Flowers Erith Privacy Policy for Customer Orders

Introduction

This Privacy Policy explains how Flowers Erith ("we", "our", "us") collects, uses, processes, and protects your personal data when you place an order with us. It applies to all customers purchasing from Flowers Erith within Erith and its surrounding districts. We are committed to upholding your rights and meeting our obligations under the General Data Protection Regulation (GDPR).

Who Is Covered by This Policy?

This policy covers anyone placing orders with Flowers Erith from Erith and the surrounding districts. It applies regardless of how you interact with us, whether online, over the phone, or in-person, and to all methods of payment and delivery.

What Personal Data We Collect

When you place an order or make an enquiry with Flowers Erith, we may collect and process the following types of personal data:

  • Identity information: such as your full name.
  • Contact details: including your address, phone number, and (where applicable) email address.
  • Order details: products requested, special preferences, delivery details, and any messages you ask us to include.
  • Payment information: such as transaction details. Payment card data is not stored by us but is handled securely through our payment processor.
  • Correspondence: any communication you have with us, such as emails, messages, or telephone conversations.
  • Website usage data: if you access our website, we may collect limited analytics data (such as IP address, browser type, and pages visited) through cookies and similar technologies.

Lawful Basis for Data Processing

Under GDPR, we are required to have a lawful basis for processing your data. Flowers Erith uses the following legal bases:

  • Contractual necessity: The majority of your personal data is collected and processed for the purpose of fulfilling your order and providing requested services (e.g., delivery and order confirmation).
  • Legal obligation: In certain cases, we must retain some data for accounting, tax, and record-keeping obligations imposed by law.
  • Legitimate interests: We may process your data for network security, to improve our services, or respond to your enquiries, provided this does not override your rights and freedoms.
  • Consent: Where you provide optional information, or where required for direct marketing, we will request your explicit consent.

How We Use Your Information

Your personal data is used for the following purposes:

  • Processing and fulfilling your flower order, including managing payment and arranging delivery.
  • Communicating with you regarding your order status, requested products, or any issues related to your purchase.
  • Responding to your customer service enquiries or complaints.
  • Maintaining internal records for accounting and legal compliance.
  • Improving our services and business operations.
  • Where applicable, sending you marketing communications if you have explicitly agreed to receive them.

Who We Share Your Data With (Data Processors)

Your data may be shared, where necessary, with trusted third parties acting as Data Processors. These include:

  • Payment service providers: To securely process your payments. Flowers Erith does not store your payment card details; these are handled by our payment processor.
  • IT service providers: For hosting our website, maintaining our order management system, or providing secure communication tools.
  • Delivery partners: To fulfil arrangements for flower delivery.

All processors only have access to the data required to perform their specific functions and must comply with strict confidentiality and data protection requirements in line with GDPR.

Retention Periods

We retain your personal data only for as long as necessary to fulfil the purposes described in this policy, including satisfying legal, accounting, or reporting obligations. Typically, this means:

  • Order details and associated customer data are kept for 6 years to comply with UK accounting and tax law.
  • Marketing consent records and preferences are retained until you withdraw consent or request deletion.
  • Correspondence and complaint records are stored for up to 2 years from the date of your last contact with us, unless a longer retention period is required by law or for resolution of ongoing issues.

After these retention periods expire, your personal data will be securely deleted or anonymised.

Your Data Protection Rights

Under the GDPR, you have the following rights regarding your personal data:

  • Right of access: You can request confirmation of what personal data we hold about you and obtain a copy.
  • Right to rectification: If your information is inaccurate or incomplete, you have the right to request correction.
  • Right to erasure: You can request deletion of your personal data where it is no longer necessary for the purposes collected, or if processing was based on consent which you withdraw.
  • Right to restriction: You can request we restrict the processing of your data in certain circumstances.
  • Right to data portability: Where processing is based on consent or contract and is automated, you may request transfer of your data to you or another provider.
  • Right to object: You may object to processing based on legitimate interests or direct marketing.
  • Right to withdraw consent: If we are processing your data based on your consent, you may withdraw this at any time.

To exercise these rights or for any enquiries regarding your personal data, please contact us through our usual customer contact methods or by written request. Please note that proof of identity may be required for data access or other rights requests.

Security of Your Information

We take the security of your personal data seriously. Appropriate technical and organisational measures are in place to protect your information from unauthorised access, alteration, disclosure, or destruction. We regularly review our security protocols, restrict access to personal data, and work only with processors who meet high standards for data protection.

Changes to This Privacy Policy

Flowers Erith may amend this Privacy Policy from time to time to ensure compliance with laws and best practice. Any changes will be updated here; please check periodically for updates. Material changes to our data practices will be clearly communicated to customers where required.

How to Complain or Seek Further Information

If you have concerns about how your data is being processed, you can contact us for clarification or complaint via our standard customer service channels. You also have the right to lodge a complaint with the UK Information Commissioner’s Office (ICO) if you are dissatisfied with our response or data handling practices.

This Privacy Policy is effective as of 1st June 2024 and applies to all orders made in Erith and the surrounding districts.