Privacy Policy

Last updated: 26 May 2026

This Privacy Policy explains how Flushingflora.world (“we”, “us”, “our”) collects, uses, stores, and shares personal data when you visit https://flushingflora.world/ or contact us. We process personal data in accordance with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018 (DPA 2018), and the Privacy and Electronic Communications Regulations 2003 (PECR) where applicable.

This policy applies to visitors and enquirers in the United Kingdom. If you access our site from outside the UK, local laws may also apply to you.

1. Data Controller and Contact

The data controller responsible for your personal data is:

Flushingflora.world (trading name)
Registered office: Three, Snowhill, Snow Hill Queensway, Birmingham B4 6GA, United Kingdom
Company Registration No.: 13829476 (England and Wales)
VAT Registration No.: GB 412 8873 19
Email: hello@flushingflora.world
Phone: +44 121 716 7163

We are registered with the Information Commissioner’s Office (ICO) under the UK data protection fee regime. ICO registration reference: ZB384729. For data protection enquiries, use the email above with the subject line “Data protection request”.

We are not required to appoint a Data Protection Officer under UK GDPR Article 37, but you may contact us directly for any privacy matter.

2. Personal Data We Collect

We may collect the following categories of personal data:

Identity and contact data: name and email address when you submit our contact form.
Communication data: message content, date/time of enquiry, and records of our replies.
Consent records: whether you agreed to data processing (GDPR checkbox) and cookie preferences.
Technical data: IP address, browser type and version, time zone, operating system, device type, pages viewed, time on page, and referral URL.
Usage data: aggregated analytics about how the website is used (only where you consent to analytics cookies).

We do not routinely collect special category data (e.g. health information). Please avoid sending sensitive personal data via the contact form unless necessary; if you do, you consent to our processing it solely to respond to your enquiry.

We do not collect payment card data on this website. Event registration, where offered, is handled by enquiry only unless stated otherwise.

3. How We Collect Data

Directly from you — contact form, email, or phone.
Automatically — server logs and cookies/local storage (see our Cookie Policy).
Third parties — hosting providers may process technical logs; embedded Google Maps may process location-related data under Google’s terms when you interact with the map on our Contact page.

4. Purposes, Lawful Bases, and Necessity

Under UK GDPR Article 6, we rely on the lawful bases below. Where we rely on legitimate interests, we have balanced our interests against your rights and concluded that processing is necessary and proportionate.

Activity	Purpose	Lawful basis	Data categories
Contact form	Respond to questions and event interest	Legitimate interests (running our service) / Steps prior to contract at your request	Identity, contact, communication, consent
Website operation	Deliver pages, maintain security, prevent abuse	Legitimate interests / Legal obligation where applicable	Technical data
Cookie consent storage	Record and honour your cookie choices	Legal obligation (PECR) / Legitimate interests	Consent records, technical data
Analytics	Understand site use and improve content	Consent (PECR for non-essential cookies)	Usage, technical data
Marketing	Measure campaigns if enabled	Consent	Usage, technical data
Legal claims & compliance	Establish, exercise, or defend legal rights; comply with law	Legal obligation / Legitimate interests	All relevant categories

Mandatory fields: Name, email, message, and GDPR consent are required to use the contact form. Without them we cannot process your enquiry. Consequences: if you do not provide required data, we cannot reply via the form (you may still call us).

5. Legitimate Interests

Where we rely on legitimate interests, these include: operating an informative website; responding to correspondence; protecting our network from attacks; and keeping appropriate business records. You have the right to object to processing based on legitimate interests where UK GDPR Article 21 applies. Contact us with your reasons; we will assess your request and respond.

6. Marketing Communications (PECR)

We do not send unsolicited marketing email without your consent. If you tick the optional marketing checkbox on our contact form, we may email you about workshops and site updates. You may withdraw consent at any time via the unsubscribe link or by emailing us. We maintain a suppression list to honour opt-outs.

7. Recipients and Processors

We may share personal data with:

IT and hosting providers — website hosting, email delivery, and security services (processors under UK GDPR Article 28 contracts).
Professional advisers — lawyers or accountants where necessary (under confidentiality duties).
Regulators and authorities — ICO, police, or courts when required by law.
Google Ireland Limited — if you use embedded maps (see Google Privacy Policy).

We do not sell your personal data. We require processors to process data only on our documented instructions and to apply appropriate security measures.

8. International Transfers

We aim to store and process data within the United Kingdom. If any processor transfers personal data outside the UK, we ensure a valid transfer mechanism under UK GDPR Chapter V, such as:

UK adequacy regulations (where the destination country is approved);
UK International Data Transfer Agreement (IDTA) or Addendum to EU Standard Contractual Clauses; or
Another approved safeguard or explicit derogation where permitted.

Request further information about safeguards by contacting us.

9. Retention Periods

Contact form and email enquiries: up to 24 months from last contact, unless a longer period is needed for legal claims.
Server and security logs: up to 90 days.
Cookie consent records: up to 12 months (browser/local storage) and aligned server records where held.
Marketing consent records: for the duration of consent plus 6 years for regulatory evidence.
Legal claims: up to 6 years after the matter closes (Limitation Act 1980, where applicable).

When retention ends, we delete or anonymise data securely.

10. Security

We implement appropriate technical and organisational measures under UK GDPR Article 32, including HTTPS/TLS encryption, access controls, password policies for administrative systems, and contractual security obligations with processors. No online transmission is completely secure; please use a secure email environment when contacting us.

If we become aware of a personal data breach likely to affect your rights, we will notify the ICO within 72 hours where required and inform you without undue delay when UK GDPR Article 34 requires it.

11. Automated Decision-Making and Profiling

We do not use automated decision-making or profiling that produces legal or similarly significant effects on you (UK GDPR Article 22).

12. Your Rights Under UK GDPR

Subject to conditions and exemptions in the DPA 2018, you have the right to:

Access — receive a copy of your personal data (Article 15).
Rectification — correct inaccurate data (Article 16).
Erasure — request deletion in certain circumstances (Article 17).
Restriction — limit processing in certain cases (Article 18).
Data portability — receive data you provided in a structured, machine-readable format where processing is based on consent or contract and carried out by automated means (Article 20).
Object — object to processing based on legitimate interests or for direct marketing (Articles 21–22).
Withdraw consent — at any time where processing is based on consent, without affecting lawfulness before withdrawal (Article 7(3)).

How to exercise your rights: email hello@flushingflora.world with sufficient detail to identify you and the right you wish to exercise. We may request proof of identity where necessary to prevent unauthorised disclosure. We respond within one calendar month, extendable by up to two further months for complex requests (we will explain any extension).

We do not charge a fee unless requests are manifestly unfounded or excessive.

13. Right to Complain to the ICO

You have the right to lodge a complaint with the UK supervisory authority:

Information Commissioner’s Office (ICO)
Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF, United Kingdom
Website: ico.org.uk
Helpline: 0303 123 1113

We encourage you to contact us first so we can try to resolve your concern.

14. Children

Our website is directed at adults interested in sleep lifestyle information. We do not knowingly collect personal data from children under 13. If you are 13–17, please obtain parental or guardian consent before contacting us. If we learn we have collected a child’s data without appropriate consent, we will delete it promptly.

15. Third-Party Websites

Our site may link to external websites. We are not responsible for their privacy practices. Review their policies before providing personal data.

16. Changes to This Policy

We may update this Privacy Policy to reflect legal or operational changes. The “Last updated” date will change accordingly. Material changes may be notified on our homepage or by email where appropriate. Continued use after changes constitutes acknowledgement of the updated policy where permitted by law.

17. Online Advertising (Including Google Ads)

We may use online advertising platforms such as Google Ads to promote our free educational content. Where remarketing or conversion measurement is used, it relies on cookies or similar technologies only after you consent via our cookie banner (marketing/analytics categories).

Google may process data under its own privacy policy: policies.google.com/privacy. You can manage Google ad personalisation in your Google Account settings.

Our adverts describe the website accurately and do not promote prescription medicines, unlicensed treatments, or guaranteed health outcomes.

18. Related Policies

See also our Cookie Policy, Terms of Use, and About Us.

Back to home