Privacy Policy for Flowers Nunhead Services

Introduction

This Privacy Policy describes how Flowers Nunhead ('we', 'us', or 'our') collects, uses, stores, and protects your personal data when you place orders with Flowers Nunhead in Nunhead and the surrounding districts. This policy is designed to comply with the General Data Protection Regulation (GDPR), ensuring your rights and data privacy are safeguarded throughout your interactions with us as a customer.

Scope of This Policy

This Privacy Policy applies to all customers who place orders with Flowers Nunhead, whether in-person, via our website, or over the phone, specifically within Nunhead and the nearby districts. The policy explains what data we collect, why we collect it, how long we retain it, who processes your data, and the rights you have regarding your personal information.

Personal Data We Collect

We collect various types of personal data to fulfil your orders and deliver a smooth service. The data we collect may include:

  • Identity Data: Your name and, if relevant, recipient's name.
  • Contact Data: Delivery address, contact numbers, and billing/delivery information.
  • Order Information: Details of your purchases, messages to recipients, delivery instructions, and payment information (note: payment details are handled securely through trusted payment processors and are not stored by us).
  • Communication Data: Records of communications you send to us, including inquiries and order confirmations.
  • Technical Data: Your IP address, browser type, and device information collected via our website for order processing and security purposes.

Lawful Basis for Processing Your Data

We process your personal data under several lawful grounds outlined in the GDPR, including:

  • Contractual Necessity: To process and deliver your order, we require certain personal data. Without this data, we would not be able to provide our services to you.
  • Legal Obligation: We may be required to retain certain information to comply with legal and tax obligations.
  • Legitimate Interests: We may process your data to prevent fraud, ensure network and information security, and improve our service (provided these interests do not override your fundamental rights).
  • Consent: For certain types of communications, such as marketing messages, we will ask for and obtain your explicit consent before processing your data for these purposes.

How We Use Your Personal Data

Your personal data is used for the following purposes:

  • Fulfilling Orders: Processing your flower orders, arranging deliveries, and contacting you regarding your order when necessary.
  • Customer Service: Responding to your inquiries, requests, and resolving any issues.
  • Compliance: Meeting our obligations under applicable laws and regulations.
  • Improvements: Analysing usage patterns to improve our services and customer experience.
  • Marketing: Only with your consent, to send promotional offers and updates about our services.

Data Retention: How Long We Keep Your Data

Your personal data will be retained only as long as necessary to fulfil the purposes outlined in this policy. Generally, this means:

  • Order and transaction information is retained for up to seven years to comply with our financial and legal record retention obligations.
  • Contact details used for marketing communication are retained until you withdraw your consent or request deletion.
  • Technical data may be stored for up to two years for security and troubleshooting purposes.

When data is no longer required, it is securely deleted or anonymised so you can no longer be identified.

Data Processors and Third Parties

To deliver our services efficiently, we work with trusted third-party processors who help us with specific aspects of order processing:

  • Payment Providers: Secure third-party services handle your payment information to process transactions.
  • Delivery Partners: External couriers or delivery services may be provided with necessary details (such as delivery address and recipient name) to complete the delivery.
  • IT Service Providers: We may engage companies that provide website hosting, customer management systems, or email communications services. Such providers are only given access to the data necessary for their function and are contractually obliged to handle it securely.

All third-party processors acting on our behalf are obliged to comply with this Privacy Policy, GDPR, and to keep your data safe and confidential. We do not sell or share your personal data with third parties for their own marketing purposes.

International Transfers

Your data is primarily processed and stored within the United Kingdom or the European Economic Area (EEA). In the rare cases where data is transferred outside this region, such as when a cloud-based service provider is based otherwise, we ensure that such transfers are made in accordance with the GDPR, including appropriate safeguards such as standard contractual clauses.

Your Data Protection Rights

Under GDPR, you are entitled to several rights regarding your personal information:

  • Right to Access: Request details of the personal data we hold about you.
  • Right to Rectification: Have inaccuracies corrected or incomplete data updated.
  • Right to Erasure: Request deletion of your personal data, where permitted by law.
  • Right to Restrict Processing: Request the limitation or suppression of your personal data processing.
  • Right to Data Portability: Obtain and reuse your personal data across different services.
  • Right to Object: Object to our use of your data for direct marketing or where our legitimate interests override your rights.
  • Right to Withdraw Consent: Where processing is based on consent, you may withdraw at any time.

To exercise these rights, please contact us using the contact details provided to you at the time of your order or via our website. We may need to verify your identity before processing such requests.

Security of Your Personal Data

We implement appropriate technical and organisational measures to protect your personal data from unauthorised access, loss, alteration, or disclosure. This includes secure storage solutions, regular data access reviews, encrypted communications where possible, and restricting access to authorised personnel only.

Changes to This Privacy Policy

We may occasionally update this Privacy Policy to reflect changes to our practices, new legal requirements, or improvements in our privacy protection features. Customers will be notified of any substantial changes as appropriate.

Contact and Complaints

If you have questions about this Privacy Policy or wish to make a complaint regarding how we handle your personal data, please use the contact information provided when placing your order or as displayed on our website. If you remain dissatisfied, you have the right to contact the Information Commissioner's Office (ICO) or your local data protection authority.

This Privacy Policy is effective as of June 2024 and applies to all orders and customers of Flowers Nunhead in Nunhead and surrounding districts.