Privacy Policy of Cog & Petal
Cog & Petal is committed to protecting the privacy and personal data of our clients, website visitors, and workshop participants. This policy outlines how we collect, use, disclose, and protect your information when you interact with our online platform, engage with our services, or communicate with us.
1. Information We Collect
We collect various types of information to provide and improve our services.
- Personal Identification Information: This includes your name, postal address, email address, and phone number, which you provide when enquiring about our services, booking a workshop, requesting a consultation, or purchasing bespoke floral arrangements or installations.
- Transactional Data: Details about services you have purchased from us, such as bespoke floral arrangements, botanical art installations, historical garden restoration projects, event floristry bookings, or floral design workshop registrations.
- Technical Data: Information about your interaction with our online platform, including IP address, browser type and version, time zone setting, operating system and platform, and other technology on the devices you use to access this website. This is collected automatically via cookies and similar technologies.
- Usage Data: Information about how you use our website and services, such as pages visited, time spent on those pages, and clickstream data.
- Marketing and Communications Data: Your preferences in receiving marketing from us and your communication preferences.
2. How We Use Your Information
We use your personal data for several purposes, always on a lawful basis.
- To Provide and Manage Our Services: This includes fulfilling orders for bespoke floral arrangements, managing botanical art installations, coordinating historical garden restorations, arranging event floristry, processing workshop registrations, and managing living green wall maintenance.
- To Communicate with You: Responding to your enquiries, providing updates on your projects or bookings, sending service-related notifications, and addressing customer service issues.
- For Marketing Purposes: With your consent, to send you newsletters, promotional materials, or information about new services, workshops, or special offers that may be of interest to you. You can opt out at any time.
- To Improve Our Website and Services: Analyzing website usage and trends to enhance user experience, optimize our content, and develop new offerings.
- For Legal and Security Compliance: To comply with legal obligations, prevent fraud, and ensure the security of our services and data.
3. Legal Basis for Processing Personal Data
We will only process your personal data where we have a lawful basis to do so, as defined by GDPR. These bases include:
- Performance of a Contract: When processing is necessary for the performance of a contract to which you are a party or to take steps at your request before entering into such a contract (e.g., fulfilling your service order).
- Legitimate Interests: When processing is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests (e.g., improving our services, preventing fraud).
- Consent: Where you have given explicit consent for us to process your personal data for a specific purpose (e.g., for marketing communications). You have the right to withdraw consent at any time.
- Legal Obligation: When processing is necessary for compliance with a legal obligation to which we are subject.
4. Data Sharing and Disclosure
We do not sell your personal data to third parties. We may share your information with:
- Service Providers: Trusted third-party service providers who assist us in operating our website, conducting our business (e.g., payment processors, analytics providers, IT support), or serving our users, provided that those parties agree to keep this information confidential and comply with data protection laws.
- Legal Requirements: When required by law or in response to valid requests by public authorities (e.g., a court or government agency).
- Business Transfers: In connection with, or during negotiations of, any merger, sale of company assets, financing, or acquisition of all or a portion of our business by another company.
5. Data Security
We implement appropriate technical and organizational measures to protect your personal data from unauthorized access, accidental loss, destruction, or damage. We regularly review our security procedures to consider new technologies and methods. Despite our efforts, no security system is impenetrable, and we cannot guarantee the absolute security of your data.
6. Data Retention
We will retain your personal data only for as long as necessary to fulfill the purposes for which it was collected, including for the purposes of satisfying any legal, accounting, or reporting requirements. To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorized use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
7. Your Data Protection Rights
Under GDPR, you have the following rights regarding your personal data:
- The Right to Be Informed: About how your personal data is being used.
- The Right of Access: To access the personal data we hold about you.
- The Right to Rectification: To have inaccurate personal data corrected.
- The Right to Erasure (“Right to Be Forgotten”): To have your personal data deleted in certain circumstances.
- The Right to Restrict Processing: To limit the way we use your personal data.
- The Right to Data Portability: To receive your personal data in a structured, commonly used, and machine-readable format.
- The Right to Object: To processing based on legitimate interests or direct marketing.
- Rights in Relation to Automated Decision Making and Profiling: To object to automated decisions that have a legal or similarly significant effect on you.
To exercise any of these rights, please contact us using the details provided below. We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it.
8. Cookies
Our online platform uses cookies to distinguish you from other users of our website. This helps us to provide you with a good experience when you browse our website and also allows us to improve our site. For detailed information on the cookies we use and the purposes for which we use them, please refer to our Cookie Policy.
9. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices or for other operational, legal, or regulatory reasons. We will notify you of any significant changes by posting the new policy on our website. We encourage you to review this policy periodically.
10. Contact Us
If you have any questions about this Privacy Policy or our data practices, please contact us:
Cog & Petal
17 Boilerhouse Lane, Unit 2C
Manchester, Greater Manchester, M4 7HT
United Kingdom