Privacy policy
Our Privacy Policy: Keeping you safe
This Privacy Policy describes how our Elderflowers website collects, uses, and communicates your Personal Information when you visit or buy anything from the Site.
Collecting your personal information
When you visit the Elderflowers website, we collect certain information, about the device you are using, the way you interact with the website, and any information necessary to process your purchases. We may also collect additional information if you contact us for customer support. In this policy, we refer to any information that can uniquely identify you (including the information below) as ‘Personal Information’. Check out the list below for more detail about what Personal Information we collect and why.
Information about the device you use
Examples of Personal Information collected:
Version of web browser, IP address, time zone, cookie information, what sites or products you view, search terms, and how you interact with the Site.
The purpose of collecting that information:
To load the Site accurately for you.
To run analytics on Site usage to optimise our Site for visitors.
How we collect it:
It’s collected automatically when you access our Site using cookies, log files, web beacons, tags, or pixels.
Information about any orders you place with us:
Examples of Personal Information collected: name, billing address, shipping address, payment information, email address, and phone number.
IMPORTANT
Credit card numbers are only collected through Stripe – our third party payment manager – see their privacy policy here.
Why we collect your personal information:
To provide products or services to you to fulfil our contract, to process your payment information, arrange for shipping, and provide you with invoices and/or order confirmations, communicate with you, screen our orders for potential risk or fraud, and when in line with the preferences you have shared with us, provide you with information or advertising relating to our products or services.
Source of collection:
Collected from you.
Also important to note:
We do not hold or share information about your orders or activities through the affiliates we supply links to.
Your customer support information when you buy Elderflowers products – as opposed to any third party or affiliate products (e.g. our downloadable PDFs or The Hub):
Examples of Personal Information collected about you:
Name, billing address, shipping address, payment information, email address, and phone number.
Purpose of collection:
To provide you with good customer support.
Source of collection:
Collected from you.
Disclosure for a business purpose:
We might share your name with our affiliates if we are working to help resolve any issues you might have with them. But this would be at your request.
Behavioural advertising:
If you consent to it we may use your Personal Information to provide you with targeted advertisements or marketing communications we believe may be of interest to you. For example:
We might use Google Analytics to help us understand how our customers use the Site. You can read more about how Google uses your Personal Information here.
For more information about how targeted advertising works, you can visit the Network Advertising Initiative’s (“NAI”) educational page here.
You can opt out of targeted advertising at these links:
FACEBOOK – here
INSTAGRAM – here
GOOGLE – here
BING – here
Additionally, you can opt out of some of these services by visiting the Digital Advertising Alliance’s opt-out portal – here
Using your personal information
We use your personal Information to provide our services to you, which includes:
Recommending affiliates to you, offering our own products for sale, processing payments, shipping and fulfilment of your orders from us (if relevant), and keeping you up to date on new products, services, and offers.
Lawful basis:
Following the General Data Protection Regulation (“GDPR”), if you are a resident of the European Economic Area (“EEA”), we process your personal information under the following lawful bases:
Your consent:
The performance of the contract between you and the Site;
Compliance with our legal obligations;
To protect your vital interests;
To perform a task carried out in the public interest;
For our legitimate interests, which do not override your fundamental rights and freedoms.
Keeping your information
When you place an order through the Site, we will retain your Personal Information for our records unless and until you ask us to erase this information. For more information on your right of erasure, please see the ‘Your rights’ section below.
Automatic decision-making
If you are a resident of the EEA, you have the right to object to processing based solely on automated decision-making (which includes profiling), when that decision-making has a legal effect on you or otherwise significantly affects you.
We do not engage in fully automated decision-making that has a legal or otherwise significant effect using customer data.
Our processor Stripe uses limited automated decision-making to prevent fraud that does not have a legal or otherwise significant effect on you.
Services that include elements of automated decision-making might include:
A temporary deny list of IP addresses associated with repeated failed transactions. This deny list might be used for a small number of hours.
A temporary deny list of credit cards associated with deny listed IP addresses. This deny list might be used for a small number of days.
Your rights as an EEA resident
GDPR
If you are a resident of the EEA, you have the right to access the Personal Information we hold about you, to port it to a new service, and to ask that your Personal Information be corrected, updated, or erased. If you would like to exercise these rights, please contact us through the contact information below.
Your Personal Information will be initially processed in Ireland and then will be transferred outside of Europe for storage and further processing, including to Canada and the United States. For more information on how data transfers comply with the GDPR, see Gelatos privacy policy here.
CCPA
If you are a resident of California, you have the right to access the Personal Information we hold about you (also known as the ‘Right to Know’), to port it to a new service, and to ask that your Personal Information be corrected, updated, or erased. If you would like to exercise these rights, please contact us through the contact information below.
If you would like to designate an authorised agent to submit these requests on your behalf, please contact us at the address below.
A bit about cookies
Cookies are small text files stored on your device (computer, mobile, tablet) to identify your browser across different visits (sessions) and web pages. Cookies can be used on behalf of the website owner (first party – which is us) or others (third parties – like Stripe).
We use cookies to enable us to remember your preferences (such as user name, language, etc.) for a certain period of time – so we can optimise your website experience.
We use the following types of cookies on our website:
Necessary cookies
Cookies are necessary for basic functions on our website, such as security and network management, to enable you to log in to your account, fill out forms, or place orders.
Analytics cookies
Cookies to analyze, create statistics, and report for the purpose of improving our websites and services, such as to count the number of visitors and how these visitors navigate our websites, as well as to track the effectiveness of our marketing campaigns on third-party websites and social media platforms.
Personalisation cookies
Cookies allow us to remember your previous choices, if any, and to provide you with customized content on our websites.
Targeted cookies
Cookies to provide relevant marketing for you based on specific parameters, such as data about your behaviour on our site.
For information about Stripe’s cookie policy, please visit here.
The amount of time a cookie remains on your computer or mobile device depends on whether it is a ‘persistent’ or ‘session’ cookie. Session cookies last until you stop browsing and persistent cookies last until they expire or are deleted. Most of the cookies we would use are persistent and will expire between 30 minutes and two years from the date they are downloaded to your device.
You can control and manage your cookies!
Most browsers automatically accept cookies, but you can choose whether or not you want to accept cookies through your browser controls, often found in your browser’s ‘Tools’ or ‘Preferences’ menu. For more information on how to modify your browser settings or how to block, manage or filter cookies can be found in your browser’s help file or through such sites as www.allaboutcookies.org.
Changes
We may update this Privacy Policy from time to time in order to reflect, for example, changes to our practices or for other operational, legal, or regulatory reasons.
Contact
For more information about our privacy practices, if you have questions, or if you would like to make a complaint, please contact us by e-mail at [help@elderflowers.com] or by mail using the details provided below:
PO Box 78-730, Grey Lynn, Auckland 1245, New Zealand
If you are not satisfied with our response to any questions, concerns or complaints you have, you have the right to lodge a complaint with the relevant data protection authority. You can contact your local data protection authority, or our local supervisory authority at the Office of the Privacy Commissioner here.
Last updated: 10/8/23