Your Privacy, Protected
We are committed to safeguarding your personal data in line with UK GDPR and the Data Protection Act 2018 — as carefully as we craft every arrangement.
PlantCrafts ("we", "us", "our") operates plantcrafts.uk — a UK-based online shop specialising in handcrafted preserved florals, botanical arrangements, orchids, roses, and decorative trees. We are the data controller responsible for your personal information.
This Privacy Policy explains what personal data we collect when you visit our website, browse our shop, or place an order, how we use it, and your rights under UK law.
Our Details
Brand: PlantCrafts · Website: plantcrafts.uk · Contact: hello@plantcrafts.uk
We collect only what is necessary to process your order and provide a smooth shopping experience:
- Identity data — name and account username
- Contact data — email address, delivery address, phone number
- Transaction data — products ordered, order history, payment confirmation
- Financial data — payment processed securely via Stripe or PayPal; we never store full card details
- Technical data — IP address, browser type, device, referring URL
- Usage data — pages visited, products viewed, time spent on site
- Marketing preferences — whether you have opted in to receive emails from us
We do not collect sensitive data
We do not intentionally collect health, biometric, racial, religious, or other special-category data. If you share such data voluntarily, it will only be used to assist your enquiry.
We never sell your data. We use it only for the following purposes:
- Fulfil your order — process payment, pack, and dispatch your botanical arrangement to your UK address
- Customer support — respond to enquiries, process returns, and resolve issues
- Account management — maintain your order history on plantcrafts.uk
- Legal compliance — meet HMRC, consumer protection, and UK tax obligations
- Fraud prevention — detect and block fraudulent transactions
- Marketing emails — send you new arrivals, care tips, and offers, only with your consent
- Website analytics — understand how our site is used and improve it
Email marketing
We only send marketing emails with your opt-in consent, or where you have previously purchased from us. Unsubscribe any time via the link in any email or by emailing hello@plantcrafts.uk.
Under the UK GDPR and the Data Protection Act 2018, we rely on the following lawful bases:
- Contract (Art. 6(1)(b)) — processing is necessary to fulfil your order and provide our service
- Legal obligation (Art. 6(1)(c)) — compliance with UK tax, consumer protection, and fraud prevention law
- Legitimate interests (Art. 6(1)(f)) — improving our website, preventing fraud, and maintaining business security
- Consent (Art. 6(1)(a)) — marketing emails and non-essential cookies, which you may withdraw at any time
UK-specific compliance
This policy complies with the UK GDPR (retained under the European Union (Withdrawal) Act 2018) and is enforced by the Information Commissioner's Office (ICO).
We do not sell, rent, or trade your data. We share it only where necessary:
- Delivery couriers (Royal Mail, DPD, Evri) — your name and address to deliver your arrangement
- Payment processors (Stripe, PayPal) — to process your payment securely under PCI-DSS standards
- Hosting & platform — WordPress/WooCommerce infrastructure; providers may hold technical data
- Email marketing tools — if you have opted in, we may use Mailchimp or similar under their own privacy policies
- Analytics — Google Analytics processes anonymised usage data to help us improve the site
- Legal authorities — where required by UK law or to protect our rights
All third parties are contractually required to handle your data in compliance with UK data protection law.
We use cookies to operate our shop, remember your cart, and understand how visitors use our site. Under UK PECR, non-essential cookies require your consent.
| Cookie | Type | Purpose | Duration |
|---|---|---|---|
| woocommerce_cart_hash | Essential | Keeps your shopping basket active | Session |
| wp_woocommerce_session_* | Essential | Manages checkout session & cart | 2 days |
| wordpress_logged_in_* | Essential | Keeps you signed in to your account | 14 days |
| _ga / _gid | Analytics | Google Analytics — anonymous site usage statistics | 2yr / 24hr |
| _fbp | Marketing | Facebook Pixel — ad tracking & conversion measurement | 90 days |
| elementor | Essential | Stores page builder UI preferences | Session |
You can manage cookie consent via our cookie banner, or through your browser settings. Disabling essential cookies may prevent checkout from working correctly. Learn more at allaboutcookies.org.
We keep your data only as long as necessary or required by UK law:
- Order records — 7 years (HMRC tax compliance)
- Customer account data — while active, plus 2 years after closure
- Payment records — 7 years; full card details never stored by us
- Marketing consent — until withdrawn, plus 12 months for compliance evidence
- Support correspondence — 3 years from last contact
- Analytics data — up to 26 months, anonymised
When no longer required, data is securely deleted or anonymised. You may request earlier deletion — see your rights below.
As a UK resident you have the following rights. We will respond to all valid requests within one calendar month.
Access
Request a copy of all data we hold about you (Subject Access Request).
Rectification
Ask us to correct inaccurate or incomplete data.
Erasure
Request deletion of your data where there is no lawful reason to retain it.
Restrict Processing
Ask us to pause processing in certain circumstances.
Portability
Receive your data in a machine-readable format.
Object
Object to processing for direct marketing or legitimate interests.
How to exercise your rights
Email hello@plantcrafts.uk with your name and the right you wish to exercise. We will respond within 30 days. Identity verification may be required.
We use appropriate technical and organisational measures to protect your personal data:
- SSL/TLS encryption on all data transmitted between your browser and plantcrafts.uk
- PCI-DSS compliant payment processing — card details never stored on our servers
- Restricted access — only authorised staff can access personal data on a need-to-know basis
- Regular updates — WordPress, WooCommerce, and all plugins kept up to date with security patches
Data breach notification
In the event of a breach posing risk to your rights, we will notify the ICO within 72 hours and inform affected individuals without undue delay, as required by UK GDPR Article 33.
For any privacy questions, data requests, or concerns, please contact us at:
Get in Touch
Email: hello@plantcrafts.uk
Contact form: plantcrafts.uk/contact-us
Response time: within 5 working days; formal rights requests within 30 days
If you are unhappy with how we have handled your data, you have the right to complain to the Information Commissioner's Office (ICO):
Information Commissioner's Office
Website: ico.org.uk
Helpline: 0303 123 1113
Address: Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF
We ask that you contact us first so we can resolve your concern directly.
We may update this policy periodically. Material changes will be communicated via email (if you have an account) or a notice on our website. The date above reflects the latest revision.
Privacy Questions?
Our team is here to help. We'll respond to all privacy enquiries within 5 working days.
More from PlantCrafts
© 2026 PlantCrafts · plantcrafts.uk · hello@plantcrafts.uk · Compliant with UK GDPR and the Data Protection Act 2018