Privacy Policy for Customers of Flower Delivery Roehampton

Introduction

This Privacy Policy sets out how Flower Delivery Roehampton (hereafter “we”, “us”, or “our”) collects, processes, and protects your personal data when you place orders for flower delivery services from Roehampton and surrounding districts. We are fully committed to safeguarding your privacy and handling your personal information in line with the UK General Data Protection Regulation (GDPR). This policy explains what data we collect, the purposes and lawful basis for processing, our retention practices, our use of data processors, and your rights regarding your personal information.

What Data We Collect

When you place an order or interact with our website or services, we may collect and process the following categories of personal data:

  • Identification Data: Name, surname, customer number (if applicable).
  • Contact Details: Delivery address, billing address, postcode, telephone number, and, if provided, alternate contact details.
  • Order Information: Product selection, order history, card messages, and delivery instructions.
  • Payment Data: Information necessary to process your order (such as payment method, transaction reference), though we do not store full card or banking details.
  • Technical Data: IP address, browser type, operating system, and anonymous usage data collected through cookies (for functionality and analytics).
  • Communications: Any emails, phone calls, or messages sent to us concerning orders or customer service enquiries.

Lawful Basis for Data Processing

We only process personal data where we have a lawful basis under the GDPR. Our main bases for processing are as follows:

  • Contractual Necessity: Processing information is necessary to fulfil your order and deliver our products and services, including managing payments and handling customer service requests.
  • Legal Obligation: We retain certain transaction records in order to comply with tax, accounting, and other legal requirements.
  • Legitimate Interests: Processing to manage and improve our services, respond to enquiries, prevent fraud, and ensure network security. We always balance these interests against your rights and freedoms.
  • Consent: If you opt-in to receive marketing updates, we will process your data on the basis of your consent. You may withdraw your consent at any time.

How We Use Your Data

We use your personal data for the following purposes:

  • To process, confirm, and deliver your flower orders.
  • To communicate with you about your orders, delivery schedules, and customer support requests.
  • To manage accounts, process payments, and handle refunds.
  • To maintain and improve our website and services through usage analytics and performance monitoring.
  • To send you marketing communications when you have provided your explicit consent.
  • To comply with our legal and regulatory obligations.

Data Retention

We retain your personal information only as long as necessary to fulfil the purposes for which it was collected, including satisfying legal, accounting, or reporting requirements. Typically, your order details and contact information are kept for up to six years to comply with financial regulations. Where data is no longer required, or where you have withdrawn consent (for example for marketing), we will securely delete or anonymise it.

Data Processors and Third Parties

To enable us to provide our services, your data may be shared with trusted third-party processors (for example, payment processors, IT service providers, and couriers) strictly as necessary to fulfil your orders. All third-party processors are contractually required to process your data in accordance with GDPR and only on our instructions. They are prohibited from using your data for their own purposes.

We do not sell, rent, or trade your personal information with external parties for their own marketing or commercial purposes.

International Data Transfers

Your personal data is primarily processed within the UK and the European Economic Area (EEA). Should any transfer of your data outside these regions be necessary (for example, due to the location of certain IT service providers), we ensure such transfers are protected by appropriate safeguards, such as Standard Contractual Clauses, in line with legal requirements.

Your GDPR Rights

Under the GDPR, you have the following rights regarding your personal data:

  • Right of Access: You can request access to your personal data that we hold.
  • Right to Rectification: You may request that inaccurate or incomplete information is corrected.
  • Right to Erasure: You may request that we delete your personal data where retention is no longer necessary.
  • Right to Restrict Processing: You may request restriction of the processing of your personal data in specific circumstances.
  • Right to Data Portability: You may request the transfer of your data to another provider in a structured, commonly used, and machine-readable format.
  • Right to Object: You may object to the processing of your personal data based on legitimate interests or for direct marketing purposes.
  • Right to Withdraw Consent: Where consent is the basis for processing, you may withdraw your consent at any time without affecting the lawfulness of processing carried out before withdrawal.

To exercise any of these rights, please contact us using the methods shown on our website. We may need to verify your identity before processing rights requests.

How We Protect Your Data

We implement appropriate technical and organisational measures to ensure your personal information is secured against unauthorised access, loss, alteration, or disclosure. These measures include secure payment gateways, regular system monitoring, access controls, and staff training. Should we ever experience a personal data breach that poses a risk to your rights and freedoms, we will notify you and the relevant regulatory authorities as required by law.

Updates to This Policy

We may update this Privacy Policy from time to time to reflect legal or regulatory changes or improvements in our privacy practices. The latest version will always be available on our website. Please review this policy regularly to remain informed about how we protect your information.

Who This Policy Applies To

This Privacy Policy applies to all customers ordering Flower Delivery Roehampton services for delivery to Roehampton and neighbouring districts, regardless of the method of order (including website, telephone, or in person).

Contact and Further Information

Should you have any questions regarding this Privacy Policy or our handling of your data, please consult our website’s contact section for the best way to get in touch. You also have the right to lodge a complaint with the UK Information Commissioner’s Office should you feel your data has not been handled lawfully.