Privacy Policy for Florist South Norwood Customers

Introduction

This Privacy Policy outlines how Florist South Norwood (“we”, “us”, “our”) collects, uses, stores, and protects your personal data in compliance with the General Data Protection Regulation (GDPR). This policy applies to all customers placing orders with Florist South Norwood in South Norwood and the surrounding districts.

What Personal Data We Collect

We collect and process a range of data to provide our floral products and related services to you. The personal data we gather includes, but is not limited to:

  • Identity Data: Full name, delivery recipient’s name
  • Contact Data: Address, delivery address, phone number, and (if provided) email address
  • Order Data: Information about orders you place, including specific products and delivery instructions
  • Payment Data: Limited payment details (e.g., confirmation from payment providers, but not your full card number or CVV as these are handled securely by third-party payment processors)
  • Correspondence: Any information you provide when you communicate with us (such as feedback, queries, or customer service requests)

Lawful Basis for Data Processing

Under the GDPR, we must have a valid legal reason to use your personal data. We rely on the following lawful bases for processing:

  • Contractual necessity: Most of the processing we undertake is essential for performing our contract with you, such as fulfilling your order, handling billing, and making deliveries.
  • Legitimate interests: We may process your information if it is necessary for our legitimate business interests, provided these do not override your data protection rights, for example: to improve our services, handle queries, or prevent fraud.
  • Legal obligations: In certain cases, we process personal data to comply with relevant legal requirements or to respond to requests by government authorities.
  • Consent: Where the law requires, we will ask for your explicit consent before processing certain data, such as for sending marketing communications.

How We Use Your Data

Your personal data is used for the following purposes:

  • To process and deliver your orders, including managing payments and handling delivery logistics
  • To communicate with you about your order and provide customer support
  • To respond to enquiries, feedback, or complaints
  • To improve our products and customer experience
  • To comply with legal, tax, and regulatory requirements

Data Retention

We retain your personal data only for as long as is necessary to fulfill the purposes for which it was collected, including for the purposes of satisfying any legal, accounting, or reporting requirements. Standard retention periods are as follows:

  • Order and Transaction Records: Retained for up to 7 years to comply with statutory and taxation obligations.
  • Customer Correspondence: Retained for up to 2 years after the last interaction to resolve ongoing queries and maintain service records.
  • Marketing Preferences: Retained until you withdraw your consent or unsubscribe from communications, after which your details will be removed from our active marketing database within a reasonable time.

After the relevant retention periods, your data will be securely deleted or anonymised so that it can no longer be associated with you.

Data Processors and Third Parties

We may share your personal data with carefully selected third-party service providers (data processors) who perform essential tasks on our behalf. These include:

  • Payment processors: To handle online payment transactions securely
  • Delivery partners: For arranging and executing floral deliveries
  • IT and Customer Support Providers: To maintain our booking systems and handle customer queries
  • Accountants and Professional Advisors: For auditing, accounting, and legal support purposes

All data processors are contractually required to protect your data, only process it as instructed by us, and comply with GDPR requirements. We do not sell or rent your information to third parties. We may also disclose your information if required by law or to protect our legal rights.

Your Data Protection Rights

Under the GDPR, you have a number of important rights regarding your personal data. These rights include:

  • Right to be informed: You have the right to be informed about the collection and use of your personal data.
  • Right of access: You may request a copy of the personal data we hold about you.
  • Right to rectification: You have the right to request correction of inaccurate or incomplete personal data.
  • Right to erasure: In certain circumstances, you may request the deletion of your personal data (‘right to be forgotten’).
  • Right to restrict processing: You can request we limit the use of your data in some scenarios.
  • Right to data portability: You can request that your data be provided in a form that allows you to transfer it to another provider.
  • Right to object: You may object to processing based on legitimate interests or direct marketing purposes.
  • Right to withdraw consent: Where processing is based on consent, you can withdraw it at any time.

If you wish to exercise these rights, please contact us using the contact form on our website or by post at our business address. We may require you to verify your identity before fulfilling your request.

International Transfers

Your data is typically processed within the United Kingdom or the European Economic Area (EEA), where data protection laws are in force. In the unlikely event your data is transferred outside the EEA, we will ensure appropriate safeguards are in place to protect your information.

How We Protect Your Data

We take your privacy seriously and have implemented physical, technical, and organisational measures to safeguard your personal data. Controls include restricted access, secure networks, regular staff training, and careful selection of third-party processors. Nonetheless, no online system is entirely secure; we cannot guarantee absolute security but strive to protect your data to the best of our ability.

Changes to This Policy

This Privacy Policy may be updated from time to time to reflect changes in the law, our practices, or for other operational reasons. We encourage you to review this Policy periodically. The date of the latest revision will always be indicated at the end of this document.

Contacting Us

If you have any questions, concerns, or requests about your personal data or this Privacy Policy, please reach out to us using the contact form on our website or by post to our registered business address in South Norwood.

Last updated: June 2024