Florist Raynes Park Privacy Policy

Introduction

This Privacy Policy explains how Florist Raynes Park collects, uses, stores, and protects your personal data when you place an order with us. The policy applies to all customers using our services in Raynes Park and surrounding districts. We are committed to safeguarding your privacy and ensuring that your personal information is handled in accordance with applicable data protection laws, including the General Data Protection Regulation (GDPR).

What Data We Collect

When you place an order with Florist Raynes Park, we may collect and process the following categories of personal data:

  • Identity Information: Name, delivery address, billing address.
  • Contact Details: Phone number, email address.
  • Order Information: Details of products ordered, delivery instructions, order notes.
  • Payment Information: Card details or other payment information (processed securely via our payment providers).
  • Correspondence: Communications with us via customer service or order queries.
  • Usage Data: Website browsing activity, IP address, browser type, and interaction with our website (collected via cookies and similar technologies, as applicable).

Lawful Basis for Processing

We process your personal data under several lawful bases as defined by the GDPR:

  1. Contractual Necessity: We process identity, contact, and order information to fulfil your order, arrange delivery, process payments, and provide customer service.
  2. Legal Obligation: In some cases, we are required to process certain data to comply with legal or tax requirements.
  3. Legitimate Interest: We may process your data to improve our services, for fraud prevention, and for direct marketing of similar products or services, unless you object.
  4. Consent: For certain types of marketing or the use of non-essential cookies, we rely on your explicit consent.

How We Use Your Data

We use your personal data to:

  • Process, manage, and deliver your orders.
  • Communicate with you regarding your order, queries, or feedback.
  • Handle payments and prevent fraudulent transactions.
  • Comply with legal and regulatory obligations.
  • Improve our website and the quality of our services.
  • Send you occasional updates or marketing messages, where permitted.

Retention of Your Data

Your personal data is retained only for as long as necessary to fulfil the purposes described above or as required by law. Typically:

  • Order and customer data: Retained for up to 6 years for accounting and legal purposes.
  • Marketing data: Retained until you withdraw your consent or object to further communications.
  • Website usage data: Retained in accordance with our cookie policy and analytical needs, usually no longer than 26 months.

Data will be securely erased or anonymised when it is no longer needed.

Processors and Data Sharing

To provide our services efficiently, we may share your data with trusted third parties acting as data processors. These include:

  • Payment processors for secure payment handling.
  • Delivery partners to facilitate order delivery.
  • IT service providers through whom our website and data storage are managed.
  • Professional advisors, such as accountants or legal counsel, when required for compliance or dispute resolution.

All third-party processors are contractually obliged to protect your data and process it only as instructed by Florist Raynes Park. We do not sell or share your personal information for third-party marketing purposes.

If data needs to be transferred outside the UK or European Economic Area (EEA), we ensure it is protected in line with GDPR requirements using appropriate safeguards.

Your Rights Under GDPR

Under GDPR, you have a range of rights regarding your personal information, including:

  • Access: The right to request a copy of the data we hold about you.
  • Rectification: The right to request corrections to inaccurate or incomplete data.
  • Erasure: The right to request deletion of your data where there is no lawful basis for retention.
  • Restriction: The right to ask us to stop or restrict the processing of your data in certain circumstances.
  • Portability: The right to receive your data in a structured, commonly used, machine-readable format and to have it transferred to another controller where technically feasible.
  • Objection: The right to object to certain processing activities, such as direct marketing.
  • Withdrawal of Consent: Where processing is based on your consent, you can withdraw it at any time without affecting the lawfulness of prior processing.
  • Complaint: The right to lodge a complaint with the relevant supervisory authority if you believe your rights have been infringed.

To exercise any of these rights, please contact us using the details provided on our website.

Security Measures

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, disclosure, alteration, or destruction. These include secure servers, encryption, access controls, and regular reviews of our data handling procedures. Staff are trained in data protection, and access to personal data is strictly limited.

Policy Updates

This Privacy Policy may be updated from time to time to reflect changes in the law, our practices, or the services we offer. Any significant updates will be clearly indicated on our website, and where appropriate, we will notify you directly.

Contact Us

If you have questions about this Privacy Policy or how we process your personal information, please refer to the contact details provided on our website.