Flowers South Tottenham Privacy Policy

Introduction

This Privacy Policy outlines how Flowers South Tottenham collects, uses, stores, and protects the personal data of customers placing orders from South Tottenham and surrounding districts. We are committed to respecting your privacy and safeguarding your data in compliance with the General Data Protection Regulation (GDPR). This policy details our data practices, your rights as a customer, and how you can exercise those rights.

Scope of This Policy

This Privacy Policy applies to all individuals who place orders with Flowers South Tottenham, either for themselves or on behalf of others, within South Tottenham and its neighbouring areas. By using our services, you agree to the terms laid out in this policy.

What Data We Collect

When you order from Flowers South Tottenham, we may collect and process the following categories of personal data:

  • Contact details: Your full name, delivery address, billing address, and phone number.
  • Order information: Details about your flower order, delivery instructions, order history, and payment method (no payment card details are stored by us; these are processed securely by our payment provider).
  • Communication data: Correspondence between you and our team, including complaints, feedback, and enquiries.
  • Technical data: IP address, browser type, device information, and data required for website functionality and security.

Lawful Basis for Processing Your Data

Under GDPR, we process your data based on the following lawful grounds:

  • Contractual necessity: To fulfil your flower order, process payments, and deliver products as requested.
  • Legal obligation: To comply with applicable laws regarding accounting, record-keeping, and tax.
  • Legitimate interests: To improve our products and services, communicate with you regarding your order or feedback, and prevent fraud.
  • Consent: Where required, such as for marketing communications, we will request your clear and specific consent. You may withdraw consent at any time.

How We Use Your Personal Data

Your information is used strictly for the purposes outlined below:

  • Processing and delivering your flower orders, including order confirmations, updates, and resolving delivery issues.
  • Handling payments securely via trusted payment processors.
  • Providing customer support and addressing any enquiries or complaints.
  • Sending service-related communications and, with your consent, occasional marketing information or promotions.
  • Complying with legal and regulatory obligations.
  • Improving our products, services, and website functionality through analytics and feedback.

Data Retention: How Long We Keep Your Data

Flowers South Tottenham retains your personal data only for as long as necessary to fulfil the purposes for which it was collected or to comply with legal, regulatory, or accounting requirements. In general:

  • Order and account information is retained for up to 7 years to comply with financial and legal regulations.
  • Communication data and enquiries are retained for up to 2 years for quality assurance and training purposes.
  • Technical data is generally retained for up to 12 months unless we are required to investigate a security issue.

After the retention period, your data is securely deleted or anonymised.

Who Processes Your Personal Data

Your information may be processed by carefully selected third-party service providers, always under contract and strictly for the purpose of delivering our services:

  • Payment processors: To handle secure payment transactions.
  • Delivery partners: To enable fulfilment and delivery of your orders.
  • IT service providers: To support the functionality and security of our website and databases.
  • Professional advisors: Legal, financial, or insurance advisors, where necessary for our legitimate interests and legal compliance.

We do not sell or share your personal data with advertisers or unrelated third parties. Where processors operate outside the UK or EEA, we ensure adequate safeguards are in place for international data transfers, consistent with GDPR requirements.

Your Rights Under GDPR

As a data subject under GDPR, you have the following rights:

  • Right to access: You may request a copy of the personal data we hold about you.
  • Right to rectification: You can ask for your personal information to be corrected if it is inaccurate or incomplete.
  • Right to erasure (‘right to be forgotten’): You can ask us to delete your personal data when it is no longer necessary for the purposes collected, or when you withdraw consent.
  • Right to restriction: You can request that we limit the processing of your data under certain conditions.
  • Right to object: You can object to our processing of your data for certain purposes, such as marketing.
  • Right to data portability: You may receive your data in a structured, commonly used format and have it transferred to another service provider, where technically feasible.

To exercise these rights, please contact us using the details provided on our website or in our communications.

Security and Your Data

We employ a range of technical and organisational measures to protect your data from unauthorised access, loss, or misuse. This includes secure servers, encryption, strict access controls, and staff training on data protection responsibilities.

Changes to This Policy

We may update this Privacy Policy occasionally to reflect regulatory changes, business practices, or customer feedback. Please review the policy periodically to stay informed about how we protect your information. The latest version will always be available on our website.

Contact and Queries

If you have any questions about this Privacy Policy or how your personal data is handled, please get in touch through the contact options provided on our website. We will make every effort to respond to your enquiry promptly and address your concerns.