Privacy Policy for Flower Delivery Grays

Introduction

This Privacy Policy is intended to inform customers of Flower Delivery Grays about how we collect, use, retain, and protect your personal information when you place flower delivery orders in Grays and the surrounding districts. We are committed to ensuring that your privacy is protected in accordance with the General Data Protection Regulation (GDPR) and UK data protection laws. The policy applies to all personal data gathered from individuals, including our website visitors, customers, and recipients of flower deliveries.

Types of Data We Collect

To process orders and provide our flower delivery services, we collect and process the following types of personal data:

  • Identity Data: Your full name and, if applicable, the recipient’s full name.
  • Contact Data: Delivery address in Grays or nearby regions, phone number, and postal code.
  • Order Details: Information pertaining to your purchase, such as product selection, delivery date, card messages, and special instructions.
  • Payment Information: Payment details necessary for processing your transaction (though all card payments are handled securely by third-party payment processors; we do not retain card details).
  • Communication Data: Records of communications and correspondence with us, including inquiries, complaints, or feedback.
  • Technical Data: When you use our website, certain technical information such as IP address, browser type, device details, and usage statistics is automatically collected to ensure website functionality and security.

Lawful Basis for Processing Personal Data

We only process your personal information when there is a lawful basis to do so. The main lawful bases under GDPR applicable to our activities include:

  • Contractual Necessity: Most of our data processing is required to fulfil your order and deliver flowers as requested.
  • Legal Obligation: We may process certain information to comply with our legal obligations, such as accounting and tax requirements.
  • Legitimate Interests: We may process your data for our legitimate interests, such as improving our services, preventing fraud, and contacting you regarding your order, provided these interests do not override your privacy rights.
  • Consent: Where required, such as for certain marketing communications, we will only process your information with your explicit consent. You may withdraw your consent at any time.

How We Use Your Data

Your personal data is used exclusively for the following purposes:

  • Processing and fulfilling flower delivery orders according to your specifications.
  • Managing your account, handling payments, and delivering customer support.
  • Communicating about order confirmations, delivery updates, feedback, or customer service requests.
  • Complying with legal and regulatory obligations.
  • Analysing website usage and service improvement (using aggregated, non-identifiable data where possible).
  • With your permission, sending you occasional updates or promotional material.

Data Retention

We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected, comply with legal obligations, and resolve disputes. This means:

  • Order and delivery information is generally kept for up to seven years to satisfy accounting, taxation, and business record-keeping requirements.
  • Payment details are processed by secure third-party processors and are not stored by us.
  • Technical and website usage data may be retained for a shorter period for security and analytical purposes.
  • Communications data is retained as long as is necessary to resolve your query and improve our services.

When your data is no longer required, we will securely delete or anonymise it.

Data Processors and Third Parties

To deliver our services, we may share your personal data with selected third parties who act as data processors. These third parties only process your information on our behalf and in accordance with our instructions. The main categories include:

  • Payment processing companies for secure transactions.
  • Delivery partners or couriers for fulfilling your order.
  • IT service providers for website hosting, order management, and security.
  • Customer support platforms for managing communications with you.

All data processors are contractually obligated to protect your personal data in line with GDPR requirements and may not use it for their own purposes.

Your Data Protection Rights

As a customer of Flower Delivery Grays, you have the following rights under the GDPR and applicable UK data protection laws:

  • Access: You can request access to the personal data we hold about you.
  • Rectification: You have the right to ask us to correct any inaccurate or incomplete information.
  • Erasure: In certain circumstances, you may request the deletion of your data from our records.
  • Restriction: You can ask us to restrict the processing of your personal data in particular situations.
  • Data Portability: Where applicable, request a copy of your data in a commonly used electronic format.
  • Objection: You may object to the processing of your data based on legitimate interests or direct marketing.
  • Withdraw Consent: If we rely on your consent (for example, in marketing), you may withdraw it at any time.

To exercise these rights, please contact us using the contact information provided on our website. We may need to verify your identity before fulfilling certain requests.

Data Security

We are committed to keeping your data secure. Appropriate technical and organisational safeguards are in place to protect your information against unauthorised access, loss, or misuse. This includes secure servers, encrypted connections where applicable, and regular staff training on data protection principles.

International Data Transfers

Your personal information is primarily processed within the United Kingdom. If, in exceptional circumstances, we transfer your data outside the UK or European Economic Area, we do so only when appropriate safeguards are in place to ensure your data remains protected to GDPR standards.

Policy Changes

We may periodically update this Privacy Policy to reflect changes in our practices, applicable laws, or service offerings. The latest version will always be available on our website and is effective as of the date posted. We encourage you to review this policy regularly.

Contact and Complaints

If you have questions about this Privacy Policy or how we handle your personal data, you can contact us through the channels listed on our website. You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) if you believe your data has been misused.

This Privacy Policy was last updated in June 2024.