Privacy Policy for Customers Ordering Flower Delivery St Paul's Cray

Introduction

This Privacy Policy applies to all customers who place orders with Flower Delivery St Paul's Cray in St Paul's Cray and surrounding districts. We are committed to safeguarding your personal data in compliance with the EU General Data Protection Regulation (GDPR). This policy explains what information we collect, how and why we use it, the legal bases for our processing, how long we keep your data, with whom we may share it, and your rights as a data subject.

Scope of This Privacy Policy

This policy covers personal data collected and processed by Flower Delivery St Paul's Cray when you place flower delivery orders with us, whether through our website, over the telephone, or in person, specifically for residents and recipients in St Paul's Cray and its neighbouring districts.

Personal Data We Collect

We collect the following categories of personal data for the purposes of fulfilling your flower delivery orders and providing customer service:

  • Identity Data: Your name, title, and contact details (such as address and phone number).
  • Recipient Data: The recipient's name, address, and contact details if different from your own.
  • Order and Transaction Data: Details of your orders, payments, delivery instructions, and correspondence related to your order.
  • Payment Data: Payment card details (processed via secure third-party payment providers).
  • Technical Data: IP address, browser type, and related data, if you use our website.
  • Preferences: Delivery preferences and any message you wish to include with the flowers.

Lawful Bases for Processing Your Data

We process your personal data under the following GDPR lawful bases:

  • Contractual Necessity: Processing is necessary for us to fulfil your order and provide the requested flower delivery services.
  • Legal Compliance: We may process data to comply with legal or regulatory obligations, such as record-keeping for tax purposes.
  • Legitimate Interests: Processing is performed for our legitimate interests, including fraud prevention, service improvement, and responding to your enquiries, provided these interests do not override your data rights and freedoms.
  • Consent: Where we seek your explicit consent, such as for marketing communications, you have the right to withdraw your consent at any time.

How We Use Your Data

Your personal data is used exclusively for the following purposes:

  • To process and deliver your flower orders
  • To communicate with you regarding your order status and delivery
  • To process payments and refunds
  • To respond to your enquiries or feedback
  • To improve our products and customer experiences
  • To comply with legal and regulatory requirements
  • With your consent, to send you information about promotions or products we think might interest you

Third-Party Data Processors

We work with trusted external providers who support us in providing our services. These providers act as ‘data processors’ and are only permitted to process your data on our instruction and in accordance with this Privacy Policy. Examples include:

  • Payment processing services (for handling card transactions securely)
  • Delivery couriers (to deliver your orders to the correct address)
  • IT and website hosting companies (to help us run and maintain our website and systems)

We ensure all processors are GDPR-compliant, process your data securely, and do not use your information for their own purposes.

Data Retention

We retain your personal data only as long as necessary for the purpose for which it was collected, including to satisfy any legal, accounting, or reporting requirements. Typically, order and transaction data are kept for up to six years to comply with tax and contractual obligations. Once the retention period ends, we securely delete or anonymise your data.

Data Security

We implement appropriate technical and organisational measures to safeguard your personal data against accidental loss, unauthorised access, disclosure, alteration, or destruction. These measures are regularly reviewed and updated to address new security risks.

Your Data Protection Rights

Under the GDPR, you have specific rights regarding your personal data:

  • Right to Access: You may request a copy of the personal data we hold about you.
  • Right to Rectification: You may ask us to correct any inaccuracies or incomplete data.
  • Right to Erasure: You may request deletion of your personal data where there is no legal reason for us to continue processing it.
  • Right to Restrict Processing: You may request we suspend processing if you contest its accuracy or our reason for processing it.
  • Right to Data Portability: You may request transfer of your data to another service provider, where technically feasible.
  • Right to Object: You may object to processing based on our legitimate interests or for direct marketing.
  • Right to Withdraw Consent: Where processing is based on your consent, you may withdraw this at any time.

To exercise any of these rights, please contact us using the methods described on our website or in your order confirmation documentation. We will respond to requests within one month, as required by GDPR.

Policy Updates

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. The revised policy will be effective immediately once published. Please review this page periodically to stay informed about how we protect your data.

Contact and Complaints

If you have questions about this Policy or wish to make a complaint about how your data has been handled, please contact us using the options provided with your order or displayed on our website. You also have the right to lodge a complaint with the UK Information Commissioner's Office if you are unhappy with our response.

This Privacy Policy is effective as of 25 June 2024.