Skip to content

Privacy Policy

Smithers-Oasis Company (“SOC”) values your privacy and is committed to protecting your Personal Data. This Privacy Policy explains how SOC collects, uses, and shares information when you visit SOC’s Website (the “Website”) and use SOC’s Services. From time to time, this Website may contain links to other websites that are separate and not operated by SOC. This Privacy Policy only applies to our Website, so if you click a link to another website, you should read their privacy policy.  

We have no control over and assume no responsibility for the content, privacy policies, or practices of any third-party sites or services. 

1. Changes to This Privacy Policy 

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new policy on the Website page and updating the “Last Updated” date. You are advised to review this Privacy Policy periodically for any changes that may occur. Changes to this Privacy Policy are effective from the moment posted on the Website.  

2. Definitions

“Information” refers to any category listed and described in Section 4 of this Privacy Policy. 

“Personal Data” is any Information or data that pertains to an identifiable or identified individual or household. “Personal Data” likewise means any Information that identifies, relates to, describes or is capable of being linked to any specific consumer or household.  

“Service” or “Services” refers to the Website and all other services provided thereon.  

“Service Provider” means any natural or legal person who processes Personal Data on behalf of SOC. This also refers to third parties and other companies employed by SOC to administer the Service.  

“Usage Data” means any data collected automatically by SOC through use of the Service.  

“we”, “us”, “our” means SOC.  

“you” or “your” means the individual accessing or using the Website or Services, or the company or legal entity on whose behalf the individual is accessing our Services.  

3. Security of Your Personal Data

Although the security of Your Personal Data is foremost to us, we cannot guarantee that any transmission over the internet or any method of electronic storage is 100% secure. Given the global nature of our business, your Personal Data may be transferred or stored outside the country, state, or province in which you reside. We can only assure you that we will use commercially reasonable means to protect your Personal Data from unauthorized access, alteration, and/or destruction.  

4. Information We Collect

We collect various types of Information to provide and improve our services to you.

  • Personal Data: When you contact us about our Services, we may collect Personal Data, which may include personal details such as your name, email address, business information, phone number, or anything that falls under the definition of Personal Data.  
  • Usage Data: We automatically collect information about your interaction with the Website, including your IP address, search engine used, browser type, operating system, pages visited, time spent on our Website, the referring URL, and so on. 
  • Cookies and Tracking Technologies: We use cookies, web beacons, embedded scripts, and similar technologies to track your activity on the Website and to store certain information. Please note that if you disable the cookies on your computer, you may not be able to use specific features of our Website or of other websites.  
    • Cookies are small data files stored on your device that help us improve your user experience. The following are the types of cookies that we use:  
      • Essential Cookies: These cookies are necessary for the Website to function properly and cannot be turned off. They are usually set in response to actions made by you, such as setting your privacy preferences or filling out forms.  
      • Performance and Analytics Cookies: These cookies help us understand how visitors interact with the Website by collecting and reporting Information anonymously. They allow us to measure and improve the performance of the Website. 
      • Functionality Cookies: These cookies enable the Website to provide enhanced functionality and personalization. They may be set by us or by third-party providers whose services we have added to our pages. 
      • Targeting Cookies: These cookies track your browsing habits to enable us to show you advertisements which are more likely to be of interest to you. These cookies do not directly store your Personal Data but are based on uniquely identifying your browser and internet device. Web beacons are small graphic images embedded in web pages to track the number of visitors on the Website, track how users navigate a site, or to count the number of emails opened for specific pages or links.  
    • Embedded scripts are designed to collect Information about a user’s interactions with a website.  
  • We use Cookiebot as our Consent Management Platform (CMP) that helps us display cookie consent banners on the Website and comply with data privacy regulations. Cookiebot is Google-certified and supports Google Consent Mode v2 and the Transparency and Consent Framework (TCF). You have the option to manage your consent using this tool, each time you visit the Website. 
  • Email Information: if you choose to correspond with us through email, we may retain the content of your email messages together with your email address and our responses. We provide the same protections for these electronic communications that we employ in the maintenance of Information received online, by mail and by telephone.  

5. Email Policies

We do not sell, rent, or lease our customer lists to third parties, and will not disclose your email address to any third parties except as permitted in Section 9 titled “How We Share Your Information”. We may save your email address along with any other information you provide us to contact you in the future about our products, solutions, or services that we feel may benefit you unless you expressly opt out of such communications.  

6. How We Use Your Information

We do not sell or rent any Information collected to any third parties, share your Information with advertisers in a manner that subjects you to targeted advertising by entities other than us, or use automated decision-making technology that produces legally significant effects. SOC retains your Information for only as long as reasonably necessary to fulfill the purpose for which the Information was collected. The following are the purposes for which Information was collected: 

  • To Provide Services: We use your Personal Data to deliver and manage our Services, respond to your inquiries, and fulfill your requests. 
  • To Improve Our Services: We analyze usage data to enhance the Website and the Services, troubleshoot issues, and develop new features.  
  • To Communicate with You: We may use your contact Information to send you updates, newsletters, promotional materials, and other relevant Information. You can opt out of receiving these communications at any time. 
  • To Ensure Compliance: We process your Personal Data to comply with legal obligations, regulatory requirements, and our internal policies. 
  • To Manage Your Requests: We may use your Personal Data to manage any requests you submit to us.  

7. Personal Data Disclosure

We may disclose your Personal Data if we are under the good faith impression that doing so is necessary to: 

  • Comply with any legal requirements
  • Protect users’ personal safety 
  • Investigate possible wrongdoing 

8. How We Share Your Information

We may share your Information with our agents, vendors, consultants, and other third parties performing services on your behalf to help us develop, operate, maintain, improve, and protect our products and services. These third parties may only use your Information to carry out the functions that are necessary to execute a specific business purpose in accordance with this Privacy Policy. We may share your Information with third parties in the following situations: 

  • Service Providers: We may share your Information with trusted Service Providers who assist us in delivering our Services as per your request, which could include affiliates, business partners, payment processors, analytics companies, and other providers. 
  • Legal Requirements: We may disclose your Information if required to do so by law or in response to valid requests by public authorities. 
  • Business Transfers: If we are involved in a merger, acquisition, or asset sale, your Information may be transferred as part of that transaction.  

9. Your Rights and Choices About How We Use and Disclose Your Personal Data

Regardless of where you live, you have certain rights regarding your Personal Data: 

  • Access and Correction: You may request access to your Personal Data and ask us to correct any inaccuracies. 
  • Opt-Out: You can opt-out of receiving commercial communications from us by following the unsubscribe instructions in those communications. Please note that even if you unsubscribe from commercial email messages, we may still email you non-commercial emails for lawful purposes including, for example, to manage any account you have with us, respond to your requests, and execute agreements with you. You may update your account preferences at any time.  
  • Data Deletion: You can request the deletion of your Personal Data, subject to certain legal obligations. 
  • You may have additional rights that we must honor depending on your location or residency, which are further described below.  

To access, correct, and delete your Personal Data, please contact us via any of the methods listed in Section 15 of this Privacy Policy.  

10. Children’s Privacy

Our products and the Services are not intended for individuals under the age of 18. We do not knowingly collect Personal Data from children under the age of 18 years old. If you are a parent or guardian and you believe your child has provided us with Personal Data, please contact us with specific details about the Information provided, and we will remove it. We encourage parents and legal guardians to monitor their children’s internet usage and instruct their children to never provide information to any website without permission. 

11. California Consumer Privacy Act Privacy Rights (“CCPA”)

The California Consumer Privacy Act (“CCPA”) is a State of California data protection law that applies to all visitors, users, and others who reside in the State of California. The CCPA requires the operator of an online service or website that collects “personally identifiable information” to formulate a privacy policy that apprises consumers of their rights under the CCPA. Under the CCPA, “personally identifiable information” refers to individually identifiable information about a consumer including name, telephone number, physical address, email address, social security number, or any other identifier that permits physical or online contact with a specific individual. For purposes of this Privacy Policy, such shall be referred to as “Personal Data”.  

A. Categories of Personal Data Collected

We may collect Personal Data that identifies, relates to, describes, references, or can be associated with, or linked to a consumer or device. Upon request, we are required to provide you with the categories of Personal Data that we have collected from you over the previous twelve (12) months. In addition to the categories of Personal Data collected, we must provide the source of the Personal Data, your use of the Personal Data, whether the Personal Data was disclosed to third parties, the commercial purpose of the Personal Data usage, and the categories of third parties to whom your Personal Data was disclosed or sold.  

To successfully execute your request, we must collect specific details from you to verify your identity so that we can respond within forty-five (45) days of receiving your request. The primary categories of Information normally collected are personal identifiers (cookies, contact information, government IDS, etc.), Information protected against security breach, commercial information, internet/electronic activity, geolocation, audio/video data, and inferences from the foregoing.  

However, the following Information is not considered Personal Data under the CCPA, and is thereby excluded from its scope:

  • Deidentified or aggregated consumer information; 
  • Publicly available information from government records or otherwise; 
  • Any information excluded from the CCPA’s scope, such as: 
    • Health Information covered by the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and the California Confidentiality of Medical Information Act (CMIA) or clinical trial data. 
    • Personal information covered by sector-specific privacy laws, including the Fair Credit Reporting Act (FRCA), the Gramm-Leach-Bliley Act (GLBA) or California Financial Information Privacy Act (FIPA), and the Driver’s Privacy Protection Act of 1994. 

B. Categories of Personal Data Disclosed by Us for a Business Purpose for the Past 12 months

  • The Categories of Personal Information From Which We Have Collected Personal Data About Consumers In the Preceding 12 Months: 
    • Contact/identification information (e.g. name, address, phone number) 
    • Payment information (e.g. payment card information) 
    • Purchase history (e.g. purchases, returns/exchanges, rebates, warranties) 
    • Internet or other electronic network activity (e.g. browse or search history) 
  • The Categories of Sources of the Information Collected 
    • Consumer provides directly 
    • Online advertising 
    • Cookies and other technologies 
    • Marketing Companies 
    • Server logs 
    • Third Party Data analytics 
    • Service Providers 
    • Shipping companies 
    • Social Media 
  • The Business or Commercial Purpose for Collecting Personal Data 
    • Record and process your purchases, payment, returns, and rebates 
    • Deliver your products/fulfill your orders 
    • Customized advertising catered to customer services 
    • Communicate with you through various channels in response to your inquiries or to send information about our services and/ products 
    • Deliver your products and fulfill your orders 
    • Comply with legal requirements, standards, and our terms and conditions 
    • For research and development 
  • Categories of Personal Information that Have Been Sold to Third Parties 
    • None 
  • Categories of Third Parties to Whom Information Was Disclosed 
    • Third party service providers 
    • Advertisers 
    • Legal requirements and compliance  
    • Security and fraud prevention 
    • Social Media 

C. Your Rights Under the CCPA

  • The Right to Delete Personal Data. You have the right to request that we delete your Personal Data, subject to a few exceptions. Once we receive your request to delete your Personal Data, we will delete, and direct any service providers to delete, your Personal Data from our records, except if the request falls within any exception. Such requests will be tended to during normal weekly business hours. The exceptions that prevent us from deleting your Personal Data include the following:  
    • To detect security issues, such as protecting against fraudulent or malicious activity. 
    • To repair errors that impair our existing capacities. 
    • To exercise any First Amendment right, any right provided by law, or any right exercised by another consumer. 
    • Comply with the California Electronic Communications Privacy Act (Cal. Penal Code § 1546 et. seq.).  
    • Complete a transaction during which we collected your Personal Data, such as providing a good or service that you requested.  
  • The Right to Opt-Out. Generally, you have the right to opt-out of the sale of your Personal Data, targeted advertising, and automated-decision making and profiling that has legally significant effects. However, we do not sell your Personal Data to third parties, share your Personal Data with advertisers in a manner that subjects you to targeted advertising, or unlawfully use automated decision-making technology that produces legally significant effects.  
  • The Right to Notice. You have the right to receive notice as to which categories of your Personal Data we collect and how we are using that data. Namely, you have the right to know the purposes for which we are using your Personal Data.  
  • The Right to Request. You have the right to request that we disclose to you the ways in which we collect, use, sell, and disclose for commercial purposes your Personal Data.  
  • The Right to Correct. You have the right to request that we correct any inaccurate Personal Data associated with you. We will make a reasonable effort to correct any inaccuracies after verifying the authenticity of your request.  
  • The Right to Limit. You may direct us to limit the use of your Personal Data for specified purposes, such as disclosure or sale to third parties.  
  • The Right to Not be Discriminated Against. You have the right to not be discriminated against because you exercised your rights under the CCPA. This means you may not be discriminated against in the following situations: for denying goods or service to you, for charging different prices for goods or services, or for providing a different quality of service to you due to your exercise of rights.

D. Exercising Your CCPA Rights

To exercise Your rights under the CCPA, you may contact us via the methods listed in “Contact Us” or Section 15 of this Privacy Policy.  

Only you, or a person registered with the California Secretary of State as your agent or to act on your behalf, may make a request pertaining to your Personal Data.  

Your request to us must include:  

  • Ample details to allow us to verify your identity and confirm that the Personal Data you requested relates to you. This information about your identity and Personal Data must be sufficient to enable us to disclose and deliver the requested Personal Data to you, free of charge, within 45 days of receiving your verifiable request. 

E. Format of Disclosure

Upon request for data disclosure, we will provide your data to you in a format that is readily accessible, user-friendly, and easily transferable.  

12. Other States’ Data Protection Laws

Other states such as Connecticut, Colorado, Oregon, and Virginia, among others, have passed data privacy laws that mirror many of the rights and protections of the CCPA. Thus, if you are in any state where a data privacy law has been passed, signed into law, and become effective, then we will provide you with the same rights and protections as you would receive under the CCPA. That is, you may exercise your rights by contacting us according to the methods listed in Section 15.  

Unless you are in Nebraska, we are required to respond to your verifiable request in the exercise of your rights within forty-five (45) days of your submission to us. In Nebraska, we have thirty (30) days to respond to your verifiable request.  

13. General Data Protection Regulation (“GDPR”)

We are committed to processing your data in accordance with principles outlined in Article 5 of the General Data Protection Regulation (“GDPR”). These principles establish that we must take due care with your data and limit our use to what is necessary for the collection and retention consistent with the lawful and legitimate purpose sought. Thus, SOC gives you the choice to access, edit, and remove Personal Data pursuant to the following rights.  

  • The Right to Access: You have the right to access a copy of all your Personal Data on file with us. You can access certain information associated with your account by visiting your account privacy settings.  
  • Right to Portability: You may receive certain summaries of your Personal Data in a structured, machine-readable, and understandable format.  
  • Right to Correction: You may request that we revise any inaccurate Personal Data that we have on file with us.  
  • Right to Restrict Processing: If we have already processed your Personal Data, you may have the right to restrict or limit the ways in which we use your data.  
  • Right to Deletion: You have the right to request the deletion of your Personal Data, except Personal Data we are required to retain by law, regulation, or to protect the safety, security, rights, and integrity of Etsy.  
  • Right to Object: You may object to our processing of your Personal Data based on the legitimate interests explained above.  
  • Right to Withdraw Consent: If you have consented to specific processing of your data, you may withdraw such consent at any time. Please be advised that withdrawing consent will not affect the lawfulness of processing that happened before you withdraw your consent.  
  • Right to File a Complaint: If you are a resident in the EEA, Switzerland, or the UK, you have the right to submit a complaint about our practices concerning your Personal Data with the supervisory authority of your country or state:  
    • In the UK, the relevant data protection authority is the Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF, +44 (0303) 123 1113, [email protected]
    • In Ireland, the relevant data protection authority is the Data Protection Commission 21 Fitzwilliam Square South, Dublin 2, D02 RD28, +353 017650100 / + 353 1800437737, email: [email protected] or by using this online form.

To exercise any of your rights under the GDPR, you may do so via your SOC account settings or by contacting us via any of the communication methods listed in Section 16. Nevertheless, you may still receive service-related emails concerning any one of your transactions or legally required communications.  

14. Artificial Intelligence

If SOC uses any form of generative artificial intelligence, SOC acknowledges and agrees that any action or decision that may impact an individual’s privacy rights shall be subject to human oversight and intervention as needed and required by law. Under GDPR and other applicable privacy laws, individuals have the right to not be subjected to decisions solely based on automated processing. 

To the extent that SOC uses generative artificial intelligence to enhance its business or service capabilities, SOC will only process Personal Data that is necessary to achieve a legitimate business purpose, based on consent, or pursuant to a legal obligation. Our use of generative artificial intelligence will honor any rights you may have under the GDPR, CCPA, and other states’ data privacy laws.  

To ensure that any use of generative artificial intelligence complies with the GDPR, SOC will carry out an assessment that highlights the risks of automated processing to the rights of consumers, the legitimate business interests pursued by the automated processing, the ways in which SOC can limit risks that such use poses to consumers, and the measures that may be implemented to ensure that such processing does not exceed the legitimate purposes for which SOC collects the Personal Data. 

15. Contact Us

If you have any questions or concerns about this Privacy Policy, please contact us at: 

Phone Number: +1 330.945.5100 
Email: [email protected] 
Website: oasisfloral.com