🌿 Wild Irish Bloom
Your Data, Your Rights

Privacy Policy

How Wild Irish Bloom collects, uses, stores and protects your personal data. We are committed to transparency and full compliance with the General Data Protection Regulation (GDPR).

Last Updated: 15 January 2026

1. Introduction

This Privacy Policy explains how Wild Irish Bloom ("we", "us", "our"), a trading name of Wild Irish Bloom Ltd, registered in Ireland (Company Registration Number: 682451), collects, processes, stores and protects your personal data when you visit our website at https://wildirishbloom.ie, purchase products, request gardening advice or otherwise interact with our services.

Wild Irish Bloom Ltd acts as the data controller for all personal data collected through this website and our related business activities. Our registered address is Unit 4, Quin Road Business Park, Ennis, Co. Clare, V95 KX28, Ireland. We take your privacy seriously and are committed to processing personal data in accordance with the General Data Protection Regulation (EU) 2016/679 ("GDPR"), the Irish Data Protection Act 2018 and the ePrivacy Directive (2002/58/EC) as transposed into Irish law.

If you have any questions about this policy or wish to exercise your data protection rights, please contact our Data Protection Officer at [email protected] or write to us at the address above.

2. What Personal Data We Collect

Depending on how you interact with our website and services, we may collect the following categories of personal data:

2.1 Information You Provide Directly

  • Contact information: your full name, email address, telephone number and postal address when you place an order, create an account, contact us for advice or subscribe to our newsletter.
  • Order information: details of products purchased, delivery addresses, order history and any special instructions you provide during the checkout process.
  • Communication data: the content of emails, contact form submissions, phone conversations and any gardening advice queries you send to us.
  • Account data: username, password (encrypted) and account preferences if you create a customer account.
  • Feedback and reviews: product reviews, testimonials and survey responses you voluntarily submit, including your name, location and any photographs you provide.

2.2 Information Collected Automatically

  • Device and browser information: your IP address, browser type and version, operating system, screen resolution and device type (desktop, mobile, tablet).
  • Usage data: pages visited, time spent on each page, click patterns, referring website or search engine, entry and exit pages and navigation paths through our site.
  • Cookie data: identifiers stored on your device through cookies and similar technologies (see Section 10 below for our full Cookie Policy).
  • Location data: approximate geographic location derived from your IP address, used to determine delivery availability and display locally relevant content.
  • Server logs: standard web server logs including timestamps, requested URLs, HTTP status codes and data volumes transferred.

2.3 Information From Third Parties

  • Payment processors: we receive transaction confirmation, partial card details (last four digits only) and billing address verification from our payment processor. We never receive or store full card numbers.
  • Delivery partners: tracking information, delivery confirmation and any failed delivery notifications from our courier services.

3. How We Collect Your Data

We collect personal data through the following methods:

  • Website forms: contact forms, order checkout forms, newsletter subscription forms and advice request forms on our website.
  • Cookies and tracking technologies: first-party cookies for essential website functionality and, with your consent, analytics cookies (Google Analytics 4) and marketing pixels (Meta Pixel) to understand site usage and measure advertising effectiveness. Full details are in Section 10.
  • Email and telephone: when you contact us directly at [email protected] or call us on +353 65 684 1127.
  • Server logs: automatically recorded by our web hosting infrastructure when you access any page on our website.
  • Third-party platforms: if you interact with our social media profiles on Instagram, Facebook or other platforms, those platforms may share limited profile information with us in accordance with their own privacy policies.

4. Legal Basis for Processing (GDPR Article 6)

We process your personal data only when we have a valid legal basis under GDPR Article 6. The specific bases we rely on are:

  • Contract performance (Article 6(1)(b)): processing necessary to fulfil your order, deliver products, process payments and provide the gardening advice service you requested. This includes sharing your delivery address with our courier partners.
  • Consent (Article 6(1)(a)): where you have given explicit, freely given consent, such as subscribing to our newsletter, allowing analytics cookies, or permitting marketing communications. You may withdraw consent at any time without affecting the lawfulness of processing carried out before withdrawal.
  • Legitimate interests (Article 6(1)(f)): processing necessary for our legitimate business interests, provided these do not override your fundamental rights and freedoms. Our legitimate interests include: improving our website and product range based on aggregated usage patterns; preventing fraud and ensuring site security; responding to customer queries and providing support; and understanding how customers in Dublin, Clare, Galway and across Ireland discover and use our products.
  • Legal obligation (Article 6(1)(c)): processing necessary to comply with Irish and EU legal requirements, including tax record keeping, product safety obligations and responding to lawful requests from regulatory authorities.

5. How We Use Your Data

We use your personal data for the following specific purposes:

  • Order fulfilment and delivery: to process your orders for native wildflower seeds, plants, peat-free compost, tools and other products; to arrange delivery from our County Clare nursery or Greater Dublin Area fulfilment centre; to send order confirmations and shipping notifications.
  • Customer service and wild gardening advice: to respond to your enquiries about rewilding, native planting, no-dig gardening or product selection; to provide personalised planting recommendations based on your location and garden conditions.
  • Marketing communications (consent only): to send our newsletter with seasonal wild gardening tips, new product announcements and exclusive offers. We send marketing emails only when you have given explicit consent and every email includes a clear unsubscribe link.
  • Website improvement and analytics: to understand how visitors navigate our site, which pages and products are most popular, and to identify and fix technical issues. Analytics data is aggregated and anonymised where possible.
  • Security and fraud prevention: to protect our website and customers from unauthorised access, spam submissions and fraudulent transactions.
  • Legal compliance: to maintain financial records as required by Irish Revenue Commissioners, to comply with consumer protection law and to respond to legally valid data access requests.

6. Data Retention

We retain personal data only for as long as necessary to fulfil the purposes for which it was collected, or as required by law. Our specific retention periods are:

  • Order and transaction records: 7 years from the date of the transaction, as required by Irish tax legislation (Taxes Consolidation Act 1997).
  • Customer account data: retained for the lifetime of your active account plus 2 years after account closure or last activity, whichever is later.
  • Contact form and advice enquiry data: 2 years from the date of your last communication with us.
  • Newsletter subscription data: retained until you unsubscribe. Upon unsubscription, your email address is moved to a suppression list (retained indefinitely to ensure we do not contact you again) and all other associated data is deleted within 30 days.
  • Analytics and cookie data: Google Analytics data is retained for 14 months. First-party analytics cookies expire after 13 months. Session cookies are deleted when you close your browser.
  • Server logs: retained for 90 days for security and diagnostic purposes, then permanently deleted.
  • Product reviews and testimonials: retained for the lifetime of the relevant product listing, unless you request removal.

When data reaches the end of its retention period, it is securely deleted or irreversibly anonymised so that it can no longer be linked to you.

7. Data Sharing

We share your personal data only with the following categories of recipients, and only to the extent necessary for the stated purposes:

  • Delivery and courier services: your name, delivery address and telephone number are shared with our courier partners (DPD Ireland, An Post) to fulfil and deliver your orders.
  • Payment processors: Stripe processes your payment card details. We do not handle, see or store your full card number at any point. Stripe acts as an independent data controller for payment data and processes it under its own privacy policy.
  • Hosting and infrastructure: our website is hosted on servers within the European Economic Area (EEA). Our hosting provider processes data strictly as a data processor under our instructions and a signed Data Processing Agreement.
  • Analytics providers: Google (Google Analytics 4) receives anonymised usage data to help us understand site traffic. When you consent to analytics cookies, Google may process your IP address (which is anonymised before storage) and assign a pseudonymous client identifier.
  • Email service provider: we use a GDPR-compliant email marketing platform to send newsletters. This platform processes your name and email address under a Data Processing Agreement and does not use your data for its own purposes.
  • Professional advisors: our accountants and legal advisors may access limited data as required for tax compliance, legal proceedings or regulatory matters.
  • Legal and regulatory authorities: we may disclose data to An Garda Síochána, the Data Protection Commission (DPC) or other authorities when legally required to do so.

We do not sell, rent or trade your personal data to any third party for marketing purposes. We never have and we never will.

8. International Data Transfers

We aim to keep all personal data within the European Economic Area (EEA). Our primary hosting servers are located within the EEA. However, some of our third-party service providers (including Google and Stripe) may process data in the United States or other countries outside the EEA.

Where data is transferred outside the EEA, we ensure appropriate safeguards are in place. These safeguards include:

  • European Commission adequacy decisions: where the receiving country has been deemed to provide an adequate level of data protection.
  • Standard Contractual Clauses (SCCs): approved by the European Commission under Article 46(2)(c) GDPR, incorporated into our agreements with relevant service providers.
  • EU-US Data Privacy Framework: where the receiving organisation in the United States has been certified under this framework.

You may request a copy of the specific safeguards we use by contacting us at [email protected].

9. Your Rights Under GDPR

As a data subject under the GDPR, you have the following rights in relation to the personal data we hold about you. These rights apply regardless of whether you are based in Ireland, elsewhere in the EU/EEA, or in any jurisdiction that recognises equivalent rights.

  • Right of access (Article 15): you have the right to request a copy of all personal data we hold about you, along with information about how it is being processed. We will respond within one month of receiving your request.
  • Right to rectification (Article 16): you may ask us to correct any inaccurate personal data or complete any incomplete data we hold about you.
  • Right to erasure / right to be forgotten (Article 17): you may request that we delete your personal data where there is no compelling reason for us to continue processing it. This right does not apply where we are legally required to retain data (e.g., tax records).
  • Right to restriction of processing (Article 18): you may ask us to restrict the processing of your data in certain circumstances, for example while we verify the accuracy of contested data.
  • Right to data portability (Article 20): you have the right to receive your personal data in a structured, commonly used and machine-readable format (e.g., CSV or JSON) and to transmit it to another controller.
  • Right to object (Article 21): you may object to processing based on legitimate interests at any time. You also have an absolute right to object to processing for direct marketing purposes.
  • Right to withdraw consent (Article 7(3)): where we process data based on your consent, you may withdraw that consent at any time. Withdrawal does not affect the lawfulness of processing carried out before you withdraw.
  • Right not to be subject to automated decision-making (Article 22): we do not use automated decision-making or profiling that produces legal or similarly significant effects on you.

How to exercise your rights: submit your request by emailing [email protected] or writing to our Data Protection Officer at Unit 4, Quin Road Business Park, Ennis, Co. Clare, V95 KX28. We may ask you to verify your identity before processing your request. We will respond within one calendar month.

Right to lodge a complaint: if you believe we have not handled your data correctly, you have the right to lodge a complaint with the Irish Data Protection Commission (DPC):

  • Data Protection Commission, 21 Fitzwilliam Square South, Dublin 2, D02 RD28, Ireland
  • Website: www.dataprotection.ie
  • Telephone: +353 1 765 0100 / 1800 437 737

10. Cookie Policy

Our website uses cookies and similar technologies. A cookie is a small text file placed on your device when you visit a website. We use cookies to ensure the website functions correctly, to understand how visitors use our site and, with your consent, to measure the effectiveness of our marketing.

10.1 Types of Cookies We Use

Cookie Type Purpose Duration Consent Required
Essential / Strictly Necessary Enable core website functionality: shopping cart, secure checkout, cookie consent preferences, session management. Session to 12 months No (required for the site to function)
Analytics Google Analytics 4: track page views, session duration, bounce rate and navigation paths. IP addresses are anonymised. No personally identifiable information is collected. Up to 13 months Yes
Marketing / Advertising Meta Pixel: measure advertising performance on Facebook and Instagram. Helps us understand which ads lead to visits and purchases. Does not identify you personally to us. Up to 13 months Yes
Preference / Functionality Remember your cookie consent choice, preferred language settings and any display preferences. 12 months No (functional necessity)

10.2 Managing Your Cookie Preferences

When you first visit our website, you will see a cookie consent banner allowing you to accept or reject non-essential cookies. Your choice is stored in your browser's local storage and respected on all subsequent visits. You can change your preferences at any time by clearing your browser's local storage or cookies for wildirishbloom.ie and refreshing the page.

You can also manage cookies through your browser settings. Most browsers allow you to block all cookies, block only third-party cookies or delete cookies when you close the browser. Please note that blocking essential cookies may prevent parts of our website from functioning correctly.

10.3 Third-Party Cookies

Analytics and marketing cookies are set by third parties (Google, Meta). These third parties have their own privacy policies governing how they process data. We recommend reviewing:

  • Google Privacy Policy: policies.google.com/privacy
  • Meta Privacy Policy: www.facebook.com/policy.php

11. Data Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, accidental loss, destruction or alteration. These measures include:

  • SSL/TLS encryption on all pages of our website (HTTPS).
  • Encrypted storage of passwords using industry-standard hashing algorithms.
  • Regular security updates and patches applied to our hosting infrastructure and content management systems.
  • Access controls ensuring that only authorised staff members can access personal data, and only to the extent necessary for their role.
  • Signed Data Processing Agreements with all third-party processors.
  • Regular backups stored in encrypted form within the EEA.

While we take every reasonable precaution, no method of transmission over the internet or electronic storage is completely secure. We cannot guarantee absolute security but we continuously review and improve our security practices.

12. Children's Privacy

Our website and services are not directed at children under the age of 16. We do not knowingly collect personal data from anyone under 16 years of age. If we become aware that we have collected personal data from a child under 16 without verified parental consent, we will take steps to delete that data as quickly as possible. If you believe your child has provided us with personal data, please contact us immediately at [email protected].

13. Third-Party Links

Our website may contain links to external websites, including social media platforms, partner organisations and educational resources about rewilding and biodiversity in Ireland. We are not responsible for the privacy practices or content of these external sites. We encourage you to read the privacy policy of every website you visit. A link from our site does not imply endorsement of that site's privacy practices.

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements or for other operational reasons. When we make material changes, we will:

  • Update the "Last Updated" date at the top of this page.
  • Display a prominent notice on our website for a minimum of 14 days following any material change.
  • Where appropriate and where we have your email address, send you a notification of significant changes by email.

We encourage you to review this page periodically to stay informed about how we protect your data. Your continued use of our website after changes are posted constitutes acceptance of those changes.

15. Data Deletion and Unsubscribe Requests

You may request the deletion of all personal data we hold about you at any time by emailing [email protected] with the subject line "Data Deletion Request". We will process your request within one calendar month and confirm deletion in writing.

To unsubscribe from our marketing emails, click the "Unsubscribe" link at the bottom of any email we send, or email us at [email protected]. Unsubscription takes effect immediately, though emails already in queue at the time of your request may still be delivered within 48 hours.

Please note that we may need to retain certain data after a deletion request where we have a legal obligation to do so (for example, financial transaction records required by Irish tax law for 7 years). We will inform you if this applies to your request.

16. Contact Details

If you have questions, concerns or complaints about this Privacy Policy, about how we handle your data or wish to exercise any of your rights, please contact us:

  • Data Protection Officer / Privacy Contact: [email protected]
  • General enquiries: [email protected]
  • Telephone: +353 65 684 1127
  • Postal address: Wild Irish Bloom Ltd, Unit 4, Quin Road Business Park, Ennis, Co. Clare, V95 KX28, Ireland

We aim to respond to all privacy-related enquiries within 5 working days and to resolve all formal data subject requests within the statutory one-month period.

Questions About Your Data?

We are happy to answer any questions you have about how we protect your personal information. Reach out to our team and we will get back to you within 5 working days.

Contact Us Terms of Service