Skip to main content
Book a Demo

Legal

Privacy Notice

Last updated: March 26, 2026

Digital Florists Ltd ("Digital Florists", "we", "us", "our") is committed to being transparent about how we use personal data.

This Privacy Notice explains how we collect and use personal data when you:

  • (a) visit https://digitalflorists.com or any other website we operate that links to this Notice (the "Website");
  • (b) use the Digital Florists software platform and related services (the "Service"); or
  • (c) interact with public-facing pages powered by our Service, such as customer portals, delivery tracking links and public forms (together, "Public Features").

If you do not agree with this Notice, please do not use the Website or (where applicable) the Service.

1. Who We Are and Our Role (Controller vs Processor)

1.1 When we act as a Controller

We act as a "Controller" (meaning we decide how and why personal data is processed) for:

  • Website visitor data (e.g., enquiry forms, newsletter sign-ups, analytics choices);
  • Service account, billing and relationship data for our business customers and their authorised users;
  • Service security, fraud prevention and diagnostics (to the extent we determine the purposes/means);
  • Our own marketing and sales activities (B2B).

1.2 When we act as a Processor

We act as a "Processor" (meaning we process personal data on a customer's behalf and under their instructions) for "Customer Data" submitted to or processed within the Service, including via Public Features (e.g., orders, recipient details, delivery addresses, messages, portal content, tracking page content and public form submissions configured by our customer).

In those circumstances, the relevant business using our Service is the Controller. If you are an end customer/recipient interacting with a florist using our Service, you should also read the florist's own privacy notice and contact them first for rights requests (see Section 8).

1.3 Contact details

Digital Florists Ltd
Address: 7 Booker Ave, Liverpool L18 4QY, United Kingdom
Email: hello [at] digitalflorists.com
Telephone: 0151 272 0049

Company number: 15423324

Privacy contact:
Email: privacy [at] digitalflorists.com

2. Personal Data We Collect

2.1 Website data (Website visitors and prospects)

We may collect:

  • Identity and contact data: name, business email, phone number, company name, role.
  • Enquiry and communications data: what you send us via forms, chat widgets or email.
  • Marketing preferences: opt-in/opt-out status and communication choices.
  • Technical and usage data: IP address, device and browser information, pages viewed, approximate location derived from IP, referral URLs, and cookie/consent choices.

2.2 Service account and relationship data (B2B customers and authorised users)

We may collect:

  • Account data: name, business contact details, login credentials (stored as hashed passwords), user roles/permissions.
  • Billing/contract data: subscription plan, payment status, transaction references (note: payment card details are typically handled by our payment processor; we do not store full card numbers).
  • Support data: support tickets, call recordings (if used and disclosed), troubleshooting information.
  • Security and audit logs: login events, access logs, administrative actions, API logs.

2.3 Customer Data processed in the Service (Processor role)

Our customers may submit Customer Data into the Service, which may include:

  • Order and delivery information: sender/recipient name, address, phone number, email, delivery notes, delivery status, proof of delivery.
  • Content and communications: gift messages, notes, portal messages, SMS/email content sent via the Service.
  • Customer portal data: account/order references, order status, documents or messages made available via the portal.
  • Live tracking data (if enabled by our customer): tracking link identifiers, delivery progress, and (where configured) location updates related to fulfilment.
  • Public form submissions: details entered into a public form created by our customer (e.g., enquiries, event requests, order requests).

Important: Our customers control what they upload and configure. Customers should avoid uploading special category data (e.g., health information) unless they have a valid lawful basis and appropriate safeguards.

2.4 Data from third parties

We may receive personal data from:

  • our customers (e.g., when they add users);
  • resellers/partners/referrers (where applicable);
  • payment, fraud-prevention and security providers;
  • public sources (e.g., company websites, LinkedIn) for B2B prospecting, where permitted by law.

3. How We Use Personal Data (Purposes and Lawful Bases)

3.1 Website data (Controller)

We use Website data to:

  • A) Respond to enquiries and provide information (lawful basis: legitimate interests; and/or taking steps at your request prior to entering a contract).
  • B) Operate and secure the Website and prevent misuse (lawful basis: legitimate interests; compliance with legal obligations).
  • C) Measure and improve Website performance and user experience (lawful basis: consent where required for cookies/analytics; otherwise legitimate interests for strictly necessary operations).
  • D) Send marketing communications (lawful basis: consent where required; otherwise legitimate interests for B2B marketing, always with an opt-out).

3.2 Service account/relationship data (Controller)

We use this data to:

  • A) Provide the Service to our customers, manage accounts, authenticate users (lawful basis: performance of a contract).
  • B) Provide support, onboarding and customer success (lawful basis: contract and/or legitimate interests).
  • C) Billing, payments, tax and accounting (lawful basis: contract and legal obligation).
  • D) Maintain security, detect fraud/abuse, enforce our Terms (lawful basis: legitimate interests; and/or legal obligation).
  • E) Improve the Service using diagnostic and usage data (lawful basis: legitimate interests). We do not use Customer Data content for our own marketing.

3.3 Customer Data in the Service (Processor)

We process Customer Data only:

  • to provide and support the Service in line with the customer's instructions;
  • to maintain security and reliability of the Service;
  • to comply with applicable law and lawful requests.

As the Controller, the customer is responsible for:

  • identifying an appropriate lawful basis for processing Customer Data;
  • providing required privacy notices to data subjects;
  • collecting consents where required;
  • ensuring compliance when sending messages via SMS or email; and
  • configuring tracking, portal, and public form features in accordance with applicable law.

3.4 Aggregated and anonymised data

We may generate aggregated and/or anonymised data from usage of the Website and Service (e.g., feature adoption rates, performance metrics, benchmarking). We use this to:

  • maintain, improve and develop our products and services;
  • produce insights and reports that do not identify individuals.

We do not attempt to re-identify individuals from anonymised datasets.

4. Sharing and Disclosure

We may share personal data with:

  • Infrastructure and hosting providers (cloud hosting, storage, backups, content delivery);
  • Communications providers (email/SMS/notifications);
  • Analytics and performance providers (where enabled and subject to cookie choices);
  • Customer support tooling providers (ticketing, chat);
  • Payment processors and billing providers;
  • Security and fraud-prevention providers;
  • Professional advisers (lawyers, auditors, insurers) where necessary;
  • Calendar and scheduling services (e.g., Cal.com) to facilitate demo bookings and appointments;
  • Font delivery services — we may load fonts from external providers, which involves your IP address being shared with those providers for the purpose of delivering web fonts;
  • Regulators, law enforcement or courts where required by law.

Sub-processors (Processor role): Where we process Customer Data, we may use sub-processors to help deliver the Service. We remain responsible for their compliance as required by applicable law and our Data Processing Addendum.

We do not sell personal data.

5. International Transfers

We may transfer personal data outside the UK and/or EEA (for example, where a supplier hosts data internationally).

Where we do, we put appropriate safeguards in place, such as:

  • adequacy regulations (where the destination country is deemed adequate);
  • the UK International Data Transfer Agreement (IDTA) and/or the UK Addendum to EU Standard Contractual Clauses;
  • binding corporate rules or other lawful mechanisms.

For transfers to the US, we may rely on the UK-US Data Bridge (UK Extension to the EU-US Data Privacy Framework) where the recipient participates.

6. Security

We implement appropriate technical and organisational measures designed to protect personal data against unauthorised access, loss, alteration or misuse. Measures may include encryption in transit, access controls, least-privilege permissions, logging and monitoring, and regular security review.

No system is completely secure. You are responsible for maintaining the confidentiality of your login credentials and ensuring your users do the same.

7. Retention

7.1 Website data

We retain Website personal data for as long as necessary for the purposes described above, including:

  • enquiries: typically up to 24 months from last contact;
  • marketing contacts: until you opt out, or we remove inactive contacts after 36 months of inactivity;
  • cookie/consent records: retained for at least three (3) years, or for as long as we rely on the consent;

7.2 Service data (Controller data)

We retain account, billing and support records for the duration of the customer relationship and for up to seven (7) years as required for tax and financial record-keeping, after which they are securely deleted.

7.3 Customer Data (Processor data)

We retain Customer Data for the duration of the customer subscription.

Upon termination/expiry of the subscription:

  • we will make Customer Data available for export for a period of two (2) months (unless otherwise agreed in writing); then
  • we will delete or anonymise Customer Data from live systems, unless legally required to retain it longer.

Backups: Customer Data may remain in secure backups for up to twelve (12) months as part of our standard backup and disaster recovery cycles, after which it is permanently overwritten or erased.

8. Your Rights and How to Exercise Them

8.1 If you are a Website visitor, prospect, or an authorised user (Controller data)

Depending on your jurisdiction, you may have rights including: access, rectification, erasure, restriction, objection, portability, withdrawal of consent, and not to be subject to solely automated decision-making (where relevant).

To exercise rights in relation to Controller data, contact us using Section 1.3.

8.2 If you are an end customer/recipient using a portal, tracking link or public form (Customer Data)

In most cases, the florist/business you are dealing with is the Controller. Please contact them first to exercise your rights.

If you contact us directly, we may redirect you to the relevant Controller or assist them as required by law.

8.3 Automated decision-making

We do not make decisions based solely on automated processing, including profiling, that produce legal effects or similarly significantly affect you.

8.4 Complaints

If you have a concern, please contact us first at privacy [at] digitalflorists.com so we can investigate and respond.

You also have the right to complain to the UK Information Commissioner's Office (ICO) at ico.org.uk. We encourage you to contact us first.

9. Public Features (Portals, Tracking Links, Public Forms) - Important Information

  • These pages are typically created and controlled by our business customers.
  • If you submit personal data via a Public Feature, it is collected for that customer and processed under their instructions.
  • Tracking links: tracking pages may be accessible to anyone with the link. Do not share tracking links publicly. Our customers are responsible for deciding what information is displayed and for configuring link security/expiry where available.

10. Cookies and Similar Technologies

We use cookies and similar technologies on the Website and within the Service. For details, please see our Cookie Policy and our cookie preference tools (where available).

11. Changes to This Notice

We may update this Notice from time to time. We will post the updated version and change the "Last updated" date. Material changes will be notified via the Website or Service.

12. Contact

For privacy queries, requests or complaints, contact:

Email: privacy [at] digitalflorists.com
Post: Digital Florists Ltd, 7 Booker Ave, Liverpool L18 4QY, United Kingdom

Cookie Policy Terms of Service

Have Questions About This Policy?

We're here to help clarify any concerns.

Contact Us