Website Privacy Policy 

Last Modified: 03\08\2024

Purpose 

UNVEILED FLORAL(hereinafter “we,” “our,” “us”) is committed to protecting your privacy and maintaining a quality online experience for our website users.  

This Privacy Policy describes the type of personal information we may collect from you or that you may provide when you visit UNVEILEDFLORAL.COM(hereinafter “Website”) and our practices for handling, storing, and protecting that information as well as your rights in relation to your personal information and how you can contact us and supervisory authorities in the event you have questions about how we handle your personal information. 

Privacy Policy Consent 

Please read this Privacy Policy carefully and in its entirety before using our Website. If you do not agree with our policies and practices regarding your personal information and how we will treat it, your choice is to not use our Website. Your use of our Website constitutes your voluntary acceptance to be bound by this Privacy Policy, whether you have read it or have had the opportunity to read it and have chosen not to.  

This Privacy Policy applies to the information we collect: 

• On this Website. 
• In email, text, and other electronic messages between you and this Website. It does not apply to information that is collected by: 
• Us offline or through any other means, including on any other website operated by any third party (including our affiliates). 
• Any third party (including our affiliates) through any content (including advertising) that may link to or be accessible from (or on) the Website. 
Children’s Online Privacy Protection Act (COPPA) 
This Website and any products and services offered herein are not intended for persons under the age of 18.  
We prohibit children under the age of 18 from using any and all interactive portions of this Website, including leaving any comments, filling out forms, or otherwise submitting information. A child’s parent or guardian should contact us if we have inadvertently collected any information or content from that child without the parent or guardian’s authorization, so that we may delete that information from our records. 

CAN-SPAM Act of 2003 
We have taken the necessary steps to ensure that we are in compliance with the Controlling the Assault of Non-Solicited Pornography and Marketing (CAN-SPAM) Act of 2003 and will not send misleading information. 
1. Don’t use false or misleading header information in your “from” and “reply” to sections of your emails
2. Don’t use deceptive subject lines 
3. Identify that your message is an ad 
4. Tell recipients where you’re located – by including a valid physical postal address 5. Tell recipients how to opt out from receiving future emails from you 
6. Promptly honor opt out requests (i.e., within 10 business days) 
Personal Information We Collect 
The type of personal information we collect depends on how you are interacting with us.

We generally collect the following categories of personal information: 
• Contact information, such as first and last name, email address, postal address, phone number, and other similar contact data; 
• Records and copies of your correspondence (including email address) if you contact us; • Details of transactions you carry out through our Website and of the fulfillment of your orders. You may be required to provide financial information before placing an order through our Website and we will use a third-party payment processor to process the payment. We do not collect your credit card or debit card number, expiration date, or pin number;  
• Comments, feedback, questions and other information you provide to us; • Details of your visits to our Website, including traffic data, location data, logs, and other communication data and the resources that you access and use on the Website; • Information about your computer and internet connection, including your IP address, operating system, and browser type.

[The CCPA and the California Privacy Rights Act (CPRA) apply to any for-profit business that does business in California and: 
• Has annual gross revenues that exceed $25 million; 
• Collects, buys, receives, sells, or shares the personal information of 100,000 or more consumers or households each year; OR 
• Derives 50% of its annual revenues from selling or sharing personal information. 
See the definitions for “sale” and “sharing” referenced below in the How We Use the Information/Lawful Bases section. 
The CPRA has defined “sensitive personal information” as follows: 
• Social Security, driver’s license numbers, state identification card, and passport numbers; • financial account, debit card, or credit card numbers in combination with required security or access codes, passwords, or credentials allowing access to an account;
• account login in combination with required security or access codes, passwords, or credentials allowing access to the account; 
• precise geolocation (i.e., information used or intended to be used to locate a consumer within a geographic area equal to or less than approximately 1/8 square mile); • information about racial or ethnic origin, religious beliefs, philosophical beliefs, or union membership;  
• contents of consumers’ mail, emails, or text messages, unless the business is the intended recipient of that information; 
• genetic data; 
• the processing of biometric information for the purpose of uniquely identifying a consumer; and 
• information collected and analyzed concerning a consumer’s health, sex life, or sexual orientation. 
If you process “sensitive personal information” and CCPA/CPRA apply to your business you must include the following:] 
Limit the Use of My Sensitive Personal Information [HYPERLINK TO YOUR INTERNET WEB PAGE THAT EXPLAINS: (I) THE SENSITIVE PERSONAL INFORMATION YOU COLLECT; (II) THE PURPOSES FOR COLLECTING IT; (III) WHETHER THE SENSITIVE PERSONAL INFORMATION IS SHARED OR SOLD; AND (IV) THE LIMITATIONS ON ITS USE AND DISCLOSURE. BE SURE THIS HYPERLINK IS ALSO INCLUDED ON YOUR WEBSITE’S HOME PAGE.] 
[AS A NOTE, IF YOU PROCESS SENSITIVE PERSONAL INFORMATION AND THE COLORADO PRIVACY ACT (CPA), CONNECTICUT SB6, OREGON SB19, TEXAS DATA PRIVACY AND SECURITY ACT (TDPSA), AND/OR VIRGINIA CONSUMER DATA PROTECTION ACT (VCDPA) APPLIES TO YOUR BUSINESS (SEE THE TABLE ON THE LAST PAGES OF THIS DOCUMENT), YOU MUST FIRST OBTAIN A CONSUMER’S CONSENT TO DO SO] 
Sources of Personal Information 
We collect personal information from you as follows: 
You provide personal information to us when you: 
• Subscribe to or purchase our products and/or services; 
• Complete a contact or information request form. [OR]; and 
• [any additional ways a website user may provide you with their personal information] We automatically collect personal information when you: 
• Visit, interact with, or use our Website; 
• Access, use, or download content from us; and 
• Open emails or click links in emails from us. [OR]; an

We collect personal information for third party advertisers that use cookies on our Website to provide interest-based advertising. See the Interest Based Advertising section below. 

How We Use the Information/Lawful Bases 
We process personal information about you on one or more of the following bases: 
• To perform a contract;  
• With your consent; 
• For our legitimate interests; 
• To comply with the law; 
• To protect someone’s life; and/or 
• Public task. 
We process personal information to:
• Process and fulfill an order, download, subscription, or other transaction; • Carry out our obligations and enforce our rights arising from any contracts entered into between you and us, including for billing and collection; 
• Respond to your requests, inquiries, comments, and concerns; 
• Notify you about changes to our Website or any products or services we offer or provide through it; 
• Send marketing emails; 
• Inform you of and administer promotions, contests, sweepstakes or surveys; • Help us address problems with and improve our Website;  
• Protect the security and integrity of our Website; 
• Contact you for other business reasons, if necessary; and 
• Provide online behavioral advertising.
The CCPA/CPRA define “sale” of personal information as “selling, renting, releasing, disclosing, disseminating, making available, transferring or communicating orally, in writing, or by electronic or other means, a consumer’s personal information to another business or their party for monetary of other valuable consideration.”
The CPRA defines “sharing” as any disclosure of personal information (renting, releasing, disclosing, disseminating, making available, transferring, or otherwise communicating orally, or in writing, or by electronic or other means) to third parties for cross-contextual behavioral advertising whether or not for monetary or other valuable consideration. 
We will not sell or share your personal information and have not done so in the last 12 months. We may transfer your personal information to a third party in the event of a bankruptcy, dissolution, merger, sale, acquisition, or change of control. 
We may transfer your personal information to a third party if we need to comply with our legal obligations, resolve disputes, and/or enforce our agreements. 

Use of Cookies 
“Cookies” are small text files that are placed on a computer or other device and used to identify the user or device and to collect information when you visit a website. Cookies may be set by the website you are visiting (also known as “first party cookies) or by third parties who provide advertising or analytics services on the website (also known as “third party cookies). 
We use cookies for several different purposes. 
You can disable cookies through your web browser’s settings, but disabling this function may diminish your experience on our Website as some features may not work as intended.  

“Do Not Track” (DNT) Signals 
Some browsers transmit Do Not Track (DNT) signals to websites.  
Due to the lack of a common interpretation of DNT signals throughout the industry, we do not currently alter, change, or respond to DNT requests or signals from these browsers. 

How the Information is Shared 
Depending on how you interact with us, we share information with our third-party service providers, agents and representatives, including, but not limited to, [1] eCommerce platform providers, payment processing providers, email service providers, IT service providers, security and software service providers, in order to process the information as necessary to complete a transaction, fulfill your request, or otherwise on our behalf based on our instructions and in compliance with this Privacy Policy and any other appropriate confidentiality and security measures. 
We also will disclose your personal information if we have a good faith belief that such disclosure is necessary to: 
• meet any applicable law, regulation, legal process or other legal obligation; • detect, investigate and help prevent security, fraud or technical issues; and/or • protect the rights, property, or safety of us, our Website, our users, employees, or others. 
Our current third-party service providers include: 
• [2] HONEYBOOK, SQUARE, SHOWIT
[This Section should be revised to reflect exactly: 
• [1] What types of third-party service providers you use, and 
• [2] Who your current third-party service providers are (such as PayPal or ConvertKit; you can also hyperlink their separate privacy policies.] 
Information Retention 
We retain your personal information for as long as necessary to fulfill the transactions you have requested, or for other essential purposes such as complying with our legal obligations, maintaining business and financial records, resolving disputes, maintaining security, detecting and preventing fraud and abuse, and enforcing our agreements, or until such time as you let us know you would like for us to delete it or unsubscribe from our marketing contacts. 

Passwords 
Certain features of our Website require the creation of a username and password. You are responsible for keeping your username and password confidential. We ask that you not share your username or password with anyone. We cannot and will not be liable for any loss or damage arising from your failure to protect your username or password. 
You agree to notify us immediately of any unauthorized use of your username or password or any other breach of security. 
Information Protection and Security  
Our Website uses commercially acceptable security measures to prevent your personal information from being lost, used, or accessed in an unauthorized way. We use a Secure Sockets Layer (SSL) certificate and never transmit your credit card information via email. If you receive an email from us that appears to be a request for personal information, do not respond because it may be a phishing scam designed to steal your personal information. 
Unfortunately, the transmission of information via the internet is not completely secure. Although we do our best to protect your personal information, we cannot guarantee the security of your personal information transmitted to our Website. Any transmission of personal information is at your own risk.  
Should there be a data breach, we will notify you when we are legally required to do so.  

Your Rights to Control Your Information  
You can unsubscribe from our email newsletters or updates at any time through the unsubscribe links found in the communications you receive from us. 
Local data protection laws may give you rights with respect to personal information if you are located in or a resident of that country, state, or territory.  
THESE RIGHTS ARE NOT GUARANTEED AND IT IS IMPORTANT FOR YOU TO CONSULT YOUR LOCAL DATA PROTECTION LAWS TO DETERMINE WHAT RIGHTS MAY BE AVAILABLE TO YOU. 

These rights may include the following:
Right
Right to disclosure/access (to know the personal information collected about you and request a copy)

May Apply To
Residents of California, Colorado,  
Connecticut, Montana, Oregon, Texas, Utah, Virginia, Australia, Canada, the European Union and/or the European Economic Area, and the United Kingdom

Right
Right to correct/rectification (to have your inaccurate personal information corrected)

May Apply To
Residents of California, Colorado,  
Connecticut, Montana, Oregon, Texas, Virginia, Canada, Australia, Quebec, the European Union and/or the European Economic Area, and the United Kingdom


Right
Right to erasure/deletion (to have all or some of your personal information deleted upon a verifiable request)

May Apply To
Residents of California, Colorado,  
Connecticut, Montana, Texas, Oregon, Utah, Virginia, the European Union and/or the European Economic Area, and the United Kingdom


Right
Right to nondiscrimination (the right to equal service and price even if you exercise your rights)

May Apply To
Residents of California, Montana, Oregon, Texas, and Virginia 


Right
Right to obtain a specific list of third parties your personal information was shared with

May Apply To
Residents of Oregon 


Right
Right to opt of use of personal information for profiling 

May Apply To
Residents of Connecticut, Oregon, and Texas


Right
Right to limit use and disclosure of sensitive personal information
May Apply To
Residents of California and Connecticut 


Right
Right to data portability (to have your personal information transferred to you or a third party in machine-readable format, where technically feasible)

May Apply To
Residents of Quebec, the European Union and/or the European Economic Area, and the United Kingdom


Right
Right to data portability (to have your personal information transferred to you in a readily-usable format that lets you transmit that information to a third party)

May Apply To
Residents of California, Colorado, Montana, Oregon, Texas, Utah, and Virginia 


Right
Right to data portability (to have your personal information transferred to you in a readily-usable format that lets you transmit that information to a third party where processing is carried out by automated means)

May Apply To
Residents of Connecticut 


Right
Right to withdraw consent (to withdraw your consent that we handle your personal information at any time. The withdrawal of your consent shall not affect the lawfulness of processing based on your consent before its withdrawal)

May Apply To
Residents of Canada, Quebec, the European Union and/or the European Economic Area, and the United Kingdom


Right
Right to not identify yourself or of using a pseudonym

May Apply To
Residents of Australia


Right
Right to restriction of processing (to limit the purposes that your personal information may be used for)

May Apply To
Residents of the European Union and/or the European Economic Area, and the United Kingdom

Right
Right to object (to object to the processing of your personal information in cases where our processing is based on direct marketing)

May Apply To
Residents of the European Union and/or the European Economic Area, and the United Kingdom

Right
Right to stop unwanted direct marketing 

May Apply To
Residents of the European Union and/or the European Economic Area, and Australia 

Right
Right to complain (to lodge a complaint with competent authorities in the proper  
jurisdiction if you are not content with how we collect, share, and process your personal information)

May Apply To
Residents of Canada, Australia, Quebec, the European Union and/or the European Economic Area, and the United Kingdom

Right
Right to appeal (a decision made regarding an exercise of rights)

May Apply To
Residents of Montana, Oregon, and Texas

These rights are not absolute and they do not always apply in all cases. We will honor your rights under applicable data protection laws. 
CALIFORNIA CIVIL CODE SECTION 1798.83 (“SHINE THE LIGHT LAW”) 
California Civil Code Section 1798.83 or the “Shine the Light Law” permits users of our Website that are California residents to request certain information regarding our disclosure of personal information to third parties for their direct marketing purposes. To make such a request, see the Contact Us section below. 
Exercising Your Rights 
If you wish to exercise any of the rights specified above, please submit a request via email to: CECILIA@UNVEILEDFLORAL.COM
Please be sure to specify which right you want to exercise and provide us with enough information to verify your identity. If we cannot verify your identity, we may not be able to fulfill your request. 
We will respond to your request within 30-45 calendar days of receipt, depending on where you reside. We will notify you in writing via email if we need more time to respond.  
We may deny your request if certain exceptions in the law apply. We will provide you the reason(s) for denial in writing via email. 
You have the right to appeal our decision with respect to your request to exercise your rights. You may appeal the decision by emailing the address provided above in this section. 
We will respond to your appeal within 30-45 calendar days of receipt, depending on where you reside. We will notify you in writing via email if we need more time to respond. 
Use and Transfer of Your Information Out of the European Economic Area (EEA) or Canada 
This Website is operated in the United States and the third parties with whom we might share your personal information (as explained above) are also located in the United States or other countries located outside the EEA and Canada.  
If you are located outside of the United States, please be aware that any information you provide will be transferred to the United States. By using this Website and/or providing your information, you consent to this transfer.  
Contact Us 
If you have any questions, comments, complaints, or suggestions in relation to this Privacy Policy or our privacy practices, please contact us by using this web form: UNVEILEDFLORAL.COM , calling this toll-free telephone number: 2094704613, or by email or postal mail: 
CECILIA@UNVEILEDFLORAL.COM  

CECILIA CARDONA
Changes to this Privacy Policy 
The date this Privacy Policy was last revised is identified at the top of the page. It is our policy to post any changes we make to our Privacy Policy on this page. If we make any material changes to how we treat our Website users’ personal information, we will notify you of any such changes by email (if you have provided your email to us) and/or by a prominent notice displayed on our Website’s home page and updating the revised date of our Privacy Policy. We recommend that you check this Privacy Policy when you visit our Website to be sure that you are aware of our most current policy. 
Please also read our Terms and Conditions of Use:

DATA PRIVACY LAW 
Australia Privacy Act of 1988 

WHO IT APPLIES TO
Applies to business if website collects personal information of residents of Australia or Australian territories.

DATA PRIVACY LAW 
California Consumer Privacy Act  
(CCPA)/California Privacy Rights Act (CPRA)

WHO IT APPLIES TO
SEE NOTES ABOVE IN TEMPLATE.

DATA PRIVACY LAW 
Canada’s Personal Information Protection and Electronic Documents Act (PIPEDA)

WHO IT APPLIES TO
 Applies to business if website collects the personal information of Canadians.

DATA PRIVACY LAW 
Colorado Privacy Act (CPA) 

WHO IT APPLIES TO
Applies to business if: 
• Conduct business in Colorado or produce or deliver commercial products or services that are intentionally targeted towards residents of Colorado; and 
• Satisfies one of the following thresholds: o Controls or processes the personal data of 100,000 or more Colorado  
consumers during a calendar year;  
or 
o Derives revenue or receives a  
discount on the price of goods or  
services from the sale of personal  
data and processes or controls the  
personal data of 25,000 or more  
Colorado consumers. 
Exempts airlines, public utilities, financial institutions, governmental entities in Colorado, entities covered by the Health Insurance Portability and Accountability Act (HIPAA), those collecting/processing data for Colorado health insurance law purposes, those collecting/processing data for, employment records purposes, those processing de-identified personal data, consumer reporting agencies, and higher education institutions.

DATA PRIVACY LAW
Connecticut SB6 
WHO IT APPLIES TO
Applies to business if: 
• Controlled or processes the personal data of 100,000 or more Connecticut residents; or 
• Controlled or processed the personal data of 25,000 or more residents of  
Connecticut and derived more than 25% of their gross revenue from the sale of personal data. 
Exempts non-profits, higher education institutions, national securities associations, financial institutions and entities that need to comply with HIPAA.

DATA PRIVACY LAW
General Data Protection Regulation (GDPR)
WHO IT APPLIES TO
• Applies to business if it: 
• processes personal information as part of the activities of one of its branches  
established in the European Union,  
regardless of where the data is processed; or 
• is established outside the European Union and is offering goods or services (paid or for free) or is monitoring the behavior of individuals in the European Union.

DATA PRIVACY LAW
Montana Consumer Data Privacy Act (MCDPA)
WHO IT APPLIES TO
Applies to businesses in Montana or that produce products or services that are targeted to residents of Montana and meet one or more of the following factors:  
• Control or process the personal data of not less than 50,000 Montana  
residents (excluding personal data  
controlled or processed solely for  
completing payment transactions); or • Control or process the personal data of not less than 25,000 Montana  
residents and derive more than 25% of gross revenue from the sale of  
personal data. Exempts non-profits, higher education institutions, national securities associations, financial institutions and entities that need to comply with HIPAA.

DATA PRIVACY LAW
Nevada Revised Statutes Chapter 603A
WHO IT APPLIES TO
Applies if a person: 
• Owns and operates a website for business purposes; 
• Collects and maintains personal  
information from consumers who  
reside in Nevada and use the website; and 
• Purposefully directs its activities towards Nevada, consummates a  
transaction with the State of Nevada or a resident of Nevada, purposefully avails itself of the privilege of  
conducting activities in Nevada or  
otherwise engages in any activity that constitutes sufficient nexus with  
Nevada to satisfy the requirements of the U.S. Constitution. 
Exempts those that live in Nevada if your revenue is derived primarily from a source other than selling goods, services or credit on your website; and your website has less than 20,000 unique visitors per year as well as financial institutions and entities that need to comply with HIPAA.

DATA PRIVACY LAW
Oregon SB619
WHO IT APPLIES TO
Applies if person conducts business in Oregon or provides products or services to residents of Oregon and that, during a calendar year:  
• Processors or controls the personal data of 100,000 or more residents of Oregon; or  
• Processors or controls the personal data of 25,000 or more residents of  
Oregon and derives 25% or more of  
annual gross revenue from the sale of personal data; or 
• signed a contract for the processing of data with a company that does need to comply with this law.  
Exempts non-profits that are established to detect or prevent fraudulent acts in connection with insurance and non-profits that provide programming to radio or television networks. 

DATA PRIVACY LAW
Quebec Law 25
WHO IT APPLIES TO
Applies to business if persons collect, hold, use or share personal information in the course of carrying on an enterprise. 
“Enterprise” is defined as “the carrying on by one or more persons of an organized economic activity, whether or not it is commercial in nature, consisting of  
producing, administering or alienating property, or providing a service.” 
Includes non-profits.

DATA PRIVACY LAW
Texas Data Privacy and Security Act (TDPSA)
WHO IT APPLIES TO
Applies if person conducts business in Texas or produces a product or service consumed by residents of Texas and that processes or engages in the sale of personal data.  
Exempts non-profits, small businesses, as defined by the United States Small Business Administration. The Small Business Administration defines “small business” as either an independent business with less than 500 employees or a business that makes under a certain amount of gross revenue per year.  
HOWEVER, small businesses may not engage in the sale of sensitive personal data without receiving prior consent from the consumer.

DATA PRIVACY LAW
United Kingdom’s Data Protection Act of 2018
WHO IT APPLIES TO
Applies if business monitors the behavior of UK residents via interest-based advertising, use of cookies, etc.

DATA PRIVACY LAW
Utah Consumer Privacy Act (UCPA)
WHO IT APPLIES TO
Applies to business if:
• Has annual revenue of $25,000,000 or more; and 
• Meets one of the following thresholds: o During a calendar year, controls or processes the personal data of  
100,000 or more Utah residents; or 
o Derives 50% or more of its annual gross revenue from the sale of  
personal data and controls or  
processes the personal data of  
25,000 or more Utah consumers. 
Exempts state agencies and other such political organizations, financial institutions, HIPAA-defined covered entities and their business associates, higher education institutions, non-profits, and air carriers.

DATA PRIVACY LAW
Virginia Consumer Data Protection Act (VCDPA)
WHO IT APPLIES TO
Applies to business if during a calendar year: 
• control or process the personal data of at least 100,000 Virginia residents 
• control or process the personal data of at least 25,000 consumers and derive over 50% of gross revenue from the sale of personal data 
Exempts state agencies and other such political organizations, financial institutions, HIPAA-defined covered entities and their business associates, higher education institutions, and non-profits.