Website Privacy Policy 

 

Last Modified: 2025

 

 

  1. INTRODUCTION. Honeysuckle Hill Flowers (“Company”) respects your privacy. This Privacy Policy sets forth Company’s policy with respect to the types of information we may collect from you or that you may provide when you visit www.honeysucklehillflower.com (“the Website”), including any content, services, functionality, mobile applications, downloadable materials, and courses (“the Services”). If you do not agree with our Privacy Policy, your choice is to not use our Website. By accessing or using this Website, you agree to this Privacy Policy.

 

  1. CHILDREN UNDER THE AGE OF 16. All website users must be at least 16 years of age. If we learn we have received information from a child under 16 we will delete the information. If you have reason to believe that a child under the age of 16 has provided Personal Data to us through the Website or Services, please contact us and we will endeavor to delete the information from our database. If we learn a user is under 16 years of age, we will not disclose any personal information to any third parties unless the user has given opt-in consent. If you have reason to believe that a user is under 16 years of age, notify the Company in order to prevent disclosure of any personal data without opt-in consent.

 

  1. WHEN WE COLLECT INFORMATION FROM YOU. We collect data and process data when you access our Website, fill out forms on our Website, register, make a purchase, sign up for our newsletter, respond to a survey, surf the Website, or use or view our Website via your browser’s cookies. Our Company may also receive your data indirectly from the following:  if you contact us for customer support.

  2. WHAT TYPES OF INFORMATION WE COLLECT FROM YOU.

 

A.    Voluntary Information

                                           A.      When you visit our Website or use our Services we collect certain types of information from you. This includes your name, email address, mailing address, phone number, credit card information, age, sex, marital status, race, nationality, or other information you provide to us.

 

B.     Automatic Data Collection

                                           A.      We also collect information automatically through cookies and other tracking technologies such as information about your internet connection, your IP address, traffic and location data, logs and other information. The information we automatically collect helps us to improve our Website and deliver a better service.

 

o    The categories of consumer data we have collected within the past 12 months includes name, billing address, shipping address, payment information (including credit card numbers), email address, and phone number.

 

C.      

  1. HOW WE COLLECT INFORMATION FROM YOU. The data controller is Squarespace (https://www.squarespace.com/privacy#:~:text=%E2%80%9CSquarespace%20Controlled%20Information%E2%80%9D%20is%20personal,about%20our%20Users%20and%20Customers.

The technologies we use for automatic data collection include “cookies.” Cookies are small files placed on the hard drive of your computer that enables the website or service provider’s systems to recognize your browser and remember certain information. We use functionality cookies to recognize you on our website and remember your previously selected preferences. These could include what language you prefer and location you are in. We use advertising cookies to collect information about your visit to our website, the content you viewed, the links you followed and information about your browser, device, and your IP address. Our Company sometimes shares some limited aspects of this data with third parties for advertising purposes. We may also share online data collected through cookies with our advertising partners. This means that when you visit another website, you may be shown advertising based on your browsing patterns on our Website.

Name

Purpose, type, and duration

_acloggedin

·         Supports login by Acuity Scheduling client if the client has an account

·         Cookie

·         January 1, 2025

ACUITY_CART

·         Stores details about a client's package, gift, or subscription purchase, including the item purchased and the quantity

·         Only applies to the new scheduler

·         localStorage

·         No expiration

_client_acloggedin

  • Supports login by Acuity Scheduling client if the client has an account

  • Cookie

  • January 1, 2025

_dd_cookie_test

  • Tests if cookies are supported

  • Cookie

  • Expires instantly

_dd_s

  • Tracks browser errors

  • Cookie

  • Four hours

_dd_site_test

  • Tests if cookies are supported

  • Cookie

  • Expires instantly

_grecaptcha

  • Helps reduce spam in Acuity Scheduling

  • localStorage

  • No expiry

_ssid

  • Remembers devices for anti-fraud purposes

  • Cookie

  • Four years

CART

  • Shows when a visitor adds a product to their cart

  • Cookie

  • Two weeks

CHECKOUT_WEBSITE

client_username

  • Remembers a logged in Acuity Scheduling client's username between visits

  • Cookie

  • One year

clientUser

  • Stores the Acuity Scheduling client's username, OAuth2 Access Token, and OAuth2 Refresh Token. This cookie is required for functionality of logged-in clients

  • Cookie

  • 30 days

Commerce-checkout-state

  • Stores state of checkout while the visitor is completing their order in PayPal

  • sessionstorage

  • Session

Crumb

hasCart

  • Tells Squarespace that the visitor has a cart

  • Cookie

  • Two weeks

Locked

  • Prevents the password-protected screen from displaying if a visitor enters the correct site-wide password.

  • Cookie

  • Session

orderStatusSessionToken

  • Authenticates a visitor who logs into an order status page.

  • Cookie

  • One year

PHPSESSID

  • Securely authenticates a visitor during their checkout in Acuity Scheduling

  • Cookie

  • One month

RecentRedirect

  • Prevents redirect loops if a site has custom URL redirects. Redirect loops are bad for SEO.

  • Cookie

  • 30 minutes

remember_client

  • Remembers Acuity Scheduling client’s login details if they have an account

  • Cookie

  • 365 days

siteUserCrumb

SiteUserInfo

SiteUserSecureAuthToken

  • Authenticates a visitor who logs into a customer account

  • Cookie

  • Three years

squarespace-announcement-bar

  • Prevents the announcement bar from displaying if a visitor dismisses it

  • localStorage

  • Persistent

squarespace-likes

  • Shows when you've already "liked" a blog post

  • localStorage

  • Persistent

squarespace-popup-overlay

  • Prevents the promotional pop-up from displaying if a visitor dismisses it

  • localStorage

  • Persistent

squarespace-video-player-options

ss_cookieAllowed

  • Remembers if a visitor agreed to placing analytics cookies on their browser if a site is restricting the placement of cookies

  • Cookie

  • 30 days

ss_sd

Test

  • Investigates if the browser supports cookies and prevents errors

  • Cookie

  • Session

TZ

  • Enables a Acuity Scheduling client’s appointments to display correctly based on their time zone preferences.

  • localStorage

  • Persistent

Cross-site request forgery (CSRF)

CSRF is an attack vector that tricks a browser into taking unwanted action in an application when someone’s logged in.

Analytics and performance cookies

We use analytics and performance cookies to collect information on your behalf about how visitors interact with your site. Storing these cookies is how we populate the data you find in Squarespace analytics, such as traffic sourcesunique visitors, and cart abandonment.

You can disable Squarespace analytics and performance cookies at any time.

Cookie Name

Duration

Purpose

ss_cid

Two years

Identifies unique visitors and tracks a visitor’s sessions on a site

ss_cpvisit

Two years

Identifies unique visitors and tracks a visitor’s sessions on a site

ss_cvisit

30 minutes

Identifies unique visitors and tracks a visitor’s sessions on a site

ss_cvr

Two years

Identifies unique visitors and tracks a visitor’s sessions on a site

ss_cvt

30 minutes

Identifies unique visitors and tracks a visitor’s sessions on a site

  1.  You may refuse to accept browser cookies by activating the appropriate setting in your browser, but if you do, you may not be able to access certain parts of our Website or Services. We also use flash cookies or web beacons for automatic data collection. You may also provide information that is public or displayed on public areas of the Website, or transmitted to other users of the Website or third parties (“User Content”). Your User Content is transmitted to others at your own risk.

 

  1. HOW WE USE YOUR INFORMATION. Processing of your information is necessary for the purpose of legitimate interests and does not infringe on any fundamental rights and freedoms. Some of those legitimate interests include: direct marketing, processing of client data, ensuring network and information security, and fraud prevention. We use your information to understand and store information about visitor’s preferences, to compile aggregate data about site traffic and site interactions, to provide you with information, products, or services that you request from us or that we think you may like, to provide you with notices about your account, to carry out billing and collection, for customer support, for marketing purposes, and in any other way we describe when you provide information to us. We do not use automated decision-making in processing your personal information for some services and products. You can request a manual review of the accuracy of an automatic if you are unhappy with it.  We do not sell personal information or consumer data for monetary gain or valuable consideration.

 

  1. THIRD PARTY DISCLOSURES. Some content or applications on the Website are served by third parties, such as advertisements. We do not control third parties’ tracking technologies. You should consult the privacy policies of any such third party for more detailed information on their practices. Our Company Website contains links to other websites. Our privacy policy applies only to our Website, so if you click on a link to another website, you should read their privacy policy.

 

  1. HOW WE DISCLOSE YOUR INFORMATION.

 

A.    We may disclose aggregated information about our users and information that does not identify any individual without restriction.

 

B.     We do not disclose personal information that we collect or you provide as described in this Privacy Policy to third parties, including the following subsidiaries, affiliates, service providers, and contractors

 

C.     We use your provided data to prevent fraudulent purchases by sharing your data with credit reference agencies.  

 

D.    We will release information when it is appropriate to comply with the law or enforce our site policies.

 

E.     Do Not Track Policy: Our site honors Do Not Track (“DNT”) browser settings. We  do not track your online browsing activity on any other online service. 

 

F.      We do not transfer personal data collected from you to third party processors located internationally. Please be aware that such countries may not have the same level of data protection; however, our collection, storage and use of your personal data will continue to be governed by this Privacy Policy.

 

  1. HOW WE STORE AND PROTECT USER INFORMATION.

 

A.    Company securely stores your data at/on How Squarespace Protects and Processes Your Data. Squarespace website traffic is encrypted via SSL providing a secure end to end connection for you and your visitors. SSL prevents hackers from impersonating your site or stealing information that customers submit, like an email address or a credit card number.

We have implemented security measures designed to protect your visit to the Website. These include: How Squarespace Stores Data:

·         Data Centers:

Squarespace stores data in Tier III data centers across the United States, ensuring data redundancy and security.

·         Content Delivery Networks (CDNs):

They utilize geographically distributed CDNs to serve images and other static assets, enhancing website performance and accessibility. 

How Squarespace Protects User Information:

·         SSL Certificates:

All domains connected to Squarespace are automatically protected with free SSL certificates, encrypting website traffic and preventing hackers from intercepting or stealing information. 

·         Encryption:

Squarespace employs TLS (Transport Layer Security) to encrypt data in transit between users and websites, safeguarding sensitive information like credit card numbers and email addresses. 

·         HSTS (HTTP Strict Transport Security):

This feature ensures that Squarespace websites can only be accessed via HTTPS, further enhancing security. 

·         Password Hashing:

User account passwords are hashed, meaning they are not stored in plain text, adding an extra layer of protection against unauthorized access. 

·         Two-Factor Authentication (2FA):

Squarespace offers 2FA for member accounts, providing an added layer of security by requiring a second form of verification during login. 

·         Web Application Firewall (WAF):

Squarespace utilizes WAF technology to protect against common web attacks and vulnerabilities. 

·         PCI-DSS Compliance:

Squarespace Payments and its payment processors (Stripe, PayPal, and Square) are compliant with PCI-DSS standards, ensuring the secure handling of payment information. 

·         Regular Security Audits:

Squarespace conducts regular penetration testing to identify and address potential security vulnerabilities. 

·         Incident Response Plan:

Squarespace has a formal incident response process in place to handle security incidents effectively. 

·         Data Privacy:

Squarespace has a comprehensive data privacy policy outlining how they collect, use, and protect user data. 

User Controls and Best Practices:

·         Strong Passwords:

Squarespace encourages users to use strong, unique passwords for their accounts and recommends using a password manager. 

·         Account Security Tips:

Squarespace provides guidance on securing accounts, including enabling two-factor authentication and avoiding common security pitfalls like using weak passwords or reusing passwords across multiple services. 

·         Website Permissions:

Squarespace allows website owners to manage user permissions, controlling who can access and edit their site content. 

·         Clickjack Protection:

Squarespace offers the option to implement clickjack protection to prevent malicious attacks that manipulate users into clicking on hidden elements. 

·         Privacy and Terms Policies:

Squarespace recommends creating clear and informative privacy and terms of service policies for websites, outlining how user data is collected and used. 

·         SSL Certificate Management:

Users can easily manage their SSL certificates through the Squarespace platform, ensuring secure connections for their websites. 

                                           A.      All payment information is encrypted.

                                            B.      All information you provide to us is stored on our secure servers behind firewalls.

                                            C.      We use regular Malware Scanning.

                                           D.      No transmission over the internet or email is completely secure or error free. Please keep this in mind when disclosing personal information over the internet.

 

B.     We will keep your data for as long as your account is active and you have a subscription Once this time period has expired, we will delete your data.

 

  1. YOUR CALIFORNIA PRIVACY RIGHTS.

 

A.    If you are a California resident, California law may provide you with additional rights regarding our use of your personal information. To learn more about your California privacy rights, visit https://oag.ca.gov/privacy/ccpa

B.      

C.     Under the CCPA, California residents have the right to opt-out of the sale of personal information about them or their household, such as their name, postal or email address, and other personal identifying information. The right is subject to certain exceptions. For example, it does not apply to information that we share with certain third-party service providers so they can perform business functions for us or on our behalf. You may opt out by calling 903-245-4781 or by emailing

 

D.    In the preceding twelve months, we have not sold personal information. Our policy is that we do not and will not sell your personal information, unless you give us your consent or direct us to do so.

 

  1. RIGHT TO OPT OUT. You have agreed to receive marketing material from the Company and have consented to the Company disclosing your information to third parties for marketing purposes.  You may opt out at any time.

 

  1.  YOUR DATA PROTECTION RIGHTS.

 

A.    The Right to be Informed: This means anyone processing your personal data must make clear what they are processing, why, and who else the data may be passed to.

 

B.     The Right to Access: This is your right to see what data is held about you by a Data Controller.

 

C.     The Right to Rectification: You have the right to have your data corrected and amended if what is held is incorrect in some way. You can request that we correct any information that you believe is inaccurate or request that we complete information that you believe is incomplete.

 

D.    The Right to Erasure: Under certain circumstances you can ask for your personal data to be deleted. This is also called “The Right to be Forgotten.” This would apply if the personal data is no longer required for the purposes it was collected for, or your consent for the processing of that data has been withdrawn, or the personal data has been unlawfully processed.

 

E.     The Right to Restrict Processing: This gives you the right to ask for a temporary halt to processing of personal data, such as in the case where a dispute or legal case has to be concluded, or the data is being corrected.

 

F.      The Right of Portability: You have the right to ask for any data supplied directly to the Data Controller by you, to be provided in a structured, commonly used, and machine-readable format. You may request copies of your personal data from us. You may request that we transfer the data that we have collected to another organization, or directly to you, under certain conditions. We may charge a small fee for this service or for any copies requested.

 

G.    The Right to Object: You have the right to object to further processing of your data which is inconsistent with the primary purpose for which it was collected, including profiling, automation, and direct marketing.

 

H.    Rights in Relation to Automated Decision-making and Profiling: You have the right not to be subject to a decision based solely on automated processing.

 

I.        Right Not to be Subject to Discrimination for the Exercise of Rights: The Company will not refuse goods or services to individuals who exercise their consumer rights.

 

If you would like to exercise these rights, please contact us at Stefaniejfleming@gmail.com or 903-245-4781.

 

 

  1. CHANGES TO PRIVACY POLICY. The date the Privacy Policy was last revised is identified on the first page of the Privacy Policy. We reserve to update this policy and if we make material changes to how we treat our users’ personal information we will notify you by email. You are responsible for periodically visiting our Website and Privacy Policy to check for any changes.

 

  1.  CONTACT. You may send us an email to inquire about our Privacy Policy or to request access to, correct or delete any personal information that you have provided to us at:

 

Honeysuckle Hill Flowers

Stefanie Fleming

18113 County Road 431, Lindale, Texas 75771

903-245-4781

Stefaniejfleming@gmail.com

 

You may reach our Data Protection Officer by sending an email to Stefaniejfleming@gmail.com

 

  1. COMPLAINTS. Should you wish to report a complaint or if you feel that our Company has not addressed your concern in a satisfactory manner, you may contact the Information Commissioner’s office (if an individual located in the United Kingdom) or the European Data Protection Board.

 

  1.  INDIVIDUALS LOCATED WITHIN THE UNITED KINGDOM

 

                                           A.      Restricted Transfers: Our Company may make a restricted transfer if the receiver is located in a third country or territory or is an international organization, covered by UK “adequacy regulations.” If there are no adequate regulations about the country, territory or sector for the restricted transfer, our Company should then find out whether you can make the transfer subject to ‘appropriate safeguards’ as listed in the UK GDPR. Before we rely on an appropriate safeguard to make a restricted transfer, we must be satisfied that the data subjects of the transferred data continue to have a level of protection essentially equivalent to that under the UK data protection regime. We do this by undertaking a risk assessment, which takes into account the protections contained in that appropriate safeguard and the legal framework of the destination country (including laws governing public authority access to the data). If our assessment is that the appropriate safeguard does not provide the required level of protection, we will include additional measures. Appropriate safeguards may be: (1) A legally binding and enforceable instrument between public authorities or bodies; (2) binding corporate rules as defined in Article 47 of the UK GDPR; (3) a contract incorporating standard data protection clauses recognized or issued in accordance with the UK data protection regime; (4) a code of conduct approved by the ICO; (4) Certification under an approved certification scheme; (5) a bespoke contract governing a specific restricted transfer which has been individually authorized by the ICO; or (6) Administrative arrangements between public authorities or bodies. If none of the criteria above apply for the transfer, we may still make the transfer if the transfer is covered by an ‘exception’ set out in Article 49 of the UK GDPR.

 

                                            B.      CHILDREN UNDER THE AGE OF 13: All website users located in the United Kingdom must be at least 13 years of age. If we learn we have received information from a child under 13 we will delete the information. If you have reason to believe that a child under the age of 13 located in the United Kingdom has provided Personal Data to us through the Website or Services, please contact us and we will endeavor to delete the information from our database. If we learn a user is under 13 years of age, we will not disclose any personal information to any third parties unless the user has given opt-in consent. If you have reason to believe that a user is under 13 years of age, notify the Company in order to prevent disclosure of any personal data without opt-in consent.

 

                                            C.      Local Representative in United Kingdom: We do not either offer goods or services to individuals in the UK; or monitor the behavior of individuals in the UK