All Blooms Florist respects your privacy and handles personal data in line with the General Data Protection Regulation (EU) 2016/679 (GDPR) and the Irish Data Protection Act 2018. This policy explains what we collect, why, the legal bases we rely on, who we share it with, how long we keep it, and your rights.
Who we are
The data controller for this website and for customer orders is All Blooms Florist.
- Address: 33 Ballinteer Avenue, Ballinteer, Dublin 16, Ireland
- Email: hello@allblooms.ie
- Phone: +353 1 298 1995
What personal data we collect
We do not operate customer accounts — you order as a guest. When you place an order we collect what we need to fulfil it: your name, email address, phone number, delivery address and Eircode, delivery or collection date and timeslot, the recipient’s name, your gift-card message, and any order notes.
If you use our enquiry form, we collect your name, email address, phone number, the occasion or service you are asking about, your budget, and your message.
Card payments are entered on Stripe’s secure hosted checkout page and processed by Stripe. We never see or store your full card number.
Why we use your data and our legal bases
To take and fulfil your order — process payment, arrange delivery or collection, send order confirmations, and handle substitutions, refunds and complaints. Legal basis: performance of a contract, and taking steps at your request before a contract (Article 6(1)(b) GDPR).
To keep records for tax, accounting and consumer-law purposes. Legal basis: compliance with a legal obligation (Article 6(1)(c) GDPR).
To answer enquiries and prepare quotes. Legal basis: taking steps at your request before a contract (Article 6(1)(b)), or our legitimate interest in responding to genuine enquiries (Article 6(1)(f)).
To keep the website and forms secure and prevent spam or fraud, including bot protection on our forms and checkout. Legal basis: our legitimate interests in security (Article 6(1)(f)).
We do not send marketing and do not operate a newsletter. If that changes, we will update this policy and obtain any consent required under the Irish ePrivacy rules first.
Gift recipients
Because flowers are often gifts, you may give us a recipient’s name, address and a message. We use that information only to prepare and deliver the order and to resolve any delivery issue. Please share only the details genuinely needed for delivery.
Who we share your data with
We share personal data only with the providers that help us run the website and fulfil orders:
- Stripe — payment processing and hosted checkout. Stripe is based in the United States and relies on the EU–US Data Privacy Framework and Standard Contractual Clauses for transfers.
- Supabase — our website database and file storage, hosted in an EU (Ireland) region.
- Resend — transactional email, such as order confirmations and business notifications. Resend is based in the United States and relies on the EU–US Data Privacy Framework and Standard Contractual Clauses for transfers.
- Cloudflare — website hosting, content delivery and bot protection (Cloudflare Turnstile). Cloudflare is based in the United States and relies on the EU–US Data Privacy Framework and Standard Contractual Clauses for transfers.
International transfers
Your order data is stored in the EU (Ireland). Some of the service providers above are based outside the European Economic Area (EEA). Where they process personal data outside the EEA, we rely on a lawful transfer mechanism under Chapter V GDPR — an EU adequacy decision (such as the EU–US Data Privacy Framework) where it applies, or the European Commission’s Standard Contractual Clauses.
How long we keep your data
- Order, invoice, payment and delivery records: six years after the relevant accounting period, as required for Irish tax and business records, and longer if needed for a dispute or legal claim.
- Enquiries that do not lead to an order: up to 12 months from your last contact, then deleted or anonymised.
- Security and anti-spam logs: kept only as long as needed to protect the site, in line with our providers’ standard retention.
Your rights
Subject to the conditions in data-protection law, you have the right to request access to your data; correction of inaccurate data; erasure; restriction of processing; data portability; and to object to processing based on our legitimate interests. Where we rely on consent, you can withdraw it at any time.
To exercise any of these rights, contact us at hello@allblooms.ie. We may need to verify your identity first.
If you believe we have not handled your data properly, you can complain to the Data Protection Commission: 6 Pembroke Row, Dublin 2, D02 X963; phone (01) 765 0100 or 1800 437 737; www.dataprotection.ie.
Cookies and local storage
We use only functional and security technologies — no analytics, advertising or tracking cookies. Your cart and your cookie-banner choice are stored in your browser’s local storage, and Cloudflare Turnstile helps protect our forms from bots.
| Technology | Purpose | Consent needed |
|---|---|---|
| Cart (browser local storage) | Remembers items in your basket during shopping and checkout | No — strictly necessary |
| Cookie choice (browser local storage) | Remembers your cookie-banner preference | No — functional |
| Cloudflare Turnstile | Protects our forms and checkout from bots | No — security |
Changes to this policy
We may update this policy from time to time to reflect changes in law, our suppliers, or how the website works. The latest version will always be posted here with the date shown above.