Who we are
At SendFlowers.pk, your privacy is very important to us and we want to guarantee you that we take the confidentiality and security of your personal data very seriously. SendFlowers.pk refers to SendFlowers.pk, a company registered in Pakistan.
- What personal data we collect and how we collect it
- Personal data you provide when you purchase from us
- Personal data obtained when you use our Websites
- Personal data obtained if you contact us
- How we use the personal data we collect from you
- To fulfil your order
- For customer care
- For marketing
- For internal business purposes
- Our lawful basis for processing your personal data
What personal data we collect and why we collect it?
We collect personal data from you whenever you interact with our Websites, including when you make purchases, when you browse our Websites, when you use our services or when you sign up to receive any of our services. When providing personal data to us through a form, we indicate which personal data is non-compulsory. Please note that, when gathering of personal data is required or essential either as needed for us to fulfil your order or based on legal obligation and you elect not to provide the personal data, we may not be able to accept or fulfil your order.
The types of personal data that we will collect, store, maintain or process includes the following. We provide further details regarding the use of the personal data in Clause 8.
Personal data you provide when you purchase from us
- Your contact details you provide when placing your order, including name, title, billing address, telephone numbers and e-mail address
- Recipient and delivery details you provide when placing your order, including name, address, contact telephone numbers, delivery instructions and / or email address
- The events for which you purchase our goods and services such as birthdays and anniversaries
- Any private data limited within the card message (e.g., names and birthdays)
- Details related with the products you order
- Details of the services you are buying or subscribe to (e.g., SendFlowers.pk Delivery Pass)
- When you make a buying, your payment card details (in accordance with payment card industry standards)
- Your message and marketing preferences including delivery updates and announcements
Additional Personal Data provided through the “My Account” feature
- Customer title, name, preferred name, telephone number and type, email address, email address type and postal address
- Recipient title, name, preferred name, telephone number, email address and postal address
- Any stored payment card details (in accordance with payment card industry standards)
- Gift card balance details
- Stored delivery instructions including any preferred florists
Additional Personal Data obtained when you use our Websites
- Details of your online browsing activities on our Websites such as the pages visited and the parts of the Websites used
- Details of the type of device used to access our Websites, your device IP address, and your device location
Additional Personal Data obtained through contact with us
- Details of your interaction with emails that we send you including links that you click and emails that you open
- If contact occurs between us, we will keep a record of that correspondence, including your name and contact data, and particulars of your customer care issues or other concerns and our responses (including any recorded chat or telephone calls)
Our Websites are not intended for use by persons under the age of 18 and our terms and conditions require that a person be 18 or older when placing an order with us. If you believe we have collected personal data from a person under the age of 18, please notify us at the information provided in Clause 15.
3. How we use the private data we collect from you?
We will use your private data for the following purposes:
To fulfill your order:
- To process your order
- To process payment including payment authorization via payment card, cheque, gift card or other third party payment processor
- To carry out identity verification and fraud prevention checks when purchasing with a payment card and validating personal data you provide via a third party payment processor
- To provide data to any third party supplier or vendor who may fulfill your order on our behalf
- To provide order validation, delivery status notifications on any order placed with us
For customer care purposes:
- To address any customer care issues that occur either with respect to a product or service, delivery, or a complaint or query that you or your receiver raise with us
- To contact you with any changes, cancellation or other issues with your order
- To manage any registered accounts, you have through the Websites
- To obtain customer advice with respect to an order either from you or your recipient (to the extent allowable under the applicable law)
NOTE: Please note that you will receive communications with respect to fulfilling your order or for customer care purposes even if you opt out of receiving marketing communications.
For marketing purposes:
- To keep you up-to-date with new products and services that we think will be of interest to you
- To provide you with promotional offers
- To personalize your experience with SendFlowers.pk by providing products and information tailored to you through your purchasing history with us
- Notify you of competitions and prize draw offers to enable you to enter and to notify you of any wins
For marketing through third parties:
If you use our Websites, then you may receive personalized announcements of our products and services when browsing other Websites using the same computer or device you used to view our Websites. This marketing is enabled through the cookies collecting data of your online browsing behavior. These cookies are operated either by SendFlowers.pk or by a third party and the ads are provided through a third party. Details of our third party providers are available within Clause 9 of this policy.
For internal business purposes:
We will use any of the private data collected to help us to understand how many people visit our Websites, how well the Websites are working and to consider any developments we may need to make to the Websites to advance your online experience. It also helps us control what products and services you are interested in and what you or other clienteles might wish to buying from us in future.
More specifically, we may use your private data for the following internal business purposes:
- To analyze your browsing and buying activity on our Websites, including any search terms you may have entered into our Websites
- To analyze the demographic data, we gather when you place your order or otherwise use our Websites including your title, address, IP address, browser type, and occasions for which you are buying flowers / any product in order to offer you better goods and services and improve our business
- To analyze customers spending with us to understand our target audience for the purposes of selecting similar customers for promotion purposes
- To analyze delivery location data, you provide when placing your order to recognize the delivery logistics required for our delivery network
- To analyze your responses to our promotion communications
- To ensure our online content is accessible in the most effective manner for you and your electronic device(s) i.e. tailored for a desktop computer, tablet, iPhone or Android
- To obtain customer response with respect to order either from you or your recipient (to the extent permitted under the applicable law) to determine the quality of the customer or recipient experience and to improve customer care experiences
- To develop and provide new or better-quality products or services
- For crime and fraud prevention, detection and related matters, including cooperation with the police and similar authorities with their lawful queries and investigations
- To confirm your identity, as necessary
- To comply with any legal obligation for the purposes of good governance or regulatory guidance with respect to appropriate law
- With respect to any legal claims or related guidance by our consultants
With respect to any mergers or acquisitions or other business or legal affairs as further described in Clause 9
4. When may you opt out of marketing communications?
You have the right to opt out of receiving direct marketing communications at any time. We will address yours opt out request as soon as possible, but no longer than one month from the date we receive your request.
You may opt out of marketing communications or change your preferences with respect to marketing communications by:
- Unsubscribing from emails using the unsubscribe link which can be found in all marketing emails
- Unsubscribing from SMS messaging by texting “STOP” to the number included in the SMS message
- Updating your preferences within your “My Account”
- Contacting us via the contact information provided in this policy
- Contacting us via the Privacy Hub on our Websites as follows:
- SendFlowers.pk – Privacy Hub
- ProFlowers.pk – Privacy Hub
6. How do we protect your personal data?
We are devoted to protecting and respecting your privacy rights, and to ensuring that your personal data is safe and secure.
We use administrative, organizational, technical and physical safeguards to protect personal data. Our security controls are designed to protect your personal data from unauthorized modification, access, disclosure, and use. We regularly test our Websites, data centers, systems, and other assets for security vulnerabilities. In addition, at a minimum, our safeguards involve appropriate technical and organizational actions including, but not limited to, encryption services, review of our data collection, storage and processing practices (including physical security measures, to guard against unauthorized access to systems), scenario planning and crisis management protocols to ensure we are able to respond to cyber security attacks and data security incidents, regular penetration testing of systems, security controls to protect our IT infrastructure from external attack and unauthorized access, and internal policies setting out our data security approach and training for employees.
SendFlowers.pk handles payment card data in a manner consistent with the Payment Card Industry Data Security Standard (PCI-DSS) in collaboration of EasyPay, JazzCash & HBL Bank.
7. What can you do to protect your personal data?
We will never ask you to confirm any bank account or credit card details in writing or via email. If you receive an email or any other written communication claiming to be from us, asking you to provide this data, please ignore it and do not respond.
If you are using a computing device in a public location, you should always log out and close the website browser when you have finished your online session.
If you create an account with us, you must keep your password private and avoid using the same password for multiple online accounts. Any password created should be at least 8 characters long and must include at least one upper case letter, one lower case letter and one symbol. We recommend regularly changing your password, which you can do within your account.
8. Our lawful basis for processing personal data.
SendFlowers.pk relies on different lawful basis for processing personal data. In some cases, more than one lawful basis may apply with respect to the same private data.
Contract: We gather and process personal data in order to fulfil the order you place with us, and in agreement with our contract with you to fulfil your order. Such personal data includes the items detailed in Clause 3 under the title “To fulfil your order”.
Legitimate Interest: We gather and process private data for our valid interests in fulfilling and processing your order, any customer care issues, to conduct exploration, to send email and direct marketing to you, handling legal claims, and for fraud identification and prevention checks. Such personal data includes the items detailed in Clause 3 under the title “For customer care purposes”, “For marketing purposes”, “For marketing through third parties” and “For internal business purposes”. With respect to any direct advertising we provide on the basis of a legitimate interest, you can unsubscribe as described in Clause 4.
9. When might we share your personal data with third parties?
We will share your personal data with certain third parties in order to fulfil and process your order, enable us to perform our contract to provide your purchase to you, provide our Websites and to provide you with marketing. The following is a list of types of third parties that may receive your personal data. Our third party providers are required to handle your personal data in accordance with appropriate data protection and security controls.
- SendFlowers.pk Member Florists/Fulfilment Partners: SendFlowers.pk shares data with our florists who are independently owned and operated businesses. Our florists are our distributors for the purposes of fulfilling and delivering your purchases. We also use other third party fulfilment partners such as wholesalers for certain products and postal and courier services. Our florists and fulfilment partners may contact you or the recipient to assist in fulfilling your order. More specifically, on some occasions, you or the recipient may be contacted to schedule delivery or verify delivery information and availability. To maintain our high quality standards, we may contact recipients to ensure satisfaction with their gift.
- SendFlowers.pk Affiliates: SendFlowers.pk may share personal data with its affiliates from time to time including SendFlowers.pk’s parent company ProFlowers.pk, and its subsidiaries and those affiliates who may subsequently be acquired by SendFlowers.pk, its parent company or its affiliated companies. If you have ordered a product for international delivery, this may also include other third party entities who fulfil orders under the Pro Flowers network for international floral and gifting delivery.
- Flower and Gifting Suppliers (other than SendFlowers.pk Florist Members): In order to accomplish customer orders, SendFlowers.pk contracts with third parties who provide flowers, plants and gifting such as cake, chocolates, sweets, mithai, dry fruits, food and food hampers.
- Financial/Payment Service Providers: In order to process customer orders placed with us, SendFlowers.pk contracts with payment service companies who process payment, ensure security of your transactions, such as EasyPay, JazzCash & HBL and prevent or detect fraudulent transactions.
- Marketing Service Providers: SendFlowers.pk contracts with third parties who:
- provide email marketing, SMS (text) marketing, direct marketing campaigns
- provide online advertising campaigns
- provide to us reporting of our marketing campaigns
- provide services to facilitate ‘refer a friend’ offers as and when these are promoted
- provide affiliate marketing services to us e.g. consumer discount websites
- Market Research Providers: In order to continually improve our customer experience, SendFlowers.pk contracts with third parties who provide market research services which include collating and reporting of customer feedback, and collate and provide customer feedback via customer surveys.
- Website Improvement: In order to expand our online customer experience, SendFlowers.pk contracts with third parties who help us identify and make improvements to our website, provide website traffic data and website performance analysis information, and provide analysis on website performance focused on customer experience.
- Customer Service Providers: In order to deliver the best possible customer services to our customers, SendFlowers.pk contracts with third parties who provide call handling services for the purposes of taking customer orders, customer order enquiries and dealing with any customer care issues and deliver ‘Live Chat’ functionality.
In addition to the reasons identified above, we may provide your personal data to third parties in the following circumstances:
- Law Enforcement/Government Requests: We may be required by law to provide personal data to law enforcement, a government agency or in response to a search warrant, subpoena or other legally valid enquiry or order, or to an investigative body or civil litigant including emergency situations. We may also disclose personal data when we believe in good faith that disclosure is necessary to comply with relevant laws, for the establishment, exercise or defense of legal claims, to prevent and address fraud and other illegal activity, to prevent death or imminent bodily harm, or to protect or defend the rights, property or safety of our users, others and ourselves.
- SendFlowers.pk Business and Legal Purposes/Mergers and Acquisitions: There may be business or legal motives to disclose personal data. As an example, we may transfer data we have about you to third parties in connection with an actual or potential merger, consolidation, acquisition, reincorporation, sale/divestiture, acquisition or other similar transaction involving all or part of our company or any affiliate, or as part of a corporate reorganization or stock sale or other change in corporate control. If we undergo such a business transition, personal data may be one of the assets that may be shared or transferred as part of the business transition and used by such third party as though such third party were SendFlowers.pk.
10. How long do we keep your personal data?
We will only retain your personal data for the purposes set out in this policy and for as long as we have a legal or business requirement to do so. Different retention periods apply for different types of personal data, however, the longest we will normally hold any personal data is 14 years after the last contact with such person or purchase by such person. The time period for retention will depend on applicable laws, rules or regulations that we are required to follow, whether there is an ongoing request or query or the
11. When might we transfer your personal data abroad?
Your personal data may be sent outside the_, as we share some personal data with our parent company ProFlowers.pk, certain third party providers for the purpose of: (a) fulfilling orders placed for national and international delivery by you, (b) customer care, and (c) as otherwise outlined in Clause 9.
Consequently, personal data may be processed in what are considered “third countries”. It is important to understand that “third countries” are not automatically deemed by the European Commission to have adequate legal protections for personal data or individual data subject rights. We have implemented appropriate technical and organizational measures and adequate safeguards to protect personal data by entering into standard contractual clauses with data recipients in such “third countries”. We are committed to continuously developing and improving the measures we already have in place.
Some of the organizations that we share personal data with may process it overseas. If any disclosures of personal data mean that your personal data will be transferred outside the European Economic Area, we will only make that transfer if: (a) the country to which the personal data is to be transferred ensures an adequate level of protection for personal data; (b) we have put in place appropriate safeguards to protect your personal data, such as an appropriate contract; (c) the transfer is necessary for one of the reasons specified in Clause 8, such as fulfilment of an international order under the contract between us and you; or (d) you consent to the transfer.
12. Your rights to access your data and rectify any inaccuracies in your personal data.
We fully respect that your personal data is owned by you and that you have certain rights with respect to the personal data. Our goal is to respect your rights. Please understand that we may have certain obligations to maintain personal data records despite your requests to exercise the following rights, such as for legal and accounting purposes. We ask that you read these rights carefully.
- Right of Access (also known as “Subject Access Request”): To receive a copy of the personal data we hold about you, please contact us, see the Contact Details section below. Please understand that you will need to provide a copy of two of the following separate pieces of identification:
- Driving license
- Birth certificate
- Utility bill (covering the last 3/6 months)
- Current vehicle registration document
- Bank statement (covering the last 3/6 months)
- Rent book (covering the last 3/6 months)
- Right to Rectification: You may ask us to update and correct any out-of-date or incorrect personal data that we hold about you, or to complete incomplete personal data. In order to update your personal data, please visit your My Account and/or the applicable Privacy Hub as detailed below:
- SendFlowers.pk – Privacy Hub
- ProFlowers.pk – Privacy Hub
13. Your additional rights with respect to your personal data.
You may have the following additional rights, detailed below:
- Right to Erasure (also known as “the Right to be Forgotten”): For a limited list of reasons, you may request that your personal data is removed from our systems.
- Right to Restrict: For a limited list of reasons, you may request that we cease using or that we suppress your personal data.
- Right to Object: You may object to our use of your personal data.
- Right to Data Portability: Where we use your personal data based on your consent or to enter or perform a contract with you, and our processing is carried out by automated means, you may request that any personal data you have provided to us be transmitted electronically to you or to another supplier (to the extent feasible).
Please note that if we erase all information about you and you make a future purchase or otherwise become a future customer, then we will not be aware of your prior requests or objections.
In respect of the additional rights outlined above, we request that you contact us via the Contact Details shown in Clause 14 below and we will provide you with additional information regarding your rights in connection with your specific request.
- Right to Lodge a Complaint: You have the right to lodge a complaint with the supervisory authority. SendFlowers.pk’s supervisory authority is the Information Commissioner’s Office.
14. Updates to this policy
We may use technology to track the patterns of behavior of registered and non-registered visitors to our site. This can include using a “cookie” which is a small file stored on your browser. The information collected in this way can be used to identify you unless you modify your browser to prevent this happening – guidance for which is set out below. We also aggregate this data to perform statistical analyses of the characteristics and behavior of visitors to our Websites. Cookies are also used as a further means of ensuring private and secure purchase sessions are operated within the Websites.
We may use third party advertising companies to serve advertisements on our behalf. These companies may employ cookies and action tags (also known as single pixel gifs or web beacons) to measure advertising effectiveness. Any information that these third parties collect via cookies and action tags is completely anonymous. Your browser can be modified to not accept cookies – guidance for which is provided in the paragraph below.
You have the ability to accept or decline cookies by modifying the settings in your browser (for example, using Internet Explorer select ‘internet options’ from the ‘tools’ menu, then click ‘security’, followed by ‘custom level’ and select ‘disable cookies’). However, you may not be able to use all the interactive features of our Websites if cookies are disabled. For more information about cookies, including how to set your internet browser to reject cookies, please go to www.allaboutcookies.org.
15. Contact details
We have appointed a Data Protection Officer whose role is to inform and advise us about and to ensure that we remain compliant with data protection laws. The Data Protection Officer should be your first point of contact if you have any queries or concerns about personal data. Our Data Protection Officer can be contacted at:
Islamia Park – Samnabad
Lahore – Punjab
When visitors leave comments on the site we collect the data shown in the comments form, and also the visitor’s IP address and browser user agent string to help spam detection.
If you upload images to the website, you should avoid uploading images with embedded location data (EXIF GPS) included. Visitors to the website can download and extract any location data from images on the website.
If you leave a comment on our site you may opt-in to saving your name, email address and website in cookies. These are for your convenience so that you do not have to fill in your details again when you leave another comment. These cookies will last for one year.
If you have an account and you log in to this site, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser.
When you log in, we will also set up several cookies to save your login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If you select “Remember Me”, your login will persist for two weeks. If you log out of your account, the login cookies will be removed.
If you edit or publish an article, an additional cookie will be saved in your browser. This cookie includes no personal data and simply indicates the post ID of the article you just edited. It expires after 1 day.
Embedded content from other websites
Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.
If you leave a comment, the comment and its metadata are retained indefinitely. This is so we can recognize and approve any follow-up comments automatically instead of holding them in a moderation queue.
For users that register on our website (if any), we also store the personal information they provide in their user profile. All users can see, edit, or delete their personal information at any time (except they cannot change their username). Website administrators can also see and edit that information.
Visitor comments may be checked through an automated spam detection service.