Privacy policy
Heirloom Roses Privacy Policy
Privacy Policy (Last updated: October ___, 2025)
This Privacy Policy (the “Policy”) describes how Heirloom Roses, Inc. (“Heirloom Roses”, “we,
or “us”) collects, stores, uses, and discloses personal information, including when you: (1) use
our website located at https://heirloomroses.com/, (2) engage with us on social media, (3) attend
events with us, or (4) communicate with us. This Policy addresses specific disclosure
requirements from various privacy laws and also serves as our ‘notice at collection.’
Personal Information We Collect and Process
Heirloom Roses collects information about you in a number of ways. We collect information
directly from you, such as when you: (1) subscribe to our mailing list, (2) make a purchase from
us, (3) use our chatbot, or (4) create an account. We collect information automatically from you
through the use of Cookies and Similar Technologies when you: (a) visit our website or (b)
engage with our emails. Heirloom Roses may also collect information about you from others,
such as: (i) other users, (ii) public sources, (iii) data brokers, or (iv) people in our network. We
may also make inferences about you, such as inferences about products that may interest you or
about security/policy matters. This information includes:
Identifiers such as your real name, account name, username, unique personal identifier,
unique online identifier, IP address, or other similar identifiers.
Contact Information, postal address, email address, or phone number.
Demographic information, such as your market area (e.g., Portland Metropolitan Area).
Commercial information, including information about your prior purchases from us.
Geolocation information, such as your device’s precise IP location when you use our website or use the Shop app to make purchases from Heirloom Roses. Geolocation information may qualify as “sensitive” personal information under applicable privacy laws.
Content, such as reviews you’ve provided.
Financial account information, such as the credit card information you provide for
billing purposes. Financial account information may qualify as “sensitive” personal
information under applicable privacy laws
Your preferences, interests, and affiliations, such as the color roses you enjoy. We
may also infer your preferences based on your interactions on the website.
Communications, such as when you send us email or engage with us on social media
platforms.
Audio, electronic, visual, thermal, olfactory, or similar information, including
voicemail recordings you provide or photographs taken at our events.
Chatbot Recordings, such as your search queries or questions you submit through our
chatbot.
Internet and electronic network activity, and your interactions, such as the information
we automatically collect about your browser, device, or connection when you visit our
2 -
143480\288259\48539521.7
websites or engage with our emails through the use of Cookies and Similar Technologies
which often assign a unique identifiers. Such information may include:
o Date and time of your visit to our websites and duration of your visit,
o Your traffic patterns, use patterns, and clickstreams,
o Type of device, web browser, and/or operating system used,
o Your IP address,
o The website from which you linked to our website, and
o Other similar information about your use of our websites, applications or other
services.
Heirloom Roses may process de-identified personal information. Data is in this state cannot be
used to infer information about, or otherwise be linked to, a particular individual. In those
instances, and unless allowed under applicable law, we will maintain such information in a de-
identified state, and will not try to re-identify the individual.
Cookies and Similar Technologies
Our website, emails, and other services use cookies and similar technologies to automatically
collect personal information about your use and interactions.
Cookies are small files placed on your device to store information, often consisting of a
unique personal identifier, for a variety of purposes. We use session cookies to observe
your navigation throughout the website for the purposes described above. We may also
hire others, such as a company providing analytics software, to place cookies on our
digital properties to gather information on our behalf. You may set your Web browser to
notify you when you receive a cookie and you may also erase cookies from your browser
after shopping. If you delete our cookies, you limit our ability to personalize
HeirloomRoses.com for your next shopping visit; however, deleting a cookie will not
prevent you from shopping and purchasing at our site in the future.
Web beacons are small tags placed in digital content, for example on a website or email,
to track how the user interacts with the content. Such interaction will trigger a transfer of
information that can be used to gain insight, such as how many people have viewed the
content.
Pixels and web tags are encoded in digital content to enable functionality and/or to track
engagement with digital content across contexts. We may use web beacons or pixel tags
on our website and/or in our communications with you to enable us to know whether you
have visited a web page or received a message. Pixels and web tags may enable us to
relate your viewing or receipt of a web page or message to other information about you,
including your Personal Information.
3 -
143480\288259\48539521.7
SDKs. A software development kit (SDK) is a developer tool embedded in an application
often used to collect information about use of the application, as well as the device
running the application.
Fingerprinting. Device fingerprinting is used to identify unique devices by collecting
information about various aspects of the device’s hardware, software, and connection.
Heirloom Roses may collect your email address via cookies and pixels on the website
through the use of trusted third party partners. These partners may combine your email
information with other information they have access to such as mailing address so that
Heirloom Roses may serve relevant marketing offers to you via direct mail. If you do not
want Heirloom Roses to collect information about you, please contact us to opt out.
The table below provides additional information about the cookies we may use:
Cookie(s)
Provider
Heirloom Roses’ Use
/ Purpose of cookie
information
To learn about Cookie
Provider’s Use of cookie
information
How to Opt-Out
Google Analytics, marketing,
audience measurement
How Google uses information
from sites that use its services
Opt-out
Shopify Analytics, audience
measurement
Shopify Cookie Policy Opt-out
Meta Analytics, marketing,
security
Meta Cookie Policy You can find information on
how to opt-out in the “How can
you control your Information”
section of the cookie policy.
Hotjar Functionality, website
user experience
Hotjar Data Privacy Do Not Track Page
Microsoft Analytics, marketing Microsoft Privacy Statement Personalized ads & offers
LinkedIn Analytics, marketing LinkedIn Cookie Policy Opt-out
Klaviyo Analytics, marketing Klaviyo Cookie Notice You can manage your cookie
preferences by going to Section
6: Your Choices About Cookies
in the Cookie Notice and
clicking “Your Privacy
Settings.”
LS Direct Analytics, marketing LS Direct Privacy Policy Opt-out Form
4 -
143480\288259\48539521.7
Optimizely Analytics, marketing Optimizely Cookie Notice Privacy Rights Request Form
Please see the Exercising Your Rights section for more information on controlling cookies and
similar technologies.
Use of Your Information
We use your information for a variety of purposes, including to:
Schedule deliveries of merchandise that you purchase online,
Create an online account for you at HeirloomRoses.com,
Bill your credit card for your purchases,
Confirm and track your orders,
Respond to your customer service inquiries,
Provide promotional communication and other information to you, if you choose to
receive them,
Offer the products you want,
Customize your shopping experience,
Improve our website design, and
To conduct business generally.
Additional information about what we do with the information collected can be found in the
following table:
Use Personal Information Types Used
Provide and improve our services Identifiers
Internet and electronic network activity, and your
interactions
Personalize user experience and content Identifiers
Demographic Information
Commercial Information
Your preferences, interests, and affiliations
Internet and electronic network activity, and your
interactions
Communicate with you, including responding to
inquiries and providing updates
Identifiers
Communications
Analyze usage trends, conduct research, and
enhance security measures
All Personal Information Categories, as necessary
Comply with legal obligations and prevent All Personal Information Categories, as necessary
5 -
143480\288259\48539521.7
fraudulent activities.
In carrying out these purposes, we combine information we collect from different contexts and/or
sources to provide you a more seamless and personalized experience, to make informed business
decisions, and for other legitimate business purposes.
Sensitive Data
As described above, depending on our interactions, some of the information we collect may
qualify as “sensitive” under certain applicable privacy laws. We only collect such sensitive
information as necessary to conduct business or for other legitimate purposes. For example, we
only collect financial account information to facilitate payments for our services or as necessary
to provide services and we only collect precise data location when you’re making a purchase on
the Shop app.
When We Share Your Personal Information
We share or provide others with access to your information: (1) with your consent, (2) at your
direction, (3) to complete any transaction or request you have authorized, or (4) for other
legitimate business purposes. For example, we use companies to verify and process credit card
transactions and to deliver packages. We share information with our e-commerce platform
provider. We may share your information with others who help us analyze sales data, maintain
our records, and provide other services for Heirloom Roses such as collecting site navigation
information. We might transfer your information to a third party in the event of a merger,
acquisition, sale, transfer of assets or any part of our business. We also may be required to
disclose your personal information to third parties if necessary to comply with applicable laws,
subpoenas or court orders. We may share your information with attorneys, accountants, or other
professionals as necessary for legitimate business purposes. In any case, these third parties are
not authorized to use your information for any reason other than to perform their contractually
assigned functions.
Additional information about when we share your information is shown below:
Category of
Recipient
Use Data Types
Payment Processors When you make a purchase from
Heirloom Roses, your information
will be shared with payment
processors or others who help to
complete the transaction.
Identifiers
Contact Information
Financial account information
Internet and electronic activity and
your interactions
Service Providers We share your information with third
parties, such as our vendors, suppliers
or other professional services firms
Identifiers
Contact Information
Demographic information
6 -
143480\288259\48539521.7
that provide us with services or work
on our behalf for the purposes
described herein. This may include
our cloud service providers, shipping
partners, data analytics providers, and
security vendors. In such cases, these
companies must abide by our
requirements and are not allowed to
use personal information they receive
from us for any other purpose beyond
providing us with their respective
services.
Geolocation information (which
may include sensitive information)
Commercial information
Financial account information
Your preferences, interests, and
affiliations
Communications
Audio and visual information
Internet and Electronic Network
Activity, and Interactions
Other unique identifiers
Affiliated entities or
subsidiaries
We share personal information
among Company affiliates and
subsidiaries.
All Personal Information
Categories, as necessary
Other Business in the
event of a Merger,
Acquisition, or Sale
We might transfer your information
to a third party in the event of a
merger, acquisition, sale, transfer of
assets or any part of our business.
All Personal Information
Categories, as necessary
Law enforcement,
authorities, or others
as necessary
We might disclose your information
to a third party, without your consent
and without notice to you, if we are
required to do so by law. We may
also disclose your information to a
third party if we have a reasonable
belief (1) we are legally or ethically
obligated to do so, (2) such disclosure
is necessary to protect, establish, or
exercise our legal rights or defend
against legal claims, or (3) disclosure
is necessary to protect our / your /
others’ rights, property, and/or safety.
All Personal Information
Categories, as necessary
Business and
Marketing Partners
Subject to your cookie preferences,
device settings, and privacy
preferences, we may share
information with analytics,
marketing, and digital advertising
vendors who process your
information to provide analytics and
marketing services to us. They may
also use such information in
accordance with their own privacy
Identifiers
Contact Information
Demographic information
Commercial information
Your preferences, interests, and
affiliations
Internet and Electronic Network
Activity, and Interactions
Other unique identifiers
7 -
143480\288259\48539521.7
policies. Please see our Cookies and
Similar Technology section for more
information.
Other professionals We may share your information with
attorneys, accountants, or other
professionals as necessary for
legitimate business purposes.
All Personal Information
Categories, as necessary
Shopify
We use the Shopify platform to power our online store. Shopify collects and processes
personal information for functional, analytical, and marketing purposes which allows us to sell
our products, create subscription plans, share relevant ads, and provide you with a localized
shopping experience. To deliver these services, information submitted by customers will be
shared with Shopify as well as third parties that may be located in other countries. You can find
more information on how Shopify processes your information here and control how Shopify uses
your data here.
AI Chatbot
We may use the information you submit to our AI Chatbot to respond to your search queries or
questions. If you submit your personal information to the AI Chatbot we will also use the
information shared with us to develop and train our tool to provide a better and more
personalized experience to you and other users of our services. If you do not want your personal
information used to train our AI tool, please do not use the AI Chatbot.
Children's Data
We do not knowingly collect information from children under the age of 13. If you are under the
age of 13, you must ask your parent or guardian to assist you in using our website. If you're a
parent or guardian of a child and become aware that your child has provided personal data to us,
contact info@HeirloomRoses.com. If we learn that we've collected the personal data of a child in
violation of applicable law, we'll take reasonable steps to delete the personal data.
Privacy Protection
We protect our databases with various physical, technical and procedural measures to assist in
protecting against the loss, misuse, and unauthorized alteration of your information that is under
our control. Unfortunately, no data storage system, or system of transmitting data over the
Internet, can be guaranteed to be 100% secure. As a result, we cannot guarantee the security of
our network, the means by which personal information is transmitted between your computer and
our network, or any personal information provided to us or to any third party through or in
connection with the website.
Retention and Storage
8 -
143480\288259\48539521.7
We consider the following factors when determining how long we retain and store your
information:
Our legal and contractual obligations,
Our professional and ethical responsibilities,
The purpose for which your information was collected or processed,
Your requests to delete the information,
Retention periods in applicable laws and regulation, and
Our legitimate business purposes. We may retain your data to the extent it is necessary to
prevent fraudulent activity, to protect ourselves against liability, and to allow us to
enforce our contractual or other rights and to pursue available remedies and limit any
damages we might sustain.
Heirloom Roses stores personal information in the United States and other jurisdictions where
we do business. We take steps to process the data that we collect in accordance with this Policy’s
provisions and the requirements of applicable law, including those related to the cross-border
data transfers.
Linking To and From Outside Websites, Products, and Services
This Privacy Policy applies only to the information Heirloom Roses collects and processes. The
HeirloomRoses.com website, our content, or our communications could contain links to other
websites and services that are not owned or controlled by us. We are not responsible for and have
not reviewed the privacy practices of such sites or services, or the owners or operators of such
sites or services. We shall not be responsible or liable in any way as a result of your use of any
other sites or services. We encourage you to read the privacy policy associated with a given site
or service before submitting any information if you have concerns about how information may
be collected or used.
You may make a purchase from HeirloomRoses.com through a link from another website or
search engine. In such an event, please be aware that both HeirloomRoses.com and that website
or search engine may have access to certain portions of your information. Our Privacy Policy
does not apply to those other websites or search engines.
SMS Terms & Conditions
We may send you promotional emails or SMS (Short Message Service) notifications about
Heirloom Roses products that we hope will be of interest to you. You may select how often you
would like to receive promotional messages. You may also opt-out at any time, and we will stop
sending you promotional emails or SMS notifications. Consent to receive promotional emails or
SMS notifications is not a condition of using the Heirloom Roses services.
By opting in to receive SMS messages from Heirloom Roses, you agree to the following Terms
& Conditions:
9 -
143480\288259\48539521.7
1. Subscription: By providing your mobile number and opting in to receive SMS messages,
you consent to receive recurring automated marketing messages from Heirloom Roses at
the number provided. Message frequency may vary. Message and data rates may apply.
2. Opting Out: You can opt out of receiving SMS messages from Heirloom Roses at any
time by replying STOP to any message you receive. You will receive a confirmation
message upon successful opt-out. If you wish to opt back in, simply text START to the
same number.
3. Customer Support: For help or support regarding SMS messages, text HELP to the
number from which you are receiving messages. You can also contact Heirloom Roses
customer support at 1-800-820-0465 or info@heirloomroses.com.
4. Changes to Terms: Heirloom Roses reserves the right to update or modify these SMS
Terms & Conditions at any time without prior notice. Any changes will be effective
immediately upon posting the updated Terms & Conditions on the Heirloom Roses
website.
Consent: By providing your mobile number and opting in to receive SMS messages, you
consent to these SMS Terms & Conditions and to receiving marketing messages from Heirloom
Roses.
Your Rights and Control of Personal Information
Privacy laws provide individuals with specific rights regarding their personal information.
Depending on the jurisdiction in which you reside you may have some or all of the following
rights and choices regarding your information.
The right to be informed or to know. You may have the right to be informed of how we
process your information. For example, you may have the right to be informed or to
know:
o The categories of personal information we collect and process about you.
o The categories of sources for the personal information we collect and process
about you.
o The purposes for collecting or processing that personal information.
o The categories of personal information shared or disclosed to third parties, the
categories of those third parties, as well as the purposes of such sharing or
disclosure.
The right to access. You may have the right to access or view the personal information
we process about you.
10 -
143480\288259\48539521.7
The right of data portability. You may have the right to request a copy of your personal
information in electronic format and the right to transmit that personal data for use in
another service.
The right to correct. You have the right to request that Heirloom Roses correct any of
your personal information.
The right to delete. You have the right to request that Heirloom Roses delete any of your
personal information that we collect from you or process, subject to certain exceptions.
Once we receive and confirm your verifiable consumer request, we will delete (and notify
any relevant third parties to delete) your personal information, unless an exception
applies.
The right to not be subject to automated decision making.
The right to opt-out. You may have the right to limit our use of your personal information
or to opt-out of certain processing of personal information. For example, in some
jurisdictions, you may have the right to limit our use of your sensitive personal
information and to opt-out of targeted advertising.
Right to not be discriminated against for exercising your rights. If you exercise your
rights, we will not discriminate against you.
Exercising Your Rights
You can exercise your rights, as well as make choices regarding Heirloom Roses’ collection and
processing of your information through various methods and tools. For example, you can:
Contact us. You can request that we delete your personal information by contacting us at
info@HeirloomRoses.com .
Update your personal information. You may update your account information at any
time on the website.
Use browser controls. Most browsers provide settings to control your interactions with
cookies, which will impact the information processed by cookies on our digital
properties. Please refer to your browser for information on how to access these settings.
Your settings may impact your experience with our digital properties and the
functionality available to you.
Unsubscribe. With each marketing communication, you will be given the opportunity to
opt-out of receiving future marketing notices. You may also opt-out of receiving future
marketing notices by contacting Heirloom Roses’ customer support at 1-800-820-0465 or
info@HeirloomRoses.com. If you request that we not contact you for marketing purposes
(either by using the unsubscribe mechanism or by sending us an email), we reserve the
right to contact you for non-marketing purposes.
11 -
143480\288259\48539521.7
You, or someone legally authorized to act on your behalf, may make a request to exercise your
rights related to your personal information. We may ask that you:
Provide sufficient information that allows us to reasonably verify you or your authorized
representative’s authority to act on your behalf. Where possible, we will attempt to verify
your identity by only using we have previously collected from you, such as an e-mail
address. DO NOT SEND US SENSITIVE PERSONAL INFORMATION, such as a
social security number or picture of photo ID, in your initial request to exercise any
rights.
Describe your request with sufficient detail that allows us to properly understand,
evaluate, and respond to it.
We cannot respond to your request or provide you with personal information if we cannot verify
your identity or authority to make the request and/or confirm the personal information relates to
you. We will confirm receipt of any request to exercise your rights within ten (10) days of
receipt, and will endeavor to respond to a verifiable consumer request within thirty (30) days of
its receipt. If we require more time, we will inform you of the reason and extension period in
writing. We will deliver our written response by mail or electronically, at your option.
The response we provide will also explain the reasons we cannot comply with a request, if
applicable. For data portability requests, we will select a format to provide your personal
information that is readily useable and should allow you to transmit the information from one
entity to another entity without hindrance.
We do not charge a fee to process or respond to your verifiable consumer request unless it is
excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee,
we will tell you why we made that decision and provide you with a cost estimate before
completing your request.
Questions?
If you have any questions or comments about this Privacy Policy or the use of your information,
please email us at info@HeirloomRoses.com.
Privacy Policy Changes
We may revise this Policy at any time to enhance transparency. We may also update the Policy,
as necessary or as useful, in response to (1) changes in applicable laws, regulations, or standards,
(2) changes to our processing of personal information, or (3) changes to our business operations.
For example, we may modify the Policy if a new applicable law requires additional notices or if
we intend to collect new categories of personal information. We will post any revised Policy here
and provide a “Last Updated” date at the top of this Policy. In some cases, we might provide you
with additional notice (such as by adding a statement to the homepage our website). We
encourage you to review this Policy regularly to stay informed about our processing of personal
information, your rights, and your choices.