Security & Privacy

Scope and Definitions

Flowers, Inc. d/b/a burton + BURTON® (the “Company” or “we”) has developed this privacy policy out of respect for the privacy of our customers and visitors to our website. This policy describes the personal information we collect, use, and disclose about individual consumers who visit or interact with this website, visit any of our offices, stores, facilities or locations, purchase or inquire about any of our products or services, or otherwise interact or do business with us.

Whenever you visit our website, we will collect some information from you automatically simply by you visiting and navigating through this site, and some voluntarily when you submit information using a form on the website, utilize the Live Chat feature on our website, enroll in or subscribe to our newsletter or marketing communications, request information, or use any of the other interactive portions of our website. Through this website, we will collect information that can identify you and/or your activity.

Additionally, whenever you communicate, interact or do business with us, whether online or at any of our physical locations or facilities we will be collecting personal information from you or about you in the course of our interaction or dealings with you.

The meaning of “personal information” may be defined based on your state of residence: in this policy, it means any information that can reasonably be used to identify an individual.

Consent to Share Personal Information When Using Live Chat Function

By using the Live Chat feature, you consent to our collection and analysis of all personal information provided. The Live Chat feature does not use any chatbot or artificial intelligence technology. Rather, each chat takes place with a live representative of the Company. We utilize a vendor called LivePerson (“Chat Vendor”) to process, analyze, and store the contents of the chat on our behalf. The Chat Vendor will not sell this data or share it besides the Company or another vendor engaged to assist in the services provided to the Company. The Chat Vendor will not use or disclose this data for any purpose other than providing services to the Company For more information on how the Chat Vendor may use or disclose your personal information, please review their privacy policy HERE. By using these forms and features, you direct the Company to disclose to and share with the Chat Vendor any personal information you provide. You cannot use the Live Chat feature without consenting to these terms and to the disclosure of your personal information to the Chat Vendor. If you do not consent to such disclosure, please do NOT use the Live Chat feature.

Collection of Personal Information and Sensitive Personal Information

Based on your specific transactions and interactions with us or our website, we will or may collect, and we have in the last 12 months collected, the following categories of personal information from or about you. For each category of information, the categories of third parties and service providers to whom we have disclosed the information in the last 12 months are referenced below. The examples provided for each category are not intended to be an exhaustive list or an indication of all specific pieces of information we collect from or about you in each category, but rather the examples are to provide you a meaningful understanding of the types of information that may be collected within each category.

Categories of Sensitive Personal Information Collected or Processed

Of the above categories of Personal Information, the following are categories of Sensitive Personal Information the Company may collect from or about consumers, independent contractors, or job applicants:

1. Account Information (your Company account log-in, in combination with any required security or access code, password, or credentials allowing access to the account)
2. Geolocation Data (IP address and/or GPS location, latitude & longitude)

Personal information does not include:

• Publicly available information from government records.
• Information that a business has a reasonable basis to believe is lawfully made available to the general public by the consumer, independent contractor, or applicant, or from widely distributed media.
• Information made available by a person to whom the consumer, independent contractor, or applicant has disclosed the information if the consumer, independent contractor, or applicant has not restricted the information to a specific audience.
• Deidentified or aggregated information.

Sources of Personal Information

We may collect your personal information from the following sources:

• You the consumer, independent contractor, or job applicant, when you visit the website and voluntarily submit information through forms on the website or social media, when you visit any of our stores or physical locations, when you purchase or inquire about any of our products or services, when you utilize the Chat feature on the website, when you enter into a contract to perform services for us, or when you apply for a position of employment
• Our employees, contractors, vendors, suppliers, guests, visitors, other consumers, and customers based on your interactions with them (if any)
• We utilize cookies to automatically collect information about our website visitors
• Surveillance cameras at our physical locations
• Lead generators and referral sources
• Social media platforms (e.g., Meta and LinkedIn)
• Company systems, networks, software applications, and databases you log into or use
• Third-party customer databases

To Whom We Disclose Personal Information

We may disclose, sell, or share your personal information to/with the following categories of service providers, contractors, or third parties:

• Financial institutions
• Promotional or other fulfilment vendors
• Marketing support vendors and vendors that support managing or hosting the website and the Chat function on the website
• Communication providers/vendors that facilitate, manage, and send/receive communications on our behalf via email, text/SMS, and phone,
• Lead providers (referral sources)
• Transaction support vendors (e.g., check guaranty, payment processors)
• Data analytics vendors
• Social media platforms (e.g., Meta and LinkedIn)
• Consulting and investigation firms, including HR consultants, safety consultants, and workplace investigators
• Security and risk management vendors, including IT, cybersecurity, and privacy vendors and consultants
• Insurance carriers, administrators, and brokers
• Corporate customers (meaning an entity, as opposed to a natural person, that purchases, leases, or finances any of our products or services)

Reasons Why We Collect, Use, Retain, and Disclose Personal Information

We may collect and disclose your personal information for any of the following business purposes:

1. To fulfill or meet the purpose for which you provided the information.
2. To process and submit financing applications, including to apply for credit, or credit pre-qualification.
3. To process, complete, and maintain records on transactions.
4. To provide warranty coverage on products and services.
5. To retain your selection for Text opt in/opt out to ensure customers who opted out are not sent any text messages.
6. To provide and communicate recall notifications to customers.
7. To schedule, manage and keep track of customer appointments.
8. To complete appraisals.
9. To maintain records of when customers decline a service or sale.
10. To respond to consumer inquiries, including requests for information, customer support online, Chat on the website, phone calls, and in-store inquiries.
11. To provide interest-based and targeted advertising.
12. To contact you by email, telephone calls, mail, SMS, or other equivalent forms of communication regarding updates or informative communications related to the functionalities, services, or other information you requested or asked the Company to provide to you.
13. To improve user experience on our website.
14. To understand the demographics of our website visitors.
15. To detect security incidents.
16. To debug, identify, and repair errors that impair existing intended functionality of our website.
17. To protect against malicious or illegal activity and prosecute those responsible.
18. To verify and respond to consumer requests.
19. To prevent identity theft.

Do We Sell Your Information?

We do NOT and will not sell or share your personal information in exchange for monetary consideration. However, we may sell or share some of your information to third parties for other valuable consideration, as noted in the table above.

We may sell or share your personal information for the following business or commercial purposes:

1. Marketing Purposes
2. Data Analytics Purposes

Other than these exceptions, we do not and will not disclose your personal information to any third party in exchange for monetary or other valuable consideration or share your personal information for cross-context behavioral advertising.

Notice of Right to Opt-Out of the Selling and Sharing of Your Information

Depending on the state where you reside, you may have the right to tell us NOT to sell or share your personal information. You have the full and free right to opt-out of our disclosure of your personal information to any third parties where the disclosure constitutes “selling” or “sharing” as defines by specific state laws. You may exercise your right to opt-out without fear of discrimination for doing so. To opt-out of our selling and sharing of your information, meaning we will not disclose your information to third parties for any monetary or other valuable consideration, you can do any of the following: Click HERE to open cookie preferences and opt-out. Visit our website at: https://www.burtonandburton.com/. Click on the Cookie at the bottom of the screen. Toggle ON the “Do Not Sell or Share My Personal Information” option. Click Save to make the Opt-Out take effect.

• You can use a Global Privacy Controls (GPC) signal. Flowers, Inc. d/b/a burton + BURTON® will process opt-out preferences from GPC signals, which are in formats commonly used and recognized by businesses, such as an HTTP field header, as requests to opt-out of sale or sharing. The GPC signal opt-out will only apply to the browser you are using on your device; it will not apply to other browsers and/or devices to which GPCs are not activated or to offline sales.
• If you are unable to submit an opt-out through the above method, please call our toll-free privacy line at 1-800-331-2359 for assistance and a representative will assist in meeting your needs.

You can have an authorized agent submit a request on your behalf. To submit an opt-out through use of an authorized agent, you must provide that agent with written permission signed by you to submit an opt-out on your behalf, except when using an opt-out preference signal. The authorized agent may call our toll-free privacy line at 1-800-331-2359 to make the opt-out request and for directions for submitting the proof of authorization and the authorized agent’s proof of identification to the Company. We maintain the right to deny any request from an authorized agent that does not submit sufficient proof that they have been authorized by you to act on your behalf.

A request to opt-out need not be a verifiable consumer request. However, we may deny a request to opt-out if we have a good faith, reasonable, and documented belief that a request to opt-out is fraudulent. If we deny your request to opt-out, we shall inform you of our decision not to comply and provide an explanation as to why we believe the request is fraudulent.

Opt-Out Preference Signals 

Opt-out preference signals provide consumers with a simple and easy-to-use method by which to exercise the right to opt-out of the selling and sharing of their information. Global Privacy Controls (GPC) or Universal Opt-Out Mechanism (UOOM) are user-enabled opt-out preference signals which can communicate a user’s “Do Not Sell or Share” request on behalf of the person or device. We will process opt-out preferences from GPC and UOOM signals which are in formats commonly used and recognized by businesses, such as an HTTP field header. We will treat a consumer’s use of GPCs or UOOMs as a valid request to opt-out of the selling and sharing of information for that browser. We currently do not connect browser use to particular consumers and, as such, you will need to use GPCs or UOOMs on all browsers in which you access our website and use our opt-out form to opt-out of offline sales.

Do Not Track (DNT) is a privacy preference that users can set if they do not want web services to collect information about their online activity. We do not respond to DNT signals or other mechanisms (with the exception of GPCs and UOOMs) that provide a choice regarding the collection of personal information about activities over time and across different websites or online services. We encourage users who have DNTs to use GPCs or UOOMs.

Notice of Rights of California Residents to Limit the Use of Your Sensitive Personal Information

We use or disclose your sensitive personal information for purposes that give rise to a right to limit the use and disclosure of your sensitive personal information under the California Consumer Privacy Act as amended by the California Privacy Rights Act (CCPA).

We use or disclose your sensitive personal information for purposes that give rise to a right (which is only available to California residents) to limit the use and disclosure of your sensitive personal information under the California Consumer Privacy Act (CCPA).

As provided by the CCPA, you have the right to limit our use or disclosure of your sensitive personal information to uses that are necessary to perform the services or provide the goods reasonably expected by an average consumer who requests those services or goods. You have the full and free right to limit our use or disclosure of your sensitive personal information as defined by the CCPA. You may exercise your right to limit without fear of discrimination for doing so. A request to limit need not be a verifiable request. However, we may deny a request to limit if we have a good faith, reasonable, and documented belief that a request to limit is fraudulent. If we deny your request to limit, we shall inform you of our decision not to comply and provide an explanation as to why we believe the request is fraudulent.

To limit the use or disclosure of your sensitive personal information, please see the instructions below for Submitting a Consumer Request.

Notice of Right to Opt-Out of Profiling, Automated Decision Making, and Targeted Advertising

Depending on your state of residence, you may have the right to opt out of targeted advertising and selling of your data. You may submit a request to exercise this right by submitting a request through one of the two options provided in the “Submitting a Consumer Request” section below.

We may create a profile regarding your interests and preferences for our products and services including your potential to purchase a product or service. For job applicants or independent contractors, we may create a profile regarding predispositions, behavior, attitudes, intelligence, abilities, and aptitudes for recruiting and hiring assessments and decisions. Depending on your state of residence, you may have the right to opt out of profiling in furtherance of decisions that produce legal or similarly significant effects.

U.S. Consumer Privacy Rights

Under the applicable U.S. Privacy Laws, depending on state of residence, Consumers may have the following rights, which can be exercised directly or, in certain cases, through an authorized agent:

Submitting a Consumer Request

You can submit any of the above types of consumer requests through either of the options below:

1. Submit an online request on our website at https://www.burtonandburton.com/.
2. Call our privacy toll-free line at 1-800-331-2359.

How We Will Verify That It Is Really You Submitting The Request:

When you submit a Right to Know, Right to Access, Right to Delete, or Right to Correct request through one of the methods provided above, we will need to confirm your state of residence to determine which rights apply and then we will need to verify your identity.

We will ask you to provide some information in order to verify your identity and respond to your request. Specifically, we will ask you to verify information that can be used to link your identity to particular records in our possession, which depends on the nature of your relationship and interaction with us. This process may require us to request additional personal information from you, including, but not limited to, your first name, last name, email address, phone number, state/province of residence, and/or country. During verification, we will only request the minimum personal information necessary to correctly identify you for the purpose of fulfilling your request.

In certain circumstances, we may decline a request to exercise the rights described above, particularly where these rights are not available in your state, or when we are unable to verify your identity or locate your information in our systems. If we are unable to comply with all or a portion of your request, we will explain the reasons for declining to comply with your request.

Designated Authorized Agent:

You may, depending on your state of residence, have the right to designate an authorized agent to submit one of the above requests on your behalf. To do so, you must either (a) execute a valid, verifiable, and notarized power of attorney or (b) provide other written, signed authorization that we can then verify. We maintain the right to deny any request from an authorized agent that does not submit sufficient proof that they have been authorized by you to act on your behalf.

Retention of Personal Information

We will retain each category of personal information in accordance with our established data retention policy and practice. In deciding how long to retain each category of personal information that we collect, we consider many criteria, including but not limited to the business purposes for which the Personal Information was collected; relevant federal, state and local recordkeeping laws; applicable statute of limitations for claims to which the information may be relevant; and legal preservation of evidence obligations.

We apply our data retention procedures on an annual basis to determine if the business purposes for collecting the personal information, and legal reasons for retaining the personal information, have both expired. If so, we will purge the information in a secure manner.

Third Party Vendors

We may use other companies and individuals to perform certain functions on our behalf. Examples include administering e-mail services and running special promotions. Such parties only have access to the personal information needed to perform these functions and may not use or store the information for any other purpose.

Business Transfers

In the event we sell or transfer a particular portion of its business assets, information of consumers, contractors and applicants may be one of the business assets transferred as part of the transaction. If substantially all of our assets are acquired, information of consumers, contractors and applicants may be transferred as part of the acquisition.

Compliance with Law and Safety

We may disclose specific personal and/or Sensitive Personal Information based on a good faith belief that such disclosure is necessary to comply with or conform to the law or that such disclosure is necessary to protect our employees or the public.

Use of Cookies, Pixels, and Other Tracking Technologies

Our website may store or retrieve information on your browser, mostly in the form of cookies. A cookie is a small piece of data (text file) that a website – when visited by a user – places on the user’s device to remember information about the user, such as the user’s language preference or login information.

This type of cookie is set by us and is referred to as a “first-party cookies.” Our website uses first-party cookies primarily to make the website work as you expect it to. For example, we use the information we collect through first-party cookies to allow you to navigate between pages efficiently, analyze how well our website is performing, and understand the content that you spent the most time reviewing. In some cases, we use first-party cookies to store information that we use for targeted advertising.

We also incorporate cookies and similar technologies, such as pixels, tags, and web beacons, from outside our website’s domain (“third-party cookies”). Third-party cookies gather information to enable our vendors to provide a range of services to us, including targeted advertising and measuring the success of our advertising campaigns.

Below is a detailed list of the categories of first- and third-party cookies we use on our website. You can prevent the collection of data by non-essential performance, functional, and marketing cookies by clicking on “Do Not Sell or Share My Personal Information” in our website footer and toggling off the related functionality.

How we use cookies

We make use of cookies under the following circumstances and for the following reasons:

• Provide you with services available through the website and to enable you to use some of its features
• Authenticate users and prevent fraudulent use of user accounts
• Identify if users have accepted the use of cookies on the website
• Compile data about website traffic and how users use the website to offer a better website experience
• Understand and save visitor preferences for future visits, such as remembering your login details or language preference, to provide you with a more personal experience, or to avoid you having to re-enter your preferences every time you use the website
• Track your browsing habits to enable us to show advertising which is more likely to be of interest to you, including advertising by third parties on our website

Information on Some of the Cookies in Use on our Site

For information on some of the cookies we use on our site and apps, please review the policies from our some of our vendors:

• Google Analytics
• Meta/Facebook
• LinkedIn

Essential Cookies  

Essential cookies are necessary for the website to function properly and cannot be switched off in our systems. They are usually only set in response to a site visitor’s request for services, such as a visitor setting their privacy preferences, logging in, or filling in forms. You can set your browser to block or alert you about these cookies, but blocking these cookies will prevent the website from working correctly or might prevent the Website from working at all.

Non-Essential Cookies

Non-Essential cookies are not essential to the website functionality but serve some other unique purpose in three subcategories:

1. “Performance” cookies (sometimes referred to as static cookies) collect information about the user’s behavior on the website without collecting personal information, for example:

• Pages the user visits.
• Ads the user views.
• Ads or site features that the user clicks.

2. “Functional” cookies (sometimes called preference cookies) track and remember the user’s preferences and past choices on the website to provide a personalized user experience. For example, functional cookies can collect:

• Usernames
• Passwords
• Regions

3. “Marketing” cookies (sometimes called tracking or advertising cookies) can track:

• Content the user views
• Links the user follows
• The user’s browser and device information and IP address

Please note: Organizations can use marketing cookies to track and influence users by building user profiles or displaying advertisements.

Cookie Management

You can control and manage cookies associated with your browser. If you are interested in controlling and managing cookies from your browser including any set by our Website, please refer to http://www.allaboutcookies.org/manage-cookies/index.html for information on different ways to configure your browser’s cookie settings.

If you want to clear all cookies left behind by the websites you have visited, here are links where you can download three third party programs that clean out tracking cookies.

• http://www.lavasoftusa.com/products/ad-aware_se_personal.php
• http://www.spybot.info/en/download/index.html
• http://www.webroot.com/consumer/products/spysweeper/

You may delete cookies from your web browser at any time or block cookies on your equipment, but this may affect the functioning of or even block the website. You can prevent saving of cookies (disable and delete them) by changing your browser settings accordingly at any time. It is possible that some functions will not be available on our website when use of cookies is deactivated. Check the settings of your browser. Below you can find some guidance:

• Safari
• Opera
• Internet Explorer
• Google Chrome
• Mozilla

Do Not Track (DNT) is a privacy preference that users can set if they do not want web services to collect information about their online activity. We do not respond to DNT signals.

You can adjust your advertising preferences on mobile devices through your device settings. Below you can find guidance based on your mobile device type:

• Apple
• Android

DAA

Many advertising companies that collect information for interest-based advertising are members of the Digital Advertising Alliance (DAA), which maintains a self-regulatory program along with a website where people can opt out of interest-based advertising from their members. To opt-out of website interest-based advertising provided by this organization’s respective participating companies, visit the DAA’s opt-out portal available at http://optout.aboutads.info/.

• To opt-out of data collection for interest-based advertising across mobile applications by participating companies, download the DAA’s AppChoices mobile application opt-out offering found here: https://youradchoices.com/appchoices.

Non-Participant Opt-Out Options

• Some of our vendors do not participate in the DAA self-regulatory program for online behavioral advertising or have developed their own processes for allowing consumers to opt-out: https://branch.app.link/optout
• Some devices and apps do not have access to web-based browser cookie opt-outs. To learn more about the advertising opt-outs provided by your mobile device's operating system (like iOS and Android) or the device manufacture, click 

External Links

Our website contains links to other sites. We are not responsible for the privacy practices or the content of such websites. To help ensure the protection of your privacy, we recommend that you review the Privacy Policy of any site you visit via a link from our website.

Passwords

The personal data record created through your registration with our website can only be accessed with the unique password associated with that record. To protect the integrity of the information contained in this record, you should not disclose or otherwise reveal your password to third parties.

Children Under the Age of 16

We do not knowingly sell or share the personal information of consumers under 16 years of age.

How We Protect the Information that We Collect

The protection of the information that we collect about visitors to this website is of the utmost importance to us and we take every reasonable measure to ensure that protection, including:

• We use commercially reasonable tools and techniques to protect against unauthorized access to our systems.
• We restrict access to private information to those who need such access in the course of their duties for us.
• We keep automatically collected data and voluntarily collected data separate at all times.

International Visitors

We do not target, market to, or offer our products or services to consumers outside of the United States. You agree not to submit your personally identifiable information through the website if you reside outside the United States.

Consent to Terms and Conditions

By using this website, you consent to all terms and conditions expressed in this Privacy Policy.

Changes to Our Privacy Policy

As our services evolve and we perceive the need or desirability of using information collected in other ways, we may from time to time amend this Privacy Policy. We encourage you to check our website frequently to see the current Privacy Policy in effect and any changes that may have been made to them. If we make material changes to this Privacy Policy, we will post the revised Privacy Policy and the revised effective date on this website. Please check back here periodically or contact us at the address listed at the end of this Privacy Policy.

Consumers With Disabilities

This policy is in a form that is accessible to consumers with disabilities.

Questions About the Policy

This website is owned and operated by the Company. If you have any questions about this Privacy Policy, please contact us at privacy@burtonandburton.com or call  1-800-331-2359.

**This policy was last updated November 17, 2025.