The British Florist Association are committed to protecting your privacy. We will only use the information that we collect about you lawfully (in accordance with the Data Protection Act 2018 & subsequent revisions thereof).
Your trust is important to us. So, we want you to know we’ve updated our Privacy Notice to explain how we collect, store and handle your personal data.
We do this in a number of ways – including when you share your information with us for membership or make an online purchase. We treat your data with the utmost care and take appropriate steps to protect it.
We’ll sometimes share data with third parties to help us provide a better service for you. Some examples might be giving your Name and email address to a company supplying a service.
You have many rights regarding your personal data, including seeing what data we access, and updating your information. There’s nothing you need to do right now, but if you’d like to find out more, by visiting our website at any time.
The advice in this article is only our interpretation of GDPR and PECR and is not legal advice. We strongly recommend you take your own legal advice in deciding how to comply with the new regulations.
Introduction
This Privacy Notice explains in detail the types of personal data we may collect about you when you interact with us. It also explains how we’ll store and handle that data and keep it safe.
We know that there’s a lot of information here but we want you to be fully informed about your rights, and how the British Florist Association uses your data.
We hope the following sections will answer any questions you have but if not, please do get in touch with us.
It’s likely that we’ll need to update this Privacy Notice from time to time. We’ll notify you of any significant changes, but you’re welcome to come back and check it whenever you wish.
When you are using the British Florist Association websites, the BFA is the data controller.
Explaining the legal bases, we rely on
The law on data protection sets out a number of different reasons for which a company may collect and process your personal data, including:
Consent
In specific situations, we can collect and process your data with your consent.
For example, when you tick a box to receive email newsletters.
When collecting your personal data, we’ll always make clear to you which data is necessary in connection with a particular service.
Contractual obligations
In certain circumstances, we need your personal data to comply with our contractual obligations.
Legal compliance (if necessary)
If the law requires us to, we may need to collect and process your data.
For example, we can pass on details of people involved in fraud or other criminal activity affecting the Partnership to law enforcement.
When do we collect your personal data?
When you visit any of our websites and use them to buy products and services. On the phone or online.
When you make an online purchase.
When you purchase a product or service in by phone.
When you engage with us on social media.
When you contact us by any means with queries, complaints etc.
When you ask one of our Partners to email you information about a product or service.
When you enter prize draw or competitions.
When you book any kind of appointment with us or book to attend an event, for example a class at Vision Masterclass.
When you choose to complete any surveys, we send you.
When you comment on or review our products and services. Any individual may access personal data related to them, including opinions. So, if your comment or review includes information about the Partner who provided that service, it may be passed on to them if requested.
When you’ve given a third-party permission to share with us the information they hold about you.
How we protect your personal data
We know how much data security matters to all our customer/members. With this in mind we will treat your data with the utmost care and take all appropriate steps to protect it.
We secure access to all transactional areas of our websites using ‘https’ technology.
Access to your personal data is password-protected, and sensitive data (such as payment card information) is secured and tokenized to ensure it is protected.
We regularly monitor our system for possible vulnerabilities and attacks.
How long will we keep your personal data?
Whenever we collect or process your personal data, we’ll only keep it for as long as is necessary for the purpose for which it was collected.
At the end of that retention period, your data will either be deleted completely or anonymised.
Who do we share your personal data with?
We sometimes share your personal data with trusted third parties.
For example, product and service companies that are related to the British Florist Association.
Here’s the policy we apply to those organisations to keep your data safe and protect your privacy:
We provide only the information they need to perform their specific services.
They may only use your data for the exact purposes we specify in our contract with them.
We work closely with them to ensure that your privacy is respected and protected at all times.
If we stop using their services, any of your data held by them will either be deleted or rendered anonymous.
Examples of the kind of third parties we work with are:
IT companies who support our website and other business systems.
Direct marketing companies who help us manage our electronic communications with you.
Google/Facebook to show you products that might interest you while you’re browsing the internet.
This is your acceptance on the cookies on our website and your marketing consent.
Sharing your data with third parties for their own purposes:
We will only do this in very specific circumstances, for example:
With your consent, given at the time you supply your personal data, we may pass that data to a third party for their direct marketing purposes. We work with carefully selected partners with whom we share data for the purposes of member benefits.
For example, if you enter a floristry competition and tick a box agreeing that the RHS or company can send you necessary information directly. Or if we run a joint event with a wholesaler and you agree to receive direct communications from them.
For fraud management, we may share information about fraudulent or potentially fraudulent activity in our premises or systems. This may include sharing data about individuals with law enforcement bodies.
We may also be required to disclose your personal data to the police or other enforcement, regulatory or Government body, in your country of origin or elsewhere, upon a valid request to do so. These requests are assessed on a case-by-case basis and take the privacy of our customers into consideration.
What are your rights over your personal data?
An overview of your different rights
You have the right to request:
Access to the personal data we hold about you.
The correction of your personal data when incorrect, out of date or incomplete.
That we stop using your personal data for direct marketing (either through specific channels, or all channels).
That we stop any consent-based processing of your personal data after you withdraw that consent.
You can contact us to request to exercise these rights at any time as follows:
To ask for your information please contact The Association Manager, British Florist Association, PO Box 505, West Malling, ME6 9NQ or email info@britishfloristassociation.org.
If we choose not to action your request we will explain to you the reasons for our refusal.
Your right to withdraw consent
Whenever you have given us your consent to use your personal data, you have the right to change your mind at any time and withdraw that consent.
Where we rely on our legitimate interest
In cases where we are processing your personal data on the basis of our legitimate interest, you can ask us to stop for reasons connected to your individual situation.
We must then do so unless we believe we have a legitimate overriding reason to continue processing your personal data.
Direct marketing
You have the right to stop the use of your personal data for direct marketing activity through all channels, or selected channels. We must always comply with your request.
Checking your identity
To protect the confidentiality of your information, we will ask you to verify your identity before proceeding with any request you make under this Privacy Notice.
If you have authorised a third party to submit a request on your behalf, we will ask them to prove they have your permission to act.
How do we ensure your personal information is accurate?
Much of the personal information we collect comes directly from you, in which case you are in control of its accuracy. Our processes for collecting and transcribing personal information are automated to the greatest extent possible and are subject to rigorous quality controls. Information that is found to be inaccurate, either through our own audits or following your request for correction, is updated.
How can you stop the use of your personal data for direct marketing?
There are several ways you can stop direct marketing communications from us:
Click the ‘unsubscribe’ link in any email communication that we send you. We will then stop any further emails from that particular division.
Please note that you may continue to receive communications for a short period after changing your preferences while our systems are fully updated.
Any questions?
We hope this Privacy Notice has been helpful in setting out the way we handle your personal data and your rights to control it.
If you have any questions that haven’t been covered, please contact our Association Manager who will be pleased to help you: