Privacy Policy for Flower Delivery Wood Green Customers

Introduction

Flower Delivery Wood Green (“we”, “us”, or “our”) is committed to protecting and respecting your privacy. This Privacy Policy explains how we collect, use, store, and protect your personal information, and explains your rights under the EU General Data Protection Regulation (“GDPR”). This policy applies to all customers placing Flower Delivery Wood Green orders from Wood Green and the surrounding districts.

Data We Collect

We may collect and process the following categories of personal data about you when you use our services:

  • Identity Data: Name, title.
  • Contact Data: Address, postcode, delivery address, phone number (if you provide it), and any other contact details supplied when placing an order.
  • Order Data: Details of the flower products or services you order from us, occasion types, order instructions, and delivery preferences.
  • Payment Information: Transaction details (excluding full card details, which are processed securely by our payment processors; only payment confirmation data and billing address are retained by us).
  • Communications: Correspondence with us (via website forms or other written means), feedback, and complaints.
  • Technical Data: IP addresses, browser types, access times and referring website addresses, as automatically logged by our website for operational security and analytics.

Lawful Bases for Processing

Under the GDPR, we must have a valid lawful basis to process your personal data. We rely on the following lawful bases:

  • Contract: Processing is necessary to fulfil your order and provide the requested products and services.
  • Legal Obligation: Processing is required to comply with laws regulating transactions and tax records.
  • Legitimate Interests: For business analytics, service improvement, security, and responding to enquiries or complaints, provided those interests are not overridden by your rights and interests.
  • Consent: Where required, such as for optional marketing communications (you can withdraw consent at any time).

How We Use Your Data

Your data is used solely for the purposes for which it was collected. The main ways we process your data include:

  • Processing and fulfilling your orders and deliveries.
  • Managing payments and transactions.
  • Communicating with you regarding your order, responding to enquiries, and managing complaints.
  • Maintaining business records for accounting and statutory requirements.
  • Improving our website, services, and user experience based on analytics and feedback.
  • Providing information about similar products or services, where permitted and as per your communication preferences.

Data Retention

We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected, including satisfying any legal, accounting, or reporting obligations. The retention periods typically are:

  • Order and Contact Data: Kept for up to 7 years after your most recent order to meet legal and accounting obligations.
  • Payment Records: Transaction details (not card details) are retained for 7 years in line with tax and financial regulations.
  • Communications: Retained for up to 3 years from correspondence unless a longer retention period is required due to ongoing matters.
  • Marketing Preferences: Retained until you withdraw your consent or request erasure.

Data may be anonymised for statistical or research purposes and retained indefinitely without further notice to you.

Processors and Data Sharing

To facilitate our services, we may share your data with trusted providers (“processors”) who process personal data on our behalf. These may include payment service providers, web hosting companies, delivery partners, IT support, and analytics services. Each processor is contractually required to process your data only as instructed by us, to keep your data secure, and to comply with the GDPR.

We do not sell, lease, or trade your data to third parties. Your data will only be disclosed to third parties if required for order fulfilment, compliance with legal obligations, to protect your rights, or where you have given your explicit consent. If required by law or regulatory authority, we may also disclose personal information accordingly.

Where processors process your data in locations outside the UK or European Economic Area, we ensure appropriate safeguards are in place in compliance with GDPR, such as standard contractual clauses.

Your Rights

Under GDPR, you have the following rights regarding your personal data:

  • Right to Access: Request a copy of the personal data we hold about you.
  • Right to Rectification: Request corrections to incomplete or inaccurate data.
  • Right to Erasure: Request deletion of your personal data, subject to legal or contractual obligations.
  • Right to Restrict Processing: Request limitation on how your data is processed in certain circumstances.
  • Right to Data Portability: Request a copy of your data in a structured, commonly used, and machine-readable format.
  • Right to Object: Object to processing where it is based on our legitimate interests, or for direct marketing purposes.
  • Right to Withdraw Consent: Where we rely on your consent to process data, you may withdraw consent at any time without impacting the lawfulness of processing prior to withdrawal.

To exercise any of these rights, or to raise a concern, please contact us using the details provided on our website.

Security and Your Data

We use a variety of technical and organisational measures to safeguard your personal data from loss, theft, unauthorised access, and accidental disclosure. Only authorised staff and trusted processors can access personal data, and only for purposes described in this policy. Our website uses appropriate security protocols, and data is encrypted in transit where applicable.

Changes to this Privacy Policy

This policy may be updated occasionally to reflect changes in our practices, applicable law, or technology. We recommend reviewing this policy each time you use our services. Your continued use of our services constitutes your acceptance of the Privacy Policy as updated at that time.

Contact and Complaints

If you have questions about this Privacy Policy, your personal data, or wish to exercise your rights, please reach out using the contact details listed on our website. If you are unsatisfied with our response, you have the right to lodge a complaint with the Information Commissioner’s Office (ICO) or the relevant data protection authority applicable to your location.