Privacy Policy

Last updated · 5 May 2026

Bloom & Green ("we", "our") operates bloomandgreen.co.kr and the online order page at order-en.html. This Privacy Policy applies to personal data submitted through the English-language order form and is intended to comply with both Korea's Personal Information Protection Act (PIPA) and the EU General Data Protection Regulation (GDPR) for visitors located in the EEA / UK.

1. Data Controller

Business name: Bloom & Green (Florist atelier, sole proprietorship)
Address: 1F Goryeo Atrium Bldg., 259 Hangang-daero, Yongsan-gu, Seoul 04321, Republic of Korea
Email: bloom_green@naver.com
Phone: +82 2 2135 8801

2. What we collect

We collect the following information through the online order form (order-en.html):

Sender: name, email address, optional phone or KakaoTalk ID
Recipient: name, phone number, delivery address (where applicable)
Order details: selected item, optional card message, special requests, preferred delivery date and time
Automatically collected: IP address, browser type, language, referring page

We do not collect or store payment card data. All payments are processed directly by PayPal on its own infrastructure.

3. Why we use your data — legal bases (GDPR Art. 6)

Purpose	Legal basis
Processing your order, preparing flowers, arranging delivery	Performance of a contract (Art. 6(1)(b))
Confirming your order by email or messaging app	Performance of a contract (Art. 6(1)(b))
Tax and accounting record-keeping	Legal obligation (Art. 6(1)(c))
Responding to enquiries	Legitimate interest (Art. 6(1)(f))
Optional analytics (none active at present)	Consent (Art. 6(1)(a))

4. Data processors

We share necessary data with the following third parties strictly to operate the service. Each is a data processor acting on our instructions.

Processor	Purpose	Data shared
PayPal Holdings, Inc. (USA)	Payment processing	Order amount, transaction reference
Make / Celonis SE (Germany)	Order notification automation	Order summary (name, contact, item)
Formspree, LLC (USA)	Order-form email relay	Form field contents
Telegram FZ-LLC (UAE)	Order alerts to our staff channel	Order summary
Netlify, Inc. (USA)	Website hosting and CDN	IP address, access logs

5. International transfers

Some processors are located outside the EEA / UK. Where personal data of EEA / UK residents is transferred outside that region, we rely on standard contractual clauses adopted by the European Commission and on the privacy frameworks each provider maintains.

6. How long we keep data

We retain personal data for as long as necessary to fulfil your order and to meet record-keeping obligations under Korean law:

Category	Retention	Legal basis
Order, contract and billing records	5 years	Korean Act on Consumer Protection in Electronic Commerce, Art. 6
Customer complaints and dispute records	3 years	Same Act
Server access logs	3 months	Korean Communications Privacy Act
Enquiry messages with no resulting order	Up to 12 months, then deleted	Legitimate interest

7. Your rights

Subject to applicable law, you have the right to:

access the personal data we hold about you
request correction of inaccurate data
request erasure (subject to retention obligations above)
object to or restrict processing
withdraw consent at any time, where consent is the legal basis
data portability for data you submitted to us
lodge a complaint with a supervisory authority — Korea: PIPC (pipc.go.kr); EU/UK: your local data-protection authority

To exercise any of these rights, email bloom_green@naver.com. We will respond within 30 days.

8. Security

All data in transit is encrypted via HTTPS / TLS.
Access to order data is restricted to the atelier owner and necessary staff.
The site does not store payment card details — those are handled by PayPal directly.
Administrator passwords are hashed (SHA-256).

9. Cookies

The site uses only strictly necessary cookies (e.g. language preference, anti-spam). No advertising or third-party tracking cookies are set. Browser local storage is used for site configuration only.

10. Changes to this policy

We may update this policy from time to time. The "Last updated" date at the top will reflect any change. Material changes affecting active orders will be communicated by email.