Dashing Petals Co. Privacy Policy

---

Effective date: August 9, 2025

This Privacy Policy explains how Dashing Petals Co. ("Dashing Petals," "we," "us," or "our") collects, uses, discloses, and safeguards personal information when you visit our website, make a purchase, subscribe to our services, interact with us on social media or at events, or otherwise engage with our business.

If you do not agree with this Policy, please do not use our website or services.

• Website: dashingpetals.co
• Legal entity: Dashing Petals Co.
• Mailing address: 370 Dixon Road
• Contact (privacy): dashingpetals@gmail.com

This Policy applies to personal information we collect online (our website, email, SMS, social media) and offline (pop-ups/events, phone, E‑Transfer or cash orders).

We are based in Canada and handle personal information in accordance with PIPEDA and applicable provincial laws. If we serve residents of the EU/UK or California, the GDPR/UK‑GDPR and CCPA/CPRA sections also apply.

We collect information that you provide directly, information collected automatically, and information from third parties.

• Identity & contact: name, email, phone number, billing/shipping address.
• Account details: login/username, password, order history, saved items.
• Orders & payments: items purchased, delivery notes, gift messages, payment method, transaction totals. We do not store full payment card numbers; payments are processed by our payment providers.
• Subscriptions: plan selection, renewal dates, preferences (e.g., bouquet size, color palette), add‑ons, cancellation requests.
• Customer support: messages, and (if applicable) recordings or chat transcripts.
• Marketing choices: newsletter/SMS opt‑ins, preferences, contest entries.
• User content: reviews, ratings, photos, social media tags/mentions.

• Device & usage: IP address, device/browser type, operating system, pages viewed, time spent, referring/exit pages.
• Cookies & similar technologies: session cookies, preferences, analytics, advertising pixels. See “Cookies & tracking.”

• Payment processors & banks: payment authorization status, fraud scores.
• Delivery partners & couriers: delivery status/confirmations.
• Analytics & advertising partners: aggregated insights, ad performance.
• Marketplaces & social platforms: order details or interactions when you buy via third‑party storefronts (e.g., Uber Eats) or engage on platforms (e.g., Instagram).

• Provide services: process and deliver orders, manage subscriptions, handle returns, and provide customer support.
• Operate our website: maintain security, debug, and ensure core functionality.
• Improve & personalize: analyze usage, develop new features, tailor offerings, recommend products, and remember preferences.
• Marketing & communications: send transactional messages (order confirmations, delivery updates), and—with your consent or as permitted by law—send promotions, newsletters, and SMS.
• Fraud prevention & security: verify identity, monitor suspicious activity, and protect our customers and business.
• Legal & compliance: keep required records, respond to lawful requests, enforce terms, and protect rights.

We rely on contract (to provide services), consent (marketing, certain cookies), legitimate interests (security, improvement, limited marketing), and legal obligation (tax, bookkeeping).

We do not sell your personal information. We share it with:

• Service providers (processors): website hosting/CMS via GoDaddy.com (Websites + Marketing), payment processors (e.g., GoDaddy Payments, Clover, or other provider you select), email/SMS platforms ([Name]), analytics/advertising partners ([Name]), customer support tools, and couriers. They may process data only on our instructions and must safeguard it appropriately.
• Business transfers: as part of a merger, acquisition, or asset sale.
• Legal & safety: to comply with law or protect rights, property, or safety.
• With your direction: for example, posting a tagged photo or sharing reviews.

Your information may be stored or processed outside your province/state or country (including the U.S.). We take reasonable measures to protect it and use contractual safeguards (such as standard contractual clauses) where required.

We keep personal information only as long as necessary for the purposes described in this Policy, including to meet legal, tax, and accounting requirements. Typical retention:

• Orders & invoices: 7–10 years (legal/accounting requirements).
• Accounts: while active and for a reasonable period after closure.
• Marketing data: until you opt out or your consent is withdrawn.
• Support tickets: generally 2–3 years from last interaction.

You may access, correct, or withdraw consent to our use of your information (subject to legal exceptions). Contact us at dashingpetals@gmail.com. You may also complain to the Office of the Privacy Commissioner of Canada (OPC).

You may request access, rectification, erasure, restriction, portability, and objection. Where processing is based on consent, you may withdraw it at any time. You may lodge a complaint with your local supervisory authority.

California residents may request access/know, correction, deletion, and to opt out of “sharing” for cross‑context behavioral advertising. We do not sell personal information. Use the controls in “Cookies & tracking” or contact us.

We send commercial electronic messages only with consent or as permitted by law. You can unsubscribe at any time via the link in our emails or by replying STOP to SMS. Message/data rates may apply.

We use cookies, pixels, and similar technologies to operate the site, remember preferences, analyze traffic, and personalize/measure ads.

• Strictly necessary: required for cart, checkout, security.
• Functional: remember settings (e.g., location, currency).
• Analytics: understand site usage and improve performance.
• Advertising: deliver and measure ads on our site and others.

• Cookie banner/settings: manage or withdraw consent for non‑essential cookies at any time via Cookie Preferences on our site.
• Browser/device settings: block or delete cookies; use platform ad settings (e.g., Google/Meta).
• Do Not Track: our site may not respond to DNT signals; use the controls above.

• Processing: Card payments are handled by GoDaddy Payments, Clover, or another processor you designate. We do not store full card numbers or CVVs. For E‑Transfer and cash orders, we record payment confirmations and related order details.
• Security measures: We use administrative, technical, and physical safeguards designed to protect personal information. No method of transmission or storage is 100% secure.

If you subscribe to recurring deliveries:

• We will charge your selected payment method on the schedule you choose until you cancel.
• You can modify or cancel in your account or by contacting us at least [X days] before your next renewal date (see your plan for details).
• We’ll email renewal reminders where required by law.

Our services are not directed to children under the age of 13 (or as defined by local law). We do not knowingly collect personal information from children. If you believe a child provided us information, contact us to request deletion.

Our site may include social plug‑ins (e.g., Instagram), embedded content, and links to third‑party sites. Interactions with those features are governed by the third party’s privacy policies. Content you post publicly (reviews, tagged photos) may be visible to others.

When you shop at our events or pop‑ups:

• We may collect your name, contact details, purchase info, and preferred contact method for receipts, delivery, or marketing (with consent).
• We may capture photography/video at events for promotional purposes; we’ll provide on‑site notice where applicable and obtain consent when required.

Send your request to dashingpetals@gmail.com with:

• What you’re requesting (e.g., access, correction, deletion, opt‑out).
• Enough information to identify you (order number, account email).
• Proof of identity if reasonably necessary to verify the request.

We will respond within the timeframe required by applicable law.

We may update this Policy from time to time. The “Effective date” shows when it was last revised. Material changes will be highlighted on this page and, where appropriate, notified by email or site notice.

Dashing Petals Co.
Email: dashingpetals@gmail.com
Province/State & Country: Etobicoke, Ontario, Canada

• Website/CMS/Host: GoDaddy.com (Websites + Marketing)
• Payment processor(s): [GoDaddy Payments/Clover/Other]
• Email/SMS provider(s): [Klaviyo/Mailchimp/Twilio/Other]
• Analytics/ads: [Google Analytics, Meta Pixel, etc.]