Privacy Policy
Last updated:
This policy explains how Flourich Ltd collects, uses, and protects your personal data in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
1. Who We Are
The data controller for personal data collected through the Flourich platform is Flourich Ltd, a company registered in England and Wales with its principal place of business in London, UK. As data controller, we determine the purposes and means of processing your personal data. If you have any questions about how your data is handled, please contact us at support@flourich.uk.
2. What Data We Collect
We collect personal data that you provide directly when registering an account (name, email address, password), completing your profile (profile photo, biography, location, portfolio images), making or receiving a booking (service details, messages, delivery files), and contacting our support team. We also collect data automatically through your use of the Platform, including IP address, browser type, device information, pages visited, and timestamps — used for security, analytics, and improving the Platform. Payment data (card details) is collected directly by Stripe and is never stored on Flourich servers.
3. How We Use Your Data
We use your personal data to create and manage your account, facilitate bookings between Creators and Customers, process payments and payouts, send transactional emails (booking confirmations, notifications, receipts), provide customer support, detect and prevent fraud, improve and personalise the Platform, and comply with our legal obligations. With your separate consent, we may also send you marketing communications about new features, promotions, or relevant services. You can unsubscribe from marketing emails at any time.
4. Legal Basis (GDPR)
Under the UK GDPR, we rely on the following legal bases for processing your personal data: Contract — processing necessary to provide the services you have requested and to fulfil our contractual obligations to you; Legitimate Interests — for fraud prevention, platform security, and improving our services, where these interests are not overridden by your rights; Legal Obligation — where processing is required by law (e.g., financial record-keeping); and Consent — for marketing communications and non-essential cookies, which you can withdraw at any time.
5. Data Sharing
We do not sell your personal data. We share data only where necessary with trusted third-party service providers who assist us in operating the Platform, including Stripe (payment processing), cloud infrastructure providers, email delivery services, and analytics tools. All third-party processors are bound by data processing agreements. When a booking is made, limited profile information (name, profile photo) is shared between the relevant Customer and Creator to facilitate the transaction. We may disclose data to law enforcement or regulatory authorities where required by law or to protect the rights and safety of users or third parties.
6. Data Retention
We retain your personal data for as long as your account is active and for a reasonable period thereafter to allow you to reactivate your account, resolve disputes, and comply with our legal obligations. Account data is retained for a maximum of 7 years after account closure for financial record-keeping and fraud prevention purposes, in line with UK legal requirements. Booking records and transactional data are retained for 7 years for tax and accounting purposes. You may request earlier deletion of certain data — see Your Rights below.
7. Your Rights
Under the UK GDPR and Data Protection Act 2018, you have the following rights regarding your personal data: Right of Access — to request a copy of the personal data we hold about you; Right to Rectification — to ask us to correct inaccurate or incomplete data; Right to Erasure — to request deletion of your data where there is no legitimate reason for us to continue processing it; Right to Data Portability — to receive your data in a structured, machine-readable format; Right to Restrict Processing — to ask us to pause processing in certain circumstances; Right to Object — to object to processing based on legitimate interests or for direct marketing. To exercise any of these rights, contact us at support@flourich.uk. You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk if you believe your data has been handled unlawfully.
9. Contact the Data Controller
If you have any questions, concerns, or requests relating to this Privacy Policy or the processing of your personal data, please contact Flourich Ltd at support@flourich.uk or through our contact page. We aim to respond to all data subject requests within 30 days, in line with our obligations under the UK GDPR. If we are unable to resolve your concern, you have the right to escalate your complaint to the ICO.