Flower Delivery South Norwood Privacy Policy

Introduction

This Privacy Policy explains how Flower Delivery South Norwood ('we', 'us', 'our') collects, uses, protects, and retains personal data of customers who place flower orders with us from South Norwood and its surrounding districts. We are committed to safeguarding your privacy and handling your personal data in accordance with the General Data Protection Regulation (GDPR) and other relevant privacy laws.

Scope of this Policy

This Privacy Policy applies to all individuals (referred to as 'you', 'your', or 'customers') placing orders with Flower Delivery South Norwood, whether through our website, in person, or by telephone, within South Norwood and its neighboring areas. By using our services, you consent to the practices described in this policy.

What Data We Collect

To provide and improve our flower delivery services, we collect and process the following categories of personal data:

  • Identification Data: Name, address (billing and delivery addresses), contact details (such as telephone numbers).
  • Order Information: Details of the products ordered, delivery instructions, order number, and order history.
  • Payment Data: Payment process information, such as the payment method used and confirmation of payment. We do not store credit/debit card numbers; these are processed securely by our payment service providers.
  • Communications Data: Any messages, requests, feedback, or correspondence you send us in relation to orders or customer service queries.
  • Technical Data: Information such as your IP address, browser type, and device identifiers, collected via cookies or similar technologies when you interact with our website.

Lawful Basis for Processing Your Data

Under GDPR, we must have a lawful basis to process your personal data. Our main lawful bases are:

  • Contractual necessity: Processing your data is necessary for fulfilling the contract when you place an order with us (for example, to deliver flowers to the correct address and process payments).
  • Legitimate interests: We may process your details for our legitimate business interests, such as improving our products and services, and preventing fraud, provided such interests are not overridden by your rights.
  • Legal obligation: We may be required to process certain data to comply with legal obligations (for example, retention of transaction records for tax or accounting purposes).
  • Consent: Where required by law (for example, for certain marketing communications), we process your data with your explicit consent. You are free to withdraw such consent at any time.

How We Use Your Information

We use your personal data for the following specific purposes:

  • Processing and delivering your flower orders and updating you about their status.
  • Providing customer support and responding to inquiries.
  • Improving our services, enhancing site security, and conducting analytics.
  • Complying with applicable laws, legal processes, or government requests.
  • Sending relevant information regarding your order, such as confirmations and delivery updates.
  • With your consent, sending you marketing or promotional offers (which you may opt out of at any time).

Retention of Personal Data

We retain your personal data only for as long as necessary to fulfill the purposes described above, including for the purposes of satisfying any legal, accounting, or reporting requirements. In general, we retain order and account related data for a period of up to 6 years to comply with statutory requirements. When your personal data is no longer needed, it will be securely deleted, anonymized, or destroyed.

Personal Data Processors

In order to process your orders and deliver our services, we may engage third-party service providers who act as data processors on our behalf. These may include:

  • Payment processors (for secure handling of payment information)
  • Courier and delivery partners (to complete flower deliveries)
  • IT and hosting providers (to operate our website and store data securely)
  • Customer relationship management systems (to manage orders and support)

All processors are carefully vetted and are required by contract to process your data securely, only for the purposes specified by us, and in accordance with the GDPR.

How We Protect Your Data

We take data security seriously and implement appropriate technical and organizational measures to protect your personal data from unauthorized access, loss, misuse, or alteration. Measures include encryption of payment transactions, secure access controls, regular security assessments, and staff training in data privacy.

Your Rights as a Data Subject

As a customer, under the GDPR you have several rights regarding your personal data:

  • The right to access – You have the right to request a copy of the personal data we hold about you.
  • The right to rectification – You can request that we correct inaccurate or incomplete personal data.
  • The right to erasure ('right to be forgotten') – You may request the deletion of your personal data, subject to legal or contractual retention requirements.
  • The right to restrict processing – You may request that we restrict processing of your data in certain situations.
  • The right to data portability – You can request to receive your data in a structured, commonly used format and transmit it to another controller.
  • The right to object – You can object to data processing based on legitimate interests or direct marketing at any time.
  • The right to withdraw consent – Where processing is based on your consent, you can withdraw your consent at any time for future processing.

To exercise your rights, please contact us through the channels provided on our website. We will respond to your requests as required by law and no later than one month from receipt.

Changes to this Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, improvements in our services, or legal requirements. When we make changes, we will update the policy on our website and indicate the date of the latest revision. We encourage you to review this policy regularly to stay informed about how we protect your data.

Contact and Queries

If you have any questions or concerns regarding your personal data, this privacy policy, or your rights under the GDPR, please reach out to us using the contact details available on our website. We are committed to addressing your queries promptly and diligently.