Privacy Policy for Flowers Northolt Customers

Introduction

This Privacy Policy describes how Flowers Northolt collects, processes, stores, and protects your personal information in connection with the sale of floral products and related services. This policy applies to all customers placing orders with Flowers Northolt from Northolt and surrounding districts. We are fully committed to the protection of your privacy and to compliance with the EU General Data Protection Regulation (GDPR).

What Data We Collect

When you place an order with Flowers Northolt, communicate with us, or browse our services, we may collect and process the following types of personal data:

  • Identity Information: Name, billing and delivery address, and contact details.
  • Order Details: Information related to your purchases, such as items ordered, delivery instructions, messages to recipients, and transaction history.
  • Payment Information: Payment method and transaction details (note: payment card data is handled securely by our payment processors and not stored on our servers).
  • Communications: Records of correspondence when you contact us by phone, post, or through our website.
  • Technical Data: IP address, browser type, device information, and usage data such as how you navigate our website (collected via cookies or similar technologies).

Lawful Basis for Processing

Flowers Northolt only processes your personal data where the law allows us to. The lawful bases we rely on for processing your data are:

  • Contractual Necessity: Processing your information to fulfil and deliver your orders, respond to your inquiries, and provide customer service.
  • Legitimate Interests: Using your data to improve our products and services, prevent fraud, and ensure network and information security. We ensure that such processing does not override your rights and freedoms.
  • Legal Obligations: Processing your information where required by law, such as for record-keeping and tax compliance.
  • Consent: Where we rely on your consent (such as for optional marketing communications), you have the right to withdraw this at any time.

How We Use Your Data

Your personal data may be used for the following purposes:

  • To process, confirm, and deliver your flower order, including contacting you regarding any queries.
  • To process payments securely through approved payment processors.
  • To communicate updates about your order or respond to customer inquiries.
  • To enhance your experience on our website, personalise offers, and understand usage trends.
  • To comply with legal and regulatory requirements applicable to our business.

Retention of Your Personal Data

We will retain your personal information only for as long as is necessary to fulfill the purposes for which it was collected, including for the purposes of satisfying any legal, accounting, or reporting requirements. Typically, order information is retained for up to seven years to comply with applicable laws, resolve disputes, and enforce our agreements. After this period, your data will be securely deleted or anonymised.

Data Processors and Sharing

To provide our services, we may share your personal information with trusted third-party service providers ("data processors") who assist us in delivering services such as payment processing, order delivery, IT support, website analytics, communications, and legal compliance. All such processors are required to act in accordance with our instructions, to safeguard your data, and to comply with GDPR requirements.

We do not sell your personal data to any third parties. Where data transfer is necessary, we put in place measures to ensure your data remains protected, including the use of secure encryption technologies and, where relevant, Standard Contractual Clauses for international data transfers.

Your Rights Under GDPR

As a data subject under GDPR, you have several rights regarding your personal data, which Flowers Northolt is committed to respecting and enabling, including:

  • Right to Access: You may request a copy of the personal data we hold about you and information about how we process it.
  • Right to Rectification: You can request correction of inaccurate or incomplete data.
  • Right to Erasure: Also known as the "right to be forgotten,” you may ask us to delete your personal data under certain circumstances.
  • Right to Restrict Processing: You may request the restriction or suspension of your data processing in some cases.
  • Right to Data Portability: You can request to receive your data in a structured, commonly used, and machine-readable format or have it transferred to another organisation.
  • Right to Object: You can object to the processing of your data for direct marketing or where processing is based on legitimate interests.
  • Rights in Relation to Automated Decision Making: You have the right to not be subject to decisions based solely on automated processing, including profiling.

If you wish to exercise any of these rights, you may contact us using the methods provided on our website. We may request additional information to confirm your identity to ensure your data is protected.

Security of Your Data

We take the security of your data seriously and implement appropriate organisational and technical measures to keep your personal data safe from unauthorised access, alteration, disclosure, or destruction. These measures include secure server storage, encryption, restricted access to data, and regular staff training on data protection principles.

Changes to This Privacy Policy

We review and update this Privacy Policy periodically to reflect changes in our practices, services, or legal requirements. We encourage you to review this policy regularly to stay informed about how we protect your information. The updated version will always be available on our website, with the date of the latest revision indicated at the top.

Contact and Complaints

If you have any questions about this Privacy Policy or how your data is handled, please contact us using the details available on our website. If you believe that your data protection rights have not been respected, you have the right to complain to the UK Information Commissioner's Office (ICO) or your local supervisory authority.