Privacy Policy for Customers of Flowers Palmers Green

Introduction

This Privacy Policy explains how Flowers Palmers Green collects, uses, and protects the personal information of our customers. It applies to everyone who places an order with Flowers Palmers Green from Palmers Green and the surrounding districts. We are committed to complying with the General Data Protection Regulation (EU) 2016/679 (GDPR) and ensuring your information is handled lawfully, transparently, and securely.

What Data We Collect

When you place an order with Flowers Palmers Green, we collect the following types of personal data:

  • Identity Data: Your full name.
  • Contact Data: Billing and delivery address, and any other address details relevant to your order.
  • Order Information: Details of the flowers or arrangements ordered, delivery dates, and associated notes or messages.
  • Payment Data: Payment method details. Please note we do not store full card numbers or security codes, only necessary transaction references as required for order completion and in compliance with payment services regulations.
  • Communication Data: Details arising from any correspondence or customer service inquiries relating to your orders.

We do not intentionally collect special categories of data (such as health or religious information) or data relating to children.

Lawful Basis for Processing

Flowers Palmers Green processes your personal data in accordance with Article 6 of the GDPR. The lawful bases under which we collect and use your data include:

  • Contractual Necessity: We need to process your data to fulfil orders you place, including delivery and customer service.
  • Legal Obligation: We may retain order and payment data for accounting, tax, and regulatory purposes.
  • Legitimate Interests: We may use your data to improve our services, enhance customer experience, and prevent fraud, as long as these legitimate interests do not override your fundamental rights and freedoms.
  • Consent: Where you have explicitly consented, such as if you opt-in to receiving marketing updates. You may withdraw your consent at any time.

How We Use Your Data

We use your data to:

  • Process and fulfil your flower orders, including delivery.
  • Communicate with you about your order and respond to inquiries.
  • Manage invoicing, payment, and tax records.
  • Improve our products and services based on feedback and order history.
  • Comply with any legal obligations or resolve disputes if they arise.

Retention of Your Data

We retain your personal data only as long as necessary for the purposes outlined in this policy, unless a longer retention period is required or permitted by law. Typically:

  • Order and transaction data is retained for up to seven years to comply with accounting and tax regulations.
  • Contact and customer service queries are retained for up to two years from your last interaction with us, unless related to an order record which may be subject to longer retention for legal reasons.
  • Marketing consent records are kept until you withdraw your consent or for as long as we send you communications.

When your data is no longer required, it is securely deleted or anonymised.

Processors and Third Parties

We sometimes share your data with third-party service providers who act as processors on our behalf. These include:

  • Delivery Partners: To ensure your flowers reach their intended recipient.
  • Payment Providers: To process card and online payments securely.
  • IT and Hosting Providers: For secure storage of data and website maintenance.

All processors are contractually obliged to act only on our instructions, treat your data confidentially, and implement appropriate security measures in line with the GDPR. We do not sell or share your personal data to third parties for their own marketing purposes.

Your Rights Under GDPR

Subject to certain limitations, you have the following rights regarding your data:

  • Right of Access: Request a copy of the personal data we hold about you.
  • Right to Rectification: Ask us to correct incomplete or inaccurate data.
  • Right to Erasure: Request your data be erased, where there is no legal reason for us to continue processing it.
  • Right to Restrict Processing: Ask us to pause processing where the accuracy or legitimacy of use is contested.
  • Right to Data Portability: Request your data be transferred to another provider, where technically feasible.
  • Right to Object: Object to processing where we rely on legitimate interests, including direct marketing.
  • Right to Withdraw Consent: Where processing is based on your consent, you may withdraw it at any time. This will not affect the lawfulness of processing based on consent before its withdrawal.

You may exercise your rights by contacting us and we are committed to responding within the timeframe required by GDPR. Should you have concerns about our handling of your data, you also have a right to lodge a complaint with a supervisory authority.

Data Security

We take data security seriously. We implement a range of technical and organisational measures to protect the confidentiality, integrity, and availability of your personal data. This includes secure servers, network protections, data encryption, and staff training. Access to personal data is restricted to those who need it for processing your order or supporting you as a customer.

Policy Changes

This Privacy Policy may be updated to reflect changes in our practices or legal requirements. Significant changes will be communicated clearly in advance and the date of revision will be stated. We encourage you to review this policy periodically to stay informed about how we are protecting your information.

Contacting Us

If you have any questions about this Privacy Policy or how we process your personal data, please reach out to our team. We are dedicated to resolving your queries and ensuring your data rights are respected.