Privacy Policy

Last Updated: March 27, 2026

Important Notice: This Privacy Policy explains how Interfloras Ireland collects, uses, stores, and protects your personal data when you visit or interact with our website at interfloras-ie.com. Please read this document carefully before using our services. By accessing our website or making a purchase, you acknowledge that you have read and understood this Privacy Policy.

1. Who We Are

Interfloras Ireland is the data controller responsible for your personal information collected through this website. We are committed to protecting your privacy and handling your personal data with the utmost care, transparency, and in full compliance with applicable data protection legislation.

1.1 Our Contact Details

Company Name	Interfloras Ireland
Website	interfloras-ie.com
Email Address	[email protected]
Operating Location	Ireland

For all privacy-related enquiries, data subject requests, or concerns regarding this Privacy Policy, please contact us directly at [email protected]. We aim to respond to all privacy-related requests within 30 days of receipt.

2. Legal Framework and Basis

As a business based in Ireland, we are subject to the following data protection laws and regulations:

General Data Protection Regulation (GDPR) – Regulation (EU) 2016/679, which applies directly in Ireland as a member state of the European Union.
Data Protection Acts 1988–2018 – Irish national legislation supplementing and implementing the GDPR within Ireland.
ePrivacy Regulations (SI No. 336 of 2011) – Irish regulations governing cookies, electronic marketing, and electronic communications.
Consumer Protection Act 2007 – Irish legislation governing fair trading and consumer rights.

The supervisory authority responsible for data protection in Ireland is the Data Protection Commission (DPC), located at 21 Fitzwilliam Square South, Dublin 2, D02 RD28, Ireland. Website: www.dataprotection.ie.

2.1 Lawful Bases for Processing

Under the GDPR, we must have a valid lawful basis for every instance of processing your personal data. We rely on the following lawful bases:

Contract (Article 6(1)(b) GDPR): Processing necessary to perform a contract with you, including fulfilling orders, processing payments, and arranging deliveries.
Legitimate Interests (Article 6(1)(f) GDPR): Processing necessary for our legitimate business interests, such as fraud prevention, improving our services, and direct marketing to existing customers, provided these interests are not overridden by your rights and interests.
Legal Obligation (Article 6(1)(c) GDPR): Processing necessary to comply with a legal obligation, such as tax and accounting requirements under Irish law.
Consent (Article 6(1)(a) GDPR): Where you have freely given, specific, informed, and unambiguous consent, such as subscribing to our newsletter or accepting non-essential cookies.

3. What Personal Data We Collect

We collect several categories of personal data when you interact with our website, make a purchase, or contact us. Below is a detailed breakdown of the types of information we collect.

3.1 Personal Identification Information

When you register an account, place an order, or contact us, we may collect the following personal identification data:

Full name (both sender and recipient of floral arrangements)
Email address
Postal address (billing and delivery addresses)
Phone number
Date of birth (where provided, for personalisation purposes)
Username and password (for registered account holders)
Gift message content and special occasion details

3.2 Payment and Financial Information

To process transactions securely, we collect certain payment-related information. Please note that we do not directly store full credit or debit card details on our servers. Payment processing is handled by trusted, PCI DSS-compliant third-party payment processors. We may retain:

Billing name and address
Transaction reference numbers
Payment method type (e.g., Visa, Mastercard, PayPal)
Last four digits of card numbers (for reference purposes only)
Purchase history and order values

3.3 Usage and Behavioural Data

When you visit and browse our website, we automatically collect certain technical and behavioural data, including:

Pages visited, products viewed, and time spent on each page
Search terms used within our website
Clickstream data and navigation paths
Items added to shopping baskets (including abandoned basket data)
Referral source (how you arrived at our website)
Interaction with promotional content and emails

3.4 Device and Technical Information

Our website servers and analytics tools automatically collect certain technical information about the device and connection you use to access our website:

IP address (which may be anonymised or pseudonymised)
Browser type and version
Operating system
Device type (desktop, mobile, tablet)
Screen resolution
Time zone settings
Language preferences
Cookie identifiers and session tokens

3.5 Communications Data

If you contact us by email, telephone, live chat, or through any online form, we may collect:

The content and subject matter of your communications
Your contact details as provided in correspondence
Records of complaints and their resolutions
Feedback and reviews submitted
Social media interactions where you tag or message us

3.6 Marketing Preferences

Where you have opted in or where we rely on legitimate interests, we retain records of:

Your marketing preferences and opt-in/opt-out choices
Email open rates and click-through rates (where tracked)
Promotional codes you have used
Loyalty programme participation (if applicable)

4. How We Use Your Personal Data

We use the personal data we collect for a range of purposes, all of which are carried out in accordance with the lawful bases described in Section 2.1 above.

4.1 Service Provision and Order Fulfilment

The primary purpose for which we use your personal data is to provide you with our floral arrangement and delivery services. This includes:

Processing and confirming your orders
Arranging delivery of flowers and gifts to the specified recipient
Processing payments and issuing receipts and invoices
Managing your account and preferences
Communicating order status updates, shipping notifications, and delivery confirmations
Handling returns, refunds, and cancellations in accordance with Irish consumer rights law
Responding to customer service queries and complaints

4.2 Analytics and Website Improvement

We use usage data to understand how our website is being used and to continuously improve the experience for all users. This includes:

Analysing traffic patterns and user behaviour on our website
Identifying technical errors or performance issues
Testing new features and design changes
Understanding which products and services are most popular
Conducting market research and user satisfaction surveys

4.3 Marketing and Personalisation

Where you have provided consent or where we rely on legitimate interests, we may use your personal data to:

Send you promotional emails about new products, seasonal offers, and special occasions such as Valentine's Day, Mother's Day, or Christmas
Provide personalised product recommendations based on your purchase history and browsing behaviour
Display targeted advertisements on third-party platforms (such as social media) using anonymised or hashed data
Send you reminders for recurring occasions (e.g., anniversaries or birthdays) where you have opted into this service
Conduct A/B testing for marketing communications

Your Right to Opt Out: You may withdraw your consent to marketing communications at any time by clicking the "unsubscribe" link in any of our emails, or by contacting us at [email protected]. Withdrawing consent does not affect the lawfulness of processing carried out before withdrawal.

4.4 Legal and Compliance Purposes

We are required by Irish and EU law to use personal data for the following compliance purposes:

Maintaining accounting records and financial transaction logs as required by the Revenue Commissioners under Irish tax law
Complying with court orders, regulatory investigations, or legal proceedings
Preventing, detecting, and investigating fraud and other financial crimes
Enforcing our Terms and Conditions and other legal agreements
Exercising or defending legal claims

5. Sharing Your Personal Data with Third Parties

We do not sell your personal data to third parties. However, in order to provide our services and operate our business effectively, we may share your data with the following categories of recipients:

5.1 Service Providers and Data Processors

We engage carefully selected third-party service providers who process personal data on our behalf under strict contractual obligations (Data Processing Agreements) that require them to protect your data and process it only for specified, authorised purposes. These include:

Payment processors: To securely process credit/debit card and digital wallet payments
Delivery and logistics partners: Local florists and courier services who need your delivery address and contact details to fulfil your order
Email marketing platforms: To manage and send marketing and transactional emails on our behalf
Website hosting and cloud services: To host and operate our website and store data securely
Analytics providers: Such as Google Analytics, to help us understand website usage
Customer support tools: Helpdesk and live chat software providers
IT and cybersecurity services: To monitor and protect our systems from threats

5.2 Legal and Regulatory Authorities

We may disclose your personal data to the following where required or permitted by law:

An Garda Síochána or other law enforcement agencies in Ireland
The Revenue Commissioners for tax compliance purposes
The Data Protection Commission in connection with any regulatory enquiry
Courts, tribunals, or other bodies in connection with legal proceedings
Regulatory bodies with jurisdiction over our business

5.3 Business Transfers

In the event that Interfloras Ireland undergoes a business restructuring, merger, acquisition, or sale of assets, your personal data may be transferred to the relevant third party as part of that transaction. You will be notified of any such transfer and any significant changes to our Privacy Policy as a result.

5.4 Third-Party Florists Within Our Network

As part of our floral delivery service, we work with a network of local florists across Ireland and internationally. In order to fulfil your order, we share the delivery address, recipient name, contact phone number, and gift message with the fulfilling florist. These florists are required to handle this information strictly for the purpose of order fulfilment and are prohibited from using it for any other purpose.

6. Cookies and Tracking Technologies

Our website uses cookies and similar tracking technologies to enhance your browsing experience, analyse website traffic, and support our marketing activities. Cookies are small text files stored on your device when you visit our website.

6.1 Types of Cookies We Use

Strictly Necessary Cookies: Essential for the website to function correctly. These cannot be disabled without affecting core functionality, such as maintaining your shopping basket or logging into your account.
Performance and Analytics Cookies: These help us understand how visitors use our website by collecting anonymous statistical data.
Functionality Cookies: These remember your preferences (such as language or currency settings) to provide a more personalised experience.
Marketing and Targeting Cookies: Used to show you relevant advertisements on our website and on third-party platforms. These are only set with your explicit consent.

For full details about the specific cookies we use, their purposes, and how to manage your cookie preferences, please refer to our Cookie Policy. You can manage your cookie preferences at any time through our cookie consent banner or your browser settings.

7. Data Security Measures

We take the security of your personal data extremely seriously and have implemented a comprehensive range of technical and organisational measures to protect your information against unauthorised access, disclosure, alteration, or destruction.

7.1 Technical Security Measures

SSL/TLS Encryption: All data transmitted between your browser and our website is encrypted using industry-standard Secure Socket Layer (SSL) / Transport Layer Security (TLS) technology, indicated by the padlock icon in your browser's address bar.
Data Encryption at Rest: Sensitive data stored in our databases is encrypted to protect it from unauthorised access.
Firewall Protection: Our servers are protected by robust firewalls and intrusion detection systems.
Access Controls: Access to personal data is strictly limited to authorised personnel who need it to perform their job functions, using role-based access control mechanisms.
Regular Security Testing: We conduct regular security assessments, vulnerability scans, and penetration testing to identify and address potential weaknesses.
Secure Payment Processing: Payment card data is handled in accordance with the Payment Card Industry Data Security Standard (PCI DSS).

7.2 Organisational Security Measures

Staff training on data protection obligations and security best practices
Internal data protection policies and procedures
Data breach response plan and incident management procedures
Non-disclosure agreements with employees and contractors
Regular review and update of security measures

Data Breach Notification: In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the Data Protection Commission within 72 hours of becoming aware of the breach, as required by Article 33 GDPR. Where the breach is likely to result in a high risk to you, we will also notify you directly without undue delay, in accordance with Article 34 GDPR.

8. Data Retention

We do not retain your personal data for longer than is necessary for the purposes for which it was collected. Our retention periods are determined by the nature of the data, the purpose for which it is held, and applicable legal requirements.

8.1 Retention Schedule

Data Category	Retention Period	Reason
Customer account information	Duration of account plus 3 years after last activity	Service provision and legitimate interests
Order and transaction records	7 years from date of transaction	Irish tax and accounting obligations (Taxes Consolidation Act 1997)
Payment records	7 years	Legal and regulatory compliance
Marketing consent records	Until consent is withdrawn plus 3 years	Proof of consent under GDPR
Customer service communications	3 years from last interaction	Legitimate interests and legal claims
Website analytics data	26 months (anonymised)	Analytics and improvement
Cookie consent records	1 year from consent date	Compliance with ePrivacy Regulations
Security and access logs	12 months	Security monitoring and fraud prevention

After the applicable retention period has expired, personal data is securely deleted or anonymised in accordance with our data destruction procedures. Where data cannot be immediately deleted due to technical constraints, it will be securely isolated and protected from further processing until deletion is possible.

9. Your Rights Under the GDPR

As a data subject under the General Data Protection Regulation and the Data Protection Acts 1988–2018, you have a number of important rights regarding your personal data. These rights are listed below, along with information on how to exercise them.

9.1 Right of Access (Article 15 GDPR)

You have the right to obtain confirmation of whether we hold personal data about you, and if so, to receive a copy of that data along with information about how it is being processed. This is commonly known as a Subject Access Request (SAR). We will respond to your request free of charge within one calendar month of receipt.

9.2 Right to Rectification (Article 16 GDPR)

If any personal data we hold about you is inaccurate or incomplete, you have the right to request that we correct or complete it without undue delay. You can update many of your account details directly through your online account dashboard.

9.3 Right to Erasure / Right to be Forgotten (Article 17 GDPR)

In certain circumstances, you have the right to request that we delete your personal data. This right applies where:

The data is no longer necessary for the purpose for which it was collected
You withdraw consent (where consent was the lawful basis) and there is no other lawful basis for processing
You object to processing and there are no overriding legitimate grounds
The data has been unlawfully processed
The data must be erased to comply with a legal obligation

Please note that this right is not absolute and does not apply where we are required to retain data to comply with a legal obligation (such as tax record-keeping) or to establish, exercise, or defend legal claims.

9.4 Right to Restriction of Processing (Article 18 GDPR)

You have the right to request that we restrict the processing of your personal data in certain circumstances, such as where you contest the accuracy of the data or where you have objected to processing pending verification of whether our legitimate grounds override your rights.

9.5 Right to Data Portability (Article 20 GDPR)

Where processing is based on your consent or the performance of a contract, and the processing is carried out by automated means, you have the right to receive your personal data in a structured, commonly used, and machine-readable format, and to have that data transmitted to another data controller where technically feasible.

9.6 Right to Object (Article 21 GDPR)

You have the right to object at any time to the processing of your personal data where we rely on legitimate interests as the lawful basis. You also have an unconditional right to object to the processing of your personal data for direct marketing purposes, including profiling related to direct marketing. Upon receiving such an objection, we will cease marketing communications immediately.

9.7 Rights Related to Automated Decision-Making (Article 22 GDPR)

You have the right not to be subject to decisions based solely on automated processing, including profiling, which produce legal or similarly significant effects on you. We do not currently make any purely automated decisions that produce legal or similarly significant effects on our customers. Any profiling we undertake for personalisation purposes involves human oversight.

9.8 How to Exercise Your Rights

To exercise any of the above rights, please contact us using the following details:

Email: [email protected]
Website: interfloras-ie.com

We may need to verify your identity before processing your request. We will not charge a fee for requests unless they are manifestly unfounded or excessive. We will respond within one calendar month of receiving your request, though this may be extended by a further two months in complex cases, with notification to you of the extension.

10. International Data Transfers

As an Irish business operating within the European Union, your personal data is primarily stored and processed within the European Economic Area (EEA). However, some of the third-party service providers we engage may be located outside the EEA, or may transfer data to countries outside the EEA as part of their own operations.

Where we transfer personal data outside the EEA, we ensure that appropriate safeguards are in place to protect your data, in accordance with Articles 44–49 of the GDPR. Such safeguards include:

Adequacy Decisions: Transfers to countries that the European Commission has determined provide an adequate level of data protection (e.g., UK under the current adequacy decision, subject to review).
Standard Contractual Clauses (SCCs): The use of European Commission-approved Standard Contractual Clauses incorporated into our contracts with third-party processors.
Binding Corporate Rules: Where applicable, reliance on approved Binding Corporate Rules of multinational corporate groups.
Appropriate additional safeguards as required following the Schrems II ruling and subsequent guidance from the Data Protection Commission.

You may request a copy of the relevant safeguards we have put in place for international transfers by contacting us at [email protected].

11. Children's Privacy

Our website and services are intended exclusively for use by individuals who are 18 years of age or older. We do not knowingly collect, process, or solicit personal data from children under the age of 18.

If you are under 18 years of age, please do not use our website, create an account, or provide any personal information to us. If we become aware that we have inadvertently collected personal data from a child under the age of 18 without appropriate parental consent, we will take immediate steps to delete that information from our records.

If you are a parent or guardian and believe that your child under the age of 18 has provided personal data to us without your consent, please contact us immediately at [email protected] so that we can take the appropriate action.

Age Restriction: Our website is strictly for users aged 18 and over. By using this website, you confirm that you are at least 18 years of age.

12. Third-Party Websites and Links

Our website may contain links to third-party websites, social media platforms, payment providers, and other external services. This Privacy Policy applies solely to our website and services at interfloras-ie.com. We have no control over and accept no responsibility for the privacy practices or content of any third-party websites.

We encourage you to review the privacy policies of any third-party websites you visit. The inclusion of a link on our website does not imply our endorsement of the linked website or its privacy practices.

13. Social Media and Third-Party Platforms

We maintain business profiles on social media platforms including, but not limited to, Facebook, Instagram, and Twitter/X. When you interact with our social media profiles, like or share our content, or message us through these platforms, the social media provider will process your data in accordance with their own privacy policies.

We may use social media advertising tools (such as Facebook Custom Audiences or Google Customer Match) to show targeted advertisements to our existing customers and to similar audiences. Where we use such tools, we upload pseudonymised or hashed customer data (such as hashed email addresses) to these platforms. We ensure that appropriate safeguards are in place for any associated data transfers.

14. Marketing Communications and Your Choices

We may send you promotional emails, newsletters, and special offer notifications if:

You have given us your explicit consent to do so; or
You are an existing customer who has purchased similar products or services from us, and you have not opted out of such communications (in accordance with the soft opt-in provisions under the ePrivacy Regulations).

Every marketing email we send will include:

Clear identification of us as the sender
A straightforward one-click unsubscribe mechanism
Our contact details

You may opt out of marketing communications at any time by:

Clicking the "Unsubscribe" link in any marketing email you receive from us
Logging into your account and updating your communication preferences
Contacting us directly at [email protected]

Please note that even if you opt out of marketing communications, we will continue to send you transactional and service-related emails related to your orders and account activity, as these are necessary for the performance of our contract with you.

15. How to File a Complaint

We take your privacy rights seriously and are committed to addressing any concerns you may have about how we handle your personal data. If you are unhappy with any aspect of our data processing activities, we encourage you to contact us in the first instance so that we can try to resolve the matter.

15.1 Contact Us First

Please contact our privacy team at:

Email: [email protected]

We will investigate your complaint and respond within 30 days of receipt. If we are unable to resolve your complaint to your satisfaction, or if you prefer, you have the right to lodge a complaint directly with the Data Protection Commission.

15.2 Complain to the Data Protection Commission (DPC)

The Data Protection Commission (DPC) is the independent supervisory authority responsible for upholding data protection rights in Ireland. You have the right to lodge a complaint with the DPC at any time.

Authority	Data Protection Commission (DPC)
Address	21 Fitzwilliam Square South, Dublin 2, D02 RD28, Ireland
Phone	+353 (0)1 765 0100 / +353 (0)57 868 4800
Website	www.dataprotection.ie
Online Complaint Form	forms.dataprotection.ie/contact

You also have the right to lodge a complaint with the supervisory authority of the EU member state in which you habitually reside or work, or in which the alleged infringement took place, if different from Ireland.

16. Changes to This Privacy Policy

We reserve the right to update or modify this Privacy Policy at any time to reflect changes in our data processing practices, legal requirements, or business operations. Any changes will be published on this page, and the "Last Updated" date at the top of this policy will be revised accordingly.

For significant changes that materially affect your rights or how we process your personal data, we will make reasonable efforts to notify you directly, for example by email (where we hold your email address) or by displaying a prominent notice on our website. We encourage you to review this Privacy Policy periodically to stay informed about how we protect your data.

Your continued use of our website and services after any changes to this Privacy Policy constitutes your acknowledgment of the updated policy. If you do not agree with the updated policy, you should cease using our services and may request deletion of your account and personal data in accordance with Section 9.3 of this policy.

17. Contact Us

If you have any questions, concerns, or requests relating to this Privacy Policy or our data processing practices, please do not hesitate to contact us using the details below:

Company	Interfloras Ireland
Email	[email protected]
Website	interfloras-ie.com

We are committed to working with you to resolve any privacy concerns fairly, transparently, and in compliance with our obligations under the GDPR and the Data Protection Acts 1988–2018. We aim to acknowledge all privacy-related enquiries within 5 business days and to provide a full response within 30 calendar days.

Thank you for taking the time to read our Privacy Policy. Your trust is important to us, and we are dedicated to protecting your personal data and upholding your privacy rights at all times.

This Privacy Policy was last reviewed and updated on March 27, 2026. It is governed by the laws of Ireland and the applicable regulations of the European Union.