Privacy Policy for Flowers Herne Hill Customers

Introduction

This Privacy Policy describes how Flowers Herne Hill collects, uses, stores, and protects your personal data in accordance with the General Data Protection Regulation (GDPR). Our policy applies to all individuals who place flower orders with Flowers Herne Hill from Herne Hill and surrounding districts. We take your privacy seriously and are committed to ensuring the security and confidentiality of your information.

What Personal Data We Collect

When you place an order with Flowers Herne Hill, we collect only the personal data necessary to process and fulfill your order, provide customer service, and to comply with legal obligations. Depending on your interaction with us, the types of personal data we may collect include:

  • Contact Information: Name, address, delivery address, and contact details such as phone number.
  • Order Details: Information about your floral order, delivery date and instructions, and any personal message you include with your flowers.
  • Payment Information: Payment details such as transaction reference number. Please note that payment card details are processed securely by our payment processor and are not stored by Flowers Herne Hill.
  • Communication Records: Any correspondence or enquiries you send to us, including feedback, complaints, or reviews.
  • Technical Data: Limited information captured through cookies or similar technologies when you use our website (such as IP address and browser type).

Lawful Basis for Processing Your Data

We only process your personal data when we have a lawful basis to do so, in compliance with GDPR. The principal lawful bases relied upon by Flowers Herne Hill include:

  • Performance of a Contract: Processing your orders and delivering your selected flowers.
  • Legal Obligations: Fulfilling our duties related to tax, accounting, and regulatory requirements.
  • Legitimate Interests: Ensuring the smooth operation of our services, dealing with customer queries, and making improvements to our service (only when your interests and fundamental rights do not override these interests).
  • Consent: When you explicitly grant permission, for example, to receive marketing communications. You can withdraw your consent at any time.

How We Use Your Data

We use your personal data solely for the purposes described below:

  • To process and fulfill your floral orders.
  • To keep you updated on your order status and delivery information.
  • To respond to your queries and provide customer support.
  • To comply with our legal and regulatory obligations.
  • To improve our services by analyzing customer feedback and usage trends (using aggregate, non-identifiable data wherever possible).

Data Retention

Your personal data is retained only for as long as necessary to fulfill the purposes for which it was collected or to comply with legal, accounting, or reporting requirements. As a general rule:

  • Order and contact data are kept for up to six years after your final transaction to comply with tax and legal requirements.
  • Enquiries and communication records are retained for no longer than twelve months unless further retention is required for ongoing support or legal reasons.
  • Data used for marketing purposes is held until you withdraw your consent or opt out of communications.

After the relevant retention period, your data is securely deleted or anonymized so that it can no longer be associated with you.

Processors and Shared Data

To provide our services, Flowers Herne Hill uses third-party data processors who support functions such as payment processing, website hosting, and order delivery. Our processors are verified to ensure GDPR compliance and are only permitted to process your data for specified purposes on our behalf. Examples of third parties with whom your data might be shared include:

  • Payment service providers for securely authorizing your transactions.
  • Delivery or courier partners for fulfilling and tracking your floral deliveries.
  • IT support and software providers (for our order/website management systems).

We never sell or share your personal data with third-party marketing companies. In all cases, we require our data processors to use appropriate security measures to protect your data and to process it strictly under our instructions. Data may be disclosed to authorities if required by law or to protect our legal interests.

Data Security

We implement appropriate technical and organizational measures to protect your personal data from unauthorized access, loss, alteration, or disclosure. This includes secure servers, encryption, and regular security reviews. Access to your personal information is restricted to personnel and service providers on a need-to-know basis only.

Your Rights Under GDPR

Under the GDPR, you have the following rights regarding your personal data:

  • Right of Access: You may request a copy of the personal data we hold about you.
  • Right to Rectification: You may ask us to correct inaccurate or incomplete personal data.
  • Right to Erasure: You may request that your personal data be deleted under certain circumstances.
  • Right to Restriction of Processing: You have the right to restrict or object to our processing of your data in specific instances.
  • Right to Data Portability: You may request a copy of your data in a structured, commonly used format for use elsewhere.
  • Right to Withdraw Consent: Where we process data based on your consent, you may withdraw this at any time.
  • Right to Lodge a Complaint: You have the right to contact the relevant supervisory authority if you believe your data protection rights have been breached.

To exercise any of your rights, please contact us using the appropriate channels provided on our website or in your order materials. We will respond to your requests in accordance with GDPR requirements.

Changes to this Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in law, our business practices, or the way we handle your personal information. The most recent version will always be available on our website, with the effective date clearly displayed.

Contact and Further Information

If you have any questions or concerns about how we process your personal data or about this Privacy Policy, please reach out to us via the contact details provided on our website. We are committed to respecting your privacy and handling your data with care.