Privacy Policy

Privacy Policy
Last Updated: September 24, 2025
Flo & Co. ("Flo & Joe," "we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, share, and protect your personal information when you visit our website at https://www.floandjoe.co.uk, including any sub-domains and associated web-based or mobile applications (collectively, the "Website"). This policy applies to all users of our Website, whether as a visitor or a registered customer.
We operate in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. By using our Website, you agree to the collection and use of your information as described in this Privacy Policy. If you do not agree, please do not use the Website.
Capitalized terms not defined in this Privacy Policy have the meanings set out in our Terms of Service, accessible at https://www.floandjoe.co.uk/pages/terms-conditions 
1. Information We Collect
We collect information to provide and improve our services. The types of information we collect include:
1.1 Personal Information
This is information that can identify you, which you may provide when using our Website:
  • Contact Details: Name, email address, phone number, and shipping/billing address when you place an order or register an account.
  • Payment Information: Credit/debit card details or other payment data processed securely via our payment provider, Stripe. We do not store your payment information on our servers; it is handled directly by Stripe.
  • Account Information: Username, password, and order history when you create an account.
  • Communications: Information you provide when contacting us (e.g., via our "Contact Us" form or email).
  • Marketing Preferences: Your choices regarding promotional emails or newsletters.
1.2 Non-Personal Information
This is information that does not directly identify you, collected automatically when you use our Website:
  • Device and Browser Data: IP address, browser type, device type, operating system, and internet service provider.
  • Usage Data: Pages visited, time spent on the Website, links clicked, and referral URLs (e.g., the website you came from).
  • Cookies and Tracking Technologies: Small data files stored on your device to enhance functionality, personalize content, and analyze Website performance (see Section 5 for details).
  • Location Data: Approximate location (e.g., city) derived from your IP address or, if enabled, precise location via GPS on our mobile app (with your consent).
1.3 Children’s Information
We do not knowingly collect personal information from children under 16 without parental consent, in line with the UK’s Age Appropriate Design Code. If you are under 16, please do not provide personal information unless your parent or guardian consents. If we learn we have collected data from a child under 16 without consent, we will delete it promptly.
2. How We Collect Information
We collect information in the following ways:
  • Directly from You: When you place an order, register an account, fill out forms, or contact us.
  • Automatically: Through cookies, web beacons, and similar technologies when you interact with our Website.
  • From Third Parties: From service providers, such as Stripe for payment processing or analytics tools, where permitted.
3. How We Use Your Information
We use your information for the following purposes, based on lawful grounds under the UK GDPR:
Purpose
Examples
Lawful Basis
Order Fulfillment
Process and deliver orders, manage payments via Stripe, and issue refunds.
Contractual necessity
Account Management
Create and maintain your account, display order history.
Contractual necessity
Customer Support
Respond to inquiries or complaints via email or our "Contact Us" form.
Legitimate interest
Website Improvement
Analyze usage trends to enhance Website functionality and user experience.
Legitimate interest
Marketing
Send promotional emails or newsletters (with your consent) and personalize product recommendations.
Consent or legitimate interest
Security and Fraud Prevention
Detect and prevent fraud, secure our Website, and protect user data.
Legitimate interest or legal obligation
Legal Compliance
Comply with tax, accounting, or legal requirements (e.g., responding to law enforcement requests).
Legal obligation
4. How We Share Your Information
We do not sell or rent your personal information for marketing purposes. We may share your information with:
  • Service Providers: Third parties that provide services such as payment processing (e.g., Stripe), website hosting, delivery, or analytics. For example, Stripe processes payment information to complete your transactions securely and is bound by contractual obligations to protect your data in line with UK GDPR. See Stripe’s Privacy Policy at https://stripe.com/gb/privacy for more information.
  • Affiliates: Business partners who assist with Website operations, bound by confidentiality agreements.
  • Legal Authorities: When required by law, such as in response to a subpoena, court order, or to protect our rights, property, or safety, or that of our users.
  • Business Transfers: In the event of a merger, acquisition, or sale of assets, your information may be transferred to the acquiring entity, with notice to you where required.
5. Cookies and Tracking Technologies
Our Website uses cookies and similar technologies to enhance your experience, analyze performance, and deliver personalized content. Cookies are small data files stored on your device.
Types of Cookies We Use:
  • Essential Cookies: Necessary for Website functionality (e.g., maintaining your session or cart).
  • Analytics Cookies: Track usage patterns to improve our Website (e.g., Google Analytics).
  • Marketing Cookies: Enable personalized ads or recommendations (with your consent).
You can manage your cookie preferences through our cookie consent tool or your browser settings. Disabling cookies may limit some Website features. For more details, see our Cookie Policy at https://www.floandjoe.co.uk/cookies.
6. Your Data Protection Rights
Under the UK GDPR, you have the following rights regarding your personal information:
  • Access: Request a copy of the personal data we hold about you.
  • Rectification: Correct inaccurate or incomplete data.
  • Erasure: Request deletion of your data, subject to legal exceptions.
  • Restriction: Limit how we process your data in certain circumstances.
  • Portability: Receive your data in a structured, machine-readable format or have it transferred to another organization.
  • Object: Object to processing based on legitimate interests (e.g., marketing).
  • Withdraw Consent: Withdraw consent for processing (e.g., marketing emails) at any time.
  • Complain: Lodge a complaint with the UK Information Commissioner’s Office (ICO) at https://ico.org.uk/make-a-complaint/.
To exercise these rights, contact us at askflo@floandjoe.co.uk. We will respond within one month, as required by law.
7. Data Retention
We retain personal information only for as long as necessary to fulfill the purposes outlined in this policy or to comply with legal obligations:
  • Order Data: Kept for 6 years to comply with UK tax and accounting laws.
  • Account Data: Retained while your account is active or until you request deletion.
  • Marketing Data: Kept until you unsubscribe or withdraw consent.
  • Analytics Data: Anonymized or deleted after 26 months (e.g., Google Analytics default retention).
When data is no longer needed, we securely delete or anonymize it.
8. Data Security
We use industry-standard measures to protect your personal information, including:
  • SSL Encryption: Secures data transmitted between your device and our Website.
  • PCI DSS Compliance: Payment information is processed securely by Stripe, which complies with the Payment Card Industry Data Security Standard (PCI DSS) to ensure your payment details are protected.
  • Access Controls: Limits access to personal data to authorized personnel only.
  • Regular Audits: Monitors and updates security practices.
While we strive to protect your data, no online transmission or storage is 100% secure. If you suspect a security breach, contact us immediately at askflo@floandjoe.co.uk.
9. International Data Transfers
Some of our service providers, such as Stripe, may process your personal information outside the UK (e.g., in the US). We ensure compliance with UK GDPR through safeguards like Standard Contractual Clauses (SCCs) or reliance on adequacy decisions. For details on Stripe’s data processing, see https://stripe.com/gb/privacy.
10. Third-Party Links
Our Website may contain links to third-party websites not controlled by us. These websites have their own privacy policies, and we are not responsible for their practices. Review their policies before sharing personal information.
11. Children’s Privacy
We do not target children under 16 and comply with the UK’s Age Appropriate Design Code. If we collect data from a child under 16, we require verifiable parental consent. Parents can contact us at askflo@floandjoe.co.uk to review, modify, or delete their child’s information.
12. Changes to This Privacy Policy
We may update this Privacy Policy to reflect changes in our practices or legal requirements. We will notify you of material changes via email, a Website banner, or other means before they take effect. The “Last Updated” date at the top will reflect the latest revision. Please review this policy periodically.
Questions About Our Privacy Practices or This Privacy Policy
We are committed to conducting our business in accordance with these principles in order to ensure that the confidentiality of personal information is protected and maintained. If you have any questions about our Privacy Practices or this Policy, please contact us.

Contact form