Megan Daisy Floral Design

Privacy Policy

Last updated: 11 April 2026

This privacy policy explains how Megan Daisy Floral Design collects and uses personal data when you browse the website, send an enquiry, place an order, start a subscription, sign in, or contact us directly.

Who we are

Megan Daisy Floral Design is an independent florist based in Colchester, Essex, UK. For the personal data described in this policy, Megan Daisy Floral Design is the controller.

You can contact us at megandaisyfloraldesign@gmail.com or by telephone on 07424 421755.

Personal data we collect

Wedding and funeral enquiry forms

We collect the details you choose to submit, including names, email address, phone number, event or funeral date, venue or delivery details, budget, flower preferences, card messages, inspiration links, and any additional message you provide.

Checkout and subscription orders

We collect customer name, email address, billing and delivery addresses, postcode, delivery date, delivery notes, order items, gift messages, subscription frequency, start date, and gift recipient details where you provide them.

Accounts and guest checkout

Firebase supports sign-in, Google sign-in, and anonymous guest checkout. This can involve email address, display name, authentication identifiers, and sign-in metadata handled by Firebase.

Payments

Stripe handles card details and payment authentication. We receive payment method identifiers, payment status, billing details, and information needed to reconcile your order. We do not store your full card number or CVC on this website.

Website and device data

Hosting, security, product API, and analytics services may process IP address, browser type, device information, pages viewed, approximate location, timestamps, referral source, and server logs.

LocalStorage and sessionStorage

The site uses browser storage for the basket, recent checkout information, subscription checkout selections, bouquet quick-buy details, and last order summary. This helps the checkout work and keeps details available during the current shopping journey.

How we use your data

  • To respond to bouquet, wedding, funeral, event, and subscription enquiries.
  • To prepare quotes, proposals, invoices, order confirmations, and customer service replies.
  • To process orders, subscriptions, payments, refunds, delivery, and fraud checks.
  • To manage account sign-in, guest checkout, authentication, and delivery preferences.
  • To keep business records required for tax, accounting, legal claims, and security.
  • To understand site performance and advertising conversion where analytics or conversion tools are enabled.

Lawful bases

We process personal data under the UK GDPR and, where applicable, EU GDPR. The lawful bases we rely on are:

  • Contract or steps before a contract: to answer enquiries, provide quotes, take payment, fulfil orders, and manage subscriptions.
  • Legitimate interests: to run the florist business, respond to customers, maintain records, protect the website, prevent fraud, and improve services.
  • Legal obligation: to keep accounting, tax, and transaction records and to comply with lawful requests.
  • Consent: for optional marketing, non-essential cookies, analytics, advertising conversion tracking where consent is required, and sensitive information you choose to provide where consent is the appropriate basis.

Please avoid sending sensitive personal data unless it is needed for your enquiry or order. If you include details such as health, religious, or family information in a message, we use it only for the purpose you provided it for.

Who we share data with

We share personal data only where needed for the purposes above. This may include Stripe for payment processing, Firebase and Google for authentication and site services, Formspree for enquiry form handling, hosting and API providers, email providers, delivery partners, professional advisers, insurers, HMRC, regulators, or law enforcement where required.

If you follow links to Instagram, Facebook, TikTok, Pinterest, YouTube, Google, Stripe, or other third-party services, those services process your data under their own privacy notices.

International transfers

Some suppliers may process data outside the UK or European Economic Area. Where this happens, we expect appropriate safeguards to be used, such as adequacy regulations, the UK International Data Transfer Agreement, the UK Addendum to EU Standard Contractual Clauses, or Standard Contractual Clauses approved for EU GDPR transfers.

How long we keep data

  • Enquiries are usually kept for up to 24 months after the last contact unless they become an order, booking, or ongoing customer relationship.
  • Order, payment, delivery, refund, and accounting records are usually kept for up to 6 years after the relevant tax year or transaction, unless a longer period is needed for legal reasons.
  • Account data is kept while the account is active and for a reasonable period afterwards for security, support, and record keeping.
  • Browser storage remains on your device until it expires, the browser clears it, or you clear it manually. Session storage is generally cleared when the browser session ends.
  • Analytics, hosting, and security logs are kept according to the retention settings of the relevant provider.

Cookies, storage, and analytics

The website uses browser storage and may use cookies or similar technologies for checkout, authentication, security, basket functionality, analytics, and conversion measurement. Strictly necessary storage supports services you ask for, such as keeping items in your basket and completing checkout.

Where non-essential analytics or advertising cookies are used, we will rely on consent where required by UK Privacy and Electronic Communications Regulations or EU ePrivacy rules.

You can accept or decline optional cookies when the cookie notice appears. You can change your choice at any time using the Cookie settings link in the footer.

Your rights

You may have rights of access, correction, erasure, restriction, portability, objection, and withdrawal of consent. These rights do not always apply in every situation, but we will explain if a legal exemption applies.

To make a request, contact us at megandaisyfloraldesign@gmail.com. We may need to verify your identity before acting on a request.

Complaints

Please contact us first if you have a privacy concern so we can try to resolve it. You also have the right to complain to the Information Commissioner's Office, the UK data protection regulator. If you are in the European Economic Area, you may also contact your local supervisory authority.

Changes to this policy

We may update this policy when the website, suppliers, legal requirements, or business processes change. The latest version will be published on this page.