Privacy Policy for Customers of Flower Delivery Orpington

Introduction

This Privacy Policy explains how Flower Delivery Orpington collects, uses, and protects your personal information in accordance with the General Data Protection Regulation (GDPR). It applies to all individuals placing flower delivery orders in Orpington and its surrounding districts. We are committed to respecting and protecting your privacy at all times.

What Data We Collect

When you use our services to order flowers for delivery, we may collect and process the following categories of personal data:

  • Contact Information: This includes your full name, delivery address, billing address, and phone number.
  • Order Details: Information about your purchase, such as the products selected, delivery preferences, and personalised messages for the recipient.
  • Recipient Information: Name, address, and contact details of the recipient (when different to the purchaser).
  • Payment Information: Payment card details or other payment method information (handled via secure third-party payment processors).
  • Communication Data: Any correspondence you have with us, including messages and feedback related to your orders.
  • Technical Information: Your IP address, browser type and version, device identifiers, and information about how you interact with our website.

Lawful Basis for Data Processing

The lawful bases under which we process your personal data are as follows:

  • Contractual Necessity: Processing your data is required in order to fulfil your flower delivery order and provide related customer services.
  • Legitimate Interests: We may process your details to improve our services, protect against fraud, or respond to your questions, as long as our interests are not overridden by your rights.
  • Legal Obligations: In certain cases, we may need to retain or disclose data to comply with accounting, tax, or other legal obligations.
  • Consent: Where required, we may seek your explicit consent before using your information for purposes such as marketing communications.

How We Use Your Personal Data

Your data is used for the following purposes:

  • To process and deliver your flower order to the specified address
  • To communicate with you regarding your order status or delivery details
  • For customer support and to address any enquiries you may have
  • To improve our product offerings and website user experience
  • To handle payments and prevent fraudulent transactions

Data Retention

Flower Delivery Orpington retains your personal data only for as long as necessary to fulfil the purposes for which it was originally collected. Specifically:

  • Order and Delivery Data: Retained for up to 7 years to comply with accounting and regulatory requirements.
  • Customer Account Data: If you create an account, your data will remain active until you request deletion or we deactivate inactive accounts.
  • Marketing Data: Retained until you withdraw consent or opt out of receiving further communications.
  • When data are no longer needed, they are securely deleted or anonymised.

Data Processors and Sharing

To effectively provide our services, we may share your data with trusted third-party service providers, known as data processors, who act on our instructions and are bound by confidentiality and data protection commitments. These may include:

  • Payment processors for secure transactions
  • IT support and hosting providers to maintain our website and databases
  • Delivery and courier partners responsible for fulfilling your flower delivery
  • Professional advisors (such as accountants and legal advisors) where necessary for compliance and business administration

We do not sell, rent, or otherwise disclose your personal information to unrelated third parties for their independent use.

International Data Transfers

As a local business, we primarily process and store your data within the United Kingdom or European Economic Area (EEA). Should your data need to be transferred outside these jurisdictions, we will ensure that adequate safeguards are in place to protect your privacy rights, such as adopting standard contractual clauses or relying on adequacy decisions where applicable.

Your Data Protection Rights

Under the GDPR, you have certain rights in relation to your personal data:

  • The Right to Access: You can request a copy of the personal data we hold about you.
  • The Right to Rectification: You may ask us to correct or update any inaccurate or incomplete data.
  • The Right to Erasure: You can request the deletion of your personal data in specific circumstances, such as when it is no longer needed or you withdraw consent.
  • The Right to Restrict Processing: You may ask us to pause processing your data if you believe it is inaccurate or being used unlawfully.
  • The Right to Data Portability: You can request your data in a commonly used, machine-readable format for your own purposes or to transfer to another provider.
  • The Right to Object: Where we rely on legitimate interests, you may object to certain types of processing.
  • The Right to Withdraw Consent: If we process your data based on consent, you may withdraw it at any time.
  • The Right to Lodge a Complaint: You have the right to complain to the relevant data protection authority if you are dissatisfied with how we handle your data.

Security Measures

We take appropriate technical and organisational measures to protect your personal information from unauthorised access, alteration, disclosure, or destruction. This includes secure storage of data, regular security assessments, and staff training on data protection principles. Payment data is handled by certified third-party payment processors using industry-standard encryption.

Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or service offerings. Updated versions will be made publicly available and become effective upon publication.

Contact and Further Information

If you have any questions or concerns about this Privacy Policy or your personal data, you are encouraged to contact us through our website contact form or by post. We are committed to addressing your queries and ensuring your rights are upheld.