Flower Delivery Woodside Park Privacy Policy

Introduction

This Privacy Policy explains how Flower Delivery Woodside Park (“we”, “our”, “us”) collects, uses, stores and shares your personal data in accordance with the UK General Data Protection Regulation (GDPR) and other applicable data protection laws. This Policy applies to all customers who place orders with Flower Delivery Woodside Park from Woodside Park and the surrounding districts.

What Data We Collect

We collect and process a range of personal data necessary for the fulfilment of your flower delivery orders and to provide you with the best service. The types of data we may collect include:

  • Contact Information: Name, billing and delivery addresses, and contact details such as phone number (landline and/or mobile) relevant for order fulfilment and customer communications.
  • Order Details: Information concerning orders placed, including floral preferences, card messages, delivery instructions, and payment method details.
  • Transaction Information: Purchase history, transaction amounts, dates of transactions, and billing records.
  • Correspondence: Any communications you have with us (for example, customer service enquiries, feedback, or complaints).
  • Technical Information: Certain technical data such as IP address, browser type, device identifiers and approximate location data may be automatically collected for security and analytics purposes when engaging with our website or ordering platforms.

Lawful Basis for Processing

Flower Delivery Woodside Park processes your personal data on the following legal bases, as set out in Article 6 of the GDPR:

  • Contract Performance: To process and deliver your orders, communicate with you about your order, and fulfil our obligations (Article 6(1)(b)).
  • Legal Obligations: To retain records as required by applicable tax and accounting laws (Article 6(1)(c)).
  • Legitimate Interests: To improve our services, manage our relationship with you, handle customer support, and prevent fraud (Article 6(1)(f)).
  • Consent: For sending marketing information or promotional offers (only when you have consented, which you may withdraw at any time).

How We Use Your Data

Your personal data is used for the following purposes:

  • To process orders and arrange delivery of flowers and gifts as requested by you;
  • To manage payment and issue receipts or invoices;
  • To communicate with you regarding your order status, delivery information, and customer enquiries;
  • To improve our products, services, and customer experience;
  • To comply with our legal and financial obligations;
  • To detect and prevent fraudulent activity within our services;
  • With your consent, to send you marketing messages or offers.

Data Retention

We retain your personal data only for as long as is necessary to fulfil the purposes for which it was collected. The retention period depends on the nature of the data and our legal and operational requirements. Typically:

  • Customer and Order Data: Retained for up to 6 years after the completion of an order to comply with tax, accounting, and legal obligations.
  • Marketing Data: Retained until you withdraw your consent or unsubscribe from our communications.
  • Technical and Analytics Data: Retained for up to 2 years to improve site functionality and monitor security.

At the end of the retention period, your data will either be securely deleted or anonymised, so that it can no longer be linked to you personally.

Use of Data Processors

In delivering our services, we may engage trusted third-party service providers ("data processors") to process data on our behalf. These may include payment processors, website hosting companies, delivery couriers, customer support providers, and IT service specialists. All data processors are carefully selected to ensure they meet strict data protection and GDPR compliance requirements. They may only process your data in accordance with our instructions and are subject to contractual obligations regarding security and confidentiality.

We do not sell or rent your personal data to any third parties. Your data may only be shared externally where it is necessary for providing our services, complying with law, or protecting the rights of our company, our customers, or others.

Your Rights under GDPR

As a data subject, under the GDPR you are entitled to exercise the following rights regarding your personal data:

  • Right to Access: You have the right to request a copy of the personal information we hold about you.
  • Right to Rectification: You have the right to request correction of inaccurate or incomplete data.
  • Right to Erasure (“Right to be Forgotten”): You may request that we delete your personal data, where appropriate and where there is no good reason for us to continue to process it.
  • Right to Restriction: You can request restriction or suppression of your personal data under certain circumstances.
  • Right to Data Portability: You have the right to receive the personal data you have provided to us in a structured, commonly used and machine-readable format, or request that we transmit it to another controller (where technically feasible).
  • Right to Object: You have the right to object to our processing of your personal data in certain cases, including direct marketing.
  • Right to Withdraw Consent: Where we rely on your consent to process data, you may withdraw that consent at any time.

To exercise any of these rights, you may contact us using the methods indicated on our website’s contact page. Before fulfilling your request, we may need to verify your identity for security purposes.

How We Protect Your Data

We take appropriate technical and organisational measures to secure your personal information against unauthorised access, accidental loss, destruction, or disclosure. These measures include encrypted payment processing, secure storage protocols, access restrictions, and regular review of our information security policies and procedures.

International Data Transfers

Your personal data is generally processed within the UK or the European Economic Area (EEA). Should it be necessary to transfer your data outside the UK or EEA, we will ensure appropriate safeguards are in place, such as reliance on adequacy decisions, standard contractual clauses, or other legally recognized arrangements to ensure your rights and data are protected.

Changes to This Privacy Policy

Flower Delivery Woodside Park may update this Privacy Policy from time to time to reflect legal, regulatory, or operational changes. When we make changes, we will update the effective date at the top of the policy and, where appropriate, notify customers via our website or direct communication channels.

Contact and Complaints

If you have any questions or concerns regarding this Privacy Policy, how we process your data, or wish to exercise your rights, please reach out to us through the contact options provided on our website. We will endeavour to respond promptly and address your queries to your satisfaction. Should you remain unsatisfied, you have the right to lodge a complaint with the UK Information Commissioner’s Office (ICO) or your local supervisory authority.

This Privacy Policy was last updated in June 2024.