Flowers South Norwood Privacy Policy

Introduction

This Privacy Policy explains how Flowers South Norwood (“we”, "us", or "our") collects, uses, stores, and protects personal data of customers who place orders with us from South Norwood and surrounding districts. We are committed to safeguarding the privacy and rights of our customers and ensuring that personal data is handled in compliance with the General Data Protection Regulation (GDPR) and relevant UK data protection laws.

Scope of this Policy

This Privacy Policy applies to all customers placing orders for products and services with Flowers South Norwood, whether the order is online, via phone, or in person. It covers how we process the personal data of customers residing in or ordering for delivery within South Norwood and neighboring areas.

What Personal Data We Collect

When you order from us, we may collect and process the following categories of personal data:

  • Contact Details: Name, address, phone number, and (if provided) email address of the customer and/or recipient.
  • Order Details: Products ordered, messages to recipients, delivery preferences, and special instructions.
  • Payment Information: Transaction details (such as payment amount and date). We do not store full card numbers; payments are processed securely by external providers.
  • Technical Data: Device information, IP address, and browser details collected via our website for operational and security purposes.
  • Communication History: Records of communications, including queries and complaints, to assist with customer service and order fulfilment.

Lawful Basis for Processing

Flowers South Norwood processes your personal data on the following lawful grounds as outlined in Article 6 of the GDPR:

  • Performance of a Contract: Most of the data we collect and process is necessary for fulfilling your order and delivering flowers and gifts to the intended recipient.
  • Legal Obligation: We may process certain data to comply with legal or regulatory requirements (e.g., record-keeping for tax purposes).
  • Legitimate Interests: We may process your data for security, to improve our services, or to handle queries and complaints, provided that such interests are not overridden by your rights and freedoms.
  • Consent: If you opt in to receive marketing communications, we will rely on your explicit consent, which you can withdraw at any time.

How We Use Your Data

Your personal data is used for the following purposes:

  • Processing and fulfilling your orders, including delivery and after-sales support.
  • Sending order confirmations, invoices, and service-related notifications.
  • Managing payment transactions securely through trusted payment processors.
  • Responding to your queries, feedback, or complaints.
  • Maintaining internal records required by law or good business practice.
  • Improving our products, services, and website experience.
  • Marketing (only with your explicit consent) and special offers specific to Flowers South Norwood.

Data Retention

We retain your personal data only as long as is necessary to fulfill the purposes it was collected for, including for the purposes of satisfying any legal, accounting, or reporting requirements.

Typical retention periods are as follows:

  • Order Records and Contact Data: Retained for up to 6 years to comply with legal obligations and for potential customer service queries.
  • Communication History: Retained for up to 2 years after the inquiry has been resolved.
  • Marketing Data: Retained until you withdraw your consent or unsubscribe from our communications.

After the relevant retention period, your data is securely deleted or anonymized.

Processors and Data Sharing

We only share your personal data with trusted third-party processors where necessary to provide our services. These include:

  • Payment Service Providers: To process payments securely; we do not store full card details.
  • IT and Delivery Partners: Providers of website hosting, delivery logistics, and order management systems who act strictly under our instructions.
  • Professional Advisors: For legal, financial, or accounting services, only where strictly necessary.

All third-party processors are required by contract to process your data securely and in accordance with GDPR. We do not sell or rent your personal data to third parties for marketing purposes.

International Data Transfers

Your data is generally processed and stored within the United Kingdom or the European Economic Area (EEA). If we transfer personal data outside these areas, we ensure such data is given adequate protection as required by applicable law, for instance through standard contractual clauses or other safeguards permitted under GDPR.

Your Data Protection Rights

Under GDPR and UK data protection law, you have a number of rights regarding your personal data:

  • Right to Access: You may request a copy of the data we hold about you.
  • Right to Rectification: You can request corrections to any inaccurate or incomplete information.
  • Right to Erasure: You may ask us to delete your personal data, subject to any overriding legal requirements.
  • Right to Restrict Processing: You can request that we limit the processing of your data in specific circumstances.
  • Right to Data Portability: You may request a copy of your data in a commonly used, machine-readable format.
  • Right to Object: You have the right to object to how we process your data based on our legitimate interests or for marketing purposes.
  • Right to Withdraw Consent: Where processing is based on consent, you can withdraw your consent at any time.

To exercise any of these rights, please contact us with details of your request. We may need to verify your identity before responding to any such request.

Security Measures

We take the security of your personal data seriously. We have implemented appropriate technical and organizational safeguards to protect data against unauthorized access, alteration, disclosure, or destruction. This includes secure servers, restricted access, encryption where applicable, and regular review of our security procedures.

Changes to this Policy

We may update this Privacy Policy from time to time in response to legal, technical, or business developments. The most current version will always be available to customers upon request or via our website. Significant changes will be communicated where appropriate.

How to Contact Us or Lodge a Complaint

If you have questions about this Privacy Policy or our data practices, or if you wish to exercise your data protection rights or lodge a complaint, please contact us using the details provided on our official correspondence and website. If you are unsatisfied with our response, you may contact the UK Information Commissioner’s Office (ICO) for further guidance or to file a complaint.