us storing your data), and if you follow us on social advertising platforms or email us we might be able to work out who you are, in a few clicks.

In practice it would take significant resources (such as that available only to the security services and police, and obviously the social advertising companies themselves) to extract such personal information from our site and then only in combination with other data. Funnily, the social advertising companies are often reluctant to give the security services and government access, while being cavalier about giving some others like dubious app developers, political analytics co.s and to advertisers – so-called “businesses access”. Funny old world.

If your privacy is as important to you as it is for us, then you don’t want unaccountable foreign corporates amassing mountains of seemingly irrelevant information about you.

You can take steps, so take a few moments & just do it.

We recommend first curtailing what these organisations collect about you.

In your browser ensure Do Not track settings are enabled. The next step is as easy as  logging into each social account – from the computer – not your phone, and batten down the privacy options. Basically what they can and cannot collect and store about you (ok the logging in bit is only easy if you have the password handy). Next try using a variety of services like Disconnect Me and Ad Block, or any of the tools /browsers that delete or kill off lingering third party cookies (logging out of facebook doesn’t stop the evil, moreover there are few options in Instagram).

For a degree of further anonymity you can also browse the internet through a VPN or use your browser in incognito aka private mode, which reduces the risk of potentially personally identifiable information leaking out or being gathered, or at least obfuscating the information. If all this subterfuge sounds way too extreme, we are in an age whereby buying something as trivial as an aspirin online leaves not just a lingering bitter taste but a sinister trail of your life, which then becomes a tradable commodity enriching the few. In extremis we recommend stopping using social advertising companies altogether and while you are it, give up the internet too.

Alas, if you have read all this, you are probably itching to see our wonderfully scented cookies. To see your cookies from a given website, in most browsers, like Chrome, Firefox and Safari, just click on the wee padlock and you’ll see them in all their variety and diversity. There should be a half a dozen or so, which compares with an immoderate number at ebay (52), amazon (32) and john lewis (72) – crikey what do they all do?

Moving on to your data. If you contact us via email, we’ll store that information on our own web server and database, which we use best efforts to keep safe and secure (ssl protection, clever firewall rules, our factotum on the job and more, strict rules on access). We’ll keep personal and business separate. Our web and mail server provider is cutely named Mythic Beasts, who are UK based. Technically they could access such data, but in practice it would be unlawful unless we asked them to take a look (e.g. to troubleshoot a problem) or the police served them with a warrant (which seems highly unlikely). But right now the server itself is located in the UK.

More importantly these data will not be added willy nilly to some mailing list (we don’t have one right now) and won’t be unless you give us specific consent (at which point you’ll get a chance to opt in). If you do consent to be added to a mailing list, you will have the option to subsequently opt-out easily. Opt-out may mean we will retain details for some time longer, in order to ensure you don’t get accidentally opted in again. We won’t use social login and share our address book with anyone and everyone (the convenience of using facebook to login to a service is not cost free either). We sporadically use cloud based services to exchange and to store mainly images and other documents. But we won’t dump your potentially personally identifiable information on a public server or share it  with anyone, except for the purposes of undertaking a legal business transaction (e.g. a regular payment to us – we live in hope). We take data and security seriously, with reasonable efforts to backup and secure everything, and a sensible process to investigate potential data breaches. Disks are wiped before being recycled and we have a factotum working on information security 24/7, often while we sleep.

For account holders, for the popup shop, here is our data retention policy.

While you visit our shop, we’ll track:

  • Products you’ve viewed: we’ll use this to, for example, show you products you’ve recently viewed
  • Location, IP address and browser type: we’ll use this for purposes like estimating taxes and shipping
  • Shipping address: we’ll ask you to enter this so we can, for instance, estimate shipping before you place an order, and send you the order!

We’ll also use cookies to keep track of basket contents while you’re browsing our site.

When you purchase from us, we’ll ask you to provide information including your name, billing address, shipping address, email address, phone number, credit card/payment details and optional account information like username and password. We’ll use this information for purposes, such as, to:

  • Send you information about your account and order
  • Respond to your requests, including refunds and complaints
  • Process payments and prevent fraud
  • Set up your account for our store
  • Comply with any legal obligations we have, such as calculating taxes
  • Improve our store offerings
  • Send you marketing messages, if you choose to receive them

If you create an account, we will store your name, address, email and phone number, which will be used to populate the checkout for future orders.

We generally store information about you for as long as we need the information for the purposes for which we collect and use it, and we are not legally required to continue to keep it. For example, we will store order information for XXX years for tax and accounting purposes. This includes your name, email address and billing and shipping addresses.

We will also store comments or reviews, if enabled / you choose to leave them.

If you contact us by phone that information will be stored and backed up in a number of places, including the phone’s contacts list, which will sync across various backend systems and be backed up. We have good security in place (strong passwords) to make sure we don’t inadvertently share your deets with unscrupulous actors, or leave the door open so that anyone can help themselves. We regret that some of the apps we use may automatically add contacts to a service. Whatsapp may enable contacts with individuals based on a previous telephone contact, but which one perhaps didn’t exactly consent to. Feel free block if you object strongly to such intrusion, for we don’t care much for the way Whatsapp insinuates itself either.

Pop us an email if you want to a copy of the data we hold on you, or wish to make a correction/complain.

Lesson over.

[avatar user=”ruth” size=”thumbnail” align=”left” /]


[1] Harmful cookies are hard to define, but they sneakily track your use of the internet, perhaps to gather information about your consumer preferences or political inclinations. Typically social advertising giants and other services that aid and abet these sharing sites gather vast amounts of data, which could be regarded as completely trivial. Why would me liking Hello Kitty be of interest to anyone, you ask? Turns out to be rather invaluable in selling political advertising and influencing behaviour either with nudges or by reinforcing prejudices and fears.

Some cookies, such as those used by price comparison websites and referral marketers (affiliate shopping and rewards based websites) help to track purchases and give rewards to the customer that clicks thru, which while not strictly harmful, could be construed as misleading were the user not aware referring website gets an undisclosed financial commission and benefit. This is common place in offline transactions too, that commissions (and therefore conflicts of interest) are not clearly disclosed.