Privacy Policy for Flowers Bexleyheath Customers

Introduction

At Flowers Bexleyheath, we are committed to protecting your personal data and respecting your privacy. This Privacy Policy explains how we collect, use, store, and protect your personal information in accordance with the General Data Protection Regulation (GDPR). The policy applies to all customers who place orders with Flowers Bexleyheath within Bexleyheath and the surrounding districts.

What Personal Data We Collect

To fulfil your orders and provide our floral services, we may collect the following categories of personal data:

  • Contact Information: such as your name, address, delivery address (if different), and telephone number
  • Order Details: including products chosen, custom requirements, and messages to recipients
  • Payment Information: billing address and payment method (note that we do not store full card details; payments are processed via secure payment processors)
  • Communication Records: records of any correspondence or queries, including feedback or complaints
  • Usage Data: such as how you interact with our website, which may include cookies and IP address for analytics

Lawful Basis for Processing Your Data

Under GDPR, we process your data only where there is a lawful basis to do so. These include:

  • Contractual Necessity: Processing your data is necessary to take steps at your request prior to entering into a contract or to fulfil our contractual obligations to you (such as processing and delivering your order).
  • Legitimate Interests: We may process your data where it is necessary for our legitimate business interests, such as improving our services and handling customer queries, provided these interests are not overridden by your rights.
  • Legal Obligation: We may process your data to comply with legal requirements, including tax and record-keeping obligations.
  • Consent: For optional activities such as marketing, we will only do so if you have provided clear consent, which you can withdraw at any time.

How We Use Your Personal Data

We use your personal data for the following purposes:

  • To process and deliver your flower orders, including sending updates about your order status
  • To manage payments and handle any refunds or queries relating to transactions
  • To communicate with you about your order, respond to your queries, and resolve issues
  • To analyse and improve our products and services, including through internal data analytics
  • For legal compliance, such as accounting and record retention obligations
  • If you have opted in, to send you marketing communications regarding offers or new products

Data Processors and Third Parties

Flowers Bexleyheath uses trusted third-party service providers (‘data processors’) to help deliver our services. These may include:

  • Payment gateway providers to process your transactions
  • Delivery companies or couriers for fulfilling your orders
  • IT and website hosting providers to maintain our website and secure our systems
  • Email marketing platforms, only if you have consented to receive promotional messages

All processors are required to comply with GDPR, act only on our instructions, and ensure appropriate data protection and security measures are in place. We do not sell or rent your personal data to any third parties for their own marketing purposes.

Data Retention: How Long We Keep Your Data

Your personal data will not be kept longer than necessary for the purposes for which it was collected. Generally, we retain order and contact information for up to seven years to comply with accounting, legal, and tax obligations. Usage data and analytics may be retained for a shorter period as specified in our data retention policy. When your data is no longer required, it will be securely deleted or anonymised.

Your Data Rights Under GDPR

As a Flowers Bexleyheath customer, you have various rights under the GDPR. You may:

  • Right to Access: Request access to your personal data and information about how we process it.
  • Right to Rectification: Ask for corrections to be made to inaccurate or incomplete data.
  • Right to Erasure: Request that your personal data be deleted in certain circumstances.
  • Right to Restrict Processing: Ask us to restrict processing of your data in certain situations, such as if you contest its accuracy.
  • Right to Data Portability: Request that we provide your data in a structured, commonly used format so you can transfer it to another provider.
  • Right to Object: Object to processing of your data where we rely on legitimate interests or for direct marketing purposes.
  • Right to Withdraw Consent: If processing is based on your consent, you can withdraw it at any time for future processing.

To exercise any of these rights, please contact us through our standard communication channels. We will respond within one month or inform you if further time is required.

Data Security

We take appropriate technical and organisational measures to secure your personal data against unauthorised access, loss, or misuse. This includes using secure servers, encrypting sensitive data, and ensuring our staff are trained in data protection principles. While we make every effort to protect your information, please be aware that no system can be completely secure.

Transfers Outside the UK or EEA

Where your data is transferred outside the United Kingdom or European Economic Area, we ensure appropriate safeguards are in place, such as standard contractual clauses or transfers to countries deemed adequate by the relevant authorities.

Changes to This Privacy Policy

We may update this policy periodically to reflect changes in our services, legal requirements, or data protection standards. The latest version will always be available to our customers. We recommend reviewing this policy regularly for any updates.

Contacting Us

If you have any questions about this Privacy Policy, your personal data, or if you wish to make a complaint, please contact us through the usual channels provided on our website or order forms. You also have the right to lodge a complaint with the Information Commissioner's Office or your local data protection authority.