Privacy Practices for Flower Delivery Herne Hill Customers

Privacy Policy Overview

At Flower Delivery Herne Hill, we are fully committed to protecting the privacy and personal data of our customers. This Privacy Policy explains how and why we collect, use, store, and share your personal data when you place a flower delivery order with us in Herne Hill and the surrounding districts. We comply with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. This policy applies to all customers ordering flowers through our service, whether online, by telephone, or in person.

What Data We Collect

When you interact with Flower Delivery Herne Hill, we may collect and process various types of personal data, including:

  • Identity information: Name, title (e.g. Ms., Mr.), and contact person details if ordering for a company.
  • Contact information: Delivery address, billing address, email address, and telephone number.
  • Order details: Products ordered, order notes, gift message, preferred delivery date and time.
  • Recipient information: Recipient's name, address, telephone number, and any delivery instructions.
  • Payment information: Partial payment card information processed securely by our payment providers, transaction ID, and the payment amount. We do not store full card numbers or security codes.
  • Technical data: IP address, device type, browser type, operating system version, and cookies or tracking technologies that help us improve our website experience.
  • Correspondence: Email or message exchanges, feedback, complaints, or responses to surveys or promotions.

Lawful Basis for Processing Personal Data

We process your personal data based on one or more of the legal grounds outlined in the GDPR:

  • Contractual necessity: Data needed to take pre-contractual steps at your request or to fulfill our contract, such as processing orders and deliveries.
  • Legal obligation: Where we must comply with legal or regulatory requirements (e.g., recordkeeping for tax purposes).
  • Legitimate interests: For purposes that are necessary for our legitimate business interests, such as fraud prevention, network security, direct marketing (unless you opt out), and customer service improvement, providing these interests do not override your data protection rights.
  • Consent: Where you have given us explicit permission (e.g., subscribing to our marketing updates). You may withdraw consent at any time.

How We Use Your Data

Your personal data is used exclusively for the following purposes:

  • To process and fulfill your flower or gift order, including delivery logistics.
  • To communicate with you about your order, delivery, or service-related issues.
  • To respond to your queries, complaints, or feedback.
  • To manage payments and prevent or detect fraudulent activities.
  • To manage and improve our services, website, and customer experience.
  • To send you marketing information only if you have chosen to receive such communications.
  • To comply with any applicable laws and regulations.

How Long We Retain Your Data

We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected. Generally, customer and order information is kept for up to six years from the date of your last order, in line with accounting and legal requirements. Data used only for marketing purposes is retained until you withdraw your consent or unsubscribe from our communications, after which it is deleted securely. Technical data collected via cookies is retained in accordance with our cookie policy, but not longer than necessary to ensure website functionality and analytics.

Data Processors and Third-Party Sharing

In order to deliver our services efficiently, we may engage certain trusted third parties who act as data processors on our behalf. These may include:

  • Payment processors: Securely process your payment and verify transactions.
  • Courier and delivery partners: Ensure that your flowers are delivered to the recipient at the chosen address and time.
  • Website and IT service providers: Host and maintain our website or customer relationship management systems.
  • Professional advisers: Such as accountants or legal advisors for compliance and auditing purposes.

All third-party data processors are required to comply with data protection obligations, use your data only on our instructions, and are not permitted to use your information for their own purposes. We do not sell or rent your personal data to any third parties. Data may be transferred outside the UK/EEA only with appropriate safeguards in line with the GDPR.

User Rights Under the GDPR

You have a number of important rights in relation to your personal data, as provided by the GDPR. These include the right to:

  • Access: Request a copy of the personal data we hold about you.
  • Rectification: Request corrections to any inaccurate or incomplete information.
  • Erasure ('Right to be Forgotten'): Request deletion of your personal data, subject to legal requirements.
  • Restriction: Ask us to restrict how we use your personal data in certain circumstances.
  • Portability: Receive your data in a commonly used, machine-readable format, and have it transferred to another provider where technically feasible.
  • Object: Object to our processing of your data for direct marketing or legitimate interests.
  • Withdraw Consent: Withdraw your consent at any time, where consent was the legal basis for processing.
  • Lodge a Complaint: Contact the relevant supervisory authority if you believe your data rights have been breached.

To exercise any of these rights, please contact us using the details provided on our website. We will respond to your request in accordance with applicable laws.

Children's Privacy

We do not knowingly collect or process data from individuals under 16 years of age. If you believe that a child has provided us with their personal data without parental consent, please contact us and we will take steps to remove such information promptly.

Policy Updates

This Privacy Policy may be updated from time to time to reflect changes in legal requirements, technology, or our business processes. Please review this policy periodically for any updates. Significant changes will be highlighted on our website.

Contact Us

If you have any questions about this Privacy Policy or how your personal data is processed, please refer to the contact information provided on our website. We are committed to addressing all privacy-related requests in a timely and transparent manner.