Privacy Policy

Last updated:

1. Data Controller

The data controller responsible for your personal data is:

Flourishenergcle
Doncaster Rd, Scunthorpe DN15 7DE, United Kingdom
Email: chat@flourishenergcle.world
Phone: +44 1724 853050

2. Scope of This Policy

This Privacy Policy explains how we collect, process, store, and protect personal data when you visit our website at flourishenergcle.world or contact us through our forms. It applies in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

3. Personal Data We Collect

We may collect the following categories of personal data:

• Contact information: name and email address provided through our contact form.
• Communication data: the content of messages you send us.
• Technical data: IP address, browser type, device information, and pages visited, collected through cookies and similar technologies.
• Consent records: your cookie preferences and GDPR consent choices.

4. Purposes and Legal Bases for Processing

We process your personal data for the following purposes and on the following legal bases under the UK GDPR and the Data Protection Act 2018:

• Responding to enquiries (Article 6(1)(a) UK GDPR — consent): to reply to messages submitted via our contact form, where you have ticked the consent box before sending.
• Website operation and security (Article 6(1)(f) UK GDPR — legitimate interests): to ensure the proper functioning, availability, and security of our website, prevent fraud and abuse, and maintain server logs. Our legitimate interest is operating a secure and reliable website; this processing is limited and balanced against your rights.
• Legal compliance (Article 6(1)(c) UK GDPR — legal obligation): to comply with applicable UK law, regulatory requests, or court orders where required.
• Analytics (Article 6(1)(a) UK GDPR — consent): to understand how visitors use our site, only when you have given consent via our cookie banner, in accordance with the Privacy and Electronic Communications and Communications Regulations 2003 (PECR).
• Advertising and marketing measurement (Article 6(1)(a) UK GDPR — consent): to measure the effectiveness of our advertising and deliver relevant communications, only when you have given explicit consent via our cookie banner.

Where processing is based on consent, you may withdraw consent at any time without affecting the lawfulness of processing carried out before withdrawal. Where processing is based on legitimate interests, you have the right to object as described in Section 8.

5. Data Retention

We retain personal data only for as long as necessary to fulfil the purposes for which it was collected:

• Contact form submissions: up to 24 months from the date of your last communication.
• Cookie consent records: up to 12 months, after which we will request renewed consent.
• Analytics data: up to 26 months, in anonymised or pseudonymised form.
• Server logs: up to 90 days for security and troubleshooting purposes.

6. Data Sharing and Recipients

We do not sell your personal data. We may share data with the following categories of recipients:

• Service providers (processors): hosting and infrastructure providers, email delivery services, and technical support partners who process data on our behalf under written data processing agreements that require them to protect your data and act only on our instructions.
• Analytics providers: such as Google Analytics, only when you have consented to analytics cookies.
• Advertising partners: such as Google Ads, only when you have consented to marketing cookies.
• Professional advisers: lawyers, accountants, or insurers where reasonably necessary.
• Public authorities: regulators, law enforcement, or courts when required by applicable UK law or court order.

A list of the main categories of processors we use is available on request by contacting us using the details in Section 1.

Where personal data is transferred outside the UK, we ensure appropriate safeguards are in place as required by Chapter V of the UK GDPR, such as the UK International Data Transfer Agreement, UK Addendum to UK GDPR Standard Contractual Clauses, or an adequacy regulation made by the UK Secretary of State.

7. Your Rights Under UK GDPR

Under the UK GDPR and the Data Protection Act 2018, you have the following rights regarding your personal data:

• Right of access: request a copy of the personal data we hold about you (commonly known as a subject access request).
• Right to rectification: request correction of inaccurate or incomplete data.
• Right to erasure: request deletion of your data where there is no compelling reason for continued processing.
• Right to restrict processing: request limitation of how we use your data in certain circumstances.
• Right to data portability: receive data you provided to us in a structured, commonly used, machine-readable format where processing is based on consent or contract and carried out by automated means.
• Right to object: object to processing based on legitimate interests, including profiling carried out on that basis. We will stop processing unless we demonstrate compelling legitimate grounds that override your interests.
• Right to object to direct marketing: object at any time to processing for direct marketing purposes, including related profiling.
• Right to withdraw consent: withdraw consent at any time where processing is based on consent, without affecting the lawfulness of prior processing.
• Rights related to automated decision-making: not to be subject to decisions based solely on automated processing that produce legal or similarly significant effects, except where permitted by law with appropriate safeguards.

To exercise any of these rights, contact us at chat@flourishenergcle.world. We will respond within one month, which may be extended by a further two months for complex requests. We may need to verify your identity before responding. There is no fee for most requests; we may charge a reasonable fee or refuse manifestly unfounded or excessive requests as permitted by law.

8. Data Security

We implement appropriate technical and organisational measures to protect your personal data, including:

• HTTPS encryption for all data transmitted between your browser and our servers.
• Access controls limiting personal data access to authorised personnel only.
• Regular review of our security practices and data handling procedures.
• Secure storage with encryption at rest where applicable.

9. Cookies

Our website uses cookies and similar technologies. For detailed information about the cookies we use and how to manage your preferences, please see our Cookie Policy.

10. Automated Decision-Making and Profiling

We do not use automated decision-making that produces legal or similarly significant effects on you. Where you consent to marketing or analytics cookies, third-party providers may use data to build audience profiles for measurement or advertising purposes. You can withdraw consent at any time via our cookie banner or by contacting us.

11. Direct Marketing and PECR

We do not send unsolicited marketing emails. If we contact you by email in response to an enquiry, that communication relates to your request only. Where electronic marketing is used in future, it will comply with PECR and you will be given a clear opportunity to opt out in each message. You may also contact us at any time to object to direct marketing.

12. Data Breaches

We maintain procedures to detect, report, and investigate personal data breaches. Where a breach is likely to result in a risk to your rights and freedoms, we will notify the Information Commissioner's Office within 72 hours where required, and inform you without undue delay when required by the UK GDPR.

13. Children's Privacy

Our website is not directed at children under 13 years of age. Under the Data Protection Act 2018, 13 is the age from which a child may consent to information society services in the UK. We do not knowingly collect personal data from children under 13. If you are a parent or guardian and believe your child has provided personal data to us, please contact us and we will delete it promptly.

14. Changes to This Policy

We may update this Privacy Policy from time to time. Any changes will be posted on this page with an updated revision date. We encourage you to review this policy periodically.

15. Complaints

If you are dissatisfied with how we handle your personal data, you have the right to lodge a complaint with the Information Commissioner's Office (ICO):

Information Commissioner's Office
Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF, United Kingdom
Website: ico.org.uk