Privacy Policy for Customers Ordering from Flowers Harefield

Introduction

Flowers Harefield is committed to safeguarding your privacy and mentions compliance with the General Data Protection Regulation (GDPR) and applicable UK data protection laws. This Privacy Policy explains how we collect, use, store, and protect your personal information when you place orders with Flowers Harefield from Harefield and surrounding districts. By ordering from us, you acknowledge the practices described herein.

Scope of This Policy

This Privacy Policy applies to all individuals placing flowers orders with Flowers Harefield for delivery or collection within Harefield and the surrounding districts. It covers how we handle the personal data of our customers in relation to our services.

What Personal Data We Collect

We collect the minimum data necessary to provide you with our floral products and related customer services. The data collected may include:

  • Identity Data: Name and, if provided, title.
  • Contact Data: Delivery address, billing address, phone number (if provided), and other relevant delivery details.
  • Order Details: Products ordered, prices, delivery instructions, messages for cards, and transaction information.
  • Payment Data: Information required to process your payment (handled securely by our payment processor, we do not store card details).
  • Correspondence: Records of communications with us, such as queries, feedback, complaints, or reviews.

We do not collect or process special categories of personal data (sensitive information) unless specifically required for the order and only with your explicit consent.

Lawful Basis for Processing

Under the GDPR, we must have a lawful basis to process your personal data. Our primary lawful bases include:

  • Performance of a Contract: Processing is necessary to fulfil your order, manage payment, and arrange delivery or collection of your flowers.
  • Legal Obligation: Certain processing is required to meet accounting, tax, and regulatory requirements.
  • Legitimate Interests: Where necessary for our legitimate business interests, such as addressing customer enquiries, improving our services, and handling feedback. We always balance these interests against your privacy rights.
  • Consent: Where legally required, we may ask for your consent (such as for direct marketing communications). You have the right to withdraw consent at any time.

How We Use Your Personal Data

We process personal data for the following purposes:

  • To process and fulfil your orders, including arranging delivery and order communications.
  • To communicate with you regarding your order, respond to enquiries, and provide customer support.
  • To maintain business records, process accounting, and comply with legal obligations.
  • To improve our products and customer service experience.
  • To send promotional materials only if you have provided consent to receive such communications.

Retention of Personal Data

We retain personal data only for as long as necessary to fulfil the purposes for which it was collected, including satisfying legal, accounting, or reporting requirements. The typical retention periods are:

  • Order Records: Retained for up to 7 years to comply with tax and business regulations.
  • Customer Correspondence: Retained for up to 2 years from the date of your last contact.
  • Marketing Data: Retained until you withdraw your consent or unsubscribe from communications.

Upon expiry of these periods, your data will be securely deleted or anonymised unless further retention is required by law.

Data Processors and Third Parties

We may share your data with trusted service providers who assist in delivering our services, also known as data processors. These may include:

  • Payment service providers for secure transaction processing.
  • Delivery partners and florists assisting with orders to your specified address.
  • IT service providers supporting our website and business infrastructure.
  • Accountants or professional advisors for legal and regulatory compliance.

All third-party processors are bound by contractual agreements to use your data only for the designated purpose and to uphold GDPR standards of data protection. We never sell your information to third parties.

International Data Transfers

We endeavour to store and process your data within the UK and the European Economic Area (EEA). In the rare instance that data may need to be transferred outside these regions, we will ensure adequate safeguards are in place consistent with GDPR requirements.

Security Measures

Flowers Harefield employs appropriate security measures to prevent unauthorized access, disclosure, alteration, or destruction of your personal data. These include secure systems, regular staff training, and restricted access to sensitive information.

Your Rights Under GDPR

As a customer, you benefit from several rights regarding your personal data, including:

  • Right to Access: You can request a copy of the personal data we hold about you.
  • Right to Rectification: You can ask us to correct inaccurate or incomplete data.
  • Right to Erasure: In certain cases, you can request the deletion of your personal data.
  • Right to Object: You may object to our processing where it is based on legitimate interests or for direct marketing.
  • Right to Restrict Processing: You can ask us to suspend the processing of your personal data under certain circumstances.
  • Right to Data Portability: You can ask for a copy of your data in a commonly used electronic format.
  • Right to Withdraw Consent: Where we rely on your consent, you have the right to withdraw it at any time.

To exercise any of these rights, please contact us directly with details of your request. We may need to verify your identity before acting on your request and will respond within one month as required by law.

Updates to This Policy

We may update this Privacy Policy occasionally to reflect changes in our procedures or legal obligations. The latest version will always be available from Flowers Harefield on request or provided through our usual customer communication channels.

Contact Information

If you have questions about this Privacy Policy or how your data is handled, please contact us using our standard communication channels. We are committed to working transparently and in accordance with your rights as a valued customer.