Privacy Policy

Last updated: 27/11/25

1. Who We Are

Florence and Joy is a fabric remnant shop based in the United Kingdom. Our website address is: https://florenceandjoy.co.uk

For any questions about this privacy policy or how we handle your data, please contact us through our contact form.

2. What Personal Data We Collect and Why

Contact Forms

When you contact us through our website contact form, we collect:

  • Your name
  • Your email address
  • Any other information you choose to provide in your message

We use this information solely to respond to your enquiry. We retain contact form submissions for customer service purposes and to track the history of our correspondence with you.

Newsletter Subscriptions

When you subscribe to our newsletter, we collect:

  • Your email address
  • Your name (if provided)
  • The date and time of subscription

We use Mailchimp to manage our newsletter subscriptions. Your information is stored on Mailchimp’s servers and is subject to their privacy policy, available at: https://www.intuit.com/privacy/statement/

We will only send you marketing emails if you have explicitly opted in to receive them. You can unsubscribe at any time using the link provided in every email, or by contacting us directly.

Online Shop and Orders

When you place an order through our WooCommerce shop, we collect:

  • Your name and contact details (email address, phone number)
  • Billing address
  • Delivery address (if different from billing)
  • Payment information (processed securely through our payment provider)
  • Order history and purchase details

We use this information to:

  • Process and fulfill your orders
  • Send you order confirmations and updates
  • Handle returns, refunds, and customer service enquiries
  • Comply with legal obligations (such as tax and accounting requirements)
  • Detect and prevent fraud

Payment Processing: We do not store your complete payment card details. Payment information is processed securely by our payment gateway provider and is subject to Payment Card Industry Data Security Standards (PCI-DSS).

Customer Accounts

If you create an account on our website, we store:

  • Your username and encrypted password
  • Your email address
  • Your billing and shipping addresses
  • Your order history

You can view, edit, or delete your personal information at any time by logging into your account. You cannot change your username, but you can request account deletion by contacting us.

Cookies and Tracking

Essential Cookies: Our website uses essential cookies that are necessary for the site to function properly, including:

  • Shopping cart cookies to remember items you’ve added
  • Session cookies to keep you logged in
  • Security cookies to protect against fraudulent activity

Analytics: We use Jetpack analytics to understand how visitors use our website. This helps us improve our site and services. Jetpack collects anonymised information about your visit, including:

  • Pages viewed
  • Time spent on the site
  • Referring website
  • General location (country/city level only)

You can opt out of analytics tracking through your browser settings or by using browser extensions that block tracking.

Cookie Consent: By using our website, you consent to our use of essential cookies. You can control and delete cookies through your browser settings, though this may affect your ability to use certain features of the website.

Comments (if enabled)

If you leave a comment on our site, we collect:

  • The data shown in the comments form
  • Your IP address and browser user agent string (to help with spam detection)

An anonymised string created from your email address may be provided to the Gravatar service to display your profile picture. The Gravatar privacy policy is available at: https://automattic.com/privacy/

Comments and their metadata are retained indefinitely so we can automatically approve follow-up comments instead of holding them in a moderation queue.

3. How Long We Retain Your Data

  • Contact form submissions: Retained indefinitely for customer service records
  • Newsletter subscriptions: Until you unsubscribe or request deletion
  • Order information: Retained for 7 years to comply with UK tax and accounting regulations
  • Customer accounts: Until you request deletion
  • Analytics data: Anonymised data is retained indefinitely for statistical purposes

4. Who We Share Your Data With

We do not sell or rent your personal information to third parties. We only share your data with:

  • Mailchimp – to manage newsletter subscriptions
  • Payment processors – to securely process your payments
  • Shipping providers – to deliver your orders (name and delivery address only)
  • Jetpack/Automattic – for website analytics (anonymised data)
  • Legal authorities – if required by law

All third-party service providers are required to keep your information secure and use it only for the specific purposes for which it was provided.

5. Your Rights Under GDPR

Under UK GDPR, you have the following rights:

  • Right of access: You can request a copy of the personal data we hold about you
  • Right to rectification: You can ask us to correct inaccurate or incomplete data
  • Right to erasure: You can request that we delete your personal data
  • Right to restrict processing: You can ask us to limit how we use your data
  • Right to data portability: You can request your data in a portable format
  • Right to object: You can object to certain types of processing
  • Right to withdraw consent: You can withdraw consent for marketing communications at any time

To exercise any of these rights, please contact us through our contact form. We will respond to your request within one month.

6. Data Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction. However, no method of transmission over the internet is 100% secure, and we cannot guarantee absolute security.

7. Children’s Privacy

Our website is not intended for children under 16 years of age. We do not knowingly collect personal data from children. If you believe we have collected information from a child, please contact us immediately.

8. Changes to This Privacy Policy

We may update this privacy policy from time to time. Any changes will be posted on this page with an updated revision date. We encourage you to review this policy periodically.

9. Contact Us

If you have any questions about this privacy policy or how we handle your personal data, please contact us through the contact form on our website.

Data Controller: Florence and Joy Website: https://florenceandjoy.co.uk