Flower Delivery New Addington Privacy Policy

Introduction

At Flower Delivery New Addington, we are committed to safeguarding your privacy and ensuring the security of your personal data. This Privacy Policy explains how we handle your personal information when you place orders with us in New Addington and its surrounding districts. We comply with the General Data Protection Regulation (GDPR) and are dedicated to treating your data lawfully, fairly, and transparently.

Scope of this Policy

This policy applies to all customers who place flower delivery orders with Flower Delivery New Addington, whether ordering for themselves or others, in New Addington and the neighbouring districts. By using our services, you agree to the practices described in this policy.

Data We Collect

We collect and process various types of personal data necessary for providing our flower delivery services. The data we collect may include:

  • Identity Data: This includes your first and last name.
  • Contact Data: Your delivery address, billing address, phone number, and any other contact details you provide.
  • Order Data: Details about flower orders, card messages, and any preferences you specify.
  • Payment Data: Payment card details and related billing information (processed through secure third-party payment processors).
  • Communication Data: Any correspondence or feedback you send to us relating to your order.
  • Technical Data: Information gathered when you use our website, such as IP address, browser type, and access times, for analytics and security purposes.

Lawful Basis for Processing

We process your personal data under the following legal bases, in line with GDPR requirements:

  • Performance of a Contract: Most of our data collection is necessary for fulfilling the flower delivery order contract between you and Flower Delivery New Addington.
  • Legitimate Interests: We may process your information for purposes such as improving our services, managing customer relationships, and ensuring the security of our website. We ensure that these interests are balanced against your rights and freedoms.
  • Legal Obligations: In some instances, we may be required by law to process and retain certain information, such as for tax or accounting purposes.
  • Consent: We may rely on your consent for certain direct marketing communications, which you can withdraw at any time.

Data Retention

We retain your personal data only for as long as it is necessary to fulfill the purposes for which it was collected, including for the purposes of satisfying any legal, accounting, or reporting requirements.

Typically, we will store:

  • Order and related personal data for up to six years, in accordance with legal requirements.
  • Payment data is processed securely by our third-party payment processors and is not stored by us beyond transaction completion.
  • Marketing preference data until you opt out or withdraw your consent.

When data is no longer needed, we securely delete or anonymize it.

Use of Data Processors

To help us provide our services efficiently, we engage reputable third-party service providers (data processors) to carry out certain processing activities on our behalf, such as:

  • Payment processing companies to securely handle your transactions.
  • Delivery partners to ensure timely and accurate deliveries.
  • Cloud hosting providers and website analytics services.

All our processors are contractually bound to process your data only under our instructions, maintain confidentiality, and implement appropriate data security measures.

Security of Your Data

We are committed to ensuring your personal data is secure. We have implemented suitable technical and organizational measures to protect your information from unauthorized access, loss, misuse, or disclosure. This includes secure servers, encrypted payment transactions, restricted access, and regular reviews of our data protection practices.

Your Rights Under GDPR

You have specific rights in relation to your personal data under GDPR, including the right to:

  • Access: Request access to the personal data we hold about you.
  • Rectification: Ask us to correct any inaccuracies in your data.
  • Erasure: Request the deletion of your data when it is no longer needed or if you withdraw consent.
  • Restriction: Ask us to restrict the processing of your data in certain circumstances.
  • Portability: Request to receive your personal data in a structured, commonly used format or have it transferred to another provider.
  • Objection: Object to the processing of your data where we rely on legitimate interests or for direct marketing.
  • Withdraw Consent: Where we rely on your consent, you can withdraw this at any time, without affecting the lawfulness of prior processing.

To exercise any of these rights, please contact us using the details provided on our website. We will respond promptly and in accordance with the law.

Data Transfers

Your personal data is primarily processed within the United Kingdom and European Economic Area (EEA). If we need to transfer your data outside these regions, we ensure that appropriate safeguards are in place to maintain the same standard of data protection.

Children's Privacy

Our services are not targeted at minors under the age of 16. We do not knowingly collect or process personal data relating to children. If we discover that we have inadvertently processed such data, we will delete it promptly.

Changes to this Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in legal requirements or our practices. We encourage you to review this policy periodically to stay informed about how we protect your information. The date of the latest update will always appear at the end of this policy.

Contact and Further Information

If you have any questions or concerns regarding our Privacy Policy or how we process your personal data, please contact us through the details provided on our website. We are committed to resolving your concerns and upholding your rights.

Last updated: June 2024